[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] [Xen-devel] Security patches



Hi,

It looks like the patch that has been provided on Xen Security Advisory 11 (CVE-2012-3433) doesn't applied for Xen 3.4.4.

When I try to apply this patch and I am getting the below error,

1 out of 1 hunk FAILED -- saving rejects to file xen/arch/x86/mm/p2m.c.rej
1 out of 1 hunk FAILED -- saving rejects to file xen/arch/x86/mm/p2m.c.rej

Seems there is no for loop "for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )" on xen/arch/x86/mm/p2m.c.rej on xen3.4.4 source instead if loop only exists.

p2m.c: && (gfn + (1UL << page_order) - 1 > d->arch.p2m->max_mapped_pfn) )
p2m.c: d->arch.p2m->max_mapped_pfn = gfn + (1UL << page_order) - 1;
p2m.c: if ( gfn > d->arch.p2m->max_mapped_pfn )
p2m.c: if ( gfn <= current->domain->arch.p2m->max_mapped_pfn )
p2m.c: if ( test_linear && (gfn <= d->arch.p2m->max_mapped_pfn) )
p2m.c.orig: && (gfn + (1UL << page_order) - 1 > d->arch.p2m->max_mapped_pfn) )
p2m.c.orig: d->arch.p2m->max_mapped_pfn = gfn + (1UL << page_order) - 1;
p2m.c.orig: if ( gfn > d->arch.p2m->max_mapped_pfn )
p2m.c.orig: if ( gfn <= current->domain->arch.p2m->max_mapped_pfn )
p2m.c.orig: if ( test_linear && (gfn <= d->arch.p2m->max_mapped_pfn) )
p2m.c.rej: for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )
p2m.c.rej: for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ )

So I guess this patch applicable for Xen 4.x only. If you update the patch for Xen 3.4 that would be great.


On Thu, Sep 6, 2012 at 2:43 PM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
On Thu, 2012-09-06 at 10:08 +0100, kk s wrote:
> Hi Ian,
>
> Thanks for your reply. Sorry to bother you with this. I am bit
> confused and so I am asking to make clear myself.
>
> Reg CVE-2012-2934 -
> http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
> Is Xen 3.4 too affected with this vulnerable? If so I couldn't find
> the patch for xen 3.4 and it does exit for xen 4.x only.

I expect it does effect 3.4, but only if you are running on one of the
listed processors.

security@xxxxxxx doesn't provide security support for 3.4 any more. If
you aren't able to backport the 4.0 patch yourself, you would need to
speak to Keith Coleman who is the 3.4 stable maintainer.

> I don't how to apply the following patches since I have created rpm
> with patches applied that included as downloadable file. But for these
> patches I am not seeing any downloadable file.
>
> http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
> http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
> http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
>
> If you can clear this for me that would be great :)

I already pointed you at http://wiki.xen.org/wiki/Security_Announcements
which should have all the links you need.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.