From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Vrabel Subject: Re: Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory Date: Mon, 4 Jan 2016 17:37:37 +0000 Message-ID: <568AADE1.4070107@citrix.com> References: <20160104130632.GF4892@mail-itl> <568A9C48.6000904@citrix.com> <20160104165628.GU4892@mail-itl> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20160104165628.GU4892@mail-itl> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: =?UTF-8?B?TWFyZWsgTWFyY3p5a293c2tpLUfDs3JlY2tp?= Cc: security@xen.org, "xen-devel@lists.xen.org" , Stefano Stabellini , Eric Shelton List-Id: xen-devel@lists.xenproject.org T24gMDQvMDEvMTYgMTY6NTYsIE1hcmVrIE1hcmN6eWtvd3NraS1Hw7NyZWNraSB3cm90ZToKPiBP biBNb24sIEphbiAwNCwgMjAxNiBhdCAwNDoyMjozMlBNICswMDAwLCBEYXZpZCBWcmFiZWwgd3Jv dGU6Cj4+IE9uIDA0LzAxLzE2IDEzOjA2LCBNYXJlayBNYXJjenlrb3dza2ktR8OzcmVja2kgd3Jv dGU6Cj4+PiBPbiBUdWUsIERlYyAyMiwgMjAxNSBhdCAxMDowNjoyNUFNIC0wNTAwLCBFcmljIFNo ZWx0b24gd3JvdGU6Cj4+Pj4gVGhlIFhTQSBtZW50aW9ucyB0aGF0ICJQViBmcm9udGVuZCBwYXRj aGVzIHdpbGwgYmUgZGV2ZWxvcGVkIGFuZAo+Pj4+IHJlbGVhc2VkIChwdWJsaWNseSkgYWZ0ZXIg dGhlIGVtYmFyZ28gZGF0ZS4iICBIYXMgYW55dGhpbmcgYmVlbiBkb25lCj4+Pj4gdG93YXJkcyB0 aGlzIHRoYXQgc2hvdWxkIGFsc28gYmUgaW5jb3Jwb3JhdGVkIGludG8gTWluaU9TPyAgT24gYQo+ Pj4+IHN5c3RlbSB1dGlsaXppbmcgYSAiZHJpdmVyIGRvbWFpbiwiIHdoZXJlIGEgYmFja2VuZCBp cyBydW5uaW5nIG9uIGEKPj4+PiBkb21haW4gdGhhdCBpcyBjb25zaWRlcmVkIHVucHJpdmlsZWdl ZCBhbmQgdW50cnVzdGVkIChzdWNoIGFzIHRoZQo+Pj4+IGV4YW1wbGUgZGVzY3JpYmVkIGluIGh0 dHA6Ly93aWtpLnhlbnByb2plY3Qub3JnL3dpa2kvRHJpdmVyX0RvbWFpbiksCj4+Pj4gaXQgc2Vl bXMgWFNBLTE1NS1zdHlsZSBkb3VibGUgZmV0Y2ggdnVsbmVyYWJpbGl0aWVzIGluIHRoZSBmcm9u dGVuZHMKPj4+PiBhcmUgYWxzbyBhIHBvdGVudGlhbCBzZWN1cml0eSBjb25jZXJuLCBhbmQgc2hv dWxkIGJlIGVsaW1pbmF0ZWQuCj4+Pj4gSG93ZXZlciwgcGVyaGFwcyB0aGF0IGRvZXMgbm90IGlu Y2x1ZGUgcGNpZnJvbnQsIHNpbmNlIHBjaWJhY2sgd291bGQKPj4+PiBhbHdheXMgYmUgcnVubmlu ZyBpbiBkb20wLgo+Pj4KPj4+IEFuZCBCVFcgdGhlIHNhbWUgYXBwbGllcyB0byBMaW51eCBmcm9u dGVuZHMsIGZvciB3aGljaCBhbHNvIEkgaGF2ZW4ndCBzZWVuCj4+PiBhbnkgcHVibGljIGRldmVs b3BtZW50LiBJbiBhdHRhY2htZW50IG15IGVtYWlsIHRvCj4+PiB4ZW4tc2VjdXJpdHktaXNzdWVz LWRpc2N1c3MgbGlzdCAoc2VudCBkdXJpbmcgZW1iYXJnbyksIHdpdGggcGF0Y2hlcwo+Pj4gYXR0 YWNoZWQgdGhlcmUuIEkgaGF2ZW4ndCBnb3QgYW55IHJlc3BvbnNlLgo+Pgo+PiBUaGVyZSBhcmUg bm8gc2ltaWxhciBzZWN1cml0eSBjb25jZXJucyB3aXRoIGZyb250ZW5kcyBzaW5jZSB0aGV5IHRy dXN0Cj4+IHRoZSBiYWNrZW5kLgo+Pgo+PiBJIG5vdGUgdGhhdCB5b3Ugc2F5Ogo+Pgo+PiAgICJC dXQgaW4gc29tZSBjYXNlcyAobmFtZWx5OiBpZiBkcml2ZXIgZG9tYWlucyBhcmUgaW4gdXNlKSwg ZnJvbnRlbmRzCj4+ICAgIG1heSBiZSBtb3JlIHRydXN0ZWQvcHJpdmlsZWdlZCB0aGFuIGJhY2tl bmRzLiIKPj4KPj4gQnV0IHRoaXMgY2Fubm90IGJlIHRoZSBjYXNlIHNpbmNlIHRoZSBiYWNrZW5k IGNhbiBhbHdheXMgdHJpdmlhbGx5IERvUwo+PiB0aGUgZnJvbnRlbmQgYnkgKGZvciBleGFtcGxl KSBub3QgdW5tYXBwaW5nIGdyYW50IHJlZmVyZW5jZXMgd2hlbgo+PiByZXF1aXJlZCBieSB0aGUg cHJvdG9jb2wuCj4gCj4gRG9TIGlzIG9uZSB0aGluZywgY29kZSBleGVjdXRpb24gaXMgYW5vdGhl ci4KClRoZSBEb1MgaXMgYSB0cml2aWFsIGFuZCBvYnZpb3VzIGV4YW1wbGUgdG8gaWxsdXN0cmF0 ZSB0aGF0IHlvdXIKc3VnZ2VzdGlvbiB0aGF0OgoKIi4uLmZyb250ZW5kcyBtYXkgYmUgbW9yZSB0 cnVzdGVkL3ByaXZpbGVnZWQgdGhhbiBiYWNrZW5kcy4iCgppcyBpbGwtYWR2aXNlZC4KCkFueXdh eSwgbm9uZSBvZiB0aGlzIG1lYW5zIHdlIHdvbid0IGNvbnNpZGVyIHlvdXIgbmV0ZnJvbnQgcGF0 Y2hlcy4gIEJ1dAp5b3UgZG8gbmVlZCB0byBwb3N0IHRoZW0gdG8gdGhlIGNvcnJlY3QgbGlzdHMg KG5ldGRldiBhbmQgeGVuLWRldmVsKS4KCkRhdmlkCgpfX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBs aXN0cy54ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=