[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4 00/16] XSA55 libelf fixes for unstable

On Fri, Jun 7, 2013 at 6:39 AM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Matthew Daley writes ("Re: [PATCH 4 00/16] XSA55 libelf fixes for unstable"):
>> Looks like there's another issue that needs fixing up in this XSA
>> (surprise!):
> Urgh.
>> setup_hypercall_page (in xc_dom_boot.c) calls xc_dom_p2m_guest with an
>> unchecked, user-controlled pfn:
> ...
>> Here, the silly dom->parms.virt_base is leading to an out-of-bounds
>> array access to the guest p2m table.
> Thanks.  I have a proposed fix for this, below.  I haven't tested it.
> Can you do so easily ?  It seems a bit remote from the problem but I
> think it should suffice.

Seems to work now in v5:

Starting program: /usr/local/sbin/xl create /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Parsing config from /dev/null
xc: error: panic: xc_dom_boot.c:61: setup_hypercall_page:
HYPERCALL_INIT failed (rc=-1): Internal error
libxl: error: libxl_dom.c:400:libxl__build_pv: xc_dom_boot_image
failed: Permission denied
libxl: error: libxl_create.c:900:domcreate_rebuild_done: cannot
(re-)build domain: -3
[Inferior 1 (process 5459) exited with code 03]

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.