|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-4.1-testing] xen: only check for shared pages while any exist on teardown
# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1344523662 -3600
# Node ID 859205b36fe990b9767b6bdc90dd4b4f5a6591f2
# Parent f8f8912b3de00ba4451894c29419ca95e13af38e
xen: only check for shared pages while any exist on teardown
Avoids worst case behavour when guest has a large p2m.
This is XSA-11 / CVE-2012-3433
Signed-off-by: Tim Deegan <tim@xxxxxxx>
Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Tested-by: Olaf Hering <olaf@xxxxxxxxx>
Committed-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---
diff -r f8f8912b3de0 -r 859205b36fe9 xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c Fri Aug 03 10:43:24 2012 +0100
+++ b/xen/arch/x86/mm/p2m.c Thu Aug 09 15:47:42 2012 +0100
@@ -2044,6 +2044,8 @@ void p2m_teardown(struct p2m_domain *p2m
#ifdef __x86_64__
for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )
{
+ if ( atomic_read(&d->shr_pages) == 0 )
+ break;
mfn = p2m->get_entry(p2m, gfn, &t, &a, p2m_query);
if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
BUG_ON(mem_sharing_unshare_page(p2m, gfn,
MEM_SHARING_DESTROY_GFN));
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |