Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
xen.20938
xsa309.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa309.patch of Package xen.20938
x86/mm: Don't reset linear_pt_count on partial validation "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another page of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, dropping some "linear_pt_entry" counts. On debug builds on systems where guests used this feature, this might lead to crashes that look like this: Assertion 'oc > 0' failed at mm.c:874 Worse, if an attacker could engineer such a situation to occur, they might be able to make loops or other abitrary chains of linear pagetables, leading to the denial-of-service situation outlined in XSA-240. This is XSA-309. Signed-off-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3017,8 +3017,8 @@ static int __get_page_type(struct page_i { page->nr_validated_ptes = 0; page->partial_flags = 0; + page->linear_pt_count = 0; } - page->linear_pt_count = 0; rc = alloc_page_type(page, type, preemptible); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor