diff options
Diffstat (limited to 'sysutils/xenkernel41/patches/patch-CVE-2012-3496')
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2012-3496 | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/sysutils/xenkernel41/patches/patch-CVE-2012-3496 b/sysutils/xenkernel41/patches/patch-CVE-2012-3496 index 2a7374d4636..f30ea035af7 100644 --- a/sysutils/xenkernel41/patches/patch-CVE-2012-3496 +++ b/sysutils/xenkernel41/patches/patch-CVE-2012-3496 @@ -1,23 +1,51 @@ -$NetBSD: patch-CVE-2012-3496,v 1.2 2012/11/14 13:42:41 drochner Exp $ +$NetBSD: patch-CVE-2012-3496,v 1.3 2012/12/05 19:16:26 drochner Exp $ see http://lists.xen.org/archives/html/xen-devel/2012-09/msg00194.html fix for CVE-2012-4537 is also here, see http://lists.xen.org/archives/html/xen-devel/2012-11/msg00507.html +fix for CVE-2012-5514 is also here, see +http://lists.xen.org/archives/html/xen-announce/2012-12/msg00005.html + --- xen/arch/x86/mm/p2m.c.orig 2012-08-10 13:51:45.000000000 +0000 +++ xen/arch/x86/mm/p2m.c -@@ -2414,7 +2414,8 @@ guest_physmap_mark_populate_on_demand(st +@@ -2414,7 +2414,11 @@ guest_physmap_mark_populate_on_demand(st int pod_count = 0; int rc = 0; - BUG_ON(!paging_mode_translate(d)); ++ if ( !IS_PRIV_FOR(current->domain, d) ) ++ return -EPERM; ++ + if ( !paging_mode_translate(d) ) + return -EINVAL; rc = gfn_check_limit(d, gfn, order); if ( rc != 0 ) -@@ -2559,7 +2560,10 @@ guest_physmap_add_entry(struct p2m_domai +@@ -2431,8 +2435,7 @@ guest_physmap_mark_populate_on_demand(st + omfn = gfn_to_mfn_query(p2m, gfn + i, &ot); + if ( p2m_is_ram(ot) ) + { +- printk("%s: gfn_to_mfn returned type %d!\n", +- __func__, ot); ++ P2M_DEBUG("gfn_to_mfn returned type %d!\n", ot); + rc = -EBUSY; + goto out; + } +@@ -2454,10 +2457,10 @@ guest_physmap_mark_populate_on_demand(st + BUG_ON(p2m->pod.entry_count < 0); + } + ++out: + audit_p2m(p2m, 1); + p2m_unlock(p2m); + +-out: + return rc; + } + +@@ -2559,7 +2562,10 @@ guest_physmap_add_entry(struct p2m_domai if ( mfn_valid(_mfn(mfn)) ) { if ( !set_p2m_entry(p2m, gfn, _mfn(mfn), page_order, t, p2m->default_access) ) @@ -28,7 +56,7 @@ http://lists.xen.org/archives/html/xen-devel/2012-11/msg00507.html if ( !p2m_is_grant(t) ) { for ( i = 0; i < (1UL << page_order); i++ ) -@@ -2580,6 +2584,7 @@ guest_physmap_add_entry(struct p2m_domai +@@ -2580,6 +2586,7 @@ guest_physmap_add_entry(struct p2m_domai } } |