Patchwork [Hardy] SRU: xen: don't allow blkback virtual CDROM device, CVE-2010-4238

login
register
mail settings
Submitter Stefan Bader
Date June 30, 2011, 4:20 p.m.
Message ID <1309450848-24316-1-git-send-email-stefan.bader@canonical.com>
Download mbox | patch
Permalink /patch/102779/
State New
Headers show

Comments

Stefan Bader - June 30, 2011, 4:20 p.m.
The blkback driver is only used in a dom0, which leaves only Hardy to
be affected.
The Redhat patch consisted of two patches of which the first one was
reverting a change we did not have.

From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
From: Andrew Jones <drjones@redhat.com>
Date: Thu, 30 Jun 2011 16:40:02 +0100
Subject: [PATCH] xen: don't allow blkback virtual CDROM device

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
Signed-off-by: Jarod Wilson <jarod@redhat.com>

BugLink: https://bugs.launchpad.net/bugs/803931
CVE-2010-4238

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
 1 files changed, 42 insertions(+), 0 deletions(-)
 create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
Andy Whitcroft - July 5, 2011, 2:41 p.m.
On Thu, Jun 30, 2011 at 05:20:48PM +0100, Stefan Bader wrote:
> The blkback driver is only used in a dom0, which leaves only Hardy to
> be affected.
> The Redhat patch consisted of two patches of which the first one was
> reverting a change we did not have.
> 
> From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
> From: Andrew Jones <drjones@redhat.com>
> Date: Thu, 30 Jun 2011 16:40:02 +0100
> Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> 
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> Signed-off-by: Jarod Wilson <jarod@redhat.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/803931
> CVE-2010-4238
> 
> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
> ---
>  ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
>  1 files changed, 42 insertions(+), 0 deletions(-)
>  create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> 
> diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> new file mode 100644
> index 0000000..8aaf63a
> --- /dev/null
> +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> @@ -0,0 +1,42 @@
> +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
> +From: Andrew Jones <drjones@redhat.com>
> +Date: Thu, 2 Dec 2010 17:34:12 -0500
> +Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> +
> +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> +Signed-off-by: Jarod Wilson <jarod@redhat.com>
> +
> +BugLink: https://bugs.launchpad.net/bugs/803931
> +CVE-2010-4238
> +
> +Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
> +---
> + drivers/xen/blkback/vbd.c |    6 +++---
> + 1 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
> +index fe10ec8..f6044e0 100644
> +--- a/drivers/xen/blkback/vbd.c
> ++++ b/drivers/xen/blkback/vbd.c
> +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
> + 
> + 	vbd->bdev = bdev;
> + 
> +-	if (vbd->bdev->bd_disk == NULL) {
> ++	/* CD-ROMs are not supported by xen blkback */
> ++	if (vbd->bdev->bd_disk == NULL ||
> ++	    vbd->bdev->bd_disk->flags & GENHD_FL_CD) {
> + 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
> + 			vbd->pdevice);
> + 		vbd_free(vbd);
> + 		return -ENOENT;
> + 	}
> + 
> +-	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD)
> +-		vbd->type |= VDISK_CDROM;
> + 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
> + 		vbd->type |= VDISK_REMOVABLE;
> + 
> +-- 
> +1.7.4.1
> +
> -- 

Ok the CVE does imply that CD ROM support does not work.  The patch
above appears to correctly convert any attempt to open them to ENOENT.
As we also do not expect to be using this as the primary interface to
disks in Hardy this should be low risk to existing configurations.
Therefore:

Acked-by: Andy Whitcroft <apw@canonical.com>

-apw
Tim Gardner - July 5, 2011, 3 p.m.
On 06/30/2011 10:20 AM, Stefan Bader wrote:
> The blkback driver is only used in a dom0, which leaves only Hardy to
> be affected.
> The Redhat patch consisted of two patches of which the first one was
> reverting a change we did not have.
>
>  From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
> From: Andrew Jones<drjones@redhat.com>
> Date: Thu, 30 Jun 2011 16:40:02 +0100
> Subject: [PATCH] xen: don't allow blkback virtual CDROM device
>
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> Signed-off-by: Jarod Wilson<jarod@redhat.com>
>
> BugLink: https://bugs.launchpad.net/bugs/803931
> CVE-2010-4238
>
> Signed-off-by: Stefan Bader<stefan.bader@canonical.com>
> ---
>   ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
>   1 files changed, 42 insertions(+), 0 deletions(-)
>   create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
>
> diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> new file mode 100644
> index 0000000..8aaf63a
> --- /dev/null
> +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> @@ -0,0 +1,42 @@
> +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
> +From: Andrew Jones<drjones@redhat.com>
> +Date: Thu, 2 Dec 2010 17:34:12 -0500
> +Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> +
> +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> +Signed-off-by: Jarod Wilson<jarod@redhat.com>
> +
> +BugLink: https://bugs.launchpad.net/bugs/803931
> +CVE-2010-4238
> +
> +Signed-off-by: Stefan Bader<stefan.bader@canonical.com>
> +---
> + drivers/xen/blkback/vbd.c |    6 +++---
> + 1 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
> +index fe10ec8..f6044e0 100644
> +--- a/drivers/xen/blkback/vbd.c
> ++++ b/drivers/xen/blkback/vbd.c
> +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
> +
> + 	vbd->bdev = bdev;
> +
> +-	if (vbd->bdev->bd_disk == NULL) {
> ++	/* CD-ROMs are not supported by xen blkback */
> ++	if (vbd->bdev->bd_disk == NULL ||
> ++	    vbd->bdev->bd_disk->flags&  GENHD_FL_CD) {
> + 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
> + 			vbd->pdevice);
> + 		vbd_free(vbd);
> + 		return -ENOENT;
> + 	}
> +
> +-	if (vbd->bdev->bd_disk->flags&  GENHD_FL_CD)
> +-		vbd->type |= VDISK_CDROM;
> + 	if (vbd->bdev->bd_disk->flags&  GENHD_FL_REMOVABLE)
> + 		vbd->type |= VDISK_REMOVABLE;
> +
> +--
> +1.7.4.1
> +

Patch

diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
new file mode 100644
index 0000000..8aaf63a
--- /dev/null
+++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
@@ -0,0 +1,42 @@ 
+From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones@redhat.com>
+Date: Thu, 2 Dec 2010 17:34:12 -0500
+Subject: [PATCH] xen: don't allow blkback virtual CDROM device
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
+Signed-off-by: Jarod Wilson <jarod@redhat.com>
+
+BugLink: https://bugs.launchpad.net/bugs/803931
+CVE-2010-4238
+
+Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
+---
+ drivers/xen/blkback/vbd.c |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
+index fe10ec8..f6044e0 100644
+--- a/drivers/xen/blkback/vbd.c
++++ b/drivers/xen/blkback/vbd.c
+@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
+ 
+ 	vbd->bdev = bdev;
+ 
+-	if (vbd->bdev->bd_disk == NULL) {
++	/* CD-ROMs are not supported by xen blkback */
++	if (vbd->bdev->bd_disk == NULL ||
++	    vbd->bdev->bd_disk->flags & GENHD_FL_CD) {
+ 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
+ 			vbd->pdevice);
+ 		vbd_free(vbd);
+ 		return -ENOENT;
+ 	}
+ 
+-	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD)
+-		vbd->type |= VDISK_CDROM;
+ 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
+ 		vbd->type |= VDISK_REMOVABLE;
+ 
+-- 
+1.7.4.1
+