projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f093fcf) | patch
x86/paging: make log-dirty operations preemptible
authorJan Beulich <jbeulich@suse.com>
Tue, 12 Aug 2014 13:30:11 +0000 (15:30 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 12 Aug 2014 13:30:11 +0000 (15:30 +0200)
commit95e6d82224689fdfd967a093a4d69efc24c17e91
tree09c8efce75992eff515ba2d4a7b7372dd7b660b4tree | snapshot
parentf093fcf90f420b18429dcbc6c91f9393171634cecommit | diff
x86/paging: make log-dirty operations preemptible

Both the freeing and the inspection of the bitmap get done in (nested)
loops which - besides having a rather high iteration count in general,
albeit that would be covered by XSA-77 - have the number of non-trivial
iterations they need to perform (indirectly) controllable by both the
guest they are for and any domain controlling the guest (including the
one running qemu for it).

This is CVE-2014-5146 / XSA-97.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
xen/arch/x86/domain.c diff | blob | history
xen/arch/x86/domctl.c diff | blob | history
xen/arch/x86/mm/hap/hap.c diff | blob | history
xen/arch/x86/mm/paging.c diff | blob | history
xen/arch/x86/mm/shadow/common.c diff | blob | history
xen/common/domain.c diff | blob | history
xen/include/asm-x86/domain.h diff | blob | history
xen/include/asm-x86/paging.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.