Re: [Xen-devel] Invalid VA => ptr conversion with xc_dom_* API after XSA-55 fox

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Jan Beulich writes ("Re: [Xen-devel] Invalid VA => ptr conversion with xc_dom_* 
API after XSA-55 fox"):
> On 20.11.13 at 13:56, "Jean-Yves Migeon (NetBSD)" <jym@xxxxxxxxxx> wrote:
> > Jeff and FastIce pointed out a regression between Xen 4.1.2 and 4.1.6 
> > when starting NetBSD domU; the kernel syms table gets slightly corrupted 
> > [1].
> > 
> > After dwelling into libxc code, FastIce noticed that changing back the 
> > return value to "ptr + offset" (instead of just "ptr") for 
> > xc_dom_vaddr_to_ptr() makes it work again.
> > 
> > According to [2] while fixing XSA-55, Ian changed the "ptr + offset" 
> > return value to just "ptr". Is there a reason for this? IMHO the VA => 
> > ptr conversion should also take into account non-page aligned addresses, 
> > hence the offset (except for NULL value of course).
> 
> I agree, but let's see what Ian (being the author of the whole
> patch set) says.

It looks like I changed this in b5a86920.  Having stared at the code
and the commit message I think that I did in fact break this, by
inadvertantly removing the "+ offset".  Sorry to cause a regression.

I've examined the surrounding code and reread the relevant bits of
xc_dom_pfn_to_ptr_retcount and I think that simpy returning
"ptr + offset" is the correct fix.  The calculation of
*safe_region_out is already correct.

Will someone write this up as a patch submission ?

In any case, the fix ought to be backported.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel