APPLIED: [Hardy] SRU: xen: don't allow blkback virtual CDROM device, CVE-2010-4238

Tim Gardner tim.gardner at canonical.com
Tue Jul 5 15:00:39 UTC 2011 

On 06/30/2011 10:20 AM, Stefan Bader wrote:
> The blkback driver is only used in a dom0, which leaves only Hardy to
> be affected.
> The Redhat patch consisted of two patches of which the first one was
> reverting a change we did not have.
>
>  From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
> From: Andrew Jones<drjones at redhat.com>
> Date: Thu, 30 Jun 2011 16:40:02 +0100
> Subject: [PATCH] xen: don't allow blkback virtual CDROM device
>
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> Signed-off-by: Jarod Wilson<jarod at redhat.com>
>
> BugLink: https://bugs.launchpad.net/bugs/803931
> CVE-2010-4238
>
> Signed-off-by: Stefan Bader<stefan.bader at canonical.com>
> ---
>   ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
>   1 files changed, 42 insertions(+), 0 deletions(-)
>   create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
>
> diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> new file mode 100644
> index 0000000..8aaf63a
> --- /dev/null
> +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> @@ -0,0 +1,42 @@
> +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
> +From: Andrew Jones<drjones at redhat.com>
> +Date: Thu, 2 Dec 2010 17:34:12 -0500
> +Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> +
> +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> +Signed-off-by: Jarod Wilson<jarod at redhat.com>
> +
> +BugLink: https://bugs.launchpad.net/bugs/803931
> +CVE-2010-4238
> +
> +Signed-off-by: Stefan Bader<stefan.bader at canonical.com>
> +---
> + drivers/xen/blkback/vbd.c |    6 +++---
> + 1 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
> +index fe10ec8..f6044e0 100644
> +--- a/drivers/xen/blkback/vbd.c
> ++++ b/drivers/xen/blkback/vbd.c
> +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
> +
> + 	vbd->bdev = bdev;
> +
> +-	if (vbd->bdev->bd_disk == NULL) {
> ++	/* CD-ROMs are not supported by xen blkback */
> ++	if (vbd->bdev->bd_disk == NULL ||
> ++	    vbd->bdev->bd_disk->flags&  GENHD_FL_CD) {
> + 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
> + 			vbd->pdevice);
> + 		vbd_free(vbd);
> + 		return -ENOENT;
> + 	}
> +
> +-	if (vbd->bdev->bd_disk->flags&  GENHD_FL_CD)
> +-		vbd->type |= VDISK_CDROM;
> + 	if (vbd->bdev->bd_disk->flags&  GENHD_FL_REMOVABLE)
> + 		vbd->type |= VDISK_REMOVABLE;
> +
> +--
> +1.7.4.1
> +


-- 
Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list