diff options
| author |   Yixun Lan <dlan@gentoo.org> | 2014-01-24 15:25:38 +0000 |
|---|---|---|
| committer | Yixun Lan <dlan@gentoo.org> | 2014-01-24 15:25:38 +0000 |
| commit | f73a188c0534a6b925292f3aeaa594f568dd6a22 (patch) | |
| tree | ef5495af42c701dfa997b3d49b52b85aea103a4b /app-emulation/xen/files | |
| parent | x86 stable wrt bug #496172 (diff) | |
| download | gentoo-2-f73a188c0534a6b925292f3aeaa594f568dd6a22.tar.gz gentoo-2-f73a188c0534a6b925292f3aeaa594f568dd6a22.tar.bz2 gentoo-2-f73a188c0534a6b925292f3aeaa594f568dd6a22.zip | |
fix security bugs #499054, #499124
(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Diffstat (limited to 'app-emulation/xen/files')
| -rw-r--r-- | app-emulation/xen/files/xen-4-XSA-83.patch | 20 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.2-XSA-87.patch | 21 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.3-XSA-87.patch | 23 |
3 files changed, 64 insertions, 0 deletions
diff --git a/app-emulation/xen/files/xen-4-XSA-83.patch b/app-emulation/xen/files/xen-4-XSA-83.patch new file mode 100644 index 000000000000..209c38b93d59 --- /dev/null +++ b/app-emulation/xen/files/xen-4-XSA-83.patch @@ -0,0 +1,20 @@ +x86/irq: avoid use-after-free on error path in pirq_guest_bind() + +This is XSA-83. + +Coverity-ID: 1146952 +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -1590,8 +1590,7 @@ int pirq_guest_bind(struct vcpu *v, stru + printk(XENLOG_G_INFO + "Cannot bind IRQ%d to dom%d. Out of memory.\n", + pirq->pirq, v->domain->domain_id); +- rc = -ENOMEM; +- goto out; ++ return -ENOMEM; + } + + action = newaction; diff --git a/app-emulation/xen/files/xen-4.2-XSA-87.patch b/app-emulation/xen/files/xen-4.2-XSA-87.patch new file mode 100644 index 000000000000..494cf5e2bf5d --- /dev/null +++ b/app-emulation/xen/files/xen-4.2-XSA-87.patch @@ -0,0 +1,21 @@ +x86: PHYSDEVOP_{prepare,release}_msix are privileged + +Yet this wasn't being enforced. + +This is XSA-87. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/physdev.c ++++ b/xen/arch/x86/physdev.c +@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H + case PHYSDEVOP_release_msix: { + struct physdev_pci_device dev; + +- if ( copy_from_guest(&dev, arg, 1) ) ++ if ( !IS_PRIV(v->domain) ) ++ ret = -EPERM; ++ else if ( copy_from_guest(&dev, arg, 1) ) + ret = -EFAULT; + else + ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, diff --git a/app-emulation/xen/files/xen-4.3-XSA-87.patch b/app-emulation/xen/files/xen-4.3-XSA-87.patch new file mode 100644 index 000000000000..3c31ed5d9f66 --- /dev/null +++ b/app-emulation/xen/files/xen-4.3-XSA-87.patch @@ -0,0 +1,23 @@ +x86: PHYSDEVOP_{prepare,release}_msix are privileged + +Yet this wasn't being enforced. + +This is XSA-87. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- 2014-01-14.orig/xen/arch/x86/physdev.c 2013-11-18 11:03:37.000000000 +0100 ++++ 2014-01-14/xen/arch/x86/physdev.c 2014-01-22 12:47:47.000000000 +0100 +@@ -640,7 +640,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H + if ( copy_from_guest(&dev, arg, 1) ) + ret = -EFAULT; + else +- ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, ++ ret = xsm_resource_setup_pci(XSM_PRIV, ++ (dev.seg << 16) | (dev.bus << 8) | ++ dev.devfn) ?: ++ pci_prepare_msix(dev.seg, dev.bus, dev.devfn, + cmd != PHYSDEVOP_prepare_msix); + break; + } |