Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 378664 Details for
Bug 445254
<app-emulation/xen-4.2.1: Multiple vulnerabilities (CVE-2012-{3494,3495,3496,3497,3498,3515,4411,4535,4536,4537,4538,4539,6030,6031,6032,6033,6034,6035,6036})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
XSA-15 commit log
xsa15_log.txt (text/plain), 7.75 KB, created by
Yixun Lan
on 2014-06-11 02:45:07 UTC
(
hide
)
Description:
XSA-15 commit log
Filename:
MIME Type:
Creator:
Yixun Lan
Created:
2014-06-11 02:45:07 UTC
Size:
7.75 KB
patch
obsolete
>commit df1d5936f18089c5ebd3027fbec60f25c5734b78 >Author: Zhenzhong Duan <zhenzhong.duan@oracle.com> >Date: Tue Sep 25 12:19:33 2012 +0200 > > tmem: bump pool version to 1 to fix restore issue when tmem enabled > > Restore fails when tmem is enabled both in hypervisor and guest. This > is due to spec version mismatch when restoring a pool. > > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25929:fee83ac77d8c > xen-unstable date: Wed Sep 19 15:38:47 UTC 2012 > >commit 946c4d4093662172beb2d1b23b9cb29702f86475 >Author: Jan Beulich <jbeulich@suse.com> >Date: Tue Sep 25 12:18:28 2012 +0200 > > tmem: cleanup > > - one more case of checking for a specific rather than any error > - drop no longer needed first parameter from cli_put_page() > - drop a redundant cast > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25860:e4cb84111610 > xen-unstable date: Tue Sep 11 12:19:29 UTC 2012 > >commit 474260a4342c2543853cb2c12b6c034b925f4278 >Author: Dan Magenheimer <dan.magenheimer@oracle.com> >Date: Tue Sep 25 12:17:52 2012 +0200 > > tmem: fixup 2010 cleanup patch that breaks tmem save/restore > > 20918:a3fa6d444b25 "Fix domain reference leaks" (in Feb 2010, by Jan) > does some cleanup in addition to the leak fixes. Unfortunately, that > cleanup inadvertently resulted in an incorrect fallthrough in a switch > statement which breaks tmem save/restore. > > That broken patch was apparently applied to 4.0-testing and 4.1-testing > so those are broken as well. > > What is the process now for requesting back-patches to 4.0 and 4.1? > > (Side note: This does not by itself entirely fix save/restore in 4.2.) > > Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com> > Signed-off-by: Jan Beulich <jbeulich@suse.com> > xen-unstable changeset: 25859:16e0392c6594 > xen-unstable date: Tue Sep 11 12:19:03 UTC 2012 > >commit 50b611c1b1413fd78365f8005252fb1d2d69440a >Author: Jan Beulich <jbeulich@suse.com> >Date: Tue Sep 25 12:17:05 2012 +0200 > > tmem: reduce severity of log messages > > Otherwise they can be used by a guest to spam the hypervisor log with > all settings at their defaults. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Zhenzhong Duan <zhenzhong.duan@oracle.com> > xen-unstable changeset: 25858:0520982a602a > xen-unstable date: Tue Sep 11 12:18:36 UTC 2012 > >commit b863d270a9e5041755cdf4fe689ccbb474301ac0 >Author: Jan Beulich <jbeulich@suse.com> >Date: Tue Sep 25 12:16:34 2012 +0200 > > tmem: properly drop lock on error path in do_tmem_op() > > Reported-by: Tim Deegan <tim@xen.org> > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25857:109ea6a0c23a > xen-unstable date: Tue Sep 11 12:18:26 UTC 2012 > >commit 75b433a6e99414b5a1b9726f1540ca15af3a88b3 >Author: Jan Beulich <jbeulich@suse.com> >Date: Tue Sep 25 12:16:14 2012 +0200 > > tmem: properly drop lock on error path in do_tmem_get() > > Also remove a bogus assertion. > > Reported-by: Tim Deegan <tim@xen.org> > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25856:83b97a59888b > xen-unstable date: Tue Sep 11 12:18:08 UTC 2012 > >commit b9eeb603e412857d55caea90775d7c917e690f7f >Author: Jan Beulich <jbeulich@suse.com> >Date: Tue Sep 25 12:15:01 2012 +0200 > > tmem: detect arithmetic overflow in tmh_copy_{from,to}_client() > > This implies adjusting callers to deal with errors other than -EFAULT > and removing some comments which would otherwise become stale. > > Reported-by: Tim Deegan <tim@xen.org> > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25855:33b8c42a87ec > xen-unstable date: Tue Sep 11 12:17:59 UTC 2012 > >commit 6cbcc87364a59ee0ef1e56e28cf7cb2dd52a1b44 >Author: Jan Beulich <jbeulich@suse.com> >Date: Tue Sep 25 12:14:31 2012 +0200 > > tmem: don't access guest memory without using the accessors intended for this > > This is not permitted, not even for buffers coming from Dom0 (and it > would also break the moment Dom0 runs in HVM mode). An implication from > the changes here is that tmh_copy_page() can't be used anymore for > control operations calling tmh_copy_{from,to}_client() (as those pass > the buffer by virtual address rather than MFN). > > Note that tmemc_save_get_next_page() previously didn't set the returned > handle's pool_id field, while the new code does. It need to be > confirmed that this is not a problem (otherwise the copy-out operation > will require further tmh_...() abstractions to be added). > > Further note that the patch removes (rather than adjusts) an invalid > call to unmap_domain_page() (no matching map_domain_page()) from > tmh_compress_from_client() and adds a missing one to an error return > path in tmh_copy_from_client(). > > Finally note that the patch adds a previously missing return statement > to cli_get_page() (without which that function could de-reference a > NULL pointer, triggerable from guest mode). > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25854:ccd60ed6c555 > xen-unstable date: Tue Sep 11 12:17:49 UTC 2012 > >commit c15cdd31b5f8652c1c3d32cacadd46be837edaed >Author: Ian Campbell <ian.campbell@citrix.com> >Date: Tue Sep 25 12:13:40 2012 +0200 > > tmem: check for a valid client ("domain") in the save subops > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > Acked-by: Jan Beulich <jbeulich@suse.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > xen-unstable changeset: 25853:f53c5aadbba9 > xen-unstable date: Tue Sep 11 12:17:27 UTC 2012 > >commit 7d8457781fdf5885cf0293621d1c672200ab52c1 >Author: Ian Campbell <ian.campbell@citrix.com> >Date: Tue Sep 25 12:12:48 2012 +0200 > > tmem: check the pool_id is valid when destroying a tmem pool > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > Acked-by: Jan Beulich <jbeulich@suse.com> > xen-unstable changeset: 25852:d189d99ef00c > xen-unstable date: Tue Sep 11 12:06:54 UTC 2012 > >commit 2bdde48224943066db46d766f0f6117df11e728c >Author: Ian Campbell <ian.campbell@citrix.com> >Date: Tue Sep 25 12:12:04 2012 +0200 > > tmem: consistently make pool_id a uint32_t > > Treating it as an int could allow a malicious guest to provide a > negative pool_Id, by passing the MAX_POOLS_PER_DOMAIN limit check and > allowing access to the negative offsets of the pool array. > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > Acked-by: Jan Beulich <jbeulich@suse.com> > xen-unstable changeset: 25851:fcf567acc92a > xen-unstable date: Tue Sep 11 12:06:43 UTC 2012 > >commit 998f42b36c5dba6939a54836caad7c564b2d07b7 >Author: Ian Campbell <ian.campbell@citrix.com> >Date: Tue Sep 25 12:09:19 2012 +0200 > > tmem: only allow tmem control operations from privileged domains > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> > Acked-by-by: Jan Beulich <jbeulich@suse.com> > xen-unstable changeset: 25850:0dba5a888655 > xen-unstable date: Tue Sep 11 12:06:30 UTC 2012 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=378664">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 445254
: 378664
