[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.5] x86/HVM: return all ones on wrong-sized reads of system device I/O ports
commit 7ef036402d2a3fbc6abafb333c5deef2433919bb Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Mar 5 13:42:41 2015 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Mar 5 13:42:41 2015 +0100 x86/HVM: return all ones on wrong-sized reads of system device I/O ports So far the value presented to the guest remained uninitialized. This is CVE-2015-2044 / XSA-121. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: c9e57594e1ba5da9d705dee9f00aa4e7e925963d master date: 2015-03-05 13:34:54 +0100 --- xen/arch/x86/hvm/i8254.c | 1 + xen/arch/x86/hvm/pmtimer.c | 1 + xen/arch/x86/hvm/rtc.c | 3 ++- xen/arch/x86/hvm/vpic.c | 1 + 4 files changed, 5 insertions(+), 1 deletions(-) diff --git a/xen/arch/x86/hvm/i8254.c b/xen/arch/x86/hvm/i8254.c index 3ec01c0..36a0a53 100644 --- a/xen/arch/x86/hvm/i8254.c +++ b/xen/arch/x86/hvm/i8254.c @@ -486,6 +486,7 @@ static int handle_pit_io( if ( bytes != 1 ) { gdprintk(XENLOG_WARNING, "PIT bad access\n"); + *val = ~0; return X86EMUL_OKAY; } diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 01ae31d..6ad2797 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -213,6 +213,7 @@ static int handle_pmt_io( if ( bytes != 4 ) { gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n"); + *val = ~0; return X86EMUL_OKAY; } diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 3fab660..3448971 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -703,7 +703,8 @@ static int handle_rtc_io( if ( bytes != 1 ) { - gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n"); + gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n"); + *val = ~0; return X86EMUL_OKAY; } diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index 2c6e6e5..c2c8fb6 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -331,6 +331,7 @@ static int vpic_intercept_pic_io( if ( bytes != 1 ) { gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes); + *val = ~0; return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.5 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |