Xen 3.1.1 -- Final call for patches

Xen 3.1.1 -- Final call for patches

[Keir Fraser]

I'd like to make a very final release candidate on Tuesday. If there are any
more patches that anyone would like applied to the tree, please post them by
the end of tomorrow, clearly marked to be considered for 3.1.1. Check
http://xenbits.xensource.com/staging/xen-3.1-testing.hg for the up-to-date
list of what is currently in 3.1.1, and don't assume that previously-posted
patches will make it without a re-send!

 -- Keir

Re: Xen 3.1.1 -- Final call for patches

[Ralf Hemmenstädt]

[-- Attachment #1: Type: text/plain, Size: 187 bytes --]


The attached patch fixes CVE-2007-4573 which allows local users to 
gain root privileges under the x86_64 architecture.
It is adapted from the patch posted at kernel.org.

Regards,
Ralf

[-- Attachment #2: CVE-2007-4573-XEN.patch --]
[-- Type: text/x-diff, Size: 1834 bytes --]

--- ./linux-2.6-xen-sparse/arch/x86_64/ia32/ia32entry-xen.S.orig	2007-09-29 17:23:32.564813967 +0200
+++ ./linux-2.6-xen-sparse/arch/x86_64/ia32/ia32entry-xen.S	2007-09-29 17:27:48.261866088 +0200
@@ -37,6 +37,19 @@
 	movq	%rax,R8(%rsp)
 	.endm
 
+        .macro LOAD_ARGS32 offset
+        movl \offset(%rsp),%r11d
+        movl \offset+8(%rsp),%r10d
+        movl \offset+16(%rsp),%r9d
+        movl \offset+24(%rsp),%r8d
+        movl \offset+40(%rsp),%ecx
+        movl \offset+48(%rsp),%edx
+        movl \offset+56(%rsp),%esi
+        movl \offset+64(%rsp),%edi
+        movl \offset+72(%rsp),%eax
+        .endm
+ 
+
 #if defined (__XEN_X86_64)
 #include "../kernel/xen_entry.S"
 		
@@ -162,7 +175,7 @@
 	movq	$-ENOSYS,RAX(%rsp)	/* really needed? */
 	movq	%rsp,%rdi        /* &pt_regs -> arg1 */
 	call	syscall_trace_enter
-	LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed it */
+	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
 	RESTORE_REST
 	movl	%ebp, %ebp
 	/* no need to do an access_ok check here because rbp has been
@@ -259,7 +272,7 @@
 	movq $-ENOSYS,RAX(%rsp)	/* really needed? */
 	movq %rsp,%rdi        /* &pt_regs -> arg1 */
 	call syscall_trace_enter
-	LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed it */
+	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
 	RESTORE_REST
 	movl RSP-ARGOFFSET(%rsp), %r8d
 	/* no need to do an access_ok check here because r8 has been
@@ -336,7 +349,7 @@
 	movq $-ENOSYS,RAX(%rsp)	/* really needed? */
 	movq %rsp,%rdi        /* &pt_regs -> arg1 */
 	call syscall_trace_enter
-	LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed it */
+	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
 	RESTORE_REST
 	jmp ia32_do_syscall
 

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Xen 3.1.1 -- Final call for patches

[Chris Lalancette]

Keir Fraser wrote:
> I'd like to make a very final release candidate on Tuesday. If there are any
> more patches that anyone would like applied to the tree, please post them by
> the end of tomorrow, clearly marked to be considered for 3.1.1. Check
> http://xenbits.xensource.com/staging/xen-3.1-testing.hg for the up-to-date
> list of what is currently in 3.1.1, and don't assume that previously-posted
> patches will make it without a re-send!
> 
>  -- Keir

Keir,
     I know you said you wanted to get the 3.1.1 release out today, but I
haven't seen it yet, so I'll try my luck.  If possible, I would like to see the
following changesets pulled into 3.1-testing:

xen-unstable 15594, 15342, 15756, 15628, 15629

They all apply (with a little fuzz) as exported from xen-unstable.

Thanks,
Chris Lalancette