Jan Beulich
2012-Sep-05 12:34 UTC
[PATCH 01/11] tmem: only allow tmem control operations from privileged domains
This is part of XSA-15 / CVE-2012-3497.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(stru
OID *oidp = (OID *)(&op->u.ctrl.oid[0]);
if (!tmh_current_is_privileged())
- {
- /* don''t fail... mystery: sometimes dom0 fails here */
- /* return -EPERM; */
- }
+ return -EPERM;
+
switch(subop)
{
case TMEMC_THAW:
Dan Magenheimer
2012-Sep-05 16:37 UTC
Re: [PATCH 01/11] tmem: only allow tmem control operations from privileged domains
> From: Jan Beulich [mailto:JBeulich@suse.com] > Sent: Wednesday, September 05, 2012 6:34 AM > To: xen-devel > Cc: Dan Magenheimer; Zhenzhong Duan > Subject: [PATCH 01/11] tmem: only allow tmem control operations from privileged domains > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > Acked-by: Jan Beulich <jbeulich@suse.com>Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>> --- a/xen/common/tmem.c > +++ b/xen/common/tmem.c > @@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(stru > OID *oidp = (OID *)(&op->u.ctrl.oid[0]); > > if (!tmh_current_is_privileged()) > - { > - /* don''t fail... mystery: sometimes dom0 fails here */ > - /* return -EPERM; */ > - } > + return -EPERM; > + > switch(subop) > { > case TMEMC_THAW: > > >