[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] arm: kill a guest which uses hvc with an immediate operand != XEN_HYPERCALL_TAG

To: Stefano Stabellini <Stefano.Stabellini@xxxxxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Tue, 24 Jul 2012 11:39:54 +0100
Cc: "Tim \(Xen.org\)" <tim@xxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 24 Jul 2012 10:40:11 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2012-07-24 at 11:00 +0100, Stefano Stabellini wrote:
> On Mon, 23 Jul 2012, Ian Campbell wrote:
> > At best these guests are confused/broken and at worse they are malicious.
> > 
> > Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> > ---
> >  xen/arch/arm/traps.c |    6 +-----
> >  1 files changed, 1 insertions(+), 5 deletions(-)
> > 
> > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> > index 52ab943..50b62c0 100644
> > --- a/xen/arch/arm/traps.c
> > +++ b/xen/arch/arm/traps.c
> > @@ -472,11 +472,7 @@ static void do_trap_hypercall(struct cpu_user_regs 
> > *regs, unsigned long iss)
> >      arm_hypercall_fn_t call = NULL;
> >  
> >      if ( iss != XEN_HYPERCALL_TAG )
> > -    {
> > -        printk("%s %d: received an alien hypercall iss=%lx\n", __func__ ,
> > -                __LINE__ , iss);
> > -        regs->r0 = -EINVAL;
> > -    }
> > +        domain_crash_synchronous();
> >  
> >      if ( regs->r12 > ARRAY_SIZE(arm_hypercall_table) )
> >      {
> 
> Are we sure that this is actually necessary?
> I think that the old behaviour of returning -EINVAL is sufficient.

We have no idea what semantics a guest using a tag other than ours is
expecting from the hypercall. We don't even know if they are expecting
negative errno style errors at all.

Worst case you've just answered the question "how much disk shall I
erase" with 0xffffffea (or whatever EINVAL is).

Even if they were expecting -errno we don't know that their idea of
EINVAL is the same as ours (the actual numbers are not standard, only
the names). (and in any case ENOSYS would be the correct one to use).

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 0/2 V2] arm: hypercall continuations
  - From: Ian Campbell
- [Xen-devel] [PATCH 1/2] arm: implement hypercall continuations
  - From: Ian Campbell
- [Xen-devel] [PATCH 2/2] arm: kill a guest which uses hvc with an immediate operand != XEN_HYPERCALL_TAG
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 2/2] arm: kill a guest which uses hvc with an immediate operand != XEN_HYPERCALL_TAG
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] Xen 4 serial hangs during boot
Next by Date: Re: [Xen-devel] [PATCH] x86/EFI: define and use EFI_DIR make variable, defaulting to /usr/lib64/efi
Previous by thread: Re: [Xen-devel] [PATCH 2/2] arm: kill a guest which uses hvc with an immediate operand != XEN_HYPERCALL_TAG
Next by thread: Re: [Xen-devel] [PATCH 1/2] arm: implement hypercall continuations
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.