[Pkg-xen-changes] r1086 - in branches/wheezy/xen/debian: . patches

Bastian Blank waldi at alioth.debian.org
Wed Aug 8 13:48:52 UTC 2012 

Author: waldi
Date: Wed Aug  8 13:48:50 2012
New Revision: 1086

Log:
* debian/changelog: Update.
* debian/patches: Add new patches. Add fix for CVE-2012-3433.

Added:
   branches/wheezy/xen/debian/patches/CVE-2012-3433
   branches/wheezy/xen/debian/patches/upstream-23327:9d30201cbcc4
Modified:
   branches/wheezy/xen/debian/changelog
   branches/wheezy/xen/debian/patches/series

Modified: branches/wheezy/xen/debian/changelog
==============================================================================
--- branches/wheezy/xen/debian/changelog	Mon Aug  6 15:39:30 2012	(r1085)
+++ branches/wheezy/xen/debian/changelog	Wed Aug  8 13:48:50 2012	(r1086)
@@ -7,6 +7,9 @@
     - Fix IOMMU support for PCI-to-PCIe bridges.
     - Disallow access to some sensitive IO-ports.
   * Fixup broken patches.
+  * Revert one broken change.
+  * Don't leave the x86 emulation in a bad state. (closes: #683279)
+    CVE-2012-3433
 
  -- Bastian Blank <waldi at debian.org>  Mon, 30 Jul 2012 21:06:34 +0200
 

Added: branches/wheezy/xen/debian/patches/CVE-2012-3433
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/wheezy/xen/debian/patches/CVE-2012-3433	Wed Aug  8 13:48:50 2012	(r1086)
@@ -0,0 +1,39 @@
+# HG changeset patch
+# User Jan Beulich <jbeulich at suse.com>
+# Date 1343318195 -3600
+# Node ID a43f5b4b03319117edba76ebca8f827119d4e9a8
+# Parent  e89be0dedeb4e4a9556cf3e1b9a5295ba0b59edf
+x86/hvm: don't leave emulator in inconsistent state
+
+The fact that handle_mmio(), and thus the instruction emulator, is
+being run through twice for emulations that require involvement of the
+device model, allows for the second run to see a different guest state
+than the first one. Since only the MMIO-specific emulation routines
+update the vCPU's io_state, if they get invoked on the second pass,
+internal state (and particularly this variable) can be left in a state
+making successful emulation of a subsequent MMIO operation impossible.
+
+Consequently, whenever the emulator invocation returns without
+requesting a retry of the guest instruction, reset io_state.
+
+[ This is a security issue.  XSA#10. -iwj ]
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Keir Fraser <keir at xen.org>
+Committed-by: Ian Jackson <ian.jackson at eu.citrix.com>
+
+xen-unstable changeset: 25682:ffcb24876b4f
+Committed-by: Ian Jackson <ian.jackson at eu.citrix.com>
+
+diff -r e89be0dedeb4 -r a43f5b4b0331 xen/arch/x86/hvm/io.c
+--- a/xen/arch/x86/hvm/io.c	Sun Jul 22 16:39:00 2012 +0100
++++ b/xen/arch/x86/hvm/io.c	Thu Jul 26 16:56:35 2012 +0100
+@@ -176,6 +176,8 @@
+ 
+     rc = hvm_emulate_one(&ctxt);
+ 
++    if ( rc != X86EMUL_RETRY )
++        curr->arch.hvm_vcpu.io_state = HVMIO_none;
+     if ( curr->arch.hvm_vcpu.io_state == HVMIO_awaiting_completion )
+         curr->arch.hvm_vcpu.io_state = HVMIO_handle_mmio_awaiting_completion;
+     else

Modified: branches/wheezy/xen/debian/patches/series
==============================================================================
--- branches/wheezy/xen/debian/patches/series	Mon Aug  6 15:39:30 2012	(r1085)
+++ branches/wheezy/xen/debian/patches/series	Wed Aug  8 13:48:50 2012	(r1086)
@@ -4,6 +4,8 @@
 upstream-23939:51288f69523f-rework
 upstream-23940:187d59e32a58
 upstream-25290:7a6dcecb1781-rework
+CVE-2012-3433
+upstream-23327:9d30201cbcc4
 
 xen-x86-interrupt-pointer-missmatch.diff
 

Added: branches/wheezy/xen/debian/patches/upstream-23327:9d30201cbcc4
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/wheezy/xen/debian/patches/upstream-23327:9d30201cbcc4	Wed Aug  8 13:48:50 2012	(r1086)
@@ -0,0 +1,18 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1343651864 -3600
+# Node ID 9d30201cbcc4f50fec6ee7302785ee0f916423f8
+# Parent  c23c84dbd98990dd67f1f3d593a91750e753372e
+Revert xen-unstable:25487:baa85434d0ec. Not applicable to 4.1 branch.
+
+diff -r c23c84dbd989 -r 9d30201cbcc4 xen/arch/x86/mm.c
+--- a/xen/arch/x86/mm.c	Mon Jul 30 13:34:45 2012 +0100
++++ b/xen/arch/x86/mm.c	Mon Jul 30 13:37:44 2012 +0100
+@@ -1801,7 +1801,6 @@
+             return 0;
+         case -1:
+             l1e_remove_flags(nl1e, _PAGE_RW);
+-            rc = 0;
+             break;
+         }
+

More information about the Pkg-xen-changes mailing list