xenoprof: dom0 hypercall could trigger Xen NULL-pointer access

Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
author: Keir Fraser <keir.fraser@citrix.com> 2009-01-21 11:58:01 +0000
committer: Keir Fraser <keir.fraser@citrix.com> 2009-01-21 11:58:01 +0000
commit: 137e278117d2c8b884077e1507c8d5f634c98441 (patch)
tree: be6ea5fc0762c802ec32e847dd13964a43b65fc1 /xen/common/xenoprof.c
parent: 1152b4f1389d8ed4b39ec0e0967ba49fc284f1dc (diff)
download: xen-137e278117d2c8b884077e1507c8d5f634c98441.tar.gz
xen-137e278117d2c8b884077e1507c8d5f634c98441.tar.bz2
xen-137e278117d2c8b884077e1507c8d5f634c98441.zip
1 files changed, 17 insertions, 12 deletions
diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index 116a4622db..a7960313ef 100644
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -681,6 +681,8 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
     {
     case XENOPROF_init:
         ret = xenoprof_op_init(arg);
+        if ( !ret )
+            xenoprof_state = XENOPROF_INITIALIZED;
         break;
 
     case XENOPROF_get_buffer:
@@ -693,21 +695,19 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
         break;
 
     case XENOPROF_reset_active_list:
-    {
         reset_active_list();
         ret = 0;
         break;
-    }
+
     case XENOPROF_reset_passive_list:
-    {
         reset_passive_list();
         ret = 0;
         break;
-    }
+
     case XENOPROF_set_active:
     {
         domid_t domid;
-        if ( xenoprof_state != XENOPROF_IDLE )
+        if ( xenoprof_state != XENOPROF_INITIALIZED )
         {
             ret = -EPERM;
             break;
@@ -720,18 +720,18 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
         ret = add_active_list(domid);
         break;
     }
+
     case XENOPROF_set_passive:
-    {
-        if ( xenoprof_state != XENOPROF_IDLE )
+        if ( xenoprof_state != XENOPROF_INITIALIZED )
         {
             ret = -EPERM;
             break;
         }
         ret = add_passive_list(arg);
         break;
-    }
+
     case XENOPROF_reserve_counters:
-        if ( xenoprof_state != XENOPROF_IDLE )
+        if ( xenoprof_state != XENOPROF_INITIALIZED )
         {
             ret = -EPERM;
             break;
@@ -748,7 +748,6 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
             ret = -EPERM;
             break;
         }
-
         ret = xenoprof_arch_counter(arg);
         break;
 
@@ -766,8 +765,14 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
     case XENOPROF_enable_virq:
     {
         int i;
+
         if ( current->domain == xenoprof_primary_profiler )
         {
+            if ( xenoprof_state != XENOPROF_READY )
+            {
+                ret = -EPERM;
+                break;
+            }
             xenoprof_arch_enable_virq();
             xenoprof_reset_stat();
             for ( i = 0; i < pdomains; i++ )
@@ -835,7 +840,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
         if ( (xenoprof_state == XENOPROF_COUNTERS_RESERVED) ||
              (xenoprof_state == XENOPROF_READY) )
         {
-            xenoprof_state = XENOPROF_IDLE;
+            xenoprof_state = XENOPROF_INITIALIZED;
             xenoprof_arch_release_counters();
             xenoprof_arch_disable_virq();
             reset_passive_list();
@@ -845,7 +850,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HANDLE(void) arg)
 
     case XENOPROF_shutdown:
         ret = -EPERM;
-        if ( xenoprof_state == XENOPROF_IDLE )
+        if ( xenoprof_state == XENOPROF_INITIALIZED )
         {
             activated = 0;
             adomains=0;
author	Keir Fraser <keir.fraser@citrix.com>	2009-01-21 11:58:01 +0000
committer	Keir Fraser <keir.fraser@citrix.com>	2009-01-21 11:58:01 +0000
commit	137e278117d2c8b884077e1507c8d5f634c98441 (patch)
tree	be6ea5fc0762c802ec32e847dd13964a43b65fc1 /xen/common/xenoprof.c
parent	1152b4f1389d8ed4b39ec0e0967ba49fc284f1dc (diff)
download	xen-137e278117d2c8b884077e1507c8d5f634c98441.tar.gz xen-137e278117d2c8b884077e1507c8d5f634c98441.tar.bz2 xen-137e278117d2c8b884077e1507c8d5f634c98441.zip