[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [BUG] incorrect goto in gnttab_setup_table overdecrements the preemption counter



>>> On 29.11.17 at 15:32, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 29/11/17 14:23, Jann Horn wrote:
>> gnttab_setup_table() has the following code:
>>
>> =============================================
>> static long
>> gnttab_setup_table(
>>     XEN_GUEST_HANDLE_PARAM(gnttab_setup_table_t) uop, unsigned int count)
>> {
>>     struct gnttab_setup_table op;
>>     struct domain *d;
>>     struct grant_table *gt;
>>     int            i;
>>     xen_pfn_t  gmfn;
>>
>>     [...]
>>
>>     d = rcu_lock_domain_by_any_id(op.dom);
>>     if ( d == NULL )
>>     {
>>         gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
>>         op.status = GNTST_bad_domain;
>>         goto out2;
>>     }
>>
>>     [...]
>>  out2:
>>     rcu_unlock_domain(d);
>>  out1:
>>     if ( unlikely(__copy_field_to_guest(uop, &op, status)) )
>>         return -EFAULT;
>>
>>     return 0;
>> }
>> =============================================
>> <snip>
>>
>> This results in the following crash in a debug build of Xen 4.9.1:
> 
> Thanks for the report.
> 
> This was fixed in master by
> http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=5e436e7a45082ea2cadc 
> 176c19e1df46c178448f
> but it looks like its not been backported to older releases.
> 
> Jan: Thoughts?  This isn't a security issue, but it would be better if
> the stable trees had fewer asserts which could be hit.

I don't recall any reasons not to take it for the stable trees; perhaps
I've simply overlooked it at the time.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.