[Hardy] SRU: xen: don't allow blkback virtual CDROM device, CVE-2010-4238

Submitted by Stefan Bader on June 30, 2011, 4:20 p.m.

Details

Message ID 1309450848-24316-1-git-send-email-stefan.bader@canonical.com
State New
Headers show

Commit Message

Stefan Bader June 30, 2011, 4:20 p.m.
The blkback driver is only used in a dom0, which leaves only Hardy to
be affected.
The Redhat patch consisted of two patches of which the first one was
reverting a change we did not have.

From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
From: Andrew Jones <drjones@redhat.com>
Date: Thu, 30 Jun 2011 16:40:02 +0100
Subject: [PATCH] xen: don't allow blkback virtual CDROM device

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
Signed-off-by: Jarod Wilson <jarod@redhat.com>

BugLink: https://bugs.launchpad.net/bugs/803931
CVE-2010-4238

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
 1 files changed, 42 insertions(+), 0 deletions(-)
 create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch

Comments

Andy Whitcroft July 5, 2011, 2:41 p.m.
On Thu, Jun 30, 2011 at 05:20:48PM +0100, Stefan Bader wrote:
> The blkback driver is only used in a dom0, which leaves only Hardy to
> be affected.
> The Redhat patch consisted of two patches of which the first one was
> reverting a change we did not have.
> 
> From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
> From: Andrew Jones <drjones@redhat.com>
> Date: Thu, 30 Jun 2011 16:40:02 +0100
> Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> 
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> Signed-off-by: Jarod Wilson <jarod@redhat.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/803931
> CVE-2010-4238
> 
> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
> ---
>  ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
>  1 files changed, 42 insertions(+), 0 deletions(-)
>  create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> 
> diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> new file mode 100644
> index 0000000..8aaf63a
> --- /dev/null
> +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> @@ -0,0 +1,42 @@
> +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
> +From: Andrew Jones <drjones@redhat.com>
> +Date: Thu, 2 Dec 2010 17:34:12 -0500
> +Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> +
> +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> +Signed-off-by: Jarod Wilson <jarod@redhat.com>
> +
> +BugLink: https://bugs.launchpad.net/bugs/803931
> +CVE-2010-4238
> +
> +Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
> +---
> + drivers/xen/blkback/vbd.c |    6 +++---
> + 1 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
> +index fe10ec8..f6044e0 100644
> +--- a/drivers/xen/blkback/vbd.c
> ++++ b/drivers/xen/blkback/vbd.c
> +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
> + 
> + 	vbd->bdev = bdev;
> + 
> +-	if (vbd->bdev->bd_disk == NULL) {
> ++	/* CD-ROMs are not supported by xen blkback */
> ++	if (vbd->bdev->bd_disk == NULL ||
> ++	    vbd->bdev->bd_disk->flags & GENHD_FL_CD) {
> + 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
> + 			vbd->pdevice);
> + 		vbd_free(vbd);
> + 		return -ENOENT;
> + 	}
> + 
> +-	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD)
> +-		vbd->type |= VDISK_CDROM;
> + 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
> + 		vbd->type |= VDISK_REMOVABLE;
> + 
> +-- 
> +1.7.4.1
> +
> -- 

Ok the CVE does imply that CD ROM support does not work.  The patch
above appears to correctly convert any attempt to open them to ENOENT.
As we also do not expect to be using this as the primary interface to
disks in Hardy this should be low risk to existing configurations.
Therefore:

Acked-by: Andy Whitcroft <apw@canonical.com>

-apw
Tim Gardner July 5, 2011, 3 p.m.
On 06/30/2011 10:20 AM, Stefan Bader wrote:
> The blkback driver is only used in a dom0, which leaves only Hardy to
> be affected.
> The Redhat patch consisted of two patches of which the first one was
> reverting a change we did not have.
>
>  From cf01fce28f7007bf90723f32efd8cfa3852ef082 Mon Sep 17 00:00:00 2001
> From: Andrew Jones<drjones@redhat.com>
> Date: Thu, 30 Jun 2011 16:40:02 +0100
> Subject: [PATCH] xen: don't allow blkback virtual CDROM device
>
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> Signed-off-by: Jarod Wilson<jarod@redhat.com>
>
> BugLink: https://bugs.launchpad.net/bugs/803931
> CVE-2010-4238
>
> Signed-off-by: Stefan Bader<stefan.bader@canonical.com>
> ---
>   ...-don-t-allow-blkback-virtual-CDROM-device.patch |   42 ++++++++++++++++++++
>   1 files changed, 42 insertions(+), 0 deletions(-)
>   create mode 100644 debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
>
> diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> new file mode 100644
> index 0000000..8aaf63a
> --- /dev/null
> +++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
> @@ -0,0 +1,42 @@
> +From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
> +From: Andrew Jones<drjones@redhat.com>
> +Date: Thu, 2 Dec 2010 17:34:12 -0500
> +Subject: [PATCH] xen: don't allow blkback virtual CDROM device
> +
> +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
> +Signed-off-by: Jarod Wilson<jarod@redhat.com>
> +
> +BugLink: https://bugs.launchpad.net/bugs/803931
> +CVE-2010-4238
> +
> +Signed-off-by: Stefan Bader<stefan.bader@canonical.com>
> +---
> + drivers/xen/blkback/vbd.c |    6 +++---
> + 1 files changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
> +index fe10ec8..f6044e0 100644
> +--- a/drivers/xen/blkback/vbd.c
> ++++ b/drivers/xen/blkback/vbd.c
> +@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
> +
> + 	vbd->bdev = bdev;
> +
> +-	if (vbd->bdev->bd_disk == NULL) {
> ++	/* CD-ROMs are not supported by xen blkback */
> ++	if (vbd->bdev->bd_disk == NULL ||
> ++	    vbd->bdev->bd_disk->flags&  GENHD_FL_CD) {
> + 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
> + 			vbd->pdevice);
> + 		vbd_free(vbd);
> + 		return -ENOENT;
> + 	}
> +
> +-	if (vbd->bdev->bd_disk->flags&  GENHD_FL_CD)
> +-		vbd->type |= VDISK_CDROM;
> + 	if (vbd->bdev->bd_disk->flags&  GENHD_FL_REMOVABLE)
> + 		vbd->type |= VDISK_REMOVABLE;
> +
> +--
> +1.7.4.1
> +

Patch hide | download patch | download mbox

diff --git a/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
new file mode 100644
index 0000000..8aaf63a
--- /dev/null
+++ b/debian/binary-custom.d/xen/patchset/026-xen-don-t-allow-blkback-virtual-CDROM-device.patch
@@ -0,0 +1,42 @@ 
+From 4f8bf5ec3db0719abd46454959f5954eb5151ec1 Mon Sep 17 00:00:00 2001
+From: Andrew Jones <drjones@redhat.com>
+Date: Thu, 2 Dec 2010 17:34:12 -0500
+Subject: [PATCH] xen: don't allow blkback virtual CDROM device
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=635638
+Signed-off-by: Jarod Wilson <jarod@redhat.com>
+
+BugLink: https://bugs.launchpad.net/bugs/803931
+CVE-2010-4238
+
+Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
+---
+ drivers/xen/blkback/vbd.c |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/xen/blkback/vbd.c b/drivers/xen/blkback/vbd.c
+index fe10ec8..f6044e0 100644
+--- a/drivers/xen/blkback/vbd.c
++++ b/drivers/xen/blkback/vbd.c
+@@ -74,15 +74,15 @@ int vbd_create(blkif_t *blkif, blkif_vdev_t handle, unsigned major,
+ 
+ 	vbd->bdev = bdev;
+ 
+-	if (vbd->bdev->bd_disk == NULL) {
++	/* CD-ROMs are not supported by xen blkback */
++	if (vbd->bdev->bd_disk == NULL ||
++	    vbd->bdev->bd_disk->flags & GENHD_FL_CD) {
+ 		DPRINTK("vbd_creat: device %08x doesn't exist.\n",
+ 			vbd->pdevice);
+ 		vbd_free(vbd);
+ 		return -ENOENT;
+ 	}
+ 
+-	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD)
+-		vbd->type |= VDISK_CDROM;
+ 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
+ 		vbd->type |= VDISK_REMOVABLE;
+ 
+-- 
+1.7.4.1
+