|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/3] evtchn/fifo: don't spin indefinitely when setting LINK
On 04/11/13 15:07, Ian Campbell wrote: > On Mon, 2013-11-04 at 14:52 +0000, David Vrabel wrote: >> On 04/11/13 14:39, Jan Beulich wrote: >>>>>> On 31.10.13 at 16:03, David Vrabel <david.vrabel@xxxxxxxxxx> wrote: >>>> From: David Vrabel <david.vrabel@xxxxxxxxxx> >>>> >>>> A malicious or buggy guest can cause another domain to spin >>>> indefinitely by repeatedly writing to an event word when the other >>>> domain is trying to link a new event. The cmpxchg() in >>>> evtchn_fifo_set_link() will repeatedly fail and the loop may never >>>> terminate. >>> >>> So here you talk of two guests (with me not immediately seeing >>> where that interaction comes from - is it that for an interdomain >>> event the receiver could harm the sender?), ... >> >> Yes. Guest A notifies guest M which requires linking a new event into >> one of guest B's event queue. While guest A is writing the guest M's >> event array (to set the LINK field), guest M may repeatedly write to the >> same event word, causing the cmpxchg() to repeatedly fail. > > M == B here? Yes. I originally had B then changed it to M for Malicious to be clearer... David _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |