|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [BUG] incorrect goto in gnttab_setup_table overdecrements the preemption counter
On Wed, Nov 29, 2017 at 3:32 PM, Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> wrote:
> On 29/11/17 14:23, Jann Horn wrote:
>> gnttab_setup_table() has the following code:
>>
>> =============================================
>> static long
>> gnttab_setup_table(
>> XEN_GUEST_HANDLE_PARAM(gnttab_setup_table_t) uop, unsigned int count)
>> {
>> struct gnttab_setup_table op;
>> struct domain *d;
>> struct grant_table *gt;
>> int i;
>> xen_pfn_t gmfn;
>>
>> [...]
>>
>> d = rcu_lock_domain_by_any_id(op.dom);
>> if ( d == NULL )
>> {
>> gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
>> op.status = GNTST_bad_domain;
>> goto out2;
>> }
>>
>> [...]
>> out2:
>> rcu_unlock_domain(d);
>> out1:
>> if ( unlikely(__copy_field_to_guest(uop, &op, status)) )
>> return -EFAULT;
>>
>> return 0;
>> }
>> =============================================
>> <snip>
>>
>> This results in the following crash in a debug build of Xen 4.9.1:
>
> Thanks for the report.
>
> This was fixed in master by
> http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=5e436e7a45082ea2cadc176c19e1df46c178448f
> but it looks like its not been backported to older releases.
Urgh. I guess I really ought to fuzz master, not releases.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |