[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation

On Fri, 2007-12-14 at 15:52 +0900, Kouya Shimura wrote:
> Hi,
> 
> The reputation of my previous patch was not so good,
> then I rewrote it. An attached patch is temporary fix
> for xen-3.2.
> 
> I think this patch is enough for normal usage.
> Please see SDM Vol2 11.10.2.1.3 "Making PAL Procedure 
> Calls in Physical or Virtual Mode".
> If the caller has a responsibility of providing DTR or DTC
> mapping, xencomm for PAL might be unnecessary. 
> 
> I confirmed there is no problem in linux, windows 2003, 
> windows 2008 with this patch.
> 
> As for PV domain, the same logic can't be used due to 
> only one vTLB. This patch only checks that the buffer
> never point VMM address, that would avoid the vulnerability.

   Thanks for fixing this.  Applied.  Thanks,

        Alex

-- 
Alex Williamson                             HP Open Source & Linux Org.


_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.