# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1343123777 -3600
# Node ID 83c979b30c9057dceb0a0bd2b6c19ab64616eb43
# Parent  3ce155e77f39d0c3cc787c1cc3d6bab1ef45a1dc
xen: only check for shared pages while any exist on teardown

Avoids worst case behavour when guest has a large p2m.

This is XSA-11 / CVE-2012-nnn

Signed-off-by: Tim Deegan <tim@xen.org>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Olaf Hering <olaf@aepfle.de>

diff -r 3ce155e77f39 -r 83c979b30c90 xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c	Mon Jul 09 10:30:44 2012 +0100
+++ b/xen/arch/x86/mm/p2m.c	Tue Jul 24 10:56:17 2012 +0100
@@ -2044,6 +2044,8 @@ void p2m_teardown(struct p2m_domain *p2m
 #ifdef __x86_64__
     for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )
     {
+        if ( atomic_read(&d->shr_pages) == 0 )
+            break;
         mfn = p2m->get_entry(p2m, gfn, &t, &a, p2m_query);
         if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
             BUG_ON(mem_sharing_unshare_page(p2m, gfn, MEM_SHARING_DESTROY_GFN));