[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel][PATCH][XSM][FLASK] Argument handling bugs in XSM:FLASK


  • To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
  • Date: Fri, 18 Jul 2008 15:12:55 -0400
  • Cc: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
  • Delivery-date: Fri, 18 Jul 2008 12:14:27 -0700
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcjpCkguhsK0xlT9Ed2XYQAWy5GONg==
  • Thread-topic: [Xen-devel][PATCH][XSM][FLASK] Argument handling bugs in XSM:FLASK

The attached patch addresses a number of argument handling bugs in the
flask_op hypercall in the XSM:Flask module.  Thanks to Rafal Wojtczuk at
McAfee for reporting the issues and Tim Deegan at Citrix for providing an
initial patch.

This patch addresses the following issues:
 - bounds checking and validation on input arguments to flask_op
 - updated ABI/API, size and cmd are now uint32_t
 - updated userspace tools and libraries to account for ABI/API changes
 - implemented all copies using from/to guest, better portability
 - implemented upper bounds checking on op->cmd, op->size
 - implemented sanity checking on op->size and op->buf
 - implemented bit vector for checking from/to usage on op->cmd

Please do not hesitate to contact me on future issues/concerns/comments
related to XSM and the Flask module.

<Signed-off-by: George Coker, gscoker@xxxxxxxxxxxxxx>

-- 
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>

Attachment: flask-argument-bug-071808.diff
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.