3f55414718
- Upstream or pending upstream patches from Jan 25587-fix-off-by-one-parsing-error.patch 25616-x86-MCi_CTL-default.patch 25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch - bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m teardown host DoS vulnerability CVE-2012-3433-xsa11.patch - bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO emulation DoS 25682-x86-inconsistent-io-state.patch - bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service 25589-pygrub-size-limits.patch - Make it build with latest TeXLive 2012 with new package layout OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=196
69 lines
2.2 KiB
Diff
69 lines
2.2 KiB
Diff
changeset: 23978:fd3fa0a85020
|
|
user: Olaf Hering <olaf@aepfle.de>
|
|
date: Thu Oct 20 11:25:55 2011 +0100
|
|
files: xen/arch/x86/mm/p2m.c
|
|
description:
|
|
xenpaging: check p2mt in p2m_mem_paging functions
|
|
|
|
Add checks to forward the p2m_ram_paging* state properly during page-in.
|
|
|
|
Resume can be called several times if several vcpus called populate for
|
|
the gfn. Finish resume only once.
|
|
|
|
Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|
Acked-by: Tim Deegan <tim@xen.org>
|
|
Committed-by: Tim Deegan <tim@xen.org>
|
|
|
|
|
|
---
|
|
xen/arch/x86/mm/p2m.c | 20 ++++++++++++++++----
|
|
1 file changed, 16 insertions(+), 4 deletions(-)
|
|
|
|
Index: xen-4.1.3-testing/xen/arch/x86/mm/p2m.c
|
|
===================================================================
|
|
--- xen-4.1.3-testing.orig/xen/arch/x86/mm/p2m.c
|
|
+++ xen-4.1.3-testing/xen/arch/x86/mm/p2m.c
|
|
@@ -3023,16 +3023,22 @@ int p2m_mem_paging_prep(struct p2m_domai
|
|
p2m_type_t p2mt;
|
|
p2m_access_t a;
|
|
mfn_t mfn;
|
|
- int ret = -ENOMEM;
|
|
+ int ret;
|
|
|
|
p2m_lock(p2m);
|
|
|
|
mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query);
|
|
|
|
+ ret = -ENOENT;
|
|
+ /* Allow only missing pages */
|
|
+ if ( p2mt != p2m_ram_paging_in_start )
|
|
+ goto out;
|
|
+
|
|
/* Allocate a page if the gfn does not have one yet */
|
|
if ( !mfn_valid(mfn) )
|
|
{
|
|
/* Get a free page */
|
|
+ ret = -ENOMEM;
|
|
page = alloc_domheap_page(p2m->domain, 0);
|
|
if ( unlikely(page == NULL) )
|
|
goto out;
|
|
@@ -3067,9 +3073,15 @@ void p2m_mem_paging_resume(struct p2m_do
|
|
{
|
|
p2m_lock(p2m);
|
|
mfn = p2m->get_entry(p2m, rsp.gfn, &p2mt, &a, p2m_query);
|
|
- set_p2m_entry(p2m, rsp.gfn, mfn, 0, p2m_ram_rw, a);
|
|
- set_gpfn_from_mfn(mfn_x(mfn), rsp.gfn);
|
|
- audit_p2m(p2m, 1);
|
|
+ /* Allow only pages which were prepared properly, or pages which
|
|
+ * were nominated but not evicted */
|
|
+ if ( mfn_valid(mfn) &&
|
|
+ (p2mt == p2m_ram_paging_in || p2mt == p2m_ram_paging_in_start) )
|
|
+ {
|
|
+ set_p2m_entry(p2m, rsp.gfn, mfn, 0, p2m_ram_rw, a);
|
|
+ set_gpfn_from_mfn(mfn_x(mfn), rsp.gfn);
|
|
+ audit_p2m(p2m, 1);
|
|
+ }
|
|
p2m_unlock(p2m);
|
|
}
|
|
|