xen: only check for shared pages while any exist on teardown

Avoids worst case behavour when guest has a large p2m. This is XSA-11 / CVE-2012-3433 Signed-off-by: Tim Deegan <tim@xen.org> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Olaf Hering <olaf@aepfle.de> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
author: Ian Campbell <ian.campbell@citrix.com> 2012-08-09 15:47:19 +0100
committer: Ian Campbell <ian.campbell@citrix.com> 2012-08-09 15:47:19 +0100
commit: afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458 (patch)
tree: 0fbf216775423e71007c3410f5ec1272466186d8
parent: a49147f3b26ae6b5f6a7ea886628926b01c00b43 (diff)
download: xen-afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458.tar.gz
xen-afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458.tar.bz2
xen-afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 51ef7116ca..787b4be6a3 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1725,6 +1725,8 @@ void p2m_teardown(struct domain *d)
 #ifdef __x86_64__
     for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )
     {
+        if ( atomic_read(&d->shr_pages) == 0 )
+            break;
         mfn = p2m->get_entry(d, gfn, &t, p2m_query);
         if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
             BUG_ON(mem_sharing_unshare_page(d, gfn, MEM_SHARING_DESTROY_GFN));
author	Ian Campbell <ian.campbell@citrix.com>	2012-08-09 15:47:19 +0100
committer	Ian Campbell <ian.campbell@citrix.com>	2012-08-09 15:47:19 +0100
commit	afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458 (patch)
tree	0fbf216775423e71007c3410f5ec1272466186d8
parent	a49147f3b26ae6b5f6a7ea886628926b01c00b43 (diff)
download	xen-afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458.tar.gz xen-afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458.tar.bz2 xen-afa8c5bb3d29f9fa4712e9d7f00122cbcdacb458.zip