xen: only check for shared pages while any exist on teardown

Avoids worst case behavour when guest has a large p2m. This is XSA-11 / CVE-2012-3433 Signed-off-by: Tim Deegan <tim@xen.org> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Olaf Hering <olaf@aepfle.de> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
author: Ian Campbell <ian.campbell@citrix.com> 2012-08-09 15:47:42 +0100
committer: Ian Campbell <ian.campbell@citrix.com> 2012-08-09 15:47:42 +0100
commit: e0b12805c5a63ba4980c006a72514f289f293bc5 (patch)
tree: 54e6d52758a5073591c53edf5cd3e31a2c3d3ff6
parent: d88e5d451b9bcf8da3cec31f94ecaa06d62fcc5d (diff)
download: xen-e0b12805c5a63ba4980c006a72514f289f293bc5.tar.gz
xen-e0b12805c5a63ba4980c006a72514f289f293bc5.tar.bz2
xen-e0b12805c5a63ba4980c006a72514f289f293bc5.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index fdbe766242..e095118d71 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2044,6 +2044,8 @@ void p2m_teardown(struct p2m_domain *p2m)
 #ifdef __x86_64__
     for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )
     {
+        if ( atomic_read(&d->shr_pages) == 0 )
+            break;
         mfn = p2m->get_entry(p2m, gfn, &t, &a, p2m_query);
         if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
             BUG_ON(mem_sharing_unshare_page(p2m, gfn, MEM_SHARING_DESTROY_GFN));
author	Ian Campbell <ian.campbell@citrix.com>	2012-08-09 15:47:42 +0100
committer	Ian Campbell <ian.campbell@citrix.com>	2012-08-09 15:47:42 +0100
commit	e0b12805c5a63ba4980c006a72514f289f293bc5 (patch)
tree	54e6d52758a5073591c53edf5cd3e31a2c3d3ff6
parent	d88e5d451b9bcf8da3cec31f94ecaa06d62fcc5d (diff)
download	xen-e0b12805c5a63ba4980c006a72514f289f293bc5.tar.gz xen-e0b12805c5a63ba4980c006a72514f289f293bc5.tar.bz2 xen-e0b12805c5a63ba4980c006a72514f289f293bc5.zip