|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-4.2-testing] xen: Do not allow guests to enable nested HVM on themselves
# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1358938364 -3600
# Node ID 7c04074a0a0f897f6745fb3328746bc50bb91d71
# Parent fef7ef92f08e46d6f7b04551394d17a835dbe110
xen: Do not allow guests to enable nested HVM on themselves
There is no reason for this and doing so exposes a memory leak to
guests. Only toolstacks need write access to this HVM param.
This is XSA-35 / CVE-2013-0152.
Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Acked-by: Jan Beulich <JBeulich@xxxxxxxx>
xen-unstable changeset: 26444:621b1a889e9b
xen-unstable date: Wed Jan 23 10:47:24 UTC 2013
---
diff -r fef7ef92f08e -r 7c04074a0a0f xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c Wed Jan 23 11:51:16 2013 +0100
+++ b/xen/arch/x86/hvm/hvm.c Wed Jan 23 11:52:44 2013 +0100
@@ -3862,6 +3862,11 @@ long do_hvm_op(unsigned long op, XEN_GUE
rc = -EINVAL;
break;
case HVM_PARAM_NESTEDHVM:
+ if ( !IS_PRIV(current->domain) )
+ {
+ rc = -EPERM;
+ break;
+ }
#ifdef __i386__
if ( a.value )
rc = -EINVAL;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |