|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/3] improve XENMEM_add_to_physmap_batch address checking
On 27/11/17 09:12, Jan Beulich wrote: > As a follow-up to XSA-212 we should have addressed a similar issue here: > The handles being advanced at the top of xenmem_add_to_physmap_batch() > means we allow hypervisor space accesses (in particular, for "errs", > writes) with suitably crafted input arguments. This isn't a security > issue in this case because of the limited width of struct > xen_add_to_physmap_batch's size field: It being 16-bits wide, only the > r/o M2P area can be accessed. Still we can and should do better. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |