* [gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-4-XSA-83.patch xen-4.2-XSA-87.patch xen-4.3-XSA-87.patch
@ 2014-01-24 15:25 Yixun Lan (dlan)
0 siblings, 0 replies; only message in thread
From: Yixun Lan (dlan) @ 2014-01-24 15:25 UTC (permalink / raw
To: gentoo-commits
dlan 14/01/24 15:25:38
Added: xen-4-XSA-83.patch xen-4.2-XSA-87.patch
xen-4.3-XSA-87.patch
Log:
fix security bugs #499054, #499124
(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Revision Changes Path
1.1 app-emulation/xen/files/xen-4-XSA-83.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4-XSA-83.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4-XSA-83.patch?rev=1.1&content-type=text/plain
Index: xen-4-XSA-83.patch
===================================================================
x86/irq: avoid use-after-free on error path in pirq_guest_bind()
This is XSA-83.
Coverity-ID: 1146952
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1590,8 +1590,7 @@ int pirq_guest_bind(struct vcpu *v, stru
printk(XENLOG_G_INFO
"Cannot bind IRQ%d to dom%d. Out of memory.\n",
pirq->pirq, v->domain->domain_id);
- rc = -ENOMEM;
- goto out;
+ return -ENOMEM;
}
action = newaction;
1.1 app-emulation/xen/files/xen-4.2-XSA-87.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.2-XSA-87.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.2-XSA-87.patch?rev=1.1&content-type=text/plain
Index: xen-4.2-XSA-87.patch
===================================================================
x86: PHYSDEVOP_{prepare,release}_msix are privileged
Yet this wasn't being enforced.
This is XSA-87.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
case PHYSDEVOP_release_msix: {
struct physdev_pci_device dev;
- if ( copy_from_guest(&dev, arg, 1) )
+ if ( !IS_PRIV(v->domain) )
+ ret = -EPERM;
+ else if ( copy_from_guest(&dev, arg, 1) )
ret = -EFAULT;
else
ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
1.1 app-emulation/xen/files/xen-4.3-XSA-87.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-XSA-87.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-XSA-87.patch?rev=1.1&content-type=text/plain
Index: xen-4.3-XSA-87.patch
===================================================================
x86: PHYSDEVOP_{prepare,release}_msix are privileged
Yet this wasn't being enforced.
This is XSA-87.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- 2014-01-14.orig/xen/arch/x86/physdev.c 2013-11-18 11:03:37.000000000 +0100
+++ 2014-01-14/xen/arch/x86/physdev.c 2014-01-22 12:47:47.000000000 +0100
@@ -640,7 +640,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
if ( copy_from_guest(&dev, arg, 1) )
ret = -EFAULT;
else
- ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
+ ret = xsm_resource_setup_pci(XSM_PRIV,
+ (dev.seg << 16) | (dev.bus << 8) |
+ dev.devfn) ?:
+ pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
cmd != PHYSDEVOP_prepare_msix);
break;
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-01-24 15:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-24 15:25 [gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-4-XSA-83.patch xen-4.2-XSA-87.patch xen-4.3-XSA-87.patch Yixun Lan (dlan)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox