WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] xentrace: fix bug in t_info size

from [George Dunlap] [Permanent Link][Original]
To: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] xentrace: fix bug in t_info size
From: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
Date: Fri, 7 May 2010 19:36:24 -0500
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 07 May 2010 17:37:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4BE4B104.10101@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <e633befe28ec57abb4df.1273278347@silas> <4BE4B104.10101@xxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100317)
I don't think so... The entire xen structure actually is allocated, and the bounds checking makes sure nothing goes off the end of it. It's just that (before this patch) xentrace only maps one of the two pages when it maps t_info. It then happily passes who knows what into xc_map_foreign_range().
Arguably, passing junk into xc_map_foreign_range() shouldn't crash Xen; but that's a slightly different issue. 

-George

Jeremy Fitzhardinge wrote:

On 05/07/2010 05:25 PM, George Dunlap wrote:

t_info size should be in bytes, not pages.  This fixes a bug
that crashes the hypervisor if the total number of all pages
is more than 1024 but less than 2048.


Could this be causing other memory corruption too?

    J


Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>

diff -r caea94988515 -r e633befe28ec xen/common/trace.c
--- a/xen/common/trace.c        Fri May 07 11:45:18 2010 +0100
+++ b/xen/common/trace.c        Fri May 07 19:20:52 2010 -0500
@@ -340,7 +340,7 @@
     case XEN_SYSCTL_TBUFOP_get_info:
         tbc->evt_mask   = tb_event_mask;
         tbc->buffer_mfn = t_info ? virt_to_mfn(t_info) : 0;
-        tbc->size = T_INFO_PAGES;
+        tbc->size = T_INFO_PAGES * PAGE_SIZE;
         break;
     case XEN_SYSCTL_TBUFOP_set_cpu_mask:
         xenctl_cpumap_to_cpumask(&tb_cpu_mask, &tbc->cpu_mask);

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel






_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] xentrace: fix bug in t_info size, Jeremy Fitzhardinge
Next by Date:  Re: [Xen-devel] So I tried to use xentrace..., Jeremy Fitzhardinge
Previous by Thread:  Re: [Xen-devel] [PATCH] xentrace: fix bug in t_info size, Jeremy Fitzhardinge
Next by Thread:  [Xen-devel] VHD BUG in xen4.0 when install windows2008, yingbin wang
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy