Xen TLB Flush Bypass

Xen's _get_page_type() contains an ABAC cmpxchg() race, where the code incorrectly assumes that if it reads a specific type_info value, and then later cmpxchg() succeeds, the type_info can't have changed in between.


SHA-256 | 88fe91f31a1fa5b68860cd0112d829c44076320a17d995120f8a3d426cc59af7


Related Posts