[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity

To: "Dario Faggioli" <dario.faggioli@xxxxxxxxxx>, "George Dunlap" <george.dunlap@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 11 Dec 2013 11:33:48 +0000
Cc: Marcus Granado <Marcus.Granado@xxxxxxxxxxxxx>, Justin Weaver <jtweaver@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Li Yechen <lccycc123@xxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Juergen Gross <juergen.gross@xxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Elena Ufimtseva <ufimtseva@xxxxxxxxx>
Delivery-date: Wed, 11 Dec 2013 11:33:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 03.12.13 at 19:21, George Dunlap <george.dunlap@xxxxxxxxxxxxx> wrote:
> On 12/03/2013 10:06 AM, Jan Beulich wrote:
>>>>> On 03.12.13 at 11:02, "Jan Beulich" <JBeulich@xxxxxxxx> wrote:
>>>>>> On 02.12.13 at 19:29, Dario Faggioli <dario.faggioli@xxxxxxxxxx> wrote:
>>>> +                goto setvcpuaffinity_out;
>>>> +
>>>> +            /*
>>>> +             * We both set a new affinity and report back to the caller 
> what
>>>> +             * the scheduler will be effectively using.
>>>> +             */
>>>> +            if ( vcpuaff->flags & XEN_VCPUAFFINITY_HARD )
>>>> +            {
>>>> +                ret = xenctl_bitmap_to_bitmap(cpumask_bits(new_affinity),
>>>> +                                              &vcpuaff->cpumap_hard,
>>>> +                                              
>>>> vcpuaff->cpumap_hard.nr_bits);
>>>
>>> There's no code above range checking vcpuaff->cpumap_hard.nr_bits,
>>> yet xenctl_bitmap_to_bitmap() uses the passed in value to write into
>>> the array pointed to by the first argument. Why is this not
>>> xenctl_bitmap_to_cpumask() in the first place?
>>
>> And just to make it explicit - with fundamental flaws like this, I'm
>> not certain anymore whether we really ought to rush this series
>> in for 4.4.
> 
> I'm certainly getting nervous about the prospect.  However, the above 
> bug would only be triggered by bad input from domain 0, right? I suppose 
> even that would be a potential security issue in a highly disaggregated 
> environment.
> 
> Other bugs in this patch would be similar.  This path is taken on domain 
> creation IIUC; so bugs in this particular patch would probably either be 
> unexpected behavior of the affinities, or failure to handle unusual 
> input from a trusted source (domain 0).

Now that XSA-77 went out, I can properly respond to this: With
disaggregation (as said above), the problem isn't limited to Dom0.
While XSA-77 declares all such issues non-security ones for the
time being, we should strive to avoid introducing new similar issues.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v5 00/17] Implement vcpu soft affinity for credit1
  - From: Dario Faggioli
- [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
  - From: Dario Faggioli
- Re: [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] About booting Xen with UEFI on FastModel
Next by Date: Re: [Xen-devel] pvgrub2 is merged
Previous by thread: Re: [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
Next by thread: Re: [Xen-devel] [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.