|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 4.1-testing] x86/mm: Fix loop increment in paging_log_dirty_range()
On Thu, 2013-01-17 at 11:30 +0000, Tim Deegan wrote:
> # HG changeset patch
> # User Tim Deegan <tim@xxxxxxx>
> # Date 1358421452 0
> # Node ID 04368044ca5fb9800bfdacf14e883d39cad5c8a6
> # Parent 8fe0e86c2ac27e22121aa9c70ddf5eacbb3051d0
> x86/mm: Fix loop increment in paging_log_dirty_range()
>
> In 23417:53ef1f35a0f8 (the fix for XSA-27 / CVE-2012-5511), the
> loop variable gets incremented twice, so the loop only clears every
> second page of the bitmap. This might cause the tools to think that
> pages are dirty when they are not.
>
> Reported-by: Steven Noonan <snoonan@xxxxxxxxxx>
> Reported-by: Matt Wilson <msw@xxxxxxxxxx>
> Signed-off-by: Tim Deegan <tim@xxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> diff -r 8fe0e86c2ac2 -r 04368044ca5f xen/arch/x86/mm/paging.c
> --- a/xen/arch/x86/mm/paging.c Wed Jan 16 14:15:12 2013 +0000
> +++ b/xen/arch/x86/mm/paging.c Thu Jan 17 11:17:32 2013 +0000
> @@ -534,7 +534,8 @@ int paging_log_dirty_range(struct domain
>
> size = ((nr + BITS_PER_LONG - 1) / BITS_PER_LONG) * sizeof (long);
> rv = 0;
> - for ( off = 0; !rv && off < size; off += sizeof zeroes )
> + off = 0;
> + while ( !rv && off < size )
> {
> int todo = min(size - off, (int) PAGE_SIZE);
> if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) )
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |