WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-3.1-testing] x86/64: Fix security vulnerability CVE

from [Xen patchbot-3.1-testing] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.1-testing] x86/64: Fix security vulnerability CVE-2007-4573.
From: "Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Oct 2007 08:40:20 -0700
Delivery-date: Thu, 04 Oct 2007 09:27:54 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1191315238 -3600
# Node ID 72193fd51a8cd8628f9e8352d2dfae668e1e1bb0
# Parent  1c71f66b3b005142d551d8f14f3f5dd93b4f8aff
x86/64: Fix security vulnerability CVE-2007-4573.

Zero-extend all registers after ptrace in 32-bit entry path. Actually
only needed for %rax (which indexes into syscall table).

This is a backport of the upstream Linux patch.

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
linux-2.6.18-xen changeset:   218:aafef975e5186fe684b466235f26194bb89609be
linux-2.6.18-xen date:        Tue Oct 02 09:52:15 2007 +0100
---
 linux-2.6-xen-sparse/arch/x86_64/ia32/ia32entry-xen.S |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diff -r 1c71f66b3b00 -r 72193fd51a8c 
linux-2.6-xen-sparse/arch/x86_64/ia32/ia32entry-xen.S
--- a/linux-2.6-xen-sparse/arch/x86_64/ia32/ia32entry-xen.S     Tue Oct 02 
09:44:55 2007 +0100
+++ b/linux-2.6-xen-sparse/arch/x86_64/ia32/ia32entry-xen.S     Tue Oct 02 
09:53:58 2007 +0100
@@ -38,6 +38,18 @@
        movq    %rax,R10(%rsp)
        movq    %rax,R9(%rsp)
        movq    %rax,R8(%rsp)
+       .endm
+
+       .macro LOAD_ARGS32 offset
+       movl \offset(%rsp),%r11d
+       movl \offset+8(%rsp),%r10d
+       movl \offset+16(%rsp),%r9d
+       movl \offset+24(%rsp),%r8d
+       movl \offset+40(%rsp),%ecx
+       movl \offset+48(%rsp),%edx
+       movl \offset+56(%rsp),%esi
+       movl \offset+64(%rsp),%edi
+       movl \offset+72(%rsp),%eax
        .endm
 
 #if defined (__XEN_X86_64)
@@ -171,7 +183,7 @@ sysenter_tracesys:
        movq    $-ENOSYS,RAX(%rsp)      /* really needed? */
        movq    %rsp,%rdi        /* &pt_regs -> arg1 */
        call    syscall_trace_enter
-       LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
+       LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
        RESTORE_REST
        movl    %ebp, %ebp
        /* no need to do an access_ok check here because rbp has been
@@ -275,7 +287,7 @@ cstar_tracesys:
        movq $-ENOSYS,RAX(%rsp) /* really needed? */
        movq %rsp,%rdi        /* &pt_regs -> arg1 */
        call syscall_trace_enter
-       LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
+       LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
        RESTORE_REST
        movl RSP-ARGOFFSET(%rsp), %r8d
        /* no need to do an access_ok check here because r8 has been
@@ -357,7 +369,7 @@ ia32_tracesys:
        movq $-ENOSYS,RAX(%rsp) /* really needed? */
        movq %rsp,%rdi        /* &pt_regs -> arg1 */
        call syscall_trace_enter
-       LOAD_ARGS ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
+       LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed 
it */
        RESTORE_REST
        jmp ia32_do_syscall
 END(ia32_syscall)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.1-testing] x86/64: Fix security vulnerability CVE-2007-4573., Xen patchbot-3.1-testing <=
Previous by Date:  [Xen-changelog] [xen-3.1-testing] xend: Fix name uniqueness check (revert xen-unstable 15168:a717cb2fac90)., Xen patchbot-3.1-testing
Next by Date:  [Xen-changelog] [xen-3.1-testing] ioemu: security fixes for not-built or not-default-configured, Xen patchbot-3.1-testing
Previous by Thread:  [Xen-changelog] [xen-3.1-testing] xend: Fix name uniqueness check (revert xen-unstable 15168:a717cb2fac90)., Xen patchbot-3.1-testing
Next by Thread:  [Xen-changelog] [xen-3.1-testing] ioemu: security fixes for not-built or not-default-configured, Xen patchbot-3.1-testing
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy