diff options
| author | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2012-09-05 12:29:03 +0100 |
|---|---|---|
| committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2012-09-05 12:29:03 +0100 |
| commit | 15638f14e9a25032676960a46b5ba68079d29aaa (patch) | |
| tree | bb36a91b88de397fc87ec6556cda47d13304eda0 | |
| parent | e89c6d05737c46f4ebee1f02138acf1cb1a48291 (diff) | |
| download | xen-15638f14e9a25032676960a46b5ba68079d29aaa.tar.gz xen-15638f14e9a25032676960a46b5ba68079d29aaa.tar.bz2 xen-15638f14e9a25032676960a46b5ba68079d29aaa.zip | |
xen: Don't BUG_ON() PoD operations on a non-translated guest.
This is XSA-14 / CVE-2012-3496
Signed-off-by: Tim Deegan <tim@xen.org>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Ian Campbell <ian.campbell@citrix.com>
| -rw-r--r-- | xen/arch/x86/mm/p2m-pod.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 26117cfa76..1ddf991208 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -1117,7 +1117,8 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn, mfn_t omfn; int rc = 0; - BUG_ON(!paging_mode_translate(d)); + if ( !paging_mode_translate(d) ) + return -EINVAL; rc = p2m_gfn_check_limit(d, gfn, order); if ( rc != 0 ) |