WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] general kernel NULL pointer vulnerability

from [netz-haut - stephan seitz] [Permanent Link][Original]
To: "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] general kernel NULL pointer vulnerability
From: "netz-haut - stephan seitz" <s.seitz@xxxxxxxxxxxx>
Date: Fri, 14 Aug 2009 17:40:29 +0200
Cc:
Delivery-date: Fri, 14 Aug 2009 08:41:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acoc1GvDqgYJmIjHEd7GhwBQBPU9LAAB3eEjAAZOhZA=
Thread-topic: [Xen-devel] general kernel NULL pointer vulnerability 
Hi Keir,

I assume the following patch to net/socket.c utilizes the same code as the later
intruced kernel_sendpage() wrapper.

701,704c701
<       if (sock->ops->sendpage)
<               return sock->ops->sendpage(sock, page, offset, size, flags);
<
<       return sock_no_sendpage(sock, page, offset, size, flags);
---
>       return sock->ops->sendpage(sock, page, offset, size, flags);


Regards,

Stephan




> -----Original Message-----
> From: Keir Fraser [mailto:keir.fraser@xxxxxxxxxxxxx]
> Sent: Friday, August 14, 2009 2:37 PM
> To: netz-haut - stephan seitz; xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] general kernel NULL pointer vulnerability
> 
> There is no kernel_sendpage() in 2.6.18, so the patch cannot apply as
> it is.
> We should apply an equivalent though, I agree.
> 
>  -- Keir
> 
> On 14/08/2009 12:43, "netz-haut - stephan seitz" <s.seitz@xxxxxxxxxxxx>
> wrote:
> 
> > Hi there,
> >
> > Due to http://lwn.net/Articles/347006/
> > or http://lists.grok.org.uk/pipermail/full-disclosure/2009-
> August/070197.html
> >
> > the xenified 2.6.18 is also vulnerable.
> >
> > Linus did a working but questionable fix
> >
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-
> 2.6.git;a=blobdiff;f=
> >
> net/socket.c;h=6d47165590473daa4990bf69b0435d5c49b41302;hp=791d71a36a93
> dfec516
> >
> 6fe05e2e0cb394cfa904b;hb=e694958388c50148389b0e9b9e9e8945cf0f1b98;hpb=a
> 3620f75
> > 45344f932873bf98fbdf416b49409c8e
> >
> > I'd like to ask if you're going to add a patch to net/socket.c:
> > sock_sendpage() in your xen repository?
> >
> > Regards,
> >
> >
> >
> >
> > Mit freundlichen Gruessen
> >
> > --
> > Stephan Seitz
> > Senior System Administrator
> >
> > *netz-haut* e.K.
> > multimediale kommunikation
> >
> > zweierweg 22
> > 97074 würzburg
> >
> > fon: +49 931 2876247
> > fax: +49 931 2876248
> >
> > web: http://www.netz-haut.de/
> >
> > registriergericht: amtsgericht würzburg, hra 5054
> >
> >
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-devel
> 


Mit freundlichen Gruessen

--
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 würzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: http://www.netz-haut.de/

registriergericht: amtsgericht würzburg, hra 5054



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] tools/python/xend: VBD QoS policy bits, Christoph Egger
Next by Date:  RE: [Xen-devel] [PATCH] xen-hvmctx: a tool to print the HVM state of a running domain, Dan Magenheimer
Previous by Thread:  Re: [Xen-devel] general kernel NULL pointer vulnerability, Keir Fraser
Next by Thread:  [Xen-devel] [PATCH] AMD IOMMU: Destroy passthru guests when IO pagetable allcation fails, Wei Wang2
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy