* [PATCH] Out of bound check in bind_virq (trivial)
@ 2005-10-06 18:16 Grzegorz Milos
0 siblings, 0 replies; only message in thread
From: Grzegorz Milos @ 2005-10-06 18:16 UTC (permalink / raw)
To: xen-devel, Keir Fraser
[-- Attachment #1: Type: text/plain, Size: 170 bytes --]
Here is a trivial patch that adds a domain->vcpu array out of bound
check (without it I managed to take whole Xen down by trying to run a
buggy domain).
Cheers
Gregor
[-- Attachment #2: vcpu_bounds.patch --]
[-- Type: text/x-patch, Size: 740 bytes --]
# HG changeset patch
# User gmilos@localhost.localdomain
# Node ID 0c6432737d58f7276a3f60322123f3d967b23f91
# Parent 76a7a7aa27e40022fbfeacdd8d6ed9395e875894
Added missing array out of bound check for d->vcpu.
Signed-off-by: Grzegorz Milos <gm281@cam.ac.uk>
diff -r 76a7a7aa27e4 -r 0c6432737d58 xen/common/event_channel.c
--- a/xen/common/event_channel.c Thu Oct 6 16:02:38 2005
+++ b/xen/common/event_channel.c Thu Oct 6 18:08:04 2005
@@ -269,7 +269,8 @@
if ( virq >= ARRAY_SIZE(v->virq_to_evtchn) )
return -EINVAL;
- if ( (v = d->vcpu[bind->vcpu]) == NULL )
+ if ( bind->vcpu >= ARRAY_SIZE(d->vcpu) ||
+ (v = d->vcpu[bind->vcpu]) == NULL )
return -ENOENT;
spin_lock(&d->evtchn_lock);
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-10-06 18:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-06 18:16 [PATCH] Out of bound check in bind_virq (trivial) Grzegorz Milos
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.