[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-3.2-testing] x86: Fix XENPF_change_freq hypercall to not dereference a non-existent

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1201620198 0
# Node ID ee779ed05081ccda35cebbd80ac5f8d3c5fc27cf
# Parent  1b013d10c6d1e635de4fa5a499df2e0aff0dfd2d
x86: Fix XENPF_change_freq hypercall to not dereference a non-existent
stack variable. Also sanity check (slightly) the frequency argument to
cpu_frequency_change().
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
xen-unstable changeset:   16927:a4bd1371196ec8698d6ff6a2ab8db9a9ad03e77e
xen-unstable date:        Tue Jan 29 11:19:04 2008 +0000
---
 xen/arch/x86/platform_hypercall.c |   11 +++++++----
 xen/arch/x86/time.c               |    8 ++++++++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff -r 1b013d10c6d1 -r ee779ed05081 xen/arch/x86/platform_hypercall.c
--- a/xen/arch/x86/platform_hypercall.c Mon Jan 28 10:37:08 2008 +0000
+++ b/xen/arch/x86/platform_hypercall.c Tue Jan 29 15:23:18 2008 +0000
@@ -42,9 +42,11 @@ extern spinlock_t xenpf_lock;
 extern spinlock_t xenpf_lock;
 #endif
 
+static DEFINE_PER_CPU(uint64_t, freq);
+
 static long cpu_frequency_change_helper(void *data)
 {
-    return cpu_frequency_change(*(uint64_t *)data);
+    return cpu_frequency_change(this_cpu(freq));
 }
 
 ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) u_xenpf_op)
@@ -284,11 +286,12 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
         if ( cpufreq_controller != FREQCTL_dom0_kernel )
             break;
         ret = -EINVAL;
-        if ( op->u.change_freq.flags != 0 )
-            break;
+        if ( op->u.change_freq.flags || !cpu_online(op->u.change_freq.cpu) )
+            break;
+        per_cpu(freq, op->u.change_freq.cpu) = op->u.change_freq.freq;
         ret = continue_hypercall_on_cpu(op->u.change_freq.cpu,
                                         cpu_frequency_change_helper,
-                                        &op->u.change_freq.freq);
+                                        NULL);
         break;
 
     case XENPF_getidletime:
diff -r 1b013d10c6d1 -r ee779ed05081 xen/arch/x86/time.c
--- a/xen/arch/x86/time.c       Mon Jan 28 10:37:08 2008 +0000
+++ b/xen/arch/x86/time.c       Tue Jan 29 15:23:18 2008 +0000
@@ -729,6 +729,14 @@ int cpu_frequency_change(u64 freq)
     struct cpu_time *t = &this_cpu(cpu_time);
     u64 curr_tsc;
 
+    /* Sanity check: CPU frequency allegedly dropping below 1MHz? */
+    if ( freq < 1000000u )
+    {
+        gdprintk(XENLOG_WARNING, "Rejecting CPU frequency change "
+                 "to %"PRIu64" Hz.\n", freq);
+        return -EINVAL;
+    }
+
     local_irq_disable();
     rdtscll(curr_tsc);
     t->local_tsc_stamp = curr_tsc;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.