[Hardy] SRU: xen: don't allow blkback virtual CDROM device, CVE-2010-4238

Thu Jun 30 16:20:48 UTC 2011

The blkback driver is only used in a dom0, which leaves only Hardy to
be affected.
The Redhat patch consisted of two patches of which the first one was
reverting a change we did not have.

>From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
From: Andrew Jones <drjones at redhat.com>
Date: Thu, 30 Jun 2011 16:40:02 +0100
Subject: [PATCH] xen: don't allow blkback virtual CDROM device

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
Signed-off-by: Jarod Wilson <jarod at redhat.com>

BugLink: https://bugs.launchpad.net/bugs/803931
CVE-2010-4238

Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
---
 ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
 1 files changed, 42 insertions(+), 0 deletions(-)
 create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch

diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
new file mode 100644
index 0000000..8aaf63a
--- /dev/null
+++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
@@ -0,0 +1,42 @@
+From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones at redhat.com>
+Date: Thu, 2 Dec 2010 17:34:12 -0500
+Subject: [PATCH] xen: don't allow blkback virtual CDROM device
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
+Signed-off-by: Jarod Wilson <jarod at redhat.com>
+
+BugLink: https://bugs.launchpad.net/bugs/803931
+CVE-2010-4238
+
+Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
+---
+ drivers/xen/blkback/vbd.c |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
+index fe10ec8..f6044e0 100644
+--- a/drivers/xen/blkback/vbd.c
++++ b/drivers/xen/blkback/vbd.c
+@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
+ 
+ 	vbd->bdev = bdev;
+ 
+-	if (vbd->bdev->bd_disk == NULL) {
++	/* CD-ROMs are not supported by xen blkback */
++	if (vbd->bdev->bd_disk == NULL ||
++	    vbd->bdev->bd_disk->flags & GENHD_FL_CD) {
+ 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
+ 			vbd->pdevice);
+ 		vbd_free(vbd);
+ 		return -ENOENT;
+ 	}
+ 
+-	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD)
+-		vbd->type |= VDISK_CDROM;
+ 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
+ 		vbd->type |= VDISK_REMOVABLE;
+ 
+-- 
+1.7.4.1
+
-- 
1.7.4.1



