Re: [Xen-users] Reg XSA39

[Linux Hack <linuxhack2012@xxxxxxxxx>]

hi,

I guess this needs to be patched into kernel-xen instead of xen hypervisior right?

On Wed, Feb 6, 2013 at 2:56 AM, Linux Hack <linuxhack2012@xxxxxxxxx> wrote:

Hi,

I am unable to apply this patch on Xen-4.1.4 and seems the file /drivers/xen/netback/common.h doesn't exists.

===========

Patch #39 (xsa39-classic-0001-xen-netback-garbage-ring.patch):

+ patch -p1 -s

The text leading up to this was:

--------------------------

|netback: shutdown the ring if it contains garbage

|

|A buggy or malicious frontend should not be able to confuse netback.

|If we spot anything which is not as it should be then shutdown the

|device and don't try to continue with the ring in a potentially

|hostile state. Well behaved and non-hostile frontends will not be

|penalised.

|

|As well as making the existing checks for such errors fatal also add a

|new check that ensures that there isn't an insane number of requests

|on the ring (i.e. more than would fit in the ring). If the ring

|contains garbage then previously is was possible to loop over this

|insane number, getting an error each time and therefore not generating

|any more pending requests and therefore not exiting the loop in

|xen_netbk_tx_build_gops for an externded period.

|

|Also turn various netdev_dbg calls which no precipitate a fatal error

|into netdev_err, they are rate limited because the device is shutdown

|afterwards.

|

|This fixes at least one known DoS/softlockup of the backend domain.

|

|Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

|Signed-off-by: Jan Beulich <JBeulich@xxxxxxxx>

|

|--- a/drivers/xen/netback/common.h

|+++ b/drivers/xen/netback/common.h

--------------------------

File to patch:

=================

Any help that would be great!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users