[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 01/11] tmem: only allow tmem control operations from privileged domains

To: "xen-devel" <xen-devel@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 05 Sep 2012 13:34:00 +0100
Cc: dan.magenheimer@xxxxxxxxxx, Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx>
Delivery-date: Wed, 05 Sep 2012 12:33:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

This is part of XSA-15 / CVE-2012-3497.

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(stru
     OID *oidp = (OID *)(&op->u.ctrl.oid[0]);
 
     if (!tmh_current_is_privileged())
-    {
-        /* don't fail... mystery: sometimes dom0 fails here */
-        /* return -EPERM; */
-    }
+        return -EPERM;
+
     switch(subop)
     {
     case TMEMC_THAW:




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 01/11] tmem: only allow tmem control operations from privileged domains
  - From: Dan Magenheimer

Prev by Date: [Xen-devel] [PATCH 00/11] various tmem adjustments (mostly XSA-15 related)
Next by Date: [Xen-devel] [PATCH 02/11] tmem: consistently make pool_id a uint32_t
Previous by thread: [Xen-devel] [PATCH 00/11] various tmem adjustments (mostly XSA-15 related)
Next by thread: Re: [Xen-devel] [PATCH 01/11] tmem: only allow tmem control operations from privileged domains
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.