pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
598a3740c6
xen/25952-x86-MMIO-remap-permissions.patch
Charles Arnold 898ade9d0e - bnc#787169 - L3: Marvell 88SE9125 disk controller not detecting 
disk in Xen kernel
  26133-IOMMU-defer-BM-disable.patch
  26324-IOMMU-assign-params.patch
  26325-IOMMU-add-remove-params.patch
  26326-VT-d-context-map-params.patch
  26327-AMD-IOMMU-flush-params.patch
  26328-IOMMU-pdev-type.patch
  26329-IOMMU-phantom-dev.patch
  26330-VT-d-phantom-MSI.patch
  26331-IOMMU-phantom-dev-quirk.patch
- Upstream patches from Jan
  26294-x86-AMD-Fam15-way-access-filter.patch
  26320-IOMMU-domctl-assign-seg.patch
  26332-x86-compat-show-guest-stack-mfn.patch
  26333-x86-get_page_type-assert.patch

- bnc#794316 - VUL-0: CVE-2012-5634: xen: VT-d interrupt remapping
  source validation flaw (XSA-33)
  CVE-2012-5634-xsa33.patch

- Update to Xen 4.2.1 c/s 25952

- Upstream patches from Jan
  26195-x86-compat-atp-gmfn-range-cont.patch
  26196-ACPI-set-PDC-bits-rc.patch
  26200-IOMMU-debug-verbose.patch
  26203-x86-HAP-dirty-vram-leak.patch
  26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch)
  26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch)

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=220
2013-01-14 17:52:04 +00:00

44 lines
1.7 KiB
Diff
Raw Blame History

# HG changeset patch
# User Daniel De Graaf <dgdegra@tycho.nsa.gov>
# Date 1348653367 -7200
# Node ID 8278d7d8fa485996f51134c5265fceaf239adf6a
# Parent b83f414ccf7a6e4e077a10bc422cf3f6c7d30566
x86: check remote MMIO remap permissions
When a domain is mapping pages from a different pg_owner domain, the
iomem_access checks are currently only applied to the pg_owner domain,
potentially allowing a domain with a more restrictive iomem_access
policy to have the pages mapped into its page tables. To catch this,
also check the owner of the page tables. The current domain does not
need to be checked because the ability to manipulate a domain's page
tables implies full access to the target domain, so checking that
domain's permission is sufficient.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Jan Beulich <jbeulich@suse.com>
Index: xen-4.2.0-testing/xen/arch/x86/mm.c
===================================================================
--- xen-4.2.0-testing.orig/xen/arch/x86/mm.c
+++ xen-4.2.0-testing/xen/arch/x86/mm.c
@@ -883,6 +883,19 @@ get_page_from_l1e(
return -EINVAL;
}
+ if ( pg_owner != l1e_owner &&
+ !iomem_access_permitted(l1e_owner, mfn, mfn) )
+ {
+ if ( mfn != (PADDR_MASK >> PAGE_SHIFT) ) /* INVALID_MFN? */
+ {
+ MEM_LOG("Dom%u attempted to map I/O space %08lx in dom%u to dom%u",
+ curr->domain->domain_id, mfn, pg_owner->domain_id,
+ l1e_owner->domain_id);
+ return -EPERM;
+ }
+ return -EINVAL;
+ }
+
if ( !(l1f & _PAGE_RW) ||
!rangeset_contains_singleton(mmio_ro_ranges, mfn) )
return 0;
Reference in New Issue View Git Blame Copy Permalink