rpms/kernel/FC-6 xen-grant-security.patch, NONE, 1.1 kernel-2.6.spec, 1.2846, 1.2847
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Nov 10 06:46:36 UTC 2006
Author: davej
Update of /cvs/dist/rpms/kernel/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv8313
Modified Files:
kernel-2.6.spec
Added Files:
xen-grant-security.patch
Log Message:
Xen grant table operations security fix.
xen-grant-security.patch:
common/grant_table.c | 16 ++++++++++++++++
include/xen/iocap.h | 3 +++
2 files changed, 19 insertions(+)
--- NEW FILE xen-grant-security.patch ---
diff -r a5a3f48e92c9 xen/common/grant_table.c
--- xen/common/grant_table.c Wed Oct 04 19:00:11 2006 +0100
+++ xen/common/grant_table.c Thu Oct 05 14:30:25 2006 +0800
@@ -30,6 +30,7 @@
#include <xen/trace.h>
#include <xen/guest_access.h>
#include <xen/domain_page.h>
+#include <xen/iocap.h>
#include <acm/acm_hooks.h>
/*
@@ -967,6 +968,11 @@ do_grant_table_op(
guest_handle_cast(uop, gnttab_map_grant_ref_t);
if ( unlikely(!guest_handle_okay(map, count)) )
goto out;
+
+ rc = -EPERM;
+ if (unlikely(!grant_flip_permitted(d)))
+ goto out;
+
rc = gnttab_map_grant_ref(map, count);
break;
}
@@ -976,6 +982,11 @@ do_grant_table_op(
guest_handle_cast(uop, gnttab_unmap_grant_ref_t);
if ( unlikely(!guest_handle_okay(unmap, count)) )
goto out;
+
+ rc = -EPERM;
+ if (unlikely(!grant_flip_permitted(d)))
+ goto out;
+
rc = gnttab_unmap_grant_ref(unmap, count);
break;
}
@@ -991,6 +1002,11 @@ do_grant_table_op(
guest_handle_cast(uop, gnttab_transfer_t);
if ( unlikely(!guest_handle_okay(transfer, count)) )
goto out;
+
+ rc = -EPERM;
+ if (unlikely(!grant_flip_permitted(d)))
+ goto out;
+
rc = gnttab_transfer(transfer, count);
break;
}
diff -r a5a3f48e92c9 xen/include/xen/iocap.h
--- xen/include/xen/iocap.h Wed Oct 04 19:00:11 2006 +0100
+++ xen/include/xen/iocap.h Thu Oct 05 14:30:25 2006 +0800
@@ -31,4 +31,7 @@
#define multipage_allocation_permitted(d) \
(!rangeset_is_empty((d)->iomem_caps))
+#define grant_flip_permitted(d) \
+ (!rangeset_is_empty((d)->iomem_caps))
+
#endif /* __XEN_IOCAP_H__ */
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v
retrieving revision 1.2846
retrieving revision 1.2847
diff -u -r1.2846 -r1.2847
--- kernel-2.6.spec 10 Nov 2006 03:49:49 -0000 1.2846
+++ kernel-2.6.spec 10 Nov 2006 06:46:33 -0000 1.2847
@@ -575,6 +575,7 @@
# Xen hypervisor patches (20000+)
Patch20000: xen-printf-rate-limit.patch
Patch20001: xen-version-strings.patch
+Patch20002: xen-grant-security.patch
# END OF PATCH DEFINITIONS
@@ -1319,6 +1320,7 @@
# Any necessary hypervisor patches go here
%patch20000 -p1
%patch20001 -p1
+%patch20002 -p1
# Update the Makefile version strings
sed -i -e 's/\(^export XEN_BUILDER.*$\)/\1'%{?dist}'/' Makefile
@@ -2073,6 +2075,9 @@
%endif
%changelog
+* Fri Nov 10 2006 Dave Jones <davej at redhat.com>
+- Xen grant table operations security fix.
+
* Thu Nov 9 2006 Dave Jones <davej at redhat.com>
- Change HZ to 1000 for increased accuracy.
(Except in Xen, where it stays at 250 for now).
More information about the fedora-cvs-commits
mailing list