diff options
Diffstat (limited to 'sysutils/xenkernel42/patches/patch-CVE-2015-8339')
-rw-r--r-- | sysutils/xenkernel42/patches/patch-CVE-2015-8339 | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/sysutils/xenkernel42/patches/patch-CVE-2015-8339 b/sysutils/xenkernel42/patches/patch-CVE-2015-8339 new file mode 100644 index 00000000000..52cc287e465 --- /dev/null +++ b/sysutils/xenkernel42/patches/patch-CVE-2015-8339 @@ -0,0 +1,33 @@ +$NetBSD: patch-CVE-2015-8339,v 1.1.2.2 2016/01/11 20:37:17 bsiegert Exp $ + +Patch for CVE-2015-8339 and CVE-2015-8340 aka XSA-159, based on +http://xenbits.xenproject.org/xsa/xsa159.patch + +--- xen/common/memory.c.orig ++++ xen/common/memory.c +@@ -334,7 +334,7 @@ static long memory_exchange(XEN_GUEST_HA + PAGE_LIST_HEAD(out_chunk_list); + unsigned long in_chunk_order, out_chunk_order; + xen_pfn_t gpfn, gmfn, mfn; +- unsigned long i, j, k = 0; /* gcc ... */ ++ unsigned long i, j, k; + unsigned int memflags = 0; + long rc = 0; + struct domain *d; +@@ -572,11 +572,12 @@ static long memory_exchange(XEN_GUEST_HA + fail: + /* Reassign any input pages we managed to steal. */ + while ( (page = page_list_remove_head(&in_chunk_list)) ) +- { +- put_gfn(d, gmfn + k--); + if ( assign_pages(d, page, 0, MEMF_no_refcount) ) +- BUG(); +- } ++ { ++ BUG_ON(!d->is_dying); ++ if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) ++ put_page(page); ++ } + + dying: + rcu_unlock_domain(d); |