[gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-4-XSA-83.patch xen-4.2-XSA-87.patch xen-4.3-XSA-87.patch - gentoo-commits

From:	"Yixun Lan (dlan)" <dlan@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-4-XSA-83.patch xen-4.2-XSA-87.patch xen-4.3-XSA-87.patch
Date:	Fri, 24 Jan 2014 15:25:44
Message-Id:	`20140124152538.526E32004C@flycatcher.gentoo.org`

1

dlan        14/01/24 15:25:38

2

3

  Added:                xen-4-XSA-83.patch xen-4.2-XSA-87.patch

4

                        xen-4.3-XSA-87.patch

5

  Log:

6

  fix security bugs #499054, #499124

7

8

  (Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)

9

10

Revision  Changes    Path

11

1.1                  app-emulation/xen/files/xen-4-XSA-83.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4-XSA-83.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4-XSA-83.patch?rev=1.1&content-type=text/plain

15

16

Index: xen-4-XSA-83.patch

17

===================================================================

18

x86/irq: avoid use-after-free on error path in pirq_guest_bind()

19

20

This is XSA-83.

21

22

Coverity-ID: 1146952

23

Signed-off-by: Andrew Cooper <andrew.cooper3@××××××.com>

24

Reviewed-by: Jan Beulich <jbeulich@××××.com>

25

26

--- a/xen/arch/x86/irq.c

27

+++ b/xen/arch/x86/irq.c

28

@@ -1590,8 +1590,7 @@ int pirq_guest_bind(struct vcpu *v, stru

29

             printk(XENLOG_G_INFO

30

                    "Cannot bind IRQ%d to dom%d. Out of memory.\n",

31

                    pirq->pirq, v->domain->domain_id);

32

-            rc = -ENOMEM;

33

-            goto out;

34

+            return -ENOMEM;

35

}

36

37

         action = newaction;

1.1                  app-emulation/xen/files/xen-4.2-XSA-87.patch

42

43

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.2-XSA-87.patch?rev=1.1&view=markup

44

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.2-XSA-87.patch?rev=1.1&content-type=text/plain

45

46

Index: xen-4.2-XSA-87.patch

47

===================================================================

48

x86: PHYSDEVOP_{prepare,release}_msix are privileged

49

50

Yet this wasn't being enforced.

51

52

This is XSA-87.

53

54

Signed-off-by: Jan Beulich <jbeulich@××××.com>

55

56

--- a/xen/arch/x86/physdev.c

57

+++ b/xen/arch/x86/physdev.c

58

@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H

59

     case PHYSDEVOP_release_msix: {

60

         struct physdev_pci_device dev;

61

62

-        if ( copy_from_guest(&dev, arg, 1) )

63

+        if ( !IS_PRIV(v->domain) )

64

+            ret = -EPERM;

65

+        else if ( copy_from_guest(&dev, arg, 1) )

66

             ret = -EFAULT;

67

         else

68

             ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,

1.1                  app-emulation/xen/files/xen-4.3-XSA-87.patch

73

74

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-XSA-87.patch?rev=1.1&view=markup

75

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-XSA-87.patch?rev=1.1&content-type=text/plain

76

77

Index: xen-4.3-XSA-87.patch

78

===================================================================

79

x86: PHYSDEVOP_{prepare,release}_msix are privileged

80

81

Yet this wasn't being enforced.

82

83

This is XSA-87.

84

85

Signed-off-by: Jan Beulich <jbeulich@××××.com>

86

Reviewed-by: Andrew Cooper <andrew.cooper3@××××××.com>

87

88

--- 2014-01-14.orig/xen/arch/x86/physdev.c	2013-11-18 11:03:37.000000000 +0100

89

+++ 2014-01-14/xen/arch/x86/physdev.c	2014-01-22 12:47:47.000000000 +0100

90

@@ -640,7 +640,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H

91

         if ( copy_from_guest(&dev, arg, 1) )

92

             ret = -EFAULT;

93

         else

94

-            ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,

95

+            ret = xsm_resource_setup_pci(XSM_PRIV,

96

+                                         (dev.seg << 16) | (dev.bus << 8) |

97

+                                         dev.devfn) ?:

98

+                  pci_prepare_msix(dev.seg, dev.bus, dev.devfn,

99

                                    cmd != PHYSDEVOP_prepare_msix);

100

         break;

101

}

1	dlan 14/01/24 15:25:38
2
3	Added: xen-4-XSA-83.patch xen-4.2-XSA-87.patch
4	xen-4.3-XSA-87.patch
5	Log:
6	fix security bugs #499054, #499124
7
8	(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
9
10	Revision Changes Path
11	1.1 app-emulation/xen/files/xen-4-XSA-83.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4-XSA-83.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4-XSA-83.patch?rev=1.1&content-type=text/plain
15
16	Index: xen-4-XSA-83.patch
17	===================================================================
18	x86/irq: avoid use-after-free on error path in pirq_guest_bind()
19
20	This is XSA-83.
21
22	Coverity-ID: 1146952
23	Signed-off-by: Andrew Cooper <andrew.cooper3@××××××.com>
24	Reviewed-by: Jan Beulich <jbeulich@××××.com>
25
26	--- a/xen/arch/x86/irq.c
27	+++ b/xen/arch/x86/irq.c
28	@@ -1590,8 +1590,7 @@ int pirq_guest_bind(struct vcpu *v, stru
29	printk(XENLOG_G_INFO
30	"Cannot bind IRQ%d to dom%d. Out of memory.\n",
31	pirq->pirq, v->domain->domain_id);
32	- rc = -ENOMEM;
33	- goto out;
34	+ return -ENOMEM;
35	}
36
37	action = newaction;
38
39
40
41	1.1 app-emulation/xen/files/xen-4.2-XSA-87.patch
42
43	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.2-XSA-87.patch?rev=1.1&view=markup
44	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.2-XSA-87.patch?rev=1.1&content-type=text/plain
45
46	Index: xen-4.2-XSA-87.patch
47	===================================================================
48	x86: PHYSDEVOP_{prepare,release}_msix are privileged
49
50	Yet this wasn't being enforced.
51
52	This is XSA-87.
53
54	Signed-off-by: Jan Beulich <jbeulich@××××.com>
55
56	--- a/xen/arch/x86/physdev.c
57	+++ b/xen/arch/x86/physdev.c
58	@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
59	case PHYSDEVOP_release_msix: {
60	struct physdev_pci_device dev;
61
62	- if ( copy_from_guest(&dev, arg, 1) )
63	+ if ( !IS_PRIV(v->domain) )
64	+ ret = -EPERM;
65	+ else if ( copy_from_guest(&dev, arg, 1) )
66	ret = -EFAULT;
67	else
68	ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
69
70
71
72	1.1 app-emulation/xen/files/xen-4.3-XSA-87.patch
73
74	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-XSA-87.patch?rev=1.1&view=markup
75	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-XSA-87.patch?rev=1.1&content-type=text/plain
76
77	Index: xen-4.3-XSA-87.patch
78	===================================================================
79	x86: PHYSDEVOP_{prepare,release}_msix are privileged
80
81	Yet this wasn't being enforced.
82
83	This is XSA-87.
84
85	Signed-off-by: Jan Beulich <jbeulich@××××.com>
86	Reviewed-by: Andrew Cooper <andrew.cooper3@××××××.com>
87
88	--- 2014-01-14.orig/xen/arch/x86/physdev.c 2013-11-18 11:03:37.000000000 +0100
89	+++ 2014-01-14/xen/arch/x86/physdev.c 2014-01-22 12:47:47.000000000 +0100
90	@@ -640,7 +640,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
91	if ( copy_from_guest(&dev, arg, 1) )
92	ret = -EFAULT;
93	else
94	- ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
95	+ ret = xsm_resource_setup_pci(XSM_PRIV,
96	+ (dev.seg << 16) \| (dev.bus << 8) \|
97	+ dev.devfn) ?:
98	+ pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
99	cmd != PHYSDEVOP_prepare_msix);
100	break;
101	}

Gentoo Archives: gentoo-commits