debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

vhost: fix length for cross region descriptor (CVE-2013-0311) 

svn path=/dists/sid/linux/; revision=19893
This commit is contained in:
Ben Hutchings 2013-03-03 02:19:43 +00:00
parent 36b0443075
commit c1825fe416
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/changelog vendored
View File

@ -11,6 +11,7 @@ linux (3.2.39-3) UNRELEASED; urgency=low
[ Ben Hutchings ]
* [x86] ata_piix: reenable MS Virtual PC guests (fixes regression in
3.2.19-1)
* vhost: fix length for cross region descriptor (CVE-2013-0311)
-- Ben Hutchings <ben@decadent.org.uk> Wed, 27 Feb 2013 03:48:30 +0000

31
debian/patches/bugfix/all/vhost-fix-length-for-cross-region-descriptor.patch vendored Normal file
View File

@ -0,0 +1,31 @@
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Mon, 26 Nov 2012 05:57:27 +0000
Subject: vhost: fix length for cross region descriptor
commit bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 upstream.
If a single descriptor crosses a region, the
second chunk length should be decremented
by size translated so far, instead it includes
the full descriptor length.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/vhost/vhost.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 99ac2cb..dedaf81 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1076,7 +1076,7 @@ static int translate_desc(struct vhost_dev *dev, u64 addr, u32 len,
}
_iov = iov + ret;
size = reg->memory_size - addr + reg->guest_phys_addr;
- _iov->iov_len = min((u64)len, size);
+ _iov->iov_len = min((u64)len - s, size);
_iov->iov_base = (void __user *)(unsigned long)
(reg->userspace_addr + addr - reg->guest_phys_addr);
s += size;

1
debian/patches/series vendored
View File

@ -630,3 +630,4 @@ bugfix/x86/x86-efi-Make-noefi-really-disable-EFI-runtime-serivc.patch
bugfix/all/mm-fix-pageblock-bitmap-allocation.patch
bugfix/all/USB-usb-storage-unusual_devs-update-for-Super-TOP-SA.patch
debian/x86-efi-avoid-abi-change-in-3.2.38.patch
bugfix/all/vhost-fix-length-for-cross-region-descriptor.patch