[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] do_iret bug in xen

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: "Ashish Bijlani" <ashish.bijlani@xxxxxxxxx>
Date: Tue, 27 Nov 2007 13:59:15 -0500
Delivery-date: Tue, 27 Nov 2007 10:59:50 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:mime-version:content-type; b=sK3jmZwcSl4Hh55dq53w1+EIC2aFbyaPVLlYXDctYukib6B0TypA2wBhfAFCDzj7tiDUw+Lc6TWufycXPUe5bY/gpb3oKuD+YnpSUR3Tu0RTMBxu0CgZtmyOq4vOU0VTaoSN6SATimKSsgcB5oC7Uthxds8yCEf3tUVjNq1Ygtw=
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

"do_iret" (slow iret via hyercall) can introduce a race condition as "current" can change during the execution of the function. all hypercalls run with "sti" on, so an interrupt on a processor causing the control to enter in "__enter_scheduler" after reading current can change the current process on that processor.

code excerpt

"
    struct iret_context iret_saved;
    struct vcpu *v = current;

    if ( unlikely(copy_from_user(&iret_saved, (void *)regs->rsp,
                                 sizeof(iret_saved))) )
    {

"

Any thoughts on this?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] do_iret bug in xen
  - From: Daniel Stodden

Prev by Date: [Xen-devel] Re: question about shadow_blow_tables
Next by Date: Re: [Xen-devel] do_iret bug in xen
Previous by thread: [Xen-devel] Xen patch to fix management support on HP ProLiant systems
Next by thread: Re: [Xen-devel] do_iret bug in xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.