[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-ia64-devel] [PATCH] Fix security vulnerability

To: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
From: Kouya Shimura <kouya@xxxxxxxxxxxxxx>
Date: Tue, 15 Jan 2008 15:52:45 +0900
Delivery-date: Mon, 14 Jan 2008 22:53:06 -0800
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>

DomU can map any other domain's memory.

Signed-off-by: Kouya Shimura <kouya@xxxxxxxxxxxxxx>

diff -r 45d16899a21d xen/arch/ia64/xen/dom0_ops.c
--- a/xen/arch/ia64/xen/dom0_ops.c      Sun Jan 13 10:50:18 2008 +0000
+++ b/xen/arch/ia64/xen/dom0_ops.c      Tue Jan 15 15:39:17 2008 +0900
@@ -522,10 +522,14 @@ do_dom0vp_op(unsigned long cmd,
         ret = dom0vp_zap_physmap(d, arg0, (unsigned int)arg1);
         break;
     case IA64_DOM0VP_add_physmap:
+        if ( !IS_PRIV(d) )
+            return -EPERM;
         ret = dom0vp_add_physmap(d, arg0, arg1, (unsigned int)arg2,
                                  (domid_t)arg3);
         break;
     case IA64_DOM0VP_add_physmap_with_gmfn:
+        if ( !IS_PRIV(d) )
+            return -EPERM;
         ret = dom0vp_add_physmap_with_gmfn(d, arg0, arg1, (unsigned int)arg2,
                                            (domid_t)arg3);
         break;

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

Follow-Ups:
- Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability
  - From: Isaku Yamahata

Prev by Date: [Xen-ia64-devel] [PATCH] xenoprof/IA64 HOWTO
Next by Date: Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability
Previous by thread: [Xen-ia64-devel] [PATCH] xenoprof/IA64 HOWTO
Next by thread: Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.