# HG changeset patch
# User Ian Jackson <Ian.Jackson@eu.citrix.com>
# Date 1346844545 -3600
# Node ID 8ebda5388e4e83a69c73bdd7621e76e1de4fc995
# Parent  6779ddca8593b766ccabcfec294ba10f17e68484
xen: Don't BUG_ON() PoD operations on a non-translated guest.

This is XSA-14 / CVE-2012-3496

Signed-off-by: Tim Deegan <tim@xen.org>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Ian Campbell <ian.campbell@citrix.com>

diff -r 6779ddca8593 -r 8ebda5388e4e xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c	Wed Sep 05 12:28:17 2012 +0100
+++ b/xen/arch/x86/mm/p2m.c	Wed Sep 05 12:29:05 2012 +0100
@@ -2414,7 +2414,8 @@
     int pod_count = 0;
     int rc = 0;
 
-    BUG_ON(!paging_mode_translate(d));
+    if ( !paging_mode_translate(d) )
+        return -EINVAL;
 
     rc = gfn_check_limit(d, gfn, order);
     if ( rc != 0 )
