diff options
Diffstat (limited to 'main/xen/xsa22-4.2-unstable.patch')
-rw-r--r-- | main/xen/xsa22-4.2-unstable.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/main/xen/xsa22-4.2-unstable.patch b/main/xen/xsa22-4.2-unstable.patch deleted file mode 100644 index e15fd73534..0000000000 --- a/main/xen/xsa22-4.2-unstable.patch +++ /dev/null @@ -1,40 +0,0 @@ -x86/physmap: Prevent incorrect updates of m2p mappings - -In certain conditions, such as low memory, set_p2m_entry() can fail. -Currently, the p2m and m2p tables will get out of sync because we still -update the m2p table after the p2m update has failed. - -If that happens, subsequent guest-invoked memory operations can cause -BUG()s and ASSERT()s to kill Xen. - -This is fixed by only updating the m2p table iff the p2m was -successfully updated. - -This is a security problem, XSA-22 / CVE-2012-4537. - -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> - -diff -r f53b9f915c3d xen/arch/x86/mm/p2m.c ---- a/xen/arch/x86/mm/p2m.c -+++ b/xen/arch/x86/mm/p2m.c -@@ -633,7 +633,10 @@ guest_physmap_add_entry(struct domain *d - if ( mfn_valid(_mfn(mfn)) ) - { - if ( !set_p2m_entry(p2m, gfn, _mfn(mfn), page_order, t, p2m->default_access) ) -+ { - rc = -EINVAL; -+ goto out; /* Failed to update p2m, bail without updating m2p. */ -+ } - if ( !p2m_is_grant(t) ) - { - for ( i = 0; i < (1UL << page_order); i++ ) -@@ -656,6 +659,7 @@ guest_physmap_add_entry(struct domain *d - } - } - -+out: - p2m_unlock(p2m); - - return rc; |