Description: x86/physmap: Prevent incorrect updates of m2p mappings
 In certain conditions, such as low memory, set_p2m_entry() can fail.
 Currently, the p2m and m2p tables will get out of sync because we still
 update the m2p table after the p2m update has failed.
 .
 If that happens, subsequent guest-invoked memory operations can cause
 BUG()s and ASSERT()s to kill Xen.
 .
 This is fixed by only updating the m2p table iff the p2m was
 successfully updated.
From: Andrew Cooper <andrew.cooper3@citrix.com>
Origin: upstream, commit:23408:f635b1447d7e
Id: CVE-2012-4537
---
diff -r 210f16b6509b -r f635b1447d7e xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c	Wed Nov 14 11:35:06 2012 +0000
+++ b/xen/arch/x86/mm/p2m.c	Wed Nov 14 11:40:45 2012 +0000
@@ -2558,7 +2558,10 @@
     if ( mfn_valid(_mfn(mfn)) ) 
     {
         if ( !set_p2m_entry(p2m, gfn, _mfn(mfn), page_order, t, p2m->default_access) )
+        {
             rc = -EINVAL;
+            goto out; /* Failed to update p2m, bail without updating m2p. */
+        }
         if ( !p2m_is_grant(t) )
         {
             for ( i = 0; i < (1UL << page_order); i++ )
@@ -2579,6 +2582,7 @@
         }
     }
 
+out:
     audit_p2m(p2m, 1);
     p2m_unlock(p2m);
 
