[Pkg-xen-changes] [xen] 01/06: x86/HVM: return all ones on wrong-sized reads of system device I/O ports
Bastian Blank
waldi at moszumanska.debian.org
Thu Mar 12 17:35:03 UTC 2015
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch debian/jessie
in repository xen.
commit 0006677db8fedebe3704ca229750bf9b23207768
Author: Jan Beulich <jbeulich at suse.com>
Date: Thu Mar 5 13:45:22 2015 +0100
x86/HVM: return all ones on wrong-sized reads of system device I/O ports
So far the value presented to the guest remained uninitialized.
This is CVE-2015-2044 / XSA-121.
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
master commit: c9e57594e1ba5da9d705dee9f00aa4e7e925963d
master date: 2015-03-05 13:34:54 +0100
(cherry picked from commit 9d699dde9f0b46cf55b2250fa13b5c402c45fc1e)
Patch-Name: CVE-2015-2044.diff
---
xen/arch/x86/hvm/i8254.c | 1 +
xen/arch/x86/hvm/pmtimer.c | 1 +
xen/arch/x86/hvm/rtc.c | 3 ++-
xen/arch/x86/hvm/vpic.c | 1 +
4 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/i8254.c b/xen/arch/x86/hvm/i8254.c
index f7493b8..e92424e 100644
--- a/xen/arch/x86/hvm/i8254.c
+++ b/xen/arch/x86/hvm/i8254.c
@@ -477,6 +477,7 @@ static int handle_pit_io(
if ( bytes != 1 )
{
gdprintk(XENLOG_WARNING, "PIT bad access\n");
+ *val = ~0;
return X86EMUL_OKAY;
}
diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c
index 01ae31d..6ad2797 100644
--- a/xen/arch/x86/hvm/pmtimer.c
+++ b/xen/arch/x86/hvm/pmtimer.c
@@ -213,6 +213,7 @@ static int handle_pmt_io(
if ( bytes != 4 )
{
gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n");
+ *val = ~0;
return X86EMUL_OKAY;
}
diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c
index 639b4c5..30270cb 100644
--- a/xen/arch/x86/hvm/rtc.c
+++ b/xen/arch/x86/hvm/rtc.c
@@ -696,7 +696,8 @@ static int handle_rtc_io(
if ( bytes != 1 )
{
- gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n");
+ gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n");
+ *val = ~0;
return X86EMUL_OKAY;
}
diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c
index fea3f68..6e4d422 100644
--- a/xen/arch/x86/hvm/vpic.c
+++ b/xen/arch/x86/hvm/vpic.c
@@ -324,6 +324,7 @@ static int vpic_intercept_pic_io(
if ( bytes != 1 )
{
gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes);
+ *val = ~0;
return X86EMUL_OKAY;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list