fc108946cd
CVE-2015-5307 and CVE-2015-8104 aka XSA-156 CVE-2015-8339 and CVE-2015-8340 aka XSA-159 CVE-2015-8555 aka XSA-165 XSA-166 CVE-2015-8341 aka XSA-160 CVE-2015-8550 aka XSA-155 Bump pkgrevision
33 lines
1.1 KiB
Text
33 lines
1.1 KiB
Text
$NetBSD: patch-CVE-2015-8339,v 1.1 2016/01/07 17:48:34 bouyer Exp $
|
|
|
|
Patch for CVE-2015-8339 and CVE-2015-8340 aka XSA-159, based on
|
|
http://xenbits.xenproject.org/xsa/xsa159.patch
|
|
|
|
--- xen/common/memory.c.orig
|
|
+++ xen/common/memory.c
|
|
@@ -334,7 +334,7 @@ static long memory_exchange(XEN_GUEST_HA
|
|
PAGE_LIST_HEAD(out_chunk_list);
|
|
unsigned long in_chunk_order, out_chunk_order;
|
|
xen_pfn_t gpfn, gmfn, mfn;
|
|
- unsigned long i, j, k = 0; /* gcc ... */
|
|
+ unsigned long i, j, k;
|
|
unsigned int memflags = 0;
|
|
long rc = 0;
|
|
struct domain *d;
|
|
@@ -572,11 +572,12 @@ static long memory_exchange(XEN_GUEST_HA
|
|
fail:
|
|
/* Reassign any input pages we managed to steal. */
|
|
while ( (page = page_list_remove_head(&in_chunk_list)) )
|
|
- {
|
|
- put_gfn(d, gmfn + k--);
|
|
if ( assign_pages(d, page, 0, MEMF_no_refcount) )
|
|
- BUG();
|
|
- }
|
|
+ {
|
|
+ BUG_ON(!d->is_dying);
|
|
+ if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
|
|
+ put_page(page);
|
|
+ }
|
|
|
|
dying:
|
|
rcu_unlock_domain(d);
|