diff options
| author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-28 15:31:56 +0100 |
|---|---|---|
| committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-28 15:31:56 +0100 |
| commit | ac1e3a08a8540fdae32b606d20a0fb688c19927f (patch) | |
| tree | a47b1bb967527bb5ffe7897ac6df41a51a85fdf9 /tools/flask/libflask | |
| parent | 22f26745426b82b629f76da9315332b921db9d84 (diff) | |
| download | xen-ac1e3a08a8540fdae32b606d20a0fb688c19927f.tar.gz xen-ac1e3a08a8540fdae32b606d20a0fb688c19927f.tar.bz2 xen-ac1e3a08a8540fdae32b606d20a0fb688c19927f.zip | |
[xen, xencomm] fix various xencomm invalid racy access.
- Xencomm should check struct xencomm_desc alignment.
- Xencomm should check whether struct xencomm_desc itself (8 bytes)
doesn't cross page boundary. Otherwise a hostile guest kernel can
pass such a pointer that may across page boundary. Then xencomm
accesses an unrelated page.
- Xencomm shouldn't access struct xencomm_desc::nr_addrs multiple
times. Copy it to local area and use the copy.
Otherwise a hostile guest can modify at the same time.
- Xencomm should check whether struct xencomm_desc::address[] array
crosses page boundary. Otherwise xencomm may access unrelated pages.
- Xencomm should get_page()/put_page() after address conversion from
paddr to maddr because xen supports SMP and balloon driver.
Otherwise another vcpu may free the page at the same time.
Such a domain behaviour doesn't make sense, however nothing prevents
it.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Diffstat (limited to 'tools/flask/libflask')
0 files changed, 0 insertions, 0 deletions