From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH 0/2] Xen/mem_event: Do not rely on the toolstack
	being bug-free
Date: Thu, 17 Jul 2014 14:10:35 +0100
Message-ID: <1405602637-8321-1-git-send-email-andrew.cooper3@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
List-Id: xen-devel@lists.xenproject.org

Xen performs insufficient validation of the contents of mem_event responses
from the toolstack.  As a result, a buggy toolstack could cause Xen to walk
off the end of a domain's vcpu list, and get out of sync with vcpu pause
reference counts.

These two fixes are compile tested only, as I have no way to plausibly test
the mem-event functionality itself.

Andrew Cooper (2):
  Xen/mem_event: Validate the response vcpu_id before acting on it.
  Xen/mem_event: Prevent underflow of vcpu pause counts

 xen/arch/x86/hvm/hvm.c          |    2 +-
 xen/arch/x86/mm/mem_event.c     |   14 ++++++++++++++
 xen/arch/x86/mm/mem_sharing.c   |   13 +++++++++++--
 xen/arch/x86/mm/p2m.c           |   26 ++++++++++++++++++++++----
 xen/include/asm-x86/mem_event.h |    3 +++
 xen/include/xen/sched.h         |    2 ++
 6 files changed, 53 insertions(+), 7 deletions(-)