From: Mukesh Rathor <mukesh.rathor@oracle.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Keir Fraser <keir@xen.org>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
Don Slutz <dslutz@verizon.com>,
xen-devel@lists.xen.org, Jan Beulich <jbeulich@suse.com>
Subject: Re: [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path.
Date: Tue, 7 Jan 2014 18:44:20 -0800 [thread overview]
Message-ID: <20140107184420.60bbdd33@mantra.us.oracle.com> (raw)
In-Reply-To: <52CCB840.80207@citrix.com>
On Wed, 8 Jan 2014 02:30:24 +0000
Andrew Cooper <andrew.cooper3@citrix.com> wrote:
> On 08/01/2014 01:44, Mukesh Rathor wrote:
> > On Wed, 8 Jan 2014 00:55:32 +0000
> > Andrew Cooper <andrew.cooper3@citrix.com> wrote:
> >
> >> On 08/01/2014 00:25, Don Slutz wrote:
> >>> Using a 1G hvm domU (in grub) and gdbsx:
> >>>
> > .....
> >
> >> Ian (with RM hat on):
> >> This is a hypervisor reference counting error on a toolstack
> >> hypercall path. Irrespective of any of the other patches in this
> >> series, I think this should be included ASAP (although probably
> >> subject to review from a third person), which will fix the
> >> hypervisor crashes from gdbsx usage.
> > I remember long ago mentioning to our packaing team to make gdbsx
> > root executible only.
> >
> > What would be a good place to document that gdbsx should be removed
> > from production systems, and/or be made root executible only?
> >
> > thanks
> > mukesh
> >
> >
>
> [root@idol ~]# ls -la /dev/xen/privcmd
> crw-rw---- 1 root root 10, 57 Jan 7 11:48 /dev/xen/privcmd
>
> As currently stands (Linux 3.10), only root can open privcmd and issue
> ioctls, so a non-root gdbsx process would presumably not function at
> all. I am not sure that any documentation needs updating.
Ah, right. I remember now... thats much better. At least, currently its
not compromised with anyone able to run it.
thanks
Mukesh
next prev parent reply other threads:[~2014-01-08 2:44 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-08 0:25 [BUGFIX][PATCH v2 0/5] gdbsx: fix 3 bugs Don Slutz
2014-01-08 0:25 ` [PATCH v2 1/5] Add Emacs local variables to source files Don Slutz
2014-01-08 1:16 ` Mukesh Rathor
2014-01-08 1:27 ` Andrew Cooper
2014-01-08 9:51 ` Ian Campbell
2014-01-08 15:58 ` Ian Campbell
2014-01-08 0:25 ` [BUGFIX][PATCH v2 2/5] dbg_rw_guest_mem: need to call put_gfn in error path Don Slutz
2014-01-08 0:55 ` Andrew Cooper
2014-01-08 1:06 ` Don Slutz
2014-01-08 1:15 ` Andrew Cooper
2014-01-08 1:14 ` Mukesh Rathor
2014-01-08 1:44 ` Mukesh Rathor
2014-01-08 2:30 ` Andrew Cooper
2014-01-08 2:44 ` Mukesh Rathor [this message]
2014-01-08 10:40 ` Ian Campbell
2014-01-08 14:01 ` Don Slutz
2014-01-08 8:36 ` Jan Beulich
2014-01-08 13:48 ` Don Slutz
2014-01-08 0:25 ` [PATCH v2 3/5] dbg_rw_guest_mem: Conditionally enable debug log output Don Slutz
2014-01-08 1:38 ` Mukesh Rathor
2014-01-08 10:38 ` Ian Campbell
2014-01-08 14:28 ` Don Slutz
2014-01-08 16:47 ` Ian Campbell
2014-01-08 17:04 ` Tim Deegan
2014-01-08 17:44 ` Ian Campbell
2014-01-08 18:10 ` Tim Deegan
2014-01-09 8:41 ` Ian Campbell
2014-01-09 10:32 ` Tim Deegan
2014-01-09 0:38 ` Mukesh Rathor
2014-01-09 9:59 ` Ian Campbell
2014-01-09 16:08 ` Don Slutz
2014-01-09 16:30 ` Jan Beulich
2014-01-09 17:56 ` Don Slutz
2014-01-10 17:13 ` Ian Campbell
2014-01-10 21:15 ` Don Slutz
2014-01-10 22:08 ` [PATCH v3 " Don Slutz
2014-01-10 1:54 ` [PATCH v2 " Mukesh Rathor
2014-01-08 0:25 ` [BUGFIX][PATCH v2 4/5] xg_read_mem: Report on error Don Slutz
2014-01-08 1:16 ` Mukesh Rathor
2014-01-08 0:25 ` [BUGFIX][PATCH v2 5/5] xg_main: If XEN_DOMCTL_gdbsx_guestmemio fails then force error Don Slutz
2014-01-08 1:11 ` Mukesh Rathor
2014-01-08 10:35 ` Ian Campbell
2014-01-08 14:39 ` Don Slutz
2014-01-08 8:28 ` [BUGFIX][PATCH v2 0/5] gdbsx: fix 3 bugs Jan Beulich
2014-01-08 14:43 ` Don Slutz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140107184420.60bbdd33@mantra.us.oracle.com \
--to=mukesh.rathor@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=dslutz@verizon.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.