[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.12] x86/PoD: handle intermediate page orders in p2m_pod_cache_add()
commit 1a2e8d6cccddf984fce09b7b8b1139d81cea421e Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Tue Nov 23 13:35:55 2021 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Nov 23 13:35:55 2021 +0100 x86/PoD: handle intermediate page orders in p2m_pod_cache_add() p2m_pod_decrease_reservation() may pass pages to the function which aren't 4k, 2M, or 1G. Handle all intermediate orders as well, to avoid hitting the BUG() at the switch() statement's "default" case. This is CVE-2021-28708 / part of XSA-388. Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges") Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> master commit: 8ec13f68e0b026863d23e7f44f252d06478bc809 master date: 2021-11-22 12:27:30 +0000 --- xen/arch/x86/mm/p2m-pod.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 6e3d474b80..f075ad692f 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -111,15 +111,13 @@ p2m_pod_cache_add(struct p2m_domain *p2m, /* Then add to the appropriate populate-on-demand list. */ switch ( order ) { - case PAGE_ORDER_1G: - for ( i = 0; i < (1UL << PAGE_ORDER_1G); i += 1UL << PAGE_ORDER_2M ) + case PAGE_ORDER_2M ... PAGE_ORDER_1G: + for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_2M ) page_list_add_tail(page + i, &p2m->pod.super); break; - case PAGE_ORDER_2M: - page_list_add_tail(page, &p2m->pod.super); - break; - case PAGE_ORDER_4K: - page_list_add_tail(page, &p2m->pod.single); + case PAGE_ORDER_4K ... PAGE_ORDER_2M - 1: + for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_4K ) + page_list_add_tail(page + i, &p2m->pod.single); break; default: BUG(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |