[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] bug in LDT error checking on stable branch

do_mmu_update blindly assumes that setting the LDT will always succeed:
under MMUEXT_SET_LDT:
          if ( ents != 0 )
                percpu_info[cpu].deferred_ops |= DOP_RELOAD_LDT;

further down:
   if ( deferred_ops & DOP_RELOAD_LDT )
        (void)map_ldt_shadow_page(0);

if xen thinks that one of the pages passed is mapped r/w somewhere the
operation will fail:
/* Map shadow page at offset @off. */
int map_ldt_shadow_page(unsigned int off)
{
<...>

    if ( unlikely(!(l1e & _PAGE_PRESENT)) ||
         unlikely(!get_page_and_type(&frame_table[l1e >> PAGE_SHIFT],
                                     d, PGT_ldt_page)) )
        return 0;

<...>

The user won't know about it until he re-loads a segment register or
successfully infers what operation the "Bad type" messages on the
console refer to.


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.