rpms/kernel/FC-6 xen-grant-security.patch, NONE, 1.1 kernel-2.6.spec, 1.2846, 1.2847

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Nov 10 06:46:36 UTC 2006 

Author: davej

Update of /cvs/dist/rpms/kernel/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv8313

Modified Files:
	kernel-2.6.spec 
Added Files:
	xen-grant-security.patch 
Log Message:
Xen grant table operations security fix.

xen-grant-security.patch:
 common/grant_table.c |   16 ++++++++++++++++
 include/xen/iocap.h  |    3 +++
 2 files changed, 19 insertions(+)

--- NEW FILE xen-grant-security.patch ---
diff -r a5a3f48e92c9 xen/common/grant_table.c
--- xen/common/grant_table.c	Wed Oct 04 19:00:11 2006 +0100
+++ xen/common/grant_table.c	Thu Oct 05 14:30:25 2006 +0800
@@ -30,6 +30,7 @@
 #include <xen/trace.h>
 #include <xen/guest_access.h>
 #include <xen/domain_page.h>
+#include <xen/iocap.h>
 #include <acm/acm_hooks.h>
 
 /*
@@ -967,6 +968,11 @@ do_grant_table_op(
             guest_handle_cast(uop, gnttab_map_grant_ref_t);
         if ( unlikely(!guest_handle_okay(map, count)) )
             goto out;
+
+	rc = -EPERM;
+	if (unlikely(!grant_flip_permitted(d)))
+		goto out;
+
         rc = gnttab_map_grant_ref(map, count);
         break;
     }
@@ -976,6 +982,11 @@ do_grant_table_op(
             guest_handle_cast(uop, gnttab_unmap_grant_ref_t);
         if ( unlikely(!guest_handle_okay(unmap, count)) )
             goto out;
+
+	rc = -EPERM;
+	if (unlikely(!grant_flip_permitted(d)))
+		goto out;
+
         rc = gnttab_unmap_grant_ref(unmap, count);
         break;
     }
@@ -991,6 +1002,11 @@ do_grant_table_op(
             guest_handle_cast(uop, gnttab_transfer_t);
         if ( unlikely(!guest_handle_okay(transfer, count)) )
             goto out;
+
+	rc = -EPERM;
+	if (unlikely(!grant_flip_permitted(d)))
+		goto out;
+
         rc = gnttab_transfer(transfer, count);
         break;
     }
diff -r a5a3f48e92c9 xen/include/xen/iocap.h
--- xen/include/xen/iocap.h	Wed Oct 04 19:00:11 2006 +0100
+++ xen/include/xen/iocap.h	Thu Oct 05 14:30:25 2006 +0800
@@ -31,4 +31,7 @@
 #define multipage_allocation_permitted(d)               \
     (!rangeset_is_empty((d)->iomem_caps))
 
+#define grant_flip_permitted(d)                           \
+    (!rangeset_is_empty((d)->iomem_caps))
+
 #endif /* __XEN_IOCAP_H__ */


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v
retrieving revision 1.2846
retrieving revision 1.2847
diff -u -r1.2846 -r1.2847
--- kernel-2.6.spec	10 Nov 2006 03:49:49 -0000	1.2846
+++ kernel-2.6.spec	10 Nov 2006 06:46:33 -0000	1.2847
@@ -575,6 +575,7 @@
 # Xen hypervisor patches (20000+)
 Patch20000: xen-printf-rate-limit.patch
 Patch20001: xen-version-strings.patch
+Patch20002: xen-grant-security.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1319,6 +1320,7 @@
 # Any necessary hypervisor patches go here
 %patch20000 -p1
 %patch20001 -p1
+%patch20002 -p1
 
 # Update the Makefile version strings
 sed -i -e 's/\(^export XEN_BUILDER.*$\)/\1'%{?dist}'/' Makefile
@@ -2073,6 +2075,9 @@
 %endif
 
 %changelog
+* Fri Nov 10 2006 Dave Jones <davej at redhat.com>
+- Xen grant table operations security fix.
+
 * Thu Nov  9 2006 Dave Jones <davej at redhat.com>
 - Change HZ to 1000 for increased accuracy.
   (Except in Xen, where it stays at 250 for now).

More information about the fedora-cvs-commits mailing list