Displaying 2 results from an estimated 2 matches for "memf_populate_on_demand".
2012 Dec 06
1
[PATCH] memop: adjust error checking in populate_physmap()
.../xen/common/memory.c
+++ b/xen/common/memory.c
@@ -99,7 +99,8 @@ static void populate_physmap(struct memo
a->nr_extents-1) )
return;
- if ( !multipage_allocation_permitted(current->domain, a->extent_order) )
+ if ( a->memflags & MEMF_populate_on_demand ? a->extent_order > MAX_ORDER :
+ !multipage_allocation_permitted(current->domain, a->extent_order) )
return;
for ( i = a->nr_done; i < a->nr_extents; i++ )
@@ -115,8 +116,7 @@ static void populate_physmap(struct memo
if ( a->memflags &...
2012 Sep 05
0
Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability
...XSA-14
version 3
XENMEM_populate_physmap DoS vulnerability
UPDATES IN VERSION 3
====================
Public release. Credit Matthew Daley.
ISSUE DESCRIPTION
=================
XENMEM_populate_physmap can be called with invalid flags. By calling
it with MEMF_populate_on_demand flag set, a BUG can be triggered if a
translating paging mode is not being used.
IMPACT
======
A malicious guest kernel can crash the host.
VULNERABLE SYSTEMS
==================
All Xen systems running PV guests. Systems running only HVM guests
are not vulnerable.
The vulnerability dates back...