Xen devel - Aug 2009 - general kernel NULL pointer vulnerability

Hi there,

Due to http://lwn.net/Articles/347006/
or http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html

the xenified 2.6.18 is also vulnerable.

Linus did a working but questionable fix

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;f=net/socket.c;h=6d47165590473daa4990bf69b0435d5c49b41302;hp=791d71a36a93dfec5166fe05e2e0cb394cfa904b;hb=e694958388c50148389b0e9b9e9e8945cf0f1b98;hpb=a3620f7545344f932873bf98fbdf416b49409c8e

I''d like to ask if you''re going to add a patch to
net/socket.c: sock_sendpage() in your xen repository?

Regards,




Mit freundlichen Gruessen

--
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 würzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: http://www.netz-haut.de/

registriergericht: amtsgericht würzburg, hra 5054




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

There is no kernel_sendpage() in 2.6.18, so the patch cannot apply as it is.
We should apply an equivalent though, I agree.

 -- Keir

On 14/08/2009 12:43, "netz-haut - stephan seitz"
<s.seitz@netz-haut.de>
wrote:
> Hi there,
> 
> Due to http://lwn.net/Articles/347006/
> or
http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html
> 
> the xenified 2.6.18 is also vulnerable.
> 
> Linus did a working but questionable fix
> 
>
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;f>
net/socket.c;h=6d47165590473daa4990bf69b0435d5c49b41302;hp=791d71a36a93dfec516
>
6fe05e2e0cb394cfa904b;hb=e694958388c50148389b0e9b9e9e8945cf0f1b98;hpb=a3620f75
> 45344f932873bf98fbdf416b49409c8e
> 
> I''d like to ask if you''re going to add a patch to
net/socket.c:
> sock_sendpage() in your xen repository?
> 
> Regards,
> 
> 
> 
> 
> Mit freundlichen Gruessen
> 
> --
> Stephan Seitz
> Senior System Administrator
> 
> *netz-haut* e.K.
> multimediale kommunikation
> 
> zweierweg 22
> 97074 würzburg
> 
> fon: +49 931 2876247
> fax: +49 931 2876248
> 
> web: http://www.netz-haut.de/
> 
> registriergericht: amtsgericht würzburg, hra 5054
> 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Keir,

I assume the following patch to net/socket.c utilizes the same code as the later
intruced kernel_sendpage() wrapper.

701,704c701
<       if (sock->ops->sendpage)
<               return sock->ops->sendpage(sock, page, offset, size,
flags);
<
<       return sock_no_sendpage(sock, page, offset, size, flags);
---
>       return sock->ops->sendpage(sock, page, offset, size, flags);

Regards,

Stephan



> -----Original Message-----
> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> Sent: Friday, August 14, 2009 2:37 PM
> To: netz-haut - stephan seitz; xen-devel@lists.xensource.com
> Subject: Re: [Xen-devel] general kernel NULL pointer vulnerability
> 
> There is no kernel_sendpage() in 2.6.18, so the patch cannot apply as
> it is.
> We should apply an equivalent though, I agree.
> 
>  -- Keir
> 
> On 14/08/2009 12:43, "netz-haut - stephan seitz"
<s.seitz@netz-haut.de>
> wrote:
> 
> > Hi there,
> >
> > Due to http://lwn.net/Articles/347006/
> > or http://lists.grok.org.uk/pipermail/full-disclosure/2009-
> August/070197.html
> >
> > the xenified 2.6.18 is also vulnerable.
> >
> > Linus did a working but questionable fix
> >
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-
> 2.6.git;a=blobdiff;f> >
> net/socket.c;h=6d47165590473daa4990bf69b0435d5c49b41302;hp=791d71a36a93
> dfec516
> >
> 6fe05e2e0cb394cfa904b;hb=e694958388c50148389b0e9b9e9e8945cf0f1b98;hpb=a
> 3620f75
> > 45344f932873bf98fbdf416b49409c8e
> >
> > I''d like to ask if you''re going to add a patch to
net/socket.c:
> > sock_sendpage() in your xen repository?
> >
> > Regards,
> >
> >
> >
> >
> > Mit freundlichen Gruessen
> >
> > --
> > Stephan Seitz
> > Senior System Administrator
> >
> > *netz-haut* e.K.
> > multimediale kommunikation
> >
> > zweierweg 22
> > 97074 würzburg
> >
> > fon: +49 931 2876247
> > fax: +49 931 2876248
> >
> > web: http://www.netz-haut.de/
> >
> > registriergericht: amtsgericht würzburg, hra 5054
> >
> >
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
> 

Mit freundlichen Gruessen

--
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 würzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: http://www.netz-haut.de/

registriergericht: amtsgericht würzburg, hra 5054



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel