diff options
| author | Roger Pau Monne <roger.pau@citrix.com> | 2012-12-18 10:51:49 +0100 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-18 12:11:44 +0000 |
| commit | 119185999980a6a6a78506a6b49e1a70ab55ad03 (patch) | |
| tree | cf8c397666ddd903448e7491aba33f959663ac81 /main/xen/xsa22-4.2-unstable.patch | |
| parent | e9b405d8ff38fc48ee475df80fd47fc7461ec7b1 (diff) | |
| download | aports-119185999980a6a6a78506a6b49e1a70ab55ad03.tar.bz2 aports-119185999980a6a6a78506a6b49e1a70ab55ad03.tar.xz | |
xen: update to 4.2.1
Excerpt from release notes:
This fixes the following critical vulnerabilities:
* CVE-2012-4535 / XSA-20:
Timer overflow DoS vulnerability
* CVE-2012-4537 / XSA-22:
Memory mapping failure DoS vulnerability
* CVE-2012-4538 / XSA-23:
Unhooking empty PAE entries DoS vulnerability
* CVE-2012-4539 / XSA-24:
Grant table hypercall infinite loop DoS vulnerability
* CVE-2012-4544,CVE-2012-2625 / XSA-25:
Xen domain builder Out-of-memory due to malicious kernel/ramdisk
* CVE-2012-5510 / XSA-26:
Grant table version switch list corruption vulnerability
* CVE-2012-5511 / XSA-27:
several HVM operations do not validate the range of their inputs
* CVE-2012-5513 / XSA-29:
XENMEM_exchange may overwrite hypervisor memory
* CVE-2012-5514 / XSA-30:
Broken error handling in guest_physmap_mark_populate_on_demand()
* CVE-2012-5515 / XSA-31:
Several memory hypercall operations allow invalid extent order
values
* CVE-2012-5525 / XSA-32:
several hypercalls do not validate input GFNs
We recommend all users of the 4.2.0 code base to update to this
point release.
Among many bug fixes and improvements (around 100 since Xen 4.2.0):
* A fix for a long standing time management issue
* Bug fixes for S3 (suspend to RAM) handling
* Bug fixes for other low level system state handling
* Bug fixes and improvements to the libxl tool stack
* Bug fixes to nested virtualization
Diffstat (limited to 'main/xen/xsa22-4.2-unstable.patch')
| -rw-r--r-- | main/xen/xsa22-4.2-unstable.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/main/xen/xsa22-4.2-unstable.patch b/main/xen/xsa22-4.2-unstable.patch deleted file mode 100644 index e15fd73534..0000000000 --- a/main/xen/xsa22-4.2-unstable.patch +++ /dev/null @@ -1,40 +0,0 @@ -x86/physmap: Prevent incorrect updates of m2p mappings - -In certain conditions, such as low memory, set_p2m_entry() can fail. -Currently, the p2m and m2p tables will get out of sync because we still -update the m2p table after the p2m update has failed. - -If that happens, subsequent guest-invoked memory operations can cause -BUG()s and ASSERT()s to kill Xen. - -This is fixed by only updating the m2p table iff the p2m was -successfully updated. - -This is a security problem, XSA-22 / CVE-2012-4537. - -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> - -diff -r f53b9f915c3d xen/arch/x86/mm/p2m.c ---- a/xen/arch/x86/mm/p2m.c -+++ b/xen/arch/x86/mm/p2m.c -@@ -633,7 +633,10 @@ guest_physmap_add_entry(struct domain *d - if ( mfn_valid(_mfn(mfn)) ) - { - if ( !set_p2m_entry(p2m, gfn, _mfn(mfn), page_order, t, p2m->default_access) ) -+ { - rc = -EINVAL; -+ goto out; /* Failed to update p2m, bail without updating m2p. */ -+ } - if ( !p2m_is_grant(t) ) - { - for ( i = 0; i < (1UL << page_order); i++ ) -@@ -656,6 +659,7 @@ guest_physmap_add_entry(struct domain *d - } - } - -+out: - p2m_unlock(p2m); - - return rc; |