|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 01/11] tmem: only allow tmem control operations from privileged domains
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Wednesday, September 05, 2012 6:34 AM > To: xen-devel > Cc: Dan Magenheimer; Zhenzhong Duan > Subject: [PATCH 01/11] tmem: only allow tmem control operations from > privileged domains > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> > Acked-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx> > --- a/xen/common/tmem.c > +++ b/xen/common/tmem.c > @@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(stru > OID *oidp = (OID *)(&op->u.ctrl.oid[0]); > > if (!tmh_current_is_privileged()) > - { > - /* don't fail... mystery: sometimes dom0 fails here */ > - /* return -EPERM; */ > - } > + return -EPERM; > + > switch(subop) > { > case TMEMC_THAW: > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |