WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Xen

Home Products Support Community News

xen-devel

[Top] [All Lists]

<prev [Date] next> <prev [Thread] next>

Re: [Xen-devel] Question Regarding set_gdt

from [Keir Fraser] [Permanent Link][Original]

To:	Michael Vrable <mvrable@xxxxxxxxxxx>
Subject:	Re: [Xen-devel] Question Regarding set_gdt
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	2004年10月20日 08:48:04 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date:	2004年10月20日 08:57:04 +0100
Envelope-to:	steven.hand@xxxxxxxxxxxx
In-reply-to:	Your message of "2004年10月19日 12:15:38 PDT." <20041019121538.C19538@xxxxxxxxxxx>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx

It's a bug. I moved the zeroing before get_page_and_type as those
entries could contain garbage in some cases. I forgot to hoist an
appropriate ownership check at the same time. :-)
I'll fix that...
 -- Keir
> It seems to me that set_gdt in xen/arch/x86/x86_32/mm.c could allow a
> domain to partially zero a page that it doesn't own:
>
> long set_gdt(struct domain *d, 
> unsigned long *frames,
> unsigned int entries)
> {
> /* NB. There are 512 8-byte entries per GDT page. */
> int i, nr_pages = (entries + 511) / 512;
> struct desc_struct *vgdt;
>
> vgdt = map_domain_mem(frames[0] << PAGE_SHIFT);
> memset( vgdt + FIRST_RESERVED_GDT_ENTRY, 0, 
> NR_RESERVED_GDT_ENTRIES*8);
>
> /* Check the new GDT. */
> for ( i = 0; i < nr_pages; i++ )
> {
> if ( unlikely(frames[i] >= max_page) ||
> unlikely(!get_page_and_type(&frame_table[frames[i]], 
> d, PGT_gdt_page)) )
> goto fail;
> }
>
> Xen doesn't seem to check whether the list of pages specified in
> frames[] belongs to the calling domain until get_page_and_type is
> called, but Xen zeroes the reserved GDT entries in the first specified
> page before this. I don't see any checks in do_set_gdt either.
>
> Am I missing something, or is this a bug?
>
> --Michael Vrable
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/xen-devel 
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Question Regarding set_gdt , Michael Vrable Re: [Xen-devel] Question Regarding set_gdt, Keir Fraser <=

Previous by Date:	Re: [Xen-devel] NPTL/TLS "emulation" idea , Keir Fraser
Next by Date:	[Xen-devel] domain 0 kernel with initrd? , Pasi Kärkkäinen
Previous by Thread:	[Xen-devel] Question Regarding set_gdt , Michael Vrable
Next by Thread:	[Xen-devel] monitoring domain resource usage , Diwaker Gupta
Indexes:	[Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy

Citrix This site is hosted by Citrix