[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 07/11] tmem: properly drop lock on error path in do_tmem_get()

To: "xen-devel" <xen-devel@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 05 Sep 2012 13:38:31 +0100
Cc: dan.magenheimer@xxxxxxxxxx, Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx>
Delivery-date: Wed, 05 Sep 2012 12:37:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Also remove a bogus assertion.

This is part of XSA-15 / CVE-2012-3497.

Reported-by: Tim Deegan <tim@xxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>

--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -1790,7 +1790,6 @@ static NOINLINE int do_tmem_get(pool_t *
             list_del(&pgp->us.client_eph_pages);
             
list_add_tail(&pgp->us.client_eph_pages,&client->ephemeral_page_list);
             tmem_spin_unlock(&eph_lists_spinlock);
-            ASSERT(obj != NULL);
             obj->last_client = tmh_get_cli_id_from_current();
         }
     }
@@ -1807,6 +1806,8 @@ static NOINLINE int do_tmem_get(pool_t *
     return 1;
 
 bad_copy:
+    obj->no_evict = 0;
+    tmem_spin_unlock(&obj->obj_spinlock);
     failed_copies++;
     return rc;
 }

Attachment: tmem-xsa-15-7.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: [Xen-devel] [PATCH 06/11] tmem: detect arithmetic overflow in tmh_copy_{from, to}_client()
Next by Date: [Xen-devel] [PATCH 08/11] tmem: properly drop lock on error path in do_tmem_op()
Previous by thread: [Xen-devel] [PATCH 06/11] tmem: detect arithmetic overflow in tmh_copy_{from, to}_client()
Next by thread: [Xen-devel] [PATCH 08/11] tmem: properly drop lock on error path in do_tmem_op()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.