Broken error handling in guest_physmap_mark_populate_on_demand()

ISSUE DESCRIPTION guestphysmapmarkpopulateondemand, before carrying out its actual operation, checks that the subject GFNs are not in use. If that check fails, the code prints a message and bypasses the gfnunlock matching the gfnlock carried out before entering the loop. Further, the function is...

XENMEM_populate_physmap DoS vulnerability

ISSUE DESCRIPTION XENMEMpopulatephysmap can be called with invalid flags. By calling it with MEMFpopulateondemand flag set, a BUG can be triggered if a translating paging mode is not being used. IMPACT A malicious guest kernel can crash the host. VULNERABLE SYSTEMS All Xen systems running PV...