diff options
| author |   Ian Delaney <idella4@gentoo.org> | 2013-01-30 12:12:31 +0000 |
|---|---|---|
| committer | Ian Delaney <idella4@gentoo.org> | 2013-01-30 12:12:31 +0000 |
| commit | bb6558b9d97d094ea78e10d44db34fa18049da8d (patch) | |
| tree | 8069f0397040235e241c11f7dd76b2dd5bb4d139 /app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch | |
| parent | app-benchmarks/bootchart2: drop old; add USE=X for track-only installations, ... (diff) | |
| download | gentoo-2-bb6558b9d97d094ea78e10d44db34fa18049da8d.tar.gz gentoo-2-bb6558b9d97d094ea78e10d44db34fa18049da8d.tar.bz2 gentoo-2-bb6558b9d97d094ea78e10d44db34fa18049da8d.zip | |
revbumps; -4.2.0-r1, eclass python-single-r1 added to anable & ensure a build by py2 fixing Bug #453930, PYTHON_COMPAT set accordingly, EAPI->5, sed statements reduced to patches, many sec. patches added addressing Bugs #445254, #431156, #454314. -4.2.1-r1, changes mirrored in those of -4.2.0-r1, addition of 3 sec. patches that pertain to 4.2.1. Dropped 4.2.0 & 4.2.1 by virtue of being prone to failure in form of Bug #453930. Sees 4.2.0-r1 ready for testing for stable
(Portage version: 2.1.11.40/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Diffstat (limited to 'app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch')
| -rw-r--r-- | app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch b/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch new file mode 100644 index 000000000000..f074fa666cbe --- /dev/null +++ b/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch @@ -0,0 +1,70 @@ +commit 66141b2e068fa39f28bdda6be05882e323663687 +Author: Michael Young +Date: Tue Jan 22 22:22:10 2013 +0000 + + Security fix from nested virtualization CVE-2013-0151, + restore status option to xend which is used by libvirt +#diff --git a/xsa34-4.2.patch b/xsa34-4.2.patch +#new file mode 100644 +#index 0000000..f5328ef +#--- /dev/null +#+++ xsa34-4.2.patch +#@@ -0,0 +1,30 @@ +#+x86_32: don't allow use of nested HVM +#+ +#+There are (indirect) uses of map_domain_page() in the nested HVM code +#+that are unsafe when not just using the 1:1 mapping. +#+ +#+This is XSA-34 / CVE-2013-0151. +#+ +#+Signed-off-by: Jan Beulich +#+ +#diff --git a/xsa35-4.2-with-xsa34.patch b/xsa35-4.2-with-xsa34.patch +#new file mode 100644 +#index 0000000..28c6171 +#--- /dev/null +#+++ xsa35-4.2-with-xsa34.patch +#@@ -0,0 +1,24 @@ +#+xen: Do not allow guests to enable nested HVM on themselves +#+ +#+There is no reason for this and doing so exposes a memory leak to +#+guests. Only toolstacks need write access to this HVM param. +#+ +#+This is XSA-35 / CVE-2013-0152. +#+ +#+Signed-off-by: Ian Campbell +#+Acked-by: Jan Beulich +#+ +--- xen/arch/x86/hvm/hvm.c ++++ xen/arch/x86/hvm/hvm.c +@@ -3858,6 +3858,11 @@ + rc = -EINVAL; + break; + case HVM_PARAM_NESTEDHVM: ++ if ( !IS_PRIV(current->domain) ) ++ { ++ rc = -EPERM; ++ break; ++ } + if ( a.value > 1 ) + rc = -EINVAL; + if ( !is_hvm_domain(d) ) +@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE + rc = -EINVAL; + break; + case HVM_PARAM_NESTEDHVM: ++#ifdef __i386__ ++ if ( a.value ) ++ rc = -EINVAL; ++#else + if ( a.value > 1 ) + rc = -EINVAL; + if ( !is_hvm_domain(d) ) +@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE + for_each_vcpu(d, v) + if ( rc == 0 ) + rc = nestedhvm_vcpu_initialise(v); ++#endif + break; + case HVM_PARAM_BUFIOREQ_EVTCHN: + rc = -EINVAL; |