[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] tools/xenstore: fix XSA-417 patch


  • To: Julien Grall <julien@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 21 Jul 2023 08:39:35 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o9NCcKMpSbwUgHA9WwKD5asGHZbQNl87/iW64kIUCu4=; b=WMsHMlsYM9hm3I+VjyRZfA0mRbi82eFvtrvdSfN9dW0jayHOmDN5sD0owx92st5zuYCqZubiriQVU1Rk7fz6+ayuV8pFZllDbwXGw7jQbRMmbAV9fLZr4NwsT1RmRISy+9q4oyZubIAI3wcm0AI9SnmQGEykv27xYoWu7CRWm/h8Upx9gSortL9VSon8mVfpReb2utpDYBWqtDk5+7WQyXrF4iLrj23qwwbnj4ex1X5N5pANLS4myCJzsgvqgofLPvi69jrnPmp9yHQ0FIkcRI3Nlj/E7dD+6S2MTZplUCDwGoFgI0LljCfaszJqRwk7Jes4M6ZaAqAViMt8hBQ4Dg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ec3ay5viu9UwOGDrRfS/uzHLbYA4BNzhzwp/VBv825IFHFWw7ywxPeClw9bVNSD+RAuJTG/NJyjk5fpfSN4r62edRRqn6rb6TggFKZwAn8rPHE8rYCcXffvckwE2C2IPIqDMIace9fvXE9chPCAKz9uXvHU20kjBzU2Ony3f4SKGsY6iQGIHq2lQai5+GX2gv6fMja0ymhzoUGqYOBpLZC64RpFah0TAj2O0iJl7OnQ3YwBA5e624mMwbhOPjAc0O9Uf1U1vxWt2L/DSzj8wySdvK+BCRJW/0UdQ+ez47dJQCEkVvZya4rse0VXZhmXDHK5E9U7nEWybakAlicRO1g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 21 Jul 2023 06:39:53 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 21.07.2023 00:34, Julien Grall wrote:
> On 20/07/2023 16:04, Juergen Gross wrote:
>> The fix for XSA-417 had a bug: domain_alloc_permrefs() will not return
>> a negative value in case of an error, but a plain errno value.
>>
>> Note this is not considered to be a security issue, as the only case
>> where domain_alloc_permrefs() will return an error is a failed memory
>> allocation. As a guest should not be able to drive Xenstore out of
>> memory, this is NOT a problem a guest can trigger at will.
>>
>> Fixes: ab128218225d ("tools/xenstore: fix checking node permissions")
>> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
> 
> Acked-by: Julien Grall <jgrall@xxxxxxxxxx>

In the interest of not missing to add this to my to-be-backported
collection, I've included this in what I've committed just now. It
correcting an earlier XSA fix, I guess we may want to go as far as
backporting this also to the security-only stable trees (i.e.
through to 4.14 rather than just back to 4.16)?

As an aside - note that 4.14 is about to close.

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.