diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-05-02 16:38:30 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-05-02 16:38:30 +0200 |
commit | 99d2b149915010e986f4d8778708c5891e7b4635 (patch) | |
tree | f53f0136c9d72ceaca862d9ff9afafedd879fcb5 /xen/common | |
parent | 4939f9a6dee4280f38730fd3066e5dce353112f6 (diff) | |
download | xen-99d2b149915010e986f4d8778708c5891e7b4635.tar.gz xen-99d2b149915010e986f4d8778708c5891e7b4635.tar.bz2 xen-99d2b149915010e986f4d8778708c5891e7b4635.zip |
x86: make arch_set_info_guest() preemptible
.. as the root page table validation (and the dropping of an eventual
old one) can require meaningful amounts of time.
This is part of CVE-2013-1918 / XSA-45.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Tim Deegan <tim@xen.org>
Diffstat (limited to 'xen/common')
-rw-r--r-- | xen/common/compat/domain.c | 4 | ||||
-rw-r--r-- | xen/common/domain.c | 5 | ||||
-rw-r--r-- | xen/common/domctl.c | 4 |
3 files changed, 13 insertions, 0 deletions
diff --git a/xen/common/compat/domain.c b/xen/common/compat/domain.c index aac8f46eb5..44ba78ddc7 100644 --- a/xen/common/compat/domain.c +++ b/xen/common/compat/domain.c @@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt); domain_unlock(d); + if ( rc == -EAGAIN ) + rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", + cmd, vcpuid, arg); + xfree(cmp_ctxt); break; } diff --git a/xen/common/domain.c b/xen/common/domain.c index 7cca65507d..b5d44d466b 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -938,6 +938,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg) domain_unlock(d); free_vcpu_guest_context(ctxt); + + if ( rc == -EAGAIN ) + rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", + cmd, vcpuid, arg); + break; case VCPUOP_up: { diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 1d00cfc95f..9bd8f8068d 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -368,6 +368,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) domain_pause(d); ret = arch_set_info_guest(v, c); domain_unpause(d); + + if ( ret == -EAGAIN ) + ret = hypercall_create_continuation( + __HYPERVISOR_domctl, "h", u_domctl); } free_vcpu_guest_context(c.nat); |