[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-4.2-testing] x86: get_page_from_gfn() must return NULL for invalid GFNs

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: Xen patchbot-4.2-testing <patchbot@xxxxxxx>
Date: Wed, 05 Dec 2012 08:00:32 +0000
Delivery-date: Wed, 05 Dec 2012 08:00:42 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Jan Beulich <jbeulich@xxxxxxxx>
# Date 1354644179 0
# Node ID b306bce613413c772af7a7660c9fd44d347b5ee2
# Parent  2c3f00c5189b9269f9840be93d03f058c8994f6e
x86: get_page_from_gfn() must return NULL for invalid GFNs

... also in the non-translated case.

This is XSA-32 / CVE-2012-xxxx.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Tim Deegan <tim@xxxxxxx>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
---


diff -r 2c3f00c5189b -r b306bce61341 xen/include/asm-x86/p2m.h
--- a/xen/include/asm-x86/p2m.h Tue Dec 04 18:02:52 2012 +0000
+++ b/xen/include/asm-x86/p2m.h Tue Dec 04 18:02:59 2012 +0000
@@ -400,7 +400,7 @@ static inline struct page_info *get_page
     if (t)
         *t = p2m_ram_rw;
     page = __mfn_to_page(gfn);
-    return get_page(page, d) ? page : NULL;
+    return mfn_valid(gfn) && get_page(page, d) ? page : NULL;
 }
 
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen-4.2-testing] memop: limit guest specified extent order
Next by Date: [Xen-changelog] [xen-4.2-testing] gnttab: fix releasing of memory upon switches between versions
Previous by thread: [Xen-changelog] [xen-4.2-testing] memop: limit guest specified extent order
Next by thread: [Xen-changelog] [xen-4.2-testing] gnttab: fix releasing of memory upon switches between versions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.