|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0
Xenoprof Hypercall in dom0 could trigger Xen accessing NULL-pointer and results in fatal page fault. The patch prevents it. Signed-off-by: Xiaowei Yang <xiaowei.yang@xxxxxxxxx> Thanks, Xiaowei diff -r 4f6a2bbdff3f xen/common/xenoprof.c
--- a/xen/common/xenoprof.c Tue Jan 13 15:53:47 2009 +0000
+++ b/xen/common/xenoprof.c Tue Jan 13 22:45:27 2009 +0800
@@ -681,6 +681,8 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
{
case XENOPROF_init:
ret = xenoprof_op_init(arg);
+ if ( !ret )
+ xenoprof_state = XENOPROF_INITIALIZED;
break;
case XENOPROF_get_buffer:
@@ -693,21 +695,19 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
break;
case XENOPROF_reset_active_list:
- {
reset_active_list();
ret = 0;
break;
- }
+
case XENOPROF_reset_passive_list:
- {
reset_passive_list();
ret = 0;
break;
- }
+
case XENOPROF_set_active:
{
domid_t domid;
- if ( xenoprof_state != XENOPROF_IDLE )
+ if ( xenoprof_state != XENOPROF_INITIALIZED )
{
ret = -EPERM;
break;
@@ -720,18 +720,18 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
ret = add_active_list(domid);
break;
}
+
case XENOPROF_set_passive:
- {
- if ( xenoprof_state != XENOPROF_IDLE )
+ if ( xenoprof_state != XENOPROF_INITIALIZED )
{
ret = -EPERM;
break;
}
ret = add_passive_list(arg);
break;
- }
+
case XENOPROF_reserve_counters:
- if ( xenoprof_state != XENOPROF_IDLE )
+ if ( xenoprof_state != XENOPROF_INITIALIZED )
{
ret = -EPERM;
break;
@@ -748,7 +748,6 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
ret = -EPERM;
break;
}
-
ret = xenoprof_arch_counter(arg);
break;
@@ -766,8 +765,14 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
case XENOPROF_enable_virq:
{
int i;
+
if ( current->domain == xenoprof_primary_profiler )
{
+ if ( xenoprof_state != XENOPROF_READY )
+ {
+ ret = -EPERM;
+ break;
+ }
xenoprof_arch_enable_virq();
xenoprof_reset_stat();
for ( i = 0; i < pdomains; i++ )
@@ -835,7 +840,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
if ( (xenoprof_state == XENOPROF_COUNTERS_RESERVED) ||
(xenoprof_state == XENOPROF_READY) )
{
- xenoprof_state = XENOPROF_IDLE;
+ xenoprof_state = XENOPROF_INITIALIZED;
xenoprof_arch_release_counters();
xenoprof_arch_disable_virq();
reset_passive_list();
@@ -845,7 +850,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
case XENOPROF_shutdown:
ret = -EPERM;
- if ( xenoprof_state == XENOPROF_IDLE )
+ if ( xenoprof_state == XENOPROF_INITIALIZED )
{
activated = 0;
adomains=0;
diff -r 4f6a2bbdff3f xen/include/xen/xenoprof.h
--- a/xen/include/xen/xenoprof.h Tue Jan 13 15:53:47 2009 +0000
+++ b/xen/include/xen/xenoprof.h Tue Jan 13 22:45:27 2009 +0800
@@ -19,9 +19,10 @@
#define XENOPROF_DOMAIN_PASSIVE 2
#define XENOPROF_IDLE 0
-#define XENOPROF_COUNTERS_RESERVED 1
-#define XENOPROF_READY 2
-#define XENOPROF_PROFILING 3
+#define XENOPROF_INITIALIZED 1
+#define XENOPROF_COUNTERS_RESERVED 2
+#define XENOPROF_READY 3
+#define XENOPROF_PROFILING 4
#ifndef CONFIG_COMPAT
typedef struct xenoprof_buf xenoprof_buf_t;
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |