On 2009年8月26日 13:39:31 -0400
Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> wrote:
> On Wed, Aug 26, 2009 at 04:19:54PM +0200, Milan Holzäpfel wrote:
> > Hello,
> >
> > I compiled xen-tools with GCC-4.3.3 with Stack Smashing Protection
> > (SSP) patches by gentoo, and found a small bug in
> > tools/python/lowlevel/xc/xc.c. The bug is located in
> > pyxc_dom_set_policy_cpuid:
> >
> > (this is the change which fixes it:)
> >
> > > @@ -808,7 +808,7 @@
> > > static PyObject *pyxc_dom_set_policy_cpuid(XcObject *self,
> > > PyObject *args)
> > > {
> > > - domid_t domid;
> > > + int domid;
>
> I would say use uint32_t instead of int.
Why? Quote from the Python documentation (link above):
| i (integer) [int]
| Convert a Python integer to a plain C int.
So I think "int" is the best solution, as it matches what
PyArg_ParseTuple expects, no matter what platform you're on. There is
also "I" for "unsigned int", used in the other places you mention.
> > > if ( !PyArg_ParseTuple(args, "i", &domid) )
> > > return NULL;
> >
> > domid_t is defined as uint16_t (thus 2 bytes long) in xen header files,
> > but the "i" format needs a C "int" type, which is 4 bytes long.
> > (<URL:http://docs.python.org/c-api/arg.html>) This error is detected
> > by SSP as stack overflow.
>
> What about the two other cases where domid_it is used? The SSP didn't
> detect them?
No. Either the functions aren't called on my machine(?), or the
overflow only overwrites other local variables (which are present
there).
I agree that they should be fixed, too.
> > Attached patch fixes the error. Maybe it would better to use "h"
> > format instead of the "i" format, which converts the argument to an C
> > "short int". Then you would have to change the python wrapper if
> > domid_t changes, though.
>
> Yeah, but running more than 64K of guests on one node?
That's unlikely, yes. On the other hand, if you had 8 shutdowns/domain
creations per hour, you'd limit the total uptime to ~341 days. I admit
that that's still unlikely.
Should an error be raised if the domid value passed in exceeds 65535?
Otherwise 65536 would be converted to 0, which is not what is expected
(and might possibly be harmful?).
> > Please apply this patch or the change to the "h" format string (I
> > haven't tested it, but I believe it should work just as well).
> >
> > Regards,
> > Milan Holzäpfel
> >
> >
> > --
> > Milan Holzaepfel <mail(a)mjh(d)name> <URL:http://mjh.name/>
> > pub 4096R/C790FC23 EB8E 5E81 81E3 53A9 9B74 B895 5179 54C0 C790 FC23
>
> > 2009年08月26日 Milan Holzaepfel <mail@xxxxxxxx>
> >
> > As documented on <URL:http://docs.python.org/c-api/arg.html>, the "i"
> > format string needs an integer as target.
> >
> > Error detected by gentoo Stack Smashing Protection for gcc-4.3.3.
> >
> > --- xen-3.4.1/tools/python/xen/lowlevel/xc/xc.c.orig 2009年08月26日
> > 13:43:13.000000000 +0000
> > +++ xen-3.4.1/tools/python/xen/lowlevel/xc/xc.c 2009年08月26日
> > 13:43:20.000000000 +0000
> > @@ -808,7 +808,7 @@
> > static PyObject *pyxc_dom_set_policy_cpuid(XcObject *self,
> > PyObject *args)
> > {
> > - domid_t domid;
> > + int domid;
> >
> > if ( !PyArg_ParseTuple(args, "i", &domid) )
> > return NULL;
>
>
>
>
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-devel
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel