[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86/PoD: handle intermediate page orders in p2m_pod_cache_add()
commit 8ec13f68e0b026863d23e7f44f252d06478bc809 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Mon Nov 22 11:11:44 2021 +0000 Commit: Ian Jackson <iwj@xxxxxxxxxxxxxx> CommitDate: Mon Nov 22 12:27:30 2021 +0000 x86/PoD: handle intermediate page orders in p2m_pod_cache_add() p2m_pod_decrease_reservation() may pass pages to the function which aren't 4k, 2M, or 1G. Handle all intermediate orders as well, to avoid hitting the BUG() at the switch() statement's "default" case. This is CVE-2021-28708 / part of XSA-388. Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges") Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- xen/arch/x86/mm/p2m-pod.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 20e6327b75..d8d1a0ce7e 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -113,15 +113,13 @@ p2m_pod_cache_add(struct p2m_domain *p2m, /* Then add to the appropriate populate-on-demand list. */ switch ( order ) { - case PAGE_ORDER_1G: - for ( i = 0; i < (1UL << PAGE_ORDER_1G); i += 1UL << PAGE_ORDER_2M ) + case PAGE_ORDER_2M ... PAGE_ORDER_1G: + for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_2M ) page_list_add_tail(page + i, &p2m->pod.super); break; - case PAGE_ORDER_2M: - page_list_add_tail(page, &p2m->pod.super); - break; - case PAGE_ORDER_4K: - page_list_add_tail(page, &p2m->pod.single); + case PAGE_ORDER_4K ... PAGE_ORDER_2M - 1: + for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_4K ) + page_list_add_tail(page + i, &p2m->pod.single); break; default: BUG(); -- generated by git-patchbot for /home/xen/git/xen.git#master
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |