From: Ian Jackson <Ian.Jackson@eu.citrix.com>
Date: Wed, 5 Sep 2012 11:29:03 +0000 (+0100)
Subject: xen: Don't BUG_ON() PoD operations on a non-translated guest.
X-Git-Tag: 4.2.0-rc4~9
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=15638f14e9a25032676960a46b5ba68079d29aaa;p=people%2Fdwmw2%2Fxen.git

xen: Don't BUG_ON() PoD operations on a non-translated guest.

This is XSA-14 / CVE-2012-3496

Signed-off-by: Tim Deegan <tim@xen.org>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Ian Campbell <ian.campbell@citrix.com>
---

diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
index 26117cfa76..1ddf991208 100644
--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -1117,7 +1117,8 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
     mfn_t omfn;
     int rc = 0;
 
-    BUG_ON(!paging_mode_translate(d));
+    if ( !paging_mode_translate(d) )
+        return -EINVAL;
 
     rc = p2m_gfn_check_limit(d, gfn, order);
     if ( rc != 0 )