[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [BUG] incorrect goto in gnttab_setup_table overdecrements the preemption counter
>>> On 29.11.17 at 15:32, <andrew.cooper3@xxxxxxxxxx> wrote: > On 29/11/17 14:23, Jann Horn wrote: >> gnttab_setup_table() has the following code: >> >> ============================================= >> static long >> gnttab_setup_table( >> XEN_GUEST_HANDLE_PARAM(gnttab_setup_table_t) uop, unsigned int count) >> { >> struct gnttab_setup_table op; >> struct domain *d; >> struct grant_table *gt; >> int i; >> xen_pfn_t gmfn; >> >> [...] >> >> d = rcu_lock_domain_by_any_id(op.dom); >> if ( d == NULL ) >> { >> gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom); >> op.status = GNTST_bad_domain; >> goto out2; >> } >> >> [...] >> out2: >> rcu_unlock_domain(d); >> out1: >> if ( unlikely(__copy_field_to_guest(uop, &op, status)) ) >> return -EFAULT; >> >> return 0; >> } >> ============================================= >> <snip> >> >> This results in the following crash in a debug build of Xen 4.9.1: > > Thanks for the report. > > This was fixed in master by > http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=5e436e7a45082ea2cadc > 176c19e1df46c178448f > but it looks like its not been backported to older releases. > > Jan: Thoughts? This isn't a security issue, but it would be better if > the stable trees had fewer asserts which could be hit. I don't recall any reasons not to take it for the stable trees; perhaps I've simply overlooked it at the time. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |