rpm/xen
SHA256
1
0
Fork 0
forked from pool/xen
Code Pull Requests Activity
xen/23943-xenpaging_clear_page_content_after_evict.patch
Charles Arnold 3f55414718 - Update to Xen 4.1.3 c/s 23336 
- Upstream or pending upstream patches from Jan
  25587-fix-off-by-one-parsing-error.patch
  25616-x86-MCi_CTL-default.patch
  25617-vtd-qinval-addr.patch
  25688-x86-nr_irqs_gsi.patch
- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m
  teardown host DoS vulnerability
  CVE-2012-3433-xsa11.patch
- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO
  emulation DoS
  25682-x86-inconsistent-io-state.patch

- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't
  check the size of the bzip2 or lzma compressed kernel, leading to
  denial of service
  25589-pygrub-size-limits.patch

- Make it build with latest TeXLive 2012 with new package layout

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=196
2012-08-10 21:38:41 +00:00

54 lines
1.8 KiB
Diff
Raw Blame History

changeset: 23943:1185ae04b5aa
user: Olaf Hering <olaf@aepfle.de>
date: Tue Oct 11 10:46:28 2011 +0100
files: tools/xenpaging/xenpaging.c xen/arch/x86/mm/p2m.c
description:
xenpaging: clear page content after evict
If the guest happens to read from the gfn while xenpaging is in the process of
evicting the page, the guest may read zeros instead of actual data.
Also if eviction fails the page content will be corrupted and xenpaging wont
attempt to restore the page.
Remove page scrubbing from pager and do it after successful eviction.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>
---
tools/xenpaging/xenpaging.c | 3 ---
xen/arch/x86/mm/p2m.c | 3 +++
2 files changed, 3 insertions(+), 3 deletions(-)
Index: xen-4.1.3-testing/tools/xenpaging/xenpaging.c
===================================================================
--- xen-4.1.3-testing.orig/tools/xenpaging/xenpaging.c
+++ xen-4.1.3-testing/tools/xenpaging/xenpaging.c
@@ -455,9 +455,6 @@ static int xenpaging_evict_page(xenpagin
goto out;
}
- /* Clear page */
- memset(page, 0, PAGE_SIZE);
-
munmap(page, PAGE_SIZE);
/* Tell Xen to evict page */
Index: xen-4.1.3-testing/xen/arch/x86/mm/p2m.c
===================================================================
--- xen-4.1.3-testing.orig/xen/arch/x86/mm/p2m.c
+++ xen-4.1.3-testing/xen/arch/x86/mm/p2m.c
@@ -2919,6 +2919,9 @@ int p2m_mem_paging_evict(struct p2m_doma
set_p2m_entry(p2m, gfn, _mfn(PAGING_MFN), 0, p2m_ram_paged, a);
audit_p2m(p2m, 1);
+ /* Clear content before returning the page to Xen */
+ scrub_one_page(page);
+
/* Put the page back so it gets freed */
put_page(page);
View Git Blame Copy Permalink