[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-4.1-testing] tmem: only allow tmem control operations from privileged domains

  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-4.1-testing <patchbot@xxxxxxx>
  • Date: Wed, 26 Sep 2012 02:55:08 +0000
  • Delivery-date: Wed, 26 Sep 2012 02:55:18 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>
# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1348568646 -7200
# Node ID 240b1de53095bb046f1bb4398b7fb2c7d53bc158
# Parent  6a17d5f11d66688be995c7ae5ed0f20d8ebe9cbf
tmem: only allow tmem control operations from privileged domains

This is part of XSA-15 / CVE-2012-3497.

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Acked-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
xen-unstable changeset: 25850:0dba5a888655
xen-unstable date: Tue Sep 11 12:06:30 UTC 2012
---


diff -r 6a17d5f11d66 -r 240b1de53095 xen/common/tmem.c
--- a/xen/common/tmem.c Thu Sep 20 11:01:04 2012 +0200
+++ b/xen/common/tmem.c Tue Sep 25 12:24:06 2012 +0200
@@ -2544,10 +2544,8 @@ static NOINLINE int do_tmem_control(stru
     OID *oidp = (OID *)(&op->u.ctrl.oid[0]);
 
     if (!tmh_current_is_privileged())
-    {
-        /* don't fail... mystery: sometimes dom0 fails here */
-        /* return -EPERM; */
-    }
+        return -EPERM;
+
     switch(subop)
     {
     case TMEMC_THAW:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.