|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: [PATCH] Xen: fix various checks of unsigned integers < 0
On 10/29/2010 05:38 PM, Dan Magenheimer wrote: Wow, I wonder how many times this code has executed and returned the wrong (incorrectly sign-extended) value? Probably never---which doesn't make the fix worthless, but is still never. :) The emulator is mostly used for real mode and MMIO, but this is long-mode code (which rules out real mode) and the CQO instruction doesn't access memory (which rules out MMIO). To trigger the bug you probably have to cause a race between a thread doing MMIO and a thread replacing the MMIO instruction with a CQO. It can be done fairly reliably on KVM; until they were patched, this trick allowed to exploit emulator bugs and go from guest-ring3 to guest-ring0. Paolo _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |