|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.1] page-alloc: scrub pages used by hypervisor upon freeing
commit 8995a94f8f88b174dabd1289d1d54c1dcfe7c78d
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Jun 17 16:17:30 2014 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jun 17 16:17:30 2014 +0200
page-alloc: scrub pages used by hypervisor upon freeing
... unless they're part of a fully separate pool (and hence can't ever
be used for guest allocations).
This is CVE-2014-4021 / XSA-100.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
master commit: 4bd78937ec324bcef4e29ef951e0ff9815770de1
master date: 2014-06-17 15:21:10 +0200
---
xen/common/page_alloc.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index f0de320..cf6b1bb 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -1123,7 +1123,10 @@ void free_xenheap_pages(void *v, unsigned int order)
pg = virt_to_page(v);
for ( i = 0; i < (1u << order); i++ )
+ {
+ scrub_one_page(&pg[i]);
pg[i].count_info &= ~PGC_xen_heap;
+ }
free_heap_pages(pg, order);
}
@@ -1290,6 +1293,8 @@ void free_domheap_pages(struct page_info *pg, unsigned
int order)
else
{
/* Freeing anonymous domain-heap pages. */
+ for ( i = 0; i < (1 << order); i++ )
+ scrub_one_page(&pg[i]);
free_heap_pages(pg, order);
drop_dom_ref = 0;
}
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.1
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |