[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.3] x86/HVM: return all ones on wrong-sized reads of system device I/O ports
commit 3db79e9f71f551a51359cb40e39586d8a15dae02 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Mar 5 13:48:07 2015 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Mar 5 13:48:07 2015 +0100 x86/HVM: return all ones on wrong-sized reads of system device I/O ports So far the value presented to the guest remained uninitialized. This is CVE-2015-2044 / XSA-121. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: c9e57594e1ba5da9d705dee9f00aa4e7e925963d master date: 2015-03-05 13:34:54 +0100 --- xen/arch/x86/hvm/i8254.c | 1 + xen/arch/x86/hvm/pmtimer.c | 1 + xen/arch/x86/hvm/rtc.c | 3 ++- xen/arch/x86/hvm/vpic.c | 1 + 4 files changed, 5 insertions(+), 1 deletions(-) diff --git a/xen/arch/x86/hvm/i8254.c b/xen/arch/x86/hvm/i8254.c index c0d6bc2..809d09e 100644 --- a/xen/arch/x86/hvm/i8254.c +++ b/xen/arch/x86/hvm/i8254.c @@ -478,6 +478,7 @@ static int handle_pit_io( if ( bytes != 1 ) { gdprintk(XENLOG_WARNING, "PIT bad access\n"); + *val = ~0; return X86EMUL_OKAY; } diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c index 01ae31d..6ad2797 100644 --- a/xen/arch/x86/hvm/pmtimer.c +++ b/xen/arch/x86/hvm/pmtimer.c @@ -213,6 +213,7 @@ static int handle_pmt_io( if ( bytes != 4 ) { gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n"); + *val = ~0; return X86EMUL_OKAY; } diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 639b4c5..30270cb 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -696,7 +696,8 @@ static int handle_rtc_io( if ( bytes != 1 ) { - gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n"); + gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n"); + *val = ~0; return X86EMUL_OKAY; } diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c index fea3f68..6e4d422 100644 --- a/xen/arch/x86/hvm/vpic.c +++ b/xen/arch/x86/hvm/vpic.c @@ -324,6 +324,7 @@ static int vpic_intercept_pic_io( if ( bytes != 1 ) { gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes); + *val = ~0; return X86EMUL_OKAY; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.3 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |