pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7cfddca5f7
xen/5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
Charles Arnold 8292994238 - bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional 
logging upon guest changing callback method (XSA-169)
  5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch

- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net:
  vmxnet3: host memory leakage
  CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch

- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers
  incautious about shared memory contents (XSA-155)
  xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
  xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
  xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
  xsa155-qemuu-qdisk-double-access.patch
  xsa155-qemut-qdisk-double-access.patch
  xsa155-qemuu-xenfb.patch
  xsa155-qemut-xenfb.patch
- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop
  in ehci_advance_state results in DoS
  CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer
  dereference issue
  CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid
  floating point exception
  CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
  CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in
  MSI-X handling (XSA-164)
  xsa164.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=393
2016-01-04 22:25:00 +00:00

106 lines
5.0 KiB
Diff
Raw Blame History

Subject: libxl: relax readonly check introduced by XSA-142 fix
From: Jim Fehlig jfehlig@suse.com Thu Nov 12 19:40:46 2015 -0700
Date: Mon Nov 16 11:23:42 2015 +0000:
Git: ef6cb76026628e26e3d1ae53c50ccde1c3c78b1b
The fix for XSA-142 is quite a big hammer, rejecting readonly
disk configuration even when the requested backend is known to
support readonly. While it is true that qemu doesn't support
readonly for emulated IDE or AHCI disks
$ /usr/lib/xen/bin/qemu-system-i386 \
-drive file=/tmp/disk.raw,if=ide,media=disk,format=raw,readonly=on
qemu-system-i386: Can't use a read-only drive
$ /usr/lib/xen/bin/qemu-system-i386 -device ahci,id=ahci0 \
-drive file=/tmp/disk.raw,if=none,id=ahcidisk-0,format=raw,readonly=on \
-device ide-hd,bus=ahci0.0,unit=0,drive=ahcidisk-0
qemu-system-i386: -device ide-hd,bus=ahci0.0,unit=0,drive=ahcidisk-0:
Can't use a read-only drive
It does support readonly SCSI disks
$ /usr/lib/xen/bin/qemu-system-i386 \
-drive file=/tmp/disk.raw,if=scsi,media=disk,format=raw,readonly=on
[ok]
Inside a guest using such a disk, the SCSI kernel driver sees write
protect on
[ 7.339232] sd 2:0:1:0: [sdb] Write Protect is on
Also, PV drivers support readonly, but the patch rejects such
configuration even when PV drivers (vdev=xvd*) have been explicitly
specified and creation of an emulated twin is skiped.
This follow-up patch loosens the restriction to reject readonly when
creating an emulated IDE or AHCI disk, but allows it when the backend
is known to support readonly.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Index: xen-4.6.0-testing/tools/libxl/libxl_dm.c
===================================================================
--- xen-4.6.0-testing.orig/tools/libxl/libxl_dm.c
+++ xen-4.6.0-testing/tools/libxl/libxl_dm.c
@@ -1117,11 +1117,6 @@ static int libxl__build_device_model_arg
(gc, "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
disks[i].pdev_path, disk, disks[i].readwrite ? "off" : "on", format, dev_number);
} else {
- if (!disks[i].readwrite) {
- LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "qemu-xen doesn't support read-only disk drivers");
- return ERROR_INVAL;
- }
-
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
" empty disk format for %s", disks[i].vdev);
@@ -1148,29 +1143,38 @@ static int libxl__build_device_model_arg
* For other disks we translate devices 0..3 into
* hd[a-d] and ignore the rest.
*/
- if (strncmp(disks[i].vdev, "sd", 2) == 0)
+ if (strncmp(disks[i].vdev, "sd", 2) == 0) {
drive = libxl__sprintf
- (gc, "file=%s,if=scsi,bus=0,unit=%d,format=%s,cache=writeback",
- pdev_path, disk, format);
- else if (strncmp(disks[i].vdev, "xvd", 3) == 0)
+ (gc, "file=%s,if=scsi,bus=0,unit=%d,format=%s,readonly=%s,cache=writeback",
+ pdev_path, disk, format, disks[i].readwrite ? "off" : "on");
+ } else if (strncmp(disks[i].vdev, "xvd", 3) == 0) {
/*
* Do not add any emulated disk when PV disk are
* explicitly asked for.
*/
continue;
- else if (disk < 6 && b_info->u.hvm.hdtype == LIBXL_HDTYPE_AHCI) {
+ } else if (disk < 6 && b_info->u.hvm.hdtype == LIBXL_HDTYPE_AHCI) {
+ if (!disks[i].readwrite) {
+ LOG(ERROR, "qemu-xen doesn't support read-only AHCI disk drivers");
+ return ERROR_INVAL;
+ }
flexarray_vappend(dm_args, "-drive",
GCSPRINTF("file=%s,if=none,id=ahcidisk-%d,format=%s,cache=writeback",
pdev_path, disk, format),
"-device", GCSPRINTF("ide-hd,bus=ahci0.%d,unit=0,drive=ahcidisk-%d",
disk, disk), NULL);
continue;
- } else if (disk < 4)
+ } else if (disk < 4) {
+ if (!disks[i].readwrite) {
+ LOG(ERROR, "qemu-xen doesn't support read-only IDE disk drivers");
+ return ERROR_INVAL;
+ }
drive = libxl__sprintf
(gc, "file=%s,if=ide,index=%d,media=disk,format=%s,cache=writeback",
pdev_path, disk, format);
- else
+ } else {
continue; /* Do not emulate this disk */
+ }
}
flexarray_append(dm_args, "-drive");
Reference in New Issue View Git Blame Copy Permalink