xcp-1.6-updates/xen-4.1.hg

changeset 23332:859205b36fe9

xen: only check for shared pages while any exist on teardown

Avoids worst case behavour when guest has a large p2m.

This is XSA-11 / CVE-2012-3433

Signed-off-by: Tim Deegan <tim@xen.org>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
author Ian Campbell <ian.campbell@citrix.com>
date Thu Aug 09 15:47:42 2012 +0100 (2012-08-09)
parents f8f8912b3de0
children 985fb467d180
files xen/arch/x86/mm/p2m.c
line diff
     1.1 --- a/xen/arch/x86/mm/p2m.c	Fri Aug 03 10:43:24 2012 +0100
     1.2 +++ b/xen/arch/x86/mm/p2m.c	Thu Aug 09 15:47:42 2012 +0100
     1.3 @@ -2044,6 +2044,8 @@ void p2m_teardown(struct p2m_domain *p2m
     1.4  #ifdef __x86_64__
     1.5      for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )
     1.6      {
     1.7 +        if ( atomic_read(&d->shr_pages) == 0 )
     1.8 +            break;
     1.9          mfn = p2m->get_entry(p2m, gfn, &t, &a, p2m_query);
    1.10          if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
    1.11              BUG_ON(mem_sharing_unshare_page(p2m, gfn, MEM_SHARING_DESTROY_GFN));