projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d71477) | patch
x86/shadow: fix race condition sampling the dirty vram state
authorAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 23 Sep 2014 12:31:47 +0000 (14:31 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 23 Sep 2014 12:31:47 +0000 (14:31 +0200)
commit46a49b91f1026f64430b84dd83e845a33f06415e
tree301ec496de330901f946e8568e9419c53774cbd4tree | snapshot
parent7d7147762282c387aeb0e78bc4f7818b85dbee76commit | diff
x86/shadow: fix race condition sampling the dirty vram state

d->arch.hvm_domain.dirty_vram must be read with the domain's paging lock held.

If not, two concurrent hypercalls could both end up attempting to free
dirty_vram (the second of which will free a wild pointer), or both end up
allocating a new dirty_vram structure (the first of which will be leaked).

This is XSA-104.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
xen/arch/x86/mm/shadow/common.c diff | blob | history
xen/include/asm-x86/hvm/domain.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.