get_gfn_query() internally takes the p2m lock, and this error path leaves it locked.
This wasn't included in XSA-277 because the error path can only be triggered by a carefully timed phymap operation concurrent with the domain being paused and the toolstack issuing DOMCTL_soft_reset. Signed-off-by: Andrew Cooper <[email protected]> --- CC: Jan Beulich <[email protected]> CC: Wei Liu <[email protected]> CC: Roger Pau Monné <[email protected]> --- xen/arch/x86/domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 295b10c..b4d5948 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -725,7 +725,7 @@ int arch_domain_soft_reset(struct domain *d) printk(XENLOG_G_ERR "Failed to get Dom%d's shared_info GFN (%lx)\n", d->domain_id, gfn); ret = -EINVAL; - goto exit_put_page; + goto exit_put_gfn; } new_page = alloc_domheap_page(d, 0); -- 2.1.4 _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
