[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] Avoid null dereference in flask get_page_sid



When booting Xen with flask enabled, dom0 memory specified to 1G,
and no policy loaded, I was able to produce a crash in get_page_sid.
The following patch appears to fix the issue, but I'm not sure if this
is the best response when given a page that does not have a label.

Xen call trace:
   [<ffff82c48014e9e9>] get_page_sid+0x87/0x93
   [<ffff82c48014eaea>] get_mfn_sid+0x56/0x6e
   [<ffff82c48014f491>] flask_mmu_normal_update+0xbc/0xeb
   [<ffff82c48017c099>] do_mmu_update+0x378/0x1927
   [<ffff82c480113989>] do_multicall+0x29d/0x438
   [<ffff82c480207cb2>] syscall_enter+0xf2/0x14c

--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -345,7 +345,10 @@
         default:
             /*Pages are implicitly labeled by domain ownership!*/
             dsec = d->ssid;
-            *sid = dsec->sid;
+            if (dsec)
+                *sid = dsec->sid;
+            else
+                rc = -ENOENT;
         break;
     }
 
-- 
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.