[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4 00/16] XSA55 libelf fixes for unstable



On Fri, Jun 7, 2013 at 6:39 AM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Matthew Daley writes ("Re: [PATCH 4 00/16] XSA55 libelf fixes for unstable"):
>> Looks like there's another issue that needs fixing up in this XSA
>> (surprise!):
>
> Urgh.
>
>> setup_hypercall_page (in xc_dom_boot.c) calls xc_dom_p2m_guest with an
>> unchecked, user-controlled pfn:
> ...
>> Here, the silly dom->parms.virt_base is leading to an out-of-bounds
>> array access to the guest p2m table.
>
> Thanks.  I have a proposed fix for this, below.  I haven't tested it.
> Can you do so easily ?  It seems a bit remote from the problem but I
> think it should suffice.

Seems to work now in v5:

Starting program: /usr/local/sbin/xl create /dev/null
kernel=\'check/_usr_lib_debug_vmlinux-3_2_0-4-amd64-37bdfe88206dbe6f75d9c6e021fd9b83c27814d2-5873-0_001_1e-06-file.2.0-4-amd64\'\;\
name=\'poop\'
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Parsing config from /dev/null
xc: error: panic: xc_dom_boot.c:61: setup_hypercall_page:
HYPERCALL_INIT failed (rc=-1): Internal error
libxl: error: libxl_dom.c:400:libxl__build_pv: xc_dom_boot_image
failed: Permission denied
libxl: error: libxl_create.c:900:domcreate_rebuild_done: cannot
(re-)build domain: -3
[Inferior 1 (process 5459) exited with code 03]

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.