[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Invalid VA => ptr conversion with xc_dom_* API after XSA-55 fox

Le 25/11/2013 12:44, Ian Jackson a ÃcritÂ:
Jan Beulich writes ("Re: [Xen-devel] Invalid VA => ptr conversion
with xc_dom_* API after XSA-55 fox"):
On 20.11.13 at 13:56, "Jean-Yves Migeon (NetBSD)" <jym@xxxxxxxxxx> wrote: > Jeff and FastIce pointed out a regression between Xen 4.1.2 and 4.1.6 > when starting NetBSD domU; the kernel syms table gets slightly corrupted
> [1].
> After dwelling into libxc code, FastIce noticed that changing back the
> return value to "ptr + offset" (instead of just "ptr") for
> xc_dom_vaddr_to_ptr() makes it work again.
> According to [2] while fixing XSA-55, Ian changed the "ptr + offset" > return value to just "ptr". Is there a reason for this? IMHO the VA => > ptr conversion should also take into account non-page aligned addresses,
> hence the offset (except for NULL value of course).

I agree, but let's see what Ian (being the author of the whole
patch set) says.

It looks like I changed this in b5a86920.  Having stared at the code
and the commit message I think that I did in fact break this, by
inadvertantly removing the "+ offset".  Sorry to cause a regression.

I've examined the surrounding code and reread the relevant bits of
xc_dom_pfn_to_ptr_retcount and I think that simpy returning
"ptr + offset" is the correct fix.  The calculation of
*safe_region_out is already correct.

Will someone write this up as a patch submission ?

Will do (tonight).

In any case, the fix ought to be backported.


Thanks for your review!


Jean-Yves Migeon

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.