[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] xen: Don't BUG_ON() PoD operations on a non-translated guest.

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: Xen patchbot-unstable <patchbot@xxxxxxx>
Date: Thu, 06 Sep 2012 14:11:08 +0000
Delivery-date: Thu, 06 Sep 2012 14:11:16 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
# Date 1346844543 -3600
# Node ID bcf58ef63b7c844fe431eb9e394fc1ea5dd437c4
# Parent  4f1c696482016e7ba76f222c5875618c37680286
xen: Don't BUG_ON() PoD operations on a non-translated guest.

This is XSA-14 / CVE-2012-3496

Signed-off-by: Tim Deegan <tim@xxxxxxx>
Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Tested-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---


diff -r 4f1c69648201 -r bcf58ef63b7c xen/arch/x86/mm/p2m-pod.c
--- a/xen/arch/x86/mm/p2m-pod.c Wed Sep 05 12:27:25 2012 +0100
+++ b/xen/arch/x86/mm/p2m-pod.c Wed Sep 05 12:29:03 2012 +0100
@@ -1117,7 +1117,8 @@ guest_physmap_mark_populate_on_demand(st
     mfn_t omfn;
     int rc = 0;
 
-    BUG_ON(!paging_mode_translate(d));
+    if ( !paging_mode_translate(d) )
+        return -EINVAL;
 
     rc = p2m_gfn_check_limit(d, gfn, order);
     if ( rc != 0 )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen-unstable] xen: prevent a 64 bit guest setting reserved bits in DR7
Next by Date: [Xen-changelog] [xen-unstable] xen/gnttab: Validate input to GNTTABOP_swap_grant_ref
Previous by thread: [Xen-changelog] [xen-unstable] xen: prevent a 64 bit guest setting reserved bits in DR7
Next by thread: [Xen-changelog] [xen-unstable] xen/gnttab: Validate input to GNTTABOP_swap_grant_ref
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.