[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-ia64-devel] [PATCH] Fix vulnerability of copy_to_user in PAL emulation

Quoting Alex Williamson <alex.williamson@xxxxxx>:

>
> On Wed, 2007-12-12 at 07:17 +0100, Tristan Gingold wrote:
> > My latest idea on this subject:
> >
> > The buffers are small: 64 bytes.  So, instead of passing a buffer address,
> > return the buffer by register (using scratch register r14-r21).  The PAL
> > stub can then save it to memory.  I think this approach is the simplest
> > one.
>
>    PAL_BRAND_INFO takes 128 bytes, but probably still feasible.
Right!
Furthermore as PAL_BRAND_INFO is stacked convention we can fully use xencomm
by allocating the buffer on the stack.

Tristan.

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.