Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5854
xsa242.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa242.patch of Package xen.5854
From: Jan Beulich <jbeulich@suse.com> Subject: x86: don't allow page_unlock() to drop the last type reference Only _put_page_type() does the necessary cleanup, and hence not all domain pages can be released during guest cleanup (leaving around zombie domains) if we get this wrong. This is XSA-242. Signed-off-by: Jan Beulich <jbeulich@suse.com> Index: xen-4.4.4-testing/xen/arch/x86/mm.c =================================================================== --- xen-4.4.4-testing.orig/xen/arch/x86/mm.c +++ xen-4.4.4-testing/xen/arch/x86/mm.c @@ -1764,7 +1764,11 @@ void page_unlock(struct page_info *page) do { x = y; + ASSERT((x & PGT_count_mask) && (x & PGT_locked)); + nx = x - (1 | PGT_locked); + /* We must not drop the last reference here. */ + ASSERT(nx & PGT_count_mask); } while ( (y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x ); } @@ -2446,6 +2450,17 @@ static int _put_page_type(struct page_in (page->count_info & PGC_page_table)) ) page_set_tlbflush_timestamp(page); } + else if ( unlikely((nx & (PGT_locked | PGT_count_mask)) == + (PGT_locked | 1)) ) + { + /* + * We must not drop the second to last reference when the page is + * locked, as page_unlock() doesn't do any cleanup of the type. + */ + cpu_relax(); + y = page->u.inuse.type_info; + continue; + } if ( likely((y = cmpxchg(&page->u.inuse.type_info, x, nx)) == x) ) break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor