|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] question: is it a CVE in relinquish_memory()[xen/arch/x86/domain.c]
>>> On 09.11.16 at 13:01, <xuquan8@xxxxxxxxxx> wrote: > Based on CVE-2015-7814 and commit 1ef01396fdff, ' arm: handle races between > relinquish_memory and free_domheap_pages'.. > relinquish_memory() [xen/arch/arm/domain.c, arm code], > when couldn't get a reference -- someone is freeing this page and has already > committed to doing so, so no more to do here, continue. > > > But in relinquish_memory()[xen/arch/x86/domain.c, __x86__ code], when > couldn't get a reference -- someone is freeing this page, > Why adding this page to d->arch.relmem_list again. > Is it a CVE to double free page, then hit the ''" alloc_heap_pages() : > BUG_ON(pg[i].count_info != PGC_state_free)"" in creating guests later.. Well, considering that you've even quoted the description of the patch, it should be clear to you that the difference in behavior between ARM and x86 is intended. Hence I'm having difficulty seeing what you actually want to point out. And then, if you again suspect a security issue in the future, please ask on security@ first, rather than posting publicly (on xen-devel@ or elsewhere). Thanks, Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |