diff options
Diffstat (limited to 'system/xen/xsa/xsa334.patch')
-rw-r--r-- | system/xen/xsa/xsa334.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/system/xen/xsa/xsa334.patch b/system/xen/xsa/xsa334.patch deleted file mode 100644 index 4260cdb2b2..0000000000 --- a/system/xen/xsa/xsa334.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Andrew Cooper <andrew.cooper3@citrix.com> -Subject: xen/memory: Don't skip the RCU unlock path in acquire_resource() - -In the case that an HVM Stubdomain makes an XENMEM_acquire_resource hypercall, -the FIXME path will bypass rcu_unlock_domain() on the way out of the function. - -Move the check to the start of the function. This does change the behaviour -of the get-size path for HVM Stubdomains, but that functionality is currently -broken and unused anyway, as well as being quite useless to entities which -can't actually map the resource anyway. - -This is XSA-334. - -Fixes: 83fa6552ce ("common: add a new mappable resource type: XENMEM_resource_grant_table") -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> - -diff --git a/xen/common/memory.c b/xen/common/memory.c -index 1a3c9ffb30..29741d8904 100644 ---- a/xen/common/memory.c -+++ b/xen/common/memory.c -@@ -1058,6 +1058,14 @@ static int acquire_resource( - xen_pfn_t mfn_list[32]; - int rc; - -+ /* -+ * FIXME: Until foreign pages inserted into the P2M are properly -+ * reference counted, it is unsafe to allow mapping of -+ * resource pages unless the caller is the hardware domain. -+ */ -+ if ( paging_mode_translate(currd) && !is_hardware_domain(currd) ) -+ return -EACCES; -+ - if ( copy_from_guest(&xmar, arg, 1) ) - return -EFAULT; - -@@ -1114,14 +1122,6 @@ static int acquire_resource( - xen_pfn_t gfn_list[ARRAY_SIZE(mfn_list)]; - unsigned int i; - -- /* -- * FIXME: Until foreign pages inserted into the P2M are properly -- * reference counted, it is unsafe to allow mapping of -- * resource pages unless the caller is the hardware domain. -- */ -- if ( !is_hardware_domain(currd) ) -- return -EACCES; -- - if ( copy_from_guest(gfn_list, xmar.frame_list, xmar.nr_frames) ) - rc = -EFAULT; - |