From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH] fix segfault in xl migrate --debug
Date: Wed, 26 Nov 2014 21:19:04 +0000
Message-ID: <547643C8.5000806@citrix.com>
References: <alpine.DEB.2.00.1411261906310.18561@procyon.dur.ac.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6197980008294630126=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <alpine.DEB.2.00.1411261906310.18561@procyon.dur.ac.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: M A Young <m.a.young@durham.ac.uk>, xen-devel@lists.xen.org
Cc: Ian Jackson <ian.jackson@eu.citrix.com>, Wei Liu <wei.liu2@citrix.com>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

This is a multi-part message in MIME format.
--===============6197980008294630126==
Content-Type: multipart/alternative;
 boundary="------------020307050008070504090507"

This is a multi-part message in MIME format.
--------------020307050008070504090507
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

On 26/11/2014 19:54, M A Young wrote:
> If differences are found during the verification phase of xl migrate
> --debug then it is likely to crash with a segfault because the bogus
> pagebuf->pfn_types[pfn] is used in a print statement instead of
> pfn_type[pfn] .
>
> Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
>
>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

> xl migrate --debug can segfault because pagebuf->pfn_types[pfn] is
> used in a print statement instead of pfn_type[pfn] 
>
> --- xen-4.5.0-rc1/tools/libxc/xc_domain_restore.c.orig	2014-10-24 15:22:40.000000000 +0100
> +++ xen-4.5.0-rc1/tools/libxc/xc_domain_restore.c	2014-11-25 21:01:16.604081467 +0000
> @@ -1404,7 +1404,7 @@
>                  int v;
>  
>                  DPRINTF("************** pfn=%lx type=%lx gotcs=%08lx "
> -                        "actualcs=%08lx\n", pfn, pagebuf->pfn_types[pfn],
> +                        "actualcs=%08lx\n", pfn, pfn_type[pfn],
>                          csum_page(region_base + i * PAGE_SIZE),
>                          csum_page(buf));
>  


--------------020307050008070504090507
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 26/11/2014 19:54, M A Young wrote:<br>
    </div>
    <blockquote
      cite="mid:alpine.DEB.2.00.1411261906310.18561@procyon.dur.ac.uk"
      type="cite">
      <div class="moz-text-flowed" style="font-family: -moz-fixed;
        font-size: 14px;" lang="x-western">If differences are found
        during the verification phase of xl migrate --debug then it is
        likely to crash with a segfault because the bogus
        <br>
        pagebuf-&gt;pfn_types[pfn] is used in a print statement instead
        of pfn_type[pfn] .
        <br>
        <br>
        Signed-off-by: Michael Young <a moz-do-not-send="true"
          class="moz-txt-link-rfc2396E"
          href="mailto:m.a.young@durham.ac.uk">&lt;m.a.young@durham.ac.uk&gt;</a><br>
      </div>
      <br>
      <br>
    </blockquote>
    <br>
    Reviewed-by: Andrew Cooper <a class="moz-txt-link-rfc2396E" href="mailto:andrew.cooper3@citrix.com">&lt;andrew.cooper3@citrix.com&gt;</a><br>
    <br>
    <blockquote
      cite="mid:alpine.DEB.2.00.1411261906310.18561@procyon.dur.ac.uk"
      type="cite">
      <div class="moz-text-plain" wrap="true" graphical-quote="true"
        style="font-family: -moz-fixed; font-size: 14px;"
        lang="x-western">
        <pre wrap="">xl migrate --debug can segfault because pagebuf-&gt;pfn_types[pfn] is
used in a print statement instead of pfn_type[pfn] 

--- xen-4.5.0-rc1/tools/libxc/xc_domain_restore.c.orig	2014-10-24 15:22:40.000000000 +0100
+++ xen-4.5.0-rc1/tools/libxc/xc_domain_restore.c	2014-11-25 21:01:16.604081467 +0000
@@ -1404,7 +1404,7 @@
                 int v;
 
                 DPRINTF("************** pfn=%lx type=%lx gotcs=%08lx "
-                        "actualcs=%08lx\n", pfn, pagebuf-&gt;pfn_types[pfn],
+                        "actualcs=%08lx\n", pfn, pfn_type[pfn],
                         csum_page(region_base + i * PAGE_SIZE),
                         csum_page(buf));
 
</pre>
      </div>
    </blockquote>
    <br>
  </body>
</html>

--------------020307050008070504090507--


--===============6197980008294630126==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============6197980008294630126==--