From patchwork Thu Jun 30 16:20:48 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Bader X-Patchwork-Id: 102779 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 86FD6B6F5B for ; Fri, 1 Jul 2011 02:21:11 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1QcJz2-0007K1-NU; Thu, 30 Jun 2011 16:20:52 +0000 Received: from adelie.canonical.com ([91.189.90.139]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1QcJz0-0007JG-S3 for kernel-team@lists.ubuntu.com; Thu, 30 Jun 2011 16:20:50 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by adelie.canonical.com with esmtp (Exim 4.71 #1 (Debian)) id 1QcJyy-0002lp-La for ; Thu, 30 Jun 2011 16:20:49 +0000 Received: from [83.141.95.158] (helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1QcJyy-0007K6-IC for kernel-team@lists.ubuntu.com; Thu, 30 Jun 2011 16:20:48 +0000 From: Stefan Bader To: kernel-team@lists.ubuntu.com Subject: [Hardy] SRU: xen: don't allow blkback virtual CDROM device, CVE-2010-4238 Date: Thu, 30 Jun 2011 17:20:48 +0100 Message-Id: <1309450848-24316-1-git-send-email-stefan.bader@canonical.com> X-Mailer: git-send-email 1.7.4.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com The blkback driver is only used in a dom0, which leaves only Hardy to be affected. The Redhat patch consisted of two patches of which the first one was reverting a change we did not have. From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 30 Jun 2011 16:40:02 +0100 Subject: [PATCH] xen: don't allow blkback virtual CDROM device Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638 Signed-off-by: Jarod Wilson BugLink: https://bugs.launchpad.net/bugs/803931 CVE-2010-4238 Signed-off-by: Stefan Bader Acked-by: Andy Whitcroft --- ...-don-t-allow-blkback-virtual-CDROM-device.patch | 42 ++++++++++++++++++++ 1 files changed, 42 insertions(+), 0 deletions(-) create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch new file mode 100644 index 0000000..8aaf63a --- /dev/null +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch @@ -0,0 +1,42 @@ +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001 +From: Andrew Jones +Date: Thu, 2 Dec 2010 17:34:12 -0500 +Subject: [PATCH] xen: don't allow blkback virtual CDROM device + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638 +Signed-off-by: Jarod Wilson + +BugLink: https://bugs.launchpad.net/bugs/803931 +CVE-2010-4238 + +Signed-off-by: Stefan Bader +--- + drivers/xen/blkback/vbd.c | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c +index fe10ec8..f6044e0 100644 +--- a/drivers/xen/blkback/vbd.c ++++ b/drivers/xen/blkback/vbd.c +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major, + + vbd->bdev = bdev; + +- if (vbd->bdev->bd_disk == NULL) { ++ /* CD-ROMs are not supported by xen blkback */ ++ if (vbd->bdev->bd_disk == NULL || ++ vbd->bdev->bd_disk->flags & GENHD_FL_CD) { + DPRINTK("vbd_creat: device %08x doesn't exist.\n", + vbd->pdevice); + vbd_free(vbd); + return -ENOENT; + } + +- if (vbd->bdev->bd_disk->flags & GENHD_FL_CD) +- vbd->type |= VDISK_CDROM; + if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE) + vbd->type |= VDISK_REMOVABLE; + +-- +1.7.4.1 +