[Pkg-xen-changes] r1126 - in branches/wheezy/xen/debian: . patches

Bastian Blank waldi at alioth.debian.org
Tue Dec 4 09:51:37 UTC 2012 

Author: waldi
Date: Tue Dec  4 09:51:36 2012
New Revision: 1126

Log:
* debian/changelog: Update.
* debian/patches: Add fix for CVE-2012-5514.

Added:
   branches/wheezy/xen/debian/patches/CVE-2012-5514
Modified:
   branches/wheezy/xen/debian/changelog
   branches/wheezy/xen/debian/patches/series

Modified: branches/wheezy/xen/debian/changelog
==============================================================================
--- branches/wheezy/xen/debian/changelog	Mon Dec  3 19:12:59 2012	(r1125)
+++ branches/wheezy/xen/debian/changelog	Tue Dec  4 09:51:36 2012	(r1126)
@@ -1,3 +1,10 @@
+xen (4.1.3-6) UNRELEASED; urgency=high
+
+  * Fix error handling in physical to machine memory mapping.
+    CVE-2012-5514
+
+ -- Bastian Blank <waldi at debian.org>  Tue, 04 Dec 2012 10:27:57 +0100
+
 xen (4.1.3-5) unstable; urgency=high
 
   * Fix state corruption due to incomplete grant table switch.

Added: branches/wheezy/xen/debian/patches/CVE-2012-5514
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/wheezy/xen/debian/patches/CVE-2012-5514	Tue Dec  4 09:51:36 2012	(r1126)
@@ -0,0 +1,39 @@
+Description: xen: fix error handling of guest_physmap_mark_populate_on_demand()
+From: Jan Beulich <jbeulich at suse.com>
+Origin: upstream
+Id: CVE-2012-5514
+---
+--- a/xen/arch/x86/mm/p2m.c	Mon Nov 19 09:43:48 2012 +0100
++++ b/xen/arch/x86/mm/p2m.c	Thu Nov 22 17:07:37 2012 +0000
+@@ -2412,6 +2412,9 @@ guest_physmap_mark_populate_on_demand(st
+     int pod_count = 0;
+     int rc = 0;
+ 
++    if ( !IS_PRIV_FOR(current->domain, d) )
++        return -EPERM;
++
+     if ( !paging_mode_translate(d) )
+         return -EINVAL;
+ 
+@@ -2430,8 +2433,7 @@ guest_physmap_mark_populate_on_demand(st
+         omfn = gfn_to_mfn_query(p2m, gfn + i, &ot);
+         if ( p2m_is_ram(ot) )
+         {
+-            printk("%s: gfn_to_mfn returned type %d!\n",
+-                   __func__, ot);
++            P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot);
+             rc = -EBUSY;
+             goto out;
+         }
+@@ -2453,10 +2455,10 @@ guest_physmap_mark_populate_on_demand(st
+         BUG_ON(p2m->pod.entry_count < 0);
+     }
+ 
++out:
+     audit_p2m(p2m, 1);
+     p2m_unlock(p2m);
+ 
+-out:
+     return rc;
+ }
+ 

Modified: branches/wheezy/xen/debian/patches/series
==============================================================================
--- branches/wheezy/xen/debian/patches/series	Mon Dec  3 19:12:59 2012	(r1125)
+++ branches/wheezy/xen/debian/patches/series	Tue Dec  4 09:51:36 2012	(r1126)
@@ -20,6 +20,7 @@
 CVE-2012-5511
 CVE-2012-5512
 CVE-2012-5513
+CVE-2012-5514
 CVE-2012-5515
 
 xen-x86-interrupt-pointer-missmatch.diff

More information about the Pkg-xen-changes mailing list