[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 01/11] tmem: only allow tmem control operations from privileged domains



> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Wednesday, September 05, 2012 6:34 AM
> To: xen-devel
> Cc: Dan Magenheimer; Zhenzhong Duan
> Subject: [PATCH 01/11] tmem: only allow tmem control operations from 
> privileged domains
> 
> This is part of XSA-15 / CVE-2012-3497.
> 
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Acked-by: Jan Beulich <jbeulich@xxxxxxxx>

Acked-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
 
> --- a/xen/common/tmem.c
> +++ b/xen/common/tmem.c
> @@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(stru
>      OID *oidp = (OID *)(&op->u.ctrl.oid[0]);
> 
>      if (!tmh_current_is_privileged())
> -    {
> -        /* don't fail... mystery: sometimes dom0 fails here */
> -        /* return -EPERM; */
> -    }
> +        return -EPERM;
> +
>      switch(subop)
>      {
>      case TMEMC_THAW:
> 
> 
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.