[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-4.1-testing] x86/mm: Fix loop increment in paging_log_dirty_range()
# HG changeset patch # User Tim Deegan <tim@xxxxxxx> # Date 1358426606 -3600 # Node ID 0db8dfa1a378df5a3ec10485164b57e8b3b3e573 # Parent a064a93a1eadff8adc14b488c6beb4ccdc7931ae x86/mm: Fix loop increment in paging_log_dirty_range() In 23417:53ef1f35a0f8 (the fix for XSA-27 / CVE-2012-5511), the loop variable gets incremented twice, so the loop only clears every second page of the bitmap. This might cause the tools to think that pages are dirty when they are not. Reported-by: Steven Noonan <snoonan@xxxxxxxxxx> Reported-by: Matt Wilson <msw@xxxxxxxxxx> Signed-off-by: Tim Deegan <tim@xxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Committed-by: Jan Beulich <jbeulich@xxxxxxxx> --- diff -r a064a93a1ead -r 0db8dfa1a378 xen/arch/x86/mm/paging.c --- a/xen/arch/x86/mm/paging.c Thu Jan 17 12:22:48 2013 +0000 +++ b/xen/arch/x86/mm/paging.c Thu Jan 17 13:43:26 2013 +0100 @@ -534,7 +534,8 @@ int paging_log_dirty_range(struct domain size = ((nr + BITS_PER_LONG - 1) / BITS_PER_LONG) * sizeof (long); rv = 0; - for ( off = 0; !rv && off < size; off += sizeof zeroes ) + off = 0; + while ( !rv && off < size ) { int todo = min(size - off, (int) PAGE_SIZE); if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) ) _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |