From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Magenheimer Subject: Re: [PATCH 04/11] tmem: check for a valid client ("domain") in the save subops Date: Wed, 5 Sep 2012 09:39:05 -0700 (PDT) Message-ID: References: <5047633A0200007800098DCD@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <5047633A0200007800098DCD@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich , xen-devel Cc: Zhenzhong Duan List-Id: xen-devel@lists.xenproject.org > From: Jan Beulich [mailto:JBeulich@suse.com] > Sent: Wednesday, September 05, 2012 6:36 AM > To: xen-devel > Cc: Dan Magenheimer; Zhenzhong Duan > Subject: [PATCH 04/11] tmem: check for a valid client ("domain") in the save subops > > This is part of XSA-15 / CVE-2012-3497. > > Signed-off-by: Ian Campbell > Acked-by: Jan Beulich Acked-by: Dan Magenheimer > --- a/xen/common/tmem.c > +++ b/xen/common/tmem.c > @@ -2379,12 +2379,18 @@ static NOINLINE int tmemc_save_subop(int > rc = MAX_POOLS_PER_DOMAIN; > break; > case TMEMC_SAVE_GET_CLIENT_WEIGHT: > + if ( client == NULL ) > + break; > rc = client->weight == -1 ? -2 : client->weight; > break; > case TMEMC_SAVE_GET_CLIENT_CAP: > + if ( client == NULL ) > + break; > rc = client->cap == -1 ? -2 : client->cap; > break; > case TMEMC_SAVE_GET_CLIENT_FLAGS: > + if ( client == NULL ) > + break; > rc = (client->compress ? TMEM_CLIENT_COMPRESS : 0 ) | > (client->was_frozen ? TMEM_CLIENT_FROZEN : 0 ); > break; > @@ -2408,6 +2414,8 @@ static NOINLINE int tmemc_save_subop(int > *uuid = pool->uuid[1]; > rc = 0; > case TMEMC_SAVE_END: > + if ( client == NULL ) > + break; > client->live_migrating = 0; > if ( !list_empty(&client->persistent_invalidated_list) ) > list_for_each_entry_safe(pgp,pgp2, > > >