commit df1d5936f18089c5ebd3027fbec60f25c5734b78
Author: Zhenzhong Duan <zhenzhong.duan@oracle.com>
Date:   Tue Sep 25 12:19:33 2012 +0200

    tmem: bump pool version to 1 to fix restore issue when tmem enabled
    
    Restore fails when tmem is enabled both in hypervisor and guest. This
    is due to spec version mismatch when restoring a pool.
    
    Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25929:fee83ac77d8c
    xen-unstable date: Wed Sep 19 15:38:47 UTC 2012

commit 946c4d4093662172beb2d1b23b9cb29702f86475
Author: Jan Beulich <jbeulich@suse.com>
Date:   Tue Sep 25 12:18:28 2012 +0200

    tmem: cleanup
    
    - one more case of checking for a specific rather than any error
    - drop no longer needed first parameter from cli_put_page()
    - drop a redundant cast
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25860:e4cb84111610
    xen-unstable date: Tue Sep 11 12:19:29 UTC 2012

commit 474260a4342c2543853cb2c12b6c034b925f4278
Author: Dan Magenheimer <dan.magenheimer@oracle.com>
Date:   Tue Sep 25 12:17:52 2012 +0200

    tmem: fixup 2010 cleanup patch that breaks tmem save/restore
    
    20918:a3fa6d444b25 "Fix domain reference leaks" (in Feb 2010, by Jan)
    does some cleanup in addition to the leak fixes.  Unfortunately, that
    cleanup inadvertently resulted in an incorrect fallthrough in a switch
    statement which breaks tmem save/restore.
    
    That broken patch was apparently applied to 4.0-testing and 4.1-testing
    so those are broken as well.
    
    What is the process now for requesting back-patches to 4.0 and 4.1?
    
    (Side note: This does not by itself entirely fix save/restore in 4.2.)
    
    Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    xen-unstable changeset: 25859:16e0392c6594
    xen-unstable date: Tue Sep 11 12:19:03 UTC 2012

commit 50b611c1b1413fd78365f8005252fb1d2d69440a
Author: Jan Beulich <jbeulich@suse.com>
Date:   Tue Sep 25 12:17:05 2012 +0200

    tmem: reduce severity of log messages
    
    Otherwise they can be used by a guest to spam the hypervisor log with
    all settings at their defaults.
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
    xen-unstable changeset: 25858:0520982a602a
    xen-unstable date: Tue Sep 11 12:18:36 UTC 2012

commit b863d270a9e5041755cdf4fe689ccbb474301ac0
Author: Jan Beulich <jbeulich@suse.com>
Date:   Tue Sep 25 12:16:34 2012 +0200

    tmem: properly drop lock on error path in do_tmem_op()
    
    Reported-by: Tim Deegan <tim@xen.org>
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25857:109ea6a0c23a
    xen-unstable date: Tue Sep 11 12:18:26 UTC 2012

commit 75b433a6e99414b5a1b9726f1540ca15af3a88b3
Author: Jan Beulich <jbeulich@suse.com>
Date:   Tue Sep 25 12:16:14 2012 +0200

    tmem: properly drop lock on error path in do_tmem_get()
    
    Also remove a bogus assertion.
    
    Reported-by: Tim Deegan <tim@xen.org>
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25856:83b97a59888b
    xen-unstable date: Tue Sep 11 12:18:08 UTC 2012

commit b9eeb603e412857d55caea90775d7c917e690f7f
Author: Jan Beulich <jbeulich@suse.com>
Date:   Tue Sep 25 12:15:01 2012 +0200

    tmem: detect arithmetic overflow in tmh_copy_{from,to}_client()
    
    This implies adjusting callers to deal with errors other than -EFAULT
    and removing some comments which would otherwise become stale.
    
    Reported-by: Tim Deegan <tim@xen.org>
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25855:33b8c42a87ec
    xen-unstable date: Tue Sep 11 12:17:59 UTC 2012

commit 6cbcc87364a59ee0ef1e56e28cf7cb2dd52a1b44
Author: Jan Beulich <jbeulich@suse.com>
Date:   Tue Sep 25 12:14:31 2012 +0200

    tmem: don't access guest memory without using the accessors intended for this
    
    This is not permitted, not even for buffers coming from Dom0 (and it
    would also break the moment Dom0 runs in HVM mode). An implication from
    the changes here is that tmh_copy_page() can't be used anymore for
    control operations calling tmh_copy_{from,to}_client() (as those pass
    the buffer by virtual address rather than MFN).
    
    Note that tmemc_save_get_next_page() previously didn't set the returned
    handle's pool_id field, while the new code does. It need to be
    confirmed that this is not a problem (otherwise the copy-out operation
    will require further tmh_...() abstractions to be added).
    
    Further note that the patch removes (rather than adjusts) an invalid
    call to unmap_domain_page() (no matching map_domain_page()) from
    tmh_compress_from_client() and adds a missing one to an error return
    path in tmh_copy_from_client().
    
    Finally note that the patch adds a previously missing return statement
    to cli_get_page() (without which that function could de-reference a
    NULL pointer, triggerable from guest mode).
    
    This is part of XSA-15 / CVE-2012-3497.
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25854:ccd60ed6c555
    xen-unstable date: Tue Sep 11 12:17:49 UTC 2012

commit c15cdd31b5f8652c1c3d32cacadd46be837edaed
Author: Ian Campbell <ian.campbell@citrix.com>
Date:   Tue Sep 25 12:13:40 2012 +0200

    tmem: check for a valid client ("domain") in the save subops
    
    This is part of XSA-15 / CVE-2012-3497.
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    xen-unstable changeset: 25853:f53c5aadbba9
    xen-unstable date: Tue Sep 11 12:17:27 UTC 2012

commit 7d8457781fdf5885cf0293621d1c672200ab52c1
Author: Ian Campbell <ian.campbell@citrix.com>
Date:   Tue Sep 25 12:12:48 2012 +0200

    tmem: check the pool_id is valid when destroying a tmem pool
    
    This is part of XSA-15 / CVE-2012-3497.
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    Acked-by: Jan Beulich <jbeulich@suse.com>
    xen-unstable changeset: 25852:d189d99ef00c
    xen-unstable date: Tue Sep 11 12:06:54 UTC 2012

commit 2bdde48224943066db46d766f0f6117df11e728c
Author: Ian Campbell <ian.campbell@citrix.com>
Date:   Tue Sep 25 12:12:04 2012 +0200

    tmem: consistently make pool_id a uint32_t
    
    Treating it as an int could allow a malicious guest to provide a
    negative pool_Id, by passing the MAX_POOLS_PER_DOMAIN limit check and
    allowing access to the negative offsets of the pool array.
    
    This is part of XSA-15 / CVE-2012-3497.
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    Acked-by: Jan Beulich <jbeulich@suse.com>
    xen-unstable changeset: 25851:fcf567acc92a
    xen-unstable date: Tue Sep 11 12:06:43 UTC 2012

commit 998f42b36c5dba6939a54836caad7c564b2d07b7
Author: Ian Campbell <ian.campbell@citrix.com>
Date:   Tue Sep 25 12:09:19 2012 +0200

    tmem: only allow tmem control operations from privileged domains
    
    This is part of XSA-15 / CVE-2012-3497.
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
    Acked-by-by: Jan Beulich <jbeulich@suse.com>
    xen-unstable changeset: 25850:0dba5a888655
    xen-unstable date: Tue Sep 11 12:06:30 UTC 2012