From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Yang, Xiaowei" <xiaowei.yang@intel.com>
Subject: Re: [PATCH] Protect Xen against accessing NULL-pointer
	triggered by Xenoprof Hypercall in dom0
Date: Thu, 22 Jan 2009 08:50:25 +0800
Message-ID: <4977C2D1.2030005@intel.com>
References: <4976A436.7070704@intel.com>
	<EF547E542C520A4D858CFEF5B404D0533DC37A7C0A@GVW0673EXC.americas.hpqcorp.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <EF547E542C520A4D858CFEF5B404D0533DC37A7C0A@GVW0673EXC.americas.hpqcorp.net>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "Santos, Jose Renato G" <joserenato.santos@hp.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Santos, Jose Renato G wrote:
> Xiaowei,
> 
> Could you please clarify what is the NULL pointer problem that you want to prevent with this patch?
> Thanks
> 
Oh, let me put more details. For late coming CPUs that Xenoprof doesn't 
support yet, pointers cpu_type and model could be unassigned at init 
time and remains as NULL. However almost all Xenoprof internal functions 
doesn't check it before using. If the hyercall handler doesn't take care 
of it, dom0 could exploit it (e.g. XENOPROF_reserve_counters) to trigger 
Xen NULL-pointer access.

Thanks,
Xiaowei

> Renato
> 
>> -----Original Message-----
>> From: xen-devel-bounces@lists.xensource.com
>> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of
>> Yang, Xiaowei
>> Sent: Tuesday, January 20, 2009 8:28 PM
>> To: xen-devel@lists.xensource.com
>> Subject: [Xen-devel] [PATCH] Protect Xen against accessing
>> NULL-pointer triggered by Xenoprof Hypercall in dom0
>>
>> Xenoprof Hypercall in dom0 could trigger Xen accessing
>> NULL-pointer and results in fatal page fault. The patch prevents it.
>>
>> Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
>>
>> Thanks,
>> Xiaowei
>>
>>