[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE



commit 7679aeb444ed3bc4de0f473c16c47eab7d2f9d33
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Nov 20 17:43:39 2014 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Nov 20 17:43:39 2014 +0100

    x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
    
    Any domain which can pass the XSM check against a translated guest can 
cause a
    page reference to be leaked.
    
    While shuffling the order of checks, drop the quite-pointless MEM_LOG().  
This
    brings the check in line with similar checks in the vicinity.
    
    Discovered while reviewing the XSA-109/110 followup series.
    
    This is XSA-113.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Tim Deegan <tim@xxxxxxx>
---
 xen/arch/x86/mm.c |   13 ++++++-------
 1 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index d1e0346..c086755 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3635,6 +3635,12 @@ long do_mmu_update(
 
         case MMU_MACHPHYS_UPDATE:
 
+            if ( unlikely(paging_mode_translate(pg_owner)) )
+            {
+                rc = -EINVAL;
+                break;
+            }
+
             mfn = req.ptr >> PAGE_SHIFT;
             gpfn = req.val;
 
@@ -3654,13 +3660,6 @@ long do_mmu_update(
                 break;
             }
 
-            if ( unlikely(paging_mode_translate(pg_owner)) )
-            {
-                MEM_LOG("Mach-phys update on auto-translate guest");
-                rc = -EINVAL;
-                break;
-            }
-
             set_gpfn_from_mfn(mfn, gpfn);
 
             paging_mark_dirty(pg_owner, mfn);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.