pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57f0bf6c76
xen/53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch
Charles Arnold 3c2f525a91 - fate#316613: Implement pvscsi in xl/libxl 
libxl.pvscsi.patch

- bnc#875668 - VUL-0: CVE-2014-3124: xen: XSA-92:
  HVMOP_set_mem_type allows invalid P2M entries to be created
  535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch (replaces xsa92.patch)
- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d
  Interrupt Remapping engines can be evaded by native NMI interrupts
  535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch
  535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch
- Upstream patches from Jan
  535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch
  535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch
  53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch
  53636ebf-x86-fix-guest-CPUID-handling.patch

- Fix pygrub to handle VM with no grub/menu.lst file.
- Don't use /var/run/xend/boot for temporary boot directory
  pygrub-boot-legacy-sles.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=314
2014-05-13 17:13:17 +00:00

28 lines
1.0 KiB
Diff
Raw Blame History

# Commit 16e2a7596e9fc86881c73cef57602b2c88155528
# Date 2014-05-02 11:46:32 +0200
# Author Paul Durrant <paul.durrant@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
hvm_set_ioreq_page() releases wrong page in error path
The function calls prepare_ring_for_helper() to acquire a mapping for the
given gmfn, then checks (under lock) to see if the ioreq page is already
set up but, if it is, the function then releases the in-use ioreq page
mapping on the error path rather than the one it just acquired. This patch
fixes this bug.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -478,7 +478,7 @@ static int hvm_set_ioreq_page(
if ( (iorp->va != NULL) || d->is_dying )
{
- destroy_ring_for_helper(&iorp->va, iorp->page);
+ destroy_ring_for_helper(&va, page);
spin_unlock(&iorp->lock);
return -EINVAL;
}
Reference in New Issue View Git Blame Copy Permalink