WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [linux-2.6.18-xen] x86/64: Fix security vulnerability CV

from [Xen patchbot-linux-2.6.18-xen] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [linux-2.6.18-xen] x86/64: Fix security vulnerability CVE-2007-4573.
From: "Xen patchbot-linux-2.6.18-xen" <patchbot-linux-2.6.18-xen@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Oct 2007 17:40:27 -0700
Delivery-date: Tue, 02 Oct 2007 17:41:23 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1191315135 -3600
# Node ID aafef975e5186fe684b466235f26194bb89609be
# Parent  c1c57fea77e93a992e668f1c634fb8e8922ea52d
x86/64: Fix security vulnerability CVE-2007-4573.

Zero-extend all registers after ptrace in 32-bit entry path. Actually
only needed for %rax (which indexes into syscall table).

This is a backport of the upstream Linux patch.

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 arch/x86_64/ia32/ia32entry-xen.S |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diff -r c1c57fea77e9 -r aafef975e518 arch/x86_64/ia32/ia32entry-xen.S
--- a/arch/x86_64/ia32/ia32entry-xen.S  Mon Sep 24 16:56:50 2007 -0700
+++ b/arch/x86_64/ia32/ia32entry-xen.S  Tue Oct 02 09:52:15 2007 +0100
@@ -38,6 +38,18 @@
        movq    %rax,R10(%rsp)
        movq    %rax,R9(%rsp)
        movq    %rax,R8(%rsp)
+       .endm
+
+       .macro LOAD_ARGS32 offset
+       movl \offset(%rsp),%r11d
+       movl \offset+8(%rsp),%r10d
+       movl \offset+16(%rsp),%r9d
+       movl \offset+24(%rsp),%r8d
+       movl \offset+40(%rsp),%ecx
+       movl \offset+48(%rsp),%edx
+       movl \offset+56(%rsp),%esi
+       movl \offset+64(%rsp),%edi
+       movl \offset+72(%rsp),%eax
        .endm
 
 #if defined (__XEN_X86_64)
@@ -171,7 +183,7 @@ sysenter_tracesys:
        movq    $-ENOSYS,RAX(%rsp)      /* really needed? */
        movq    %rsp,%rdi        /* &pt_regs -> arg1 */
        call    syscall_trace_enter
-       LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
+       LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
        RESTORE_REST
        movl    %ebp, %ebp
        /* no need to do an access_ok check here because rbp has been
@@ -275,7 +287,7 @@ cstar_tracesys:
        movq $-ENOSYS,RAX(%rsp) /* really needed? */
        movq %rsp,%rdi        /* &pt_regs -> arg1 */
        call syscall_trace_enter
-       LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
+       LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
        RESTORE_REST
        movl RSP-ARGOFFSET(%rsp), %r8d
        /* no need to do an access_ok check here because r8 has been
@@ -357,7 +369,7 @@ ia32_tracesys:
        movq $-ENOSYS,RAX(%rsp) /* really needed? */
        movq %rsp,%rdi        /* &pt_regs -> arg1 */
        call syscall_trace_enter
-       LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
+       LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
        RESTORE_REST
        jmp ia32_do_syscall
 END(ia32_syscall)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [linux-2.6.18-xen] x86/64: Fix security vulnerability CVE-2007-4573., Xen patchbot-linux-2.6.18-xen <=
Previous by Date:  [Xen-changelog] [xen-unstable] x86/64: Fix build., Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] xentop: Flush batch output on SIGTERM or SIGINT., Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] x86/64: Fix build., Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] xentop: Flush batch output on SIGTERM or SIGINT., Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy