|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Out of bounds access in early boot code related to GRUB
On Wed, Sep 26, 2018 at 12:18:43PM +0200, Daniel Kiper wrote: > On Fri, Sep 21, 2018 at 08:56:45PM +0200, Daniel Kiper wrote: > > On Wed, Sep 19, 2018 at 10:34:47AM +0100, Wei Liu wrote: > > > Hi Daniel, > > > > > > I discovered an out of bounds access issue related to GRUB relocation > > > code path when inspecting early boot code. > > > > > > 9589927e5b changed an EFI only path to work with GRUB. Yet the following > > > two lines within an if condition remained untouched. > > > > > > mod[mbi->mods_count].mod_start = virt_to_mfn(_stext); > > > mod[mbi->mods_count].mod_end = __2M_rwdata_end - _stext; > > > > > > Before your change they were fine because the mod array was created one > > > element larger in Xen (see e22e1c47958a). I don't think GRUB does the > > > same. So this is an out of bounds access for GRUB case. > > > > You are right! I will post a fix next week. > > I think that the issue can be quickly fixed by changing line 180 > in xen/arch/x86/boot/reloc.c with: > > mbi_out->mods_addr = alloc_mem((mbi_out->mods_count + 1) * > sizeof(*mbi_out_mods)); > > This way we will get extra space for Xen hypervisor if it is needed. > > If you are OK with that fix I will post a patch. Sure. That looks fine to me. But you will need Jan or Andrew's ack. :) Now I realise I'd better at least add an assert to the PVH boot path. Wei. > > Daniel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |