WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-ia64-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in

from [Jarod Wilson] [Permanent Link][Original]
To: Alex Williamson <alex.williamson@xxxxxx>
Subject: Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation
From: Jarod Wilson <jwilson@xxxxxxxxxx>
Date: Fri, 14 Dec 2007 13:55:33 -0500
Cc: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 14 Dec 2007 10:55:25 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1197657744.6806.8.camel@lappy>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Red Hat, Inc.
References: <7kodctlqdv.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1197657744.6806.8.camel@lappy>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031) 
Alex Williamson wrote:

On Fri, 2007-12-14 at 15:52 +0900, Kouya Shimura wrote:

Hi,

The reputation of my previous patch was not so good,
then I rewrote it. An attached patch is temporary fix
for xen-3.2.
Anyone know offhand if this vulnerability exists in xen 3.1.x as well? (As in, is this something a certain vendor shipping a xen 3.1.x codebase needs to pull into their own tree ASAP? :) 



I think this patch is enough for normal usage.
Please see SDM Vol2 11.10.2.1.3 "Making PAL Procedure Calls in Physical or Virtual Mode". 
If the caller has a responsibility of providing DTR or DTC
mapping, xencomm for PAL might be unnecessary. I confirmed there is no problem in linux, windows 2003, windows 2008 with this patch.
As for PV domain, the same logic can't be used due to only one vTLB. This patch only checks that the buffer 
never point VMM address, that would avoid the vulnerability.


   Thanks for fixing this.  Applied.  Thanks,


--
Jarod Wilson
jwilson@xxxxxxxxxx


_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Please pull ia64/xen-unstable.hg, Alex Williamson
Next by Date:  Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson
Previous by Thread:  Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson
Next by Thread:  Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy