calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8dc1e407f7'
${ noResults }
gentoo-overlay/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_...

71 lines
2.2 KiB
Raw Blame History

commit 66141b2e068fa39f28bdda6be05882e323663687
Author: Michael Young
Date: Tue Jan 22 22:22:10 2013 +0000
Security fix from nested virtualization CVE-2013-0151,
restore status option to xend which is used by libvirt
#diff --git a/xsa34-4.2.patch b/xsa34-4.2.patch
#new file mode 100644
#index 0000000..f5328ef
#--- /dev/null
#+++ xsa34-4.2.patch
#@@ -0,0 +1,30 @@
#+x86_32: don't allow use of nested HVM
#+
#+There are (indirect) uses of map_domain_page() in the nested HVM code
#+that are unsafe when not just using the 1:1 mapping.
#+
#+This is XSA-34 / CVE-2013-0151.
#+
#+Signed-off-by: Jan Beulich
#+
#diff --git a/xsa35-4.2-with-xsa34.patch b/xsa35-4.2-with-xsa34.patch
#new file mode 100644
#index 0000000..28c6171
#--- /dev/null
#+++ xsa35-4.2-with-xsa34.patch
#@@ -0,0 +1,24 @@
#+xen: Do not allow guests to enable nested HVM on themselves
#+
#+There is no reason for this and doing so exposes a memory leak to
#+guests. Only toolstacks need write access to this HVM param.
#+
#+This is XSA-35 / CVE-2013-0152.
#+
#+Signed-off-by: Ian Campbell
#+Acked-by: Jan Beulich
#+
--- xen/arch/x86/hvm/hvm.c
+++ xen/arch/x86/hvm/hvm.c
@@ -3858,6 +3858,11 @@
rc = -EINVAL;
break;
case HVM_PARAM_NESTEDHVM:
+ if ( !IS_PRIV(current->domain) )
+ {
+ rc = -EPERM;
+ break;
+ }
if ( a.value > 1 )
rc = -EINVAL;
if ( !is_hvm_domain(d) )
@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
rc = -EINVAL;
break;
case HVM_PARAM_NESTEDHVM:
+#ifdef __i386__
+ if ( a.value )
+ rc = -EINVAL;
+#else
if ( a.value > 1 )
rc = -EINVAL;
if ( !is_hvm_domain(d) )
@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
for_each_vcpu(d, v)
if ( rc == 0 )
rc = nestedhvm_vcpu_initialise(v);
+#endif
break;
case HVM_PARAM_BUFIOREQ_EVTCHN:
rc = -EINVAL;
Reference in new issue View Git Blame Copy Permalink