[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] xen/arm: p2m: Fix crash when p2m_lookup is used with an invalid IPA

commit eaba79e0a7d5d918860c98f729540cb1ca2b9050
Author:     Julien Grall <julien.grall@xxxxxxxxxx>
AuthorDate: Sat Oct 18 20:25:21 2014 +0100
Commit:     Ian Campbell <ian.campbell@xxxxxxxxxx>
CommitDate: Mon Oct 20 13:51:27 2014 +0100

    xen/arm: p2m: Fix crash when p2m_lookup is used with an invalid IPA
    
    Since the commit 58f0fd8 "xen: arm: handle variable p2m levels in 
p2m_lookup",
    Xen checks that the root_table offset is valid. If not, its unlock the p2m
    spinlock before returning an error. But, at this time, the lock has not been
    taken.
    
    On Xen built with debug=y, we can get the following stack trace if the guest
    use an invalid IPA in hypercall or mess-up the grant-table:
    
    (XEN) Assertion '_raw_spin_is_locked(lock)' failed at 
xen/include/asm/arm32/spinlock.h:22
    ...
    (XEN)    [<0022d1bc>] _spin_unlock+0x2c/0x50 (PC)
    (XEN)    [<00253264>] p2m_lookup+0x20c/0x230 (LR)
    (XEN)    [<7ffdfd54>] 7ffdfd54
    (XEN)    [<002539f4>] gmfn_to_mfn+0x24/0x3c
    (XEN)    [<0020e4d4>] __get_paged_frame+0x30/0x12c
    (XEN)    [<00210680>] __acquire_grant_for_copy+0x4e0/0x768
    (XEN)    [<00212030>] do_grant_table_op+0x13a0/0x2534
    (XEN)    [<00257b10>] do_trap_hypervisor+0xe10/0x1148
    (XEN)    [<0025b330>] return_from_trap+0/0x4
    
    Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx>
    Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
 xen/arch/arm/p2m.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index 1585d35..69191b9 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -207,9 +207,8 @@ paddr_t p2m_lookup(struct domain *d, paddr_t paddr, 
p2m_type_t *t)
         *t = pte.p2m.type;
     }
 
-err:
     spin_unlock(&p2m->lock);
-
+err:
     return maddr;
 }
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.