[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>
Date: Tue, 7 Jan 2014 18:44:20 -0800
Cc: Keir Fraser <keir@xxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Don Slutz <dslutz@xxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>
Delivery-date: Wed, 08 Jan 2014 02:45:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, 8 Jan 2014 02:30:24 +0000
Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:

> On 08/01/2014 01:44, Mukesh Rathor wrote:
> > On Wed, 8 Jan 2014 00:55:32 +0000
> > Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> >
> >> On 08/01/2014 00:25, Don Slutz wrote:
> >>> Using a 1G hvm domU (in grub) and gdbsx:
> >>>
> > ..... 
> >
> >> Ian (with RM hat on):
> >>   This is a hypervisor reference counting error on a toolstack
> >> hypercall path.  Irrespective of any of the other patches in this
> >> series, I think this should be included ASAP (although probably
> >> subject to review from a third person), which will fix the
> >> hypervisor crashes from gdbsx usage.
> > I remember long ago mentioning to our packaing team to make gdbsx
> > root executible only. 
> >
> > What would be a good place to document that gdbsx should be removed
> > from production systems, and/or be made root executible only?
> >
> > thanks
> > mukesh
> >
> >
> 
> [root@idol ~]# ls -la /dev/xen/privcmd
> crw-rw---- 1 root root 10, 57 Jan  7 11:48 /dev/xen/privcmd
> 
> As currently stands (Linux 3.10), only root can open privcmd and issue
> ioctls, so a non-root gdbsx process would presumably not function at
> all.  I am not sure that any documentation needs updating.

Ah, right. I remember now...  thats much better. At least, currently its
not compromised with anyone able to run it.

thanks
Mukesh



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [BUGFIX][PATCH v2 0/5] gdbsx: fix 3 bugs
  - From: Don Slutz
- [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
  - From: Don Slutz
- Re: [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
  - From: Andrew Cooper
- Re: [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
  - From: Mukesh Rathor
- Re: [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v3] VMX: Eliminate cr3 save/loading exiting when UG enabled
Next by Date: [Xen-devel] [xen-unstable test] 24297: regressions - FAIL
Previous by thread: Re: [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
Next by thread: Re: [Xen-devel] [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.