main/linux-grsec: xen security fix xsa-43 (CVE-2013-0231)

http://lists.xen.org/archives/html/xen-devel/2013-02/msg00295.html fixes #1601
author: Natanael Copa <ncopa@alpinelinux.org> 2013-02-06 11:30:56 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-02-06 11:36:46 +0000
commit: ea752b69d8b4ec4921a3112ccc8327d92e00344e (patch)
tree: 6cb2160fd61ef9f42b8f44ec3822bb52c585b996 /main/linux-grsec/xsa43-pvops.patch
parent: 2be403781eeb53193c8a7cee98731fcea1a5f0b5 (diff)
download: aports-ea752b69d8b4ec4921a3112ccc8327d92e00344e.tar.bz2
aports-ea752b69d8b4ec4921a3112ccc8327d92e00344e.tar.xz
1 files changed, 54 insertions, 0 deletions
diff --git a/main/linux-grsec/xsa43-pvops.patch b/main/linux-grsec/xsa43-pvops.patch
new file mode 100644
index 0000000000..f1440315dd
--- /dev/null
+++ b/main/linux-grsec/xsa43-pvops.patch
@@ -0,0 +1,54 @@
+xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()
+
+... as being guest triggerable (e.g. by invoking
+XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable).
+
+This is CVE-2013-0231 / XSA-43.
+
+Also make the two messages uniform in both their wording and severity.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+
+---
+ drivers/xen/xen-pciback/pciback_ops.c |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- 3.8-rc5/drivers/xen/xen-pciback/pciback_ops.c
++++ 3.8-rc5-xen-pciback-ratelimit/drivers/xen/xen-pciback/pciback_ops.c
+@@ -135,7 +135,6 @@ int xen_pcibk_enable_msi(struct xen_pcib
+ 			 struct pci_dev *dev, struct xen_pci_op *op)
+ {
+ 	struct xen_pcibk_dev_data *dev_data;
+-	int otherend = pdev->xdev->otherend_id;
+ 	int status;
+ 
+ 	if (unlikely(verbose_request))
+@@ -144,8 +143,9 @@ int xen_pcibk_enable_msi(struct xen_pcib
+ 	status = pci_enable_msi(dev);
+ 
+ 	if (status) {
+-		printk(KERN_ERR "error enable msi for guest %x status %x\n",
+-			otherend, status);
++		pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI for guest %u: err %d\n",
++				    pci_name(dev), pdev->xdev->otherend_id,
++				    status);
+ 		op->value = 0;
+ 		return XEN_PCI_ERR_op_failed;
+ 	}
+@@ -223,10 +223,10 @@ int xen_pcibk_enable_msix(struct xen_pci
+ 						pci_name(dev), i,
+ 						op->msix_entries[i].vector);
+ 		}
+-	} else {
+-		printk(KERN_WARNING DRV_NAME ": %s: failed to enable MSI-X: err %d!\n",
+-			pci_name(dev), result);
+-	}
++	} else
++		pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI-X for guest %u: err %d!\n",
++				    pci_name(dev), pdev->xdev->otherend_id,
++				    result);
+ 	kfree(entries);
+ 
+ 	op->value = result;
author	Natanael Copa <ncopa@alpinelinux.org>	2013-02-06 11:30:56 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-02-06 11:36:46 +0000
commit	ea752b69d8b4ec4921a3112ccc8327d92e00344e (patch)
tree	6cb2160fd61ef9f42b8f44ec3822bb52c585b996 /main/linux-grsec/xsa43-pvops.patch
parent	2be403781eeb53193c8a7cee98731fcea1a5f0b5 (diff)
download	aports-ea752b69d8b4ec4921a3112ccc8327d92e00344e.tar.bz2 aports-ea752b69d8b4ec4921a3112ccc8327d92e00344e.tar.xz