[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Out of bounds access in early boot code related to GRUB



Hi Daniel,

I discovered an out of bounds access issue related to GRUB relocation
code path when inspecting early boot code.

9589927e5b changed an EFI only path to work with GRUB. Yet the following
two lines within an if condition remained untouched.

    mod[mbi->mods_count].mod_start = virt_to_mfn(_stext);
    mod[mbi->mods_count].mod_end = __2M_rwdata_end - _stext;

Before your change they were fine because the mod array was created one
element larger in Xen (see e22e1c47958a). I don't think GRUB does the
same. So this is an out of bounds access for GRUB case.

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.