|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 2/4] xen: introduce grant_map_exists
>>> On 06.10.14 at 11:37, <stefano.stabellini@xxxxxxxxxxxxx> wrote: > On Mon, 6 Oct 2014, Jan Beulich wrote: >> >>> On 03.10.14 at 16:50, <stefano.stabellini@xxxxxxxxxxxxx> wrote: >> > + grant_ref_t ref; >> > + bool_t ret = 0; >> > + >> > + ASSERT(&rgt->lock); >> > + >> > + for ( ref = 0; ref != nr_grant_entries(rgt); ref++ ) >> >> This loop's worst case iteration count is controlled solely by the >> "gnttab_max_nr_frames=" command line option afaict, i.e. for a >> large enough specified value this is going to become a security >> issue. > > I am not sure what I could do about this. > Any suggestions? Sadly nothing simple (i.e. other than adding ways to do the reverse lookup). But I hope you agree that the lack of a good solution can't be a reason to introduce a security issue. And I'm not really fancying workarounds (like limiting the maximum) here... Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |