diff options
| author | Roger Pau Monne <roger.pau@citrix.com> | 2013-01-22 16:40:46 +0100 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-01-23 12:40:11 +0000 |
| commit | 0c0b33191e243c3b0de1d0331e6bd5a107b61626 (patch) | |
| tree | 2c1fbc59ffb8ea161a5a858d63a47c13bb7f50de /main/xen | |
| parent | d758f391c27452254702d582bc667bfa1af15aac (diff) | |
| download | aports-0c0b33191e243c3b0de1d0331e6bd5a107b61626.tar.bz2 aports-0c0b33191e243c3b0de1d0331e6bd5a107b61626.tar.xz | |
xen: XSA-34 and XSA-35
Security fixes for nested virtualization. This only apply to Xen
4.2.x, only edge and 2.5.x Alpine Linux systems are affected.
Diffstat (limited to 'main/xen')
| -rw-r--r-- | main/xen/APKBUILD | 6 | ||||
| -rw-r--r-- | main/xen/xsa34-4.2.patch | 30 | ||||
| -rw-r--r-- | main/xen/xsa35-4.2-with-xsa34.patch | 24 |
3 files changed, 59 insertions, 1 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index 3c3a8a781..5e07fabdf 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: William Pitcock <nenolod@dereferenced.org> pkgname=xen pkgver=4.2.1 -pkgrel=4 +pkgrel=5 pkgdesc="Xen hypervisor" url="http://www.xen.org/" arch="x86 x86_64" @@ -22,6 +22,8 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g xsa41.patch xsa41b.patch xsa41c.patch + xsa34-4.2.patch + xsa35-4.2-with-xsa34.patch xenstored.initd xenstored.confd @@ -141,6 +143,8 @@ md5sums="0d48cbe1767b82aba12517898d4e0408 xen-4.2.1.tar.gz 8ad8942000b8a4be4917599cad9209cf xsa41.patch ed7d0399c6ca6aeee479da5d8f807fe0 xsa41b.patch 2f3dd7bdc59d104370066d6582725575 xsa41c.patch +af10e1a3f757a184a1d79904a5ef8572 xsa34-4.2.patch +8270dbf929e26b5e95532d10a697e404 xsa35-4.2-with-xsa34.patch 95d8af17bf844d41a015ff32aae51ba1 xenstored.initd b017ccdd5e1c27bbf1513e3569d4ff07 xenstored.confd ed262f15fb880badb53575539468646c xenconsoled.initd diff --git a/main/xen/xsa34-4.2.patch b/main/xen/xsa34-4.2.patch new file mode 100644 index 000000000..f5328eff9 --- /dev/null +++ b/main/xen/xsa34-4.2.patch @@ -0,0 +1,30 @@ +x86_32: don't allow use of nested HVM + +There are (indirect) uses of map_domain_page() in the nested HVM code +that are unsafe when not just using the 1:1 mapping. + +This is XSA-34 / CVE-2013-0151. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE + rc = -EINVAL; + break; + case HVM_PARAM_NESTEDHVM: ++#ifdef __i386__ ++ if ( a.value ) ++ rc = -EINVAL; ++#else + if ( a.value > 1 ) + rc = -EINVAL; + if ( !is_hvm_domain(d) ) +@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE + for_each_vcpu(d, v) + if ( rc == 0 ) + rc = nestedhvm_vcpu_initialise(v); ++#endif + break; + case HVM_PARAM_BUFIOREQ_EVTCHN: + rc = -EINVAL; diff --git a/main/xen/xsa35-4.2-with-xsa34.patch b/main/xen/xsa35-4.2-with-xsa34.patch new file mode 100644 index 000000000..89230e2a4 --- /dev/null +++ b/main/xen/xsa35-4.2-with-xsa34.patch @@ -0,0 +1,24 @@ +xen: Do not allow guests to enable nested HVM on themselves + +There is no reason for this and doing so exposes a memory leak to +guests. Only toolstacks need write access to this HVM param. + +This is XSA-35 / CVE-2013-0152. + +Signed-off-by: Ian Campbell <ian.campbell@citrix.com> +Acked-by: Jan Beulich <JBeulich@suse.com> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -3862,6 +3862,11 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void) arg) + rc = -EINVAL; + break; + case HVM_PARAM_NESTEDHVM: ++ if ( !IS_PRIV(current->domain) ) ++ { ++ rc = -EPERM; ++ break; ++ } + #ifdef __i386__ + if ( a.value ) + rc = -EINVAL; |