xen/pciback: Save xen_pci_op commands before processing it - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>	2015-11-16 12:40:48 -0500
committer	Mister Oyster <oysterized@gmail.com>	2017-04-11 10:57:43 +0200
commit	ba523d21ad7103f116b5b5e5ec385fcb8db14f23 (patch)
tree	689c9d1881dc6c1fef42105ffbada3a242e51646 /include/uapi/linux
parent	89940b048407baa69cc6c822a8d6468dd6ce0a0d (diff)

xen/pciback: Save xen_pci_op commands before processing it

commit 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5 upstream. Double fetch vulnerabilities that happen when a variable is fetched twice from shared memory but a security check is only performed the first time. The xen_pcibk_do_op function performs a switch statements on the op->cmd value which is stored in shared memory. Interestingly this can result in a double fetch vulnerability depending on the performed compiler optimization. This patch fixes it by saving the xen_pci_op command before processing it. We also use 'barrier' to make sure that the compiler does not perform any optimization. This is part of XSA155. Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: "Jan Beulich" <JBeulich@suse.com> Signed-off-by: Willy Tarreau <w@1wt.eu>

Diffstat (limited to 'include/uapi/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: