|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/3] evtchn/fifo: don't spin indefinitely when setting LINK
On Mon, 2013-11-04 at 14:52 +0000, David Vrabel wrote: > On 04/11/13 14:39, Jan Beulich wrote: > >>>> On 31.10.13 at 16:03, David Vrabel <david.vrabel@xxxxxxxxxx> wrote: > >> From: David Vrabel <david.vrabel@xxxxxxxxxx> > >> > >> A malicious or buggy guest can cause another domain to spin > >> indefinitely by repeatedly writing to an event word when the other > >> domain is trying to link a new event. The cmpxchg() in > >> evtchn_fifo_set_link() will repeatedly fail and the loop may never > >> terminate. > > > > So here you talk of two guests (with me not immediately seeing > > where that interaction comes from - is it that for an interdomain > > event the receiver could harm the sender?), ... > > Yes. Guest A notifies guest M which requires linking a new event into > one of guest B's event queue. While guest A is writing the guest M's > event array (to set the LINK field), guest M may repeatedly write to the > same event word, causing the cmpxchg() to repeatedly fail. M == B here? Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |