[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 4.1-testing] x86/mm: Fix loop increment in paging_log_dirty_range()



# HG changeset patch
# User Tim Deegan <tim@xxxxxxx>
# Date 1358421452 0
# Node ID 04368044ca5fb9800bfdacf14e883d39cad5c8a6
# Parent  8fe0e86c2ac27e22121aa9c70ddf5eacbb3051d0
x86/mm: Fix loop increment in paging_log_dirty_range()

In 23417:53ef1f35a0f8 (the fix for XSA-27 / CVE-2012-5511), the
loop variable gets incremented twice, so the loop only clears every
second page of the bitmap.  This might cause the tools to think that
pages are dirty when they are not.

Reported-by: Steven Noonan <snoonan@xxxxxxxxxx>
Reported-by: Matt Wilson <msw@xxxxxxxxxx>
Signed-off-by: Tim Deegan <tim@xxxxxxx>

diff -r 8fe0e86c2ac2 -r 04368044ca5f xen/arch/x86/mm/paging.c
--- a/xen/arch/x86/mm/paging.c  Wed Jan 16 14:15:12 2013 +0000
+++ b/xen/arch/x86/mm/paging.c  Thu Jan 17 11:17:32 2013 +0000
@@ -534,7 +534,8 @@ int paging_log_dirty_range(struct domain
 
         size = ((nr + BITS_PER_LONG - 1) / BITS_PER_LONG) * sizeof (long);
         rv = 0;
-        for ( off = 0; !rv && off < size; off += sizeof zeroes )
+        off = 0;
+        while ( !rv && off < size )
         {
             int todo = min(size - off, (int) PAGE_SIZE);
             if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) )

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.