[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-4.1-testing] x86/mm: Fix loop increment in paging_log_dirty_range()


  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-4.1-testing <patchbot@xxxxxxx>
  • Date: Fri, 18 Jan 2013 16:11:09 +0000
  • Delivery-date: Fri, 18 Jan 2013 16:11:16 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Tim Deegan <tim@xxxxxxx>
# Date 1358426606 -3600
# Node ID 0db8dfa1a378df5a3ec10485164b57e8b3b3e573
# Parent  a064a93a1eadff8adc14b488c6beb4ccdc7931ae
x86/mm: Fix loop increment in paging_log_dirty_range()

In 23417:53ef1f35a0f8 (the fix for XSA-27 / CVE-2012-5511), the
loop variable gets incremented twice, so the loop only clears every
second page of the bitmap.  This might cause the tools to think that
pages are dirty when they are not.

Reported-by: Steven Noonan <snoonan@xxxxxxxxxx>
Reported-by: Matt Wilson <msw@xxxxxxxxxx>
Signed-off-by: Tim Deegan <tim@xxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>
---


diff -r a064a93a1ead -r 0db8dfa1a378 xen/arch/x86/mm/paging.c
--- a/xen/arch/x86/mm/paging.c  Thu Jan 17 12:22:48 2013 +0000
+++ b/xen/arch/x86/mm/paging.c  Thu Jan 17 13:43:26 2013 +0100
@@ -534,7 +534,8 @@ int paging_log_dirty_range(struct domain
 
         size = ((nr + BITS_PER_LONG - 1) / BITS_PER_LONG) * sizeof (long);
         rv = 0;
-        for ( off = 0; !rv && off < size; off += sizeof zeroes )
+        off = 0;
+        while ( !rv && off < size )
         {
             int todo = min(size - off, (int) PAGE_SIZE);
             if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.