diff options
| author | Olaf Hering <olaf@aepfle.de> | 2011-10-11 10:46:28 +0100 |
|---|---|---|
| committer | Olaf Hering <olaf@aepfle.de> | 2011-10-11 10:46:28 +0100 |
| commit | 62530296c71a6572e6ae82ffe3a309ab6540d53a (patch) | |
| tree | f808259a3e3d6dbd8c3734c1c49403567ecb3970 | |
| parent | 080559d289bb3410a148b4cb4a0a4adbdcdf9540 (diff) | |
| download | xen-62530296c71a6572e6ae82ffe3a309ab6540d53a.tar.gz xen-62530296c71a6572e6ae82ffe3a309ab6540d53a.tar.bz2 xen-62530296c71a6572e6ae82ffe3a309ab6540d53a.zip | |
xenpaging: clear page content after evict
If the guest happens to read from the gfn while xenpaging is in the process of
evicting the page, the guest may read zeros instead of actual data.
Also if eviction fails the page content will be corrupted and xenpaging wont
attempt to restore the page.
Remove page scrubbing from pager and do it after successful eviction.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>
| -rw-r--r-- | tools/xenpaging/xenpaging.c | 3 | ||||
| -rw-r--r-- | xen/arch/x86/mm/p2m.c | 3 |
2 files changed, 3 insertions, 3 deletions
diff --git a/tools/xenpaging/xenpaging.c b/tools/xenpaging/xenpaging.c index e2cbc614d0..1ab756efb2 100644 --- a/tools/xenpaging/xenpaging.c +++ b/tools/xenpaging/xenpaging.c @@ -455,9 +455,6 @@ static int xenpaging_evict_page(xenpaging_t *paging, goto out; } - /* Clear page */ - memset(page, 0, PAGE_SIZE); - munmap(page, PAGE_SIZE); /* Tell Xen to evict page */ diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 473816c9f9..004cd9b5b1 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -748,6 +748,9 @@ int p2m_mem_paging_evict(struct domain *d, unsigned long gfn) set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), 0, p2m_ram_paged, a); audit_p2m(p2m, 1); + /* Clear content before returning the page to Xen */ + scrub_one_page(page); + /* Put the page back so it gets freed */ put_page(page); |