[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] arm: kill a guest which uses hvc with an immediate operand != XEN_HYPERCALL_TAG


  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-unstable <patchbot@xxxxxxx>
  • Date: Wed, 10 Oct 2012 22:11:22 +0000
  • Delivery-date: Wed, 10 Oct 2012 22:11:26 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1349791534 -3600
# Node ID 478830e5d80abc9678dc5287738406e73a8bd087
# Parent  f91b841ff95caaaf0cb8f333f5a95f7b562cab76
arm: kill a guest which uses hvc with an immediate operand != XEN_HYPERCALL_TAG

At best these guests are confused/broken and at worse they are malicious. In
any case we don't know that they are expecting to handle a -errno style error.

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Committed-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---


diff -r f91b841ff95c -r 478830e5d80a xen/arch/arm/traps.c
--- a/xen/arch/arm/traps.c      Tue Oct 09 15:05:34 2012 +0100
+++ b/xen/arch/arm/traps.c      Tue Oct 09 15:05:34 2012 +0100
@@ -475,12 +475,7 @@ static void do_trap_hypercall(struct cpu
 #endif
 
     if ( iss != XEN_HYPERCALL_TAG )
-    {
-        printk("%s %d: received an alien hypercall iss=%lx\n", __func__ ,
-                __LINE__ , iss);
-        regs->r0 = -EINVAL;
-        return;
-    }
+        domain_crash_synchronous();
 
     if ( regs->r12 >= ARRAY_SIZE(arm_hypercall_table) )
     {

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.