40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
|
References: bnc#880751 CVE-2014-4021 XSA-100
|
||
|
|
|
||
|
|
# Commit 4bd78937ec324bcef4e29ef951e0ff9815770de1
|
||
|
|
# Date 2014-06-17 15:21:10 +0200
|
||
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
||
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
||
|
|
page-alloc: scrub pages used by hypervisor upon freeing
|
||
|
|
|
||
|
|
... unless they're part of a fully separate pool (and hence can't ever
|
||
|
|
be used for guest allocations).
|
||
|
|
|
||
|
|
This is CVE-2014-4021 / XSA-100.
|
||
|
|
|
||
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||
|
|
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
||
|
|
Acked-by: Keir Fraser <keir@xen.org>
|
||
|
|
|
||
|
|
--- a/xen/common/page_alloc.c
|
||
|
|
+++ b/xen/common/page_alloc.c
|
||
|
|
@@ -1409,7 +1409,10 @@ void free_xenheap_pages(void *v, unsigne
|
||
|
|
pg = virt_to_page(v);
|
||
|
|
|
||
|
|
for ( i = 0; i < (1u << order); i++ )
|
||
|
|
+ {
|
||
|
|
+ scrub_one_page(&pg[i]);
|
||
|
|
pg[i].count_info &= ~PGC_xen_heap;
|
||
|
|
+ }
|
||
|
|
|
||
|
|
free_heap_pages(pg, order);
|
||
|
|
}
|
||
|
|
@@ -1579,6 +1582,8 @@ void free_domheap_pages(struct page_info
|
||
|
|
else
|
||
|
|
{
|
||
|
|
/* Freeing anonymous domain-heap pages. */
|
||
|
|
+ for ( i = 0; i < (1 << order); i++ )
|
||
|
|
+ scrub_one_page(&pg[i]);
|
||
|
|
free_heap_pages(pg, order);
|
||
|
|
drop_dom_ref = 0;
|
||
|
|
}
|