[ACKED] [Hardy] SRU: xen: don't allow blkback virtual CDROM device, CVE-2010-4238

Andy Whitcroft apw at canonical.com
Tue Jul 5 14:41:29 UTC 2011 

On Thu, Jun 30, 2011 at 05:20:48PM +0100, Stefan Bader wrote:
> The blkback driver is only used in a dom0, which leaves only Hardy to
> be affected.
> The Redhat patch consisted of two patches of which the first one was
> reverting a change we did not have.
> 
> From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
> From: Andrew Jones <drjones at redhat.com>
> Date: Thu, 30 Jun 2011 16:40:02 +0100
> Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> 
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> Signed-off-by: Jarod Wilson <jarod at redhat.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/803931
> CVE-2010-4238
> 
> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
> ---
>  ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
>  1 files changed, 42 insertions(+), 0 deletions(-)
>  create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> 
> diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> new file mode 100644
> index 0000000..8aaf63a
> --- /dev/null
> +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> @@ -0,0 +1,42 @@
> +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
> +From: Andrew Jones <drjones at redhat.com>
> +Date: Thu, 2 Dec 2010 17:34:12 -0500
> +Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> +
> +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> +Signed-off-by: Jarod Wilson <jarod at redhat.com>
> +
> +BugLink: https://bugs.launchpad.net/bugs/803931
> +CVE-2010-4238
> +
> +Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
> +---
> + drivers/xen/blkback/vbd.c |    6 +++---
> + 1 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
> +index fe10ec8..f6044e0 100644
> +--- a/drivers/xen/blkback/vbd.c
> ++++ b/drivers/xen/blkback/vbd.c
> +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
> + 
> + 	vbd->bdev = bdev;
> + 
> +-	if (vbd->bdev->bd_disk == NULL) {
> ++	/* CD-ROMs are not supported by xen blkback */
> ++	if (vbd->bdev->bd_disk == NULL ||
> ++	    vbd->bdev->bd_disk->flags & GENHD_FL_CD) {
> + 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
> + 			vbd->pdevice);
> + 		vbd_free(vbd);
> + 		return -ENOENT;
> + 	}
> + 
> +-	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD)
> +-		vbd->type |= VDISK_CDROM;
> + 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
> + 		vbd->type |= VDISK_REMOVABLE;
> + 
> +-- 
> +1.7.4.1
> +
> -- 

Ok the CVE does imply that CD ROM support does not work.  The patch
above appears to correctly convert any attempt to open them to ENOENT.
As we also do not expect to be using this as the primary interface to
disks in Hardy this should be low risk to existing configurations.
Therefore:

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw

More information about the kernel-team mailing list