diff options
Diffstat (limited to 'app-emulation/xen/files/xen-4.2-XSA-87.patch')
| -rw-r--r-- | app-emulation/xen/files/xen-4.2-XSA-87.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/app-emulation/xen/files/xen-4.2-XSA-87.patch b/app-emulation/xen/files/xen-4.2-XSA-87.patch new file mode 100644 index 000000000000..494cf5e2bf5d --- /dev/null +++ b/app-emulation/xen/files/xen-4.2-XSA-87.patch @@ -0,0 +1,21 @@ +x86: PHYSDEVOP_{prepare,release}_msix are privileged + +Yet this wasn't being enforced. + +This is XSA-87. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/physdev.c ++++ b/xen/arch/x86/physdev.c +@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H + case PHYSDEVOP_release_msix: { + struct physdev_pci_device dev; + +- if ( copy_from_guest(&dev, arg, 1) ) ++ if ( !IS_PRIV(v->domain) ) ++ ret = -EPERM; ++ else if ( copy_from_guest(&dev, arg, 1) ) + ret = -EFAULT; + else + ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, |