28 lines
782 B
Diff
28 lines
782 B
Diff
|
# HG changeset patch
|
||
|
# User Ian Campbell <ian.campbell@citrix.com>
|
||
|
# Date 1347365190 -7200
|
||
|
# Node ID 0dba5a8886556f1b92e59eb19c570ad1704037f6
|
||
|
# Parent 90533f3b6babfda56edbbefda47c46b391204132
|
||
|
tmem: only allow tmem control operations from privileged domains
|
||
|
|
||
|
This is part of XSA-15 / CVE-2012-3497.
|
||
|
|
||
|
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
||
|
Committed-by: Jan Beulich <jbeulich@suse.com>
|
||
|
|
||
|
--- a/xen/common/tmem.c
|
||
|
+++ b/xen/common/tmem.c
|
||
|
@@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(stru
|
||
|
OID *oidp = (OID *)(&op->u.ctrl.oid[0]);
|
||
|
|
||
|
if (!tmh_current_is_privileged())
|
||
|
- {
|
||
|
- /* don't fail... mystery: sometimes dom0 fails here */
|
||
|
- /* return -EPERM; */
|
||
|
- }
|
||
|
+ return -EPERM;
|
||
|
+
|
||
|
switch(subop)
|
||
|
{
|
||
|
case TMEMC_THAW:
|