ia64/xen-unstable

changeset 19065:033945166a3a

xenoprof: dom0 hypercall could trigger Xen NULL-pointer access

Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Jan 21 11:58:01 2009 +0000 (2009-01-21)
parents a0dddcbd9e32
children af1d9af1a993
files xen/common/xenoprof.c xen/include/xen/xenoprof.h
line diff
     1.1 --- a/xen/common/xenoprof.c	Tue Jan 20 16:41:29 2009 +0000
     1.2 +++ b/xen/common/xenoprof.c	Wed Jan 21 11:58:01 2009 +0000
     1.3 @@ -681,6 +681,8 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
     1.4      {
     1.5      case XENOPROF_init:
     1.6          ret = xenoprof_op_init(arg);
     1.7 +        if ( !ret )
     1.8 +            xenoprof_state = XENOPROF_INITIALIZED;
     1.9          break;
    1.10  
    1.11      case XENOPROF_get_buffer:
    1.12 @@ -693,21 +695,19 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
    1.13          break;
    1.14  
    1.15      case XENOPROF_reset_active_list:
    1.16 -    {
    1.17          reset_active_list();
    1.18          ret = 0;
    1.19          break;
    1.20 -    }
    1.21 +
    1.22      case XENOPROF_reset_passive_list:
    1.23 -    {
    1.24          reset_passive_list();
    1.25          ret = 0;
    1.26          break;
    1.27 -    }
    1.28 +
    1.29      case XENOPROF_set_active:
    1.30      {
    1.31          domid_t domid;
    1.32 -        if ( xenoprof_state != XENOPROF_IDLE )
    1.33 +        if ( xenoprof_state != XENOPROF_INITIALIZED )
    1.34          {
    1.35              ret = -EPERM;
    1.36              break;
    1.37 @@ -720,18 +720,18 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
    1.38          ret = add_active_list(domid);
    1.39          break;
    1.40      }
    1.41 +
    1.42      case XENOPROF_set_passive:
    1.43 -    {
    1.44 -        if ( xenoprof_state != XENOPROF_IDLE )
    1.45 +        if ( xenoprof_state != XENOPROF_INITIALIZED )
    1.46          {
    1.47              ret = -EPERM;
    1.48              break;
    1.49          }
    1.50          ret = add_passive_list(arg);
    1.51          break;
    1.52 -    }
    1.53 +
    1.54      case XENOPROF_reserve_counters:
    1.55 -        if ( xenoprof_state != XENOPROF_IDLE )
    1.56 +        if ( xenoprof_state != XENOPROF_INITIALIZED )
    1.57          {
    1.58              ret = -EPERM;
    1.59              break;
    1.60 @@ -748,7 +748,6 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
    1.61              ret = -EPERM;
    1.62              break;
    1.63          }
    1.64 -
    1.65          ret = xenoprof_arch_counter(arg);
    1.66          break;
    1.67  
    1.68 @@ -766,8 +765,14 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
    1.69      case XENOPROF_enable_virq:
    1.70      {
    1.71          int i;
    1.72 +
    1.73          if ( current->domain == xenoprof_primary_profiler )
    1.74          {
    1.75 +            if ( xenoprof_state != XENOPROF_READY )
    1.76 +            {
    1.77 +                ret = -EPERM;
    1.78 +                break;
    1.79 +            }
    1.80              xenoprof_arch_enable_virq();
    1.81              xenoprof_reset_stat();
    1.82              for ( i = 0; i < pdomains; i++ )
    1.83 @@ -835,7 +840,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
    1.84          if ( (xenoprof_state == XENOPROF_COUNTERS_RESERVED) ||
    1.85               (xenoprof_state == XENOPROF_READY) )
    1.86          {
    1.87 -            xenoprof_state = XENOPROF_IDLE;
    1.88 +            xenoprof_state = XENOPROF_INITIALIZED;
    1.89              xenoprof_arch_release_counters();
    1.90              xenoprof_arch_disable_virq();
    1.91              reset_passive_list();
    1.92 @@ -845,7 +850,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
    1.93  
    1.94      case XENOPROF_shutdown:
    1.95          ret = -EPERM;
    1.96 -        if ( xenoprof_state == XENOPROF_IDLE )
    1.97 +        if ( xenoprof_state == XENOPROF_INITIALIZED )
    1.98          {
    1.99              activated = 0;
   1.100              adomains=0;
     2.1 --- a/xen/include/xen/xenoprof.h	Tue Jan 20 16:41:29 2009 +0000
     2.2 +++ b/xen/include/xen/xenoprof.h	Wed Jan 21 11:58:01 2009 +0000
     2.3 @@ -19,9 +19,10 @@
     2.4  #define XENOPROF_DOMAIN_PASSIVE    2
     2.5  
     2.6  #define XENOPROF_IDLE              0
     2.7 -#define XENOPROF_COUNTERS_RESERVED 1
     2.8 -#define XENOPROF_READY             2
     2.9 -#define XENOPROF_PROFILING         3
    2.10 +#define XENOPROF_INITIALIZED       1
    2.11 +#define XENOPROF_COUNTERS_RESERVED 2
    2.12 +#define XENOPROF_READY             3
    2.13 +#define XENOPROF_PROFILING         4
    2.14  
    2.15  #ifndef CONFIG_COMPAT
    2.16  typedef struct xenoprof_buf xenoprof_buf_t;