OVMSA-2017-0148 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2017-08-31 |
Description
[4.3.0-55.el6.186.45]
- From: Jan Beulich
Subject: gnttab: correct pin status fixup for copy
Regardless of copy operations only setting GNTPIN_hst*, GNTPIN_dev*
also need to be taken into account when deciding whether to clear
_GTF_{read,writ}ing. At least for consistency with code elsewhere the
read part better doesn't use any mask at all.
This is XSA-230.
Signed-off-by: Jan Beulich
Reviewed-by: Andrew Cooper
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 26224363] {CVE-2017-12855}
[4.3.0-55.el6.186.44]
- From: Andrew Cooper
Subject: grant_table: Default to v1, and disallow transitive grants
The reference counting and locking discipline for transitive grants is broken.
Their use is therefore declared out of security support.
This is XSA-226.
Transitive grants are expected to be unconditionally available with grant
table v2. Hiding transitive grants alone is an ABI breakage for the guest.
Modern versions of Linux and the Windows PV drivers use grant table v1, but
older versions did use v2.
In principle, disabling gnttab v2 entirely is the safer way to cause guests to
avoid using transitive grants. However, some older guests which defaulted to
using gnttab v2 don't tolerate falling back from v2 to v1 over migrate.
This patch introduces a new command line option to control grant table
behaviour. One suboption allows a choice of the maximum grant table version
Xen will allow the guest to use, and defaults to v2. A different suboption
independently controls whether transitive grants can be used.
The default case is:
gnttab=max_ver:2
To disable gnttab v2 entirely, use:
gnttab=max_ver:1
To allow gnttab v2 and transitive grants, use:
gnttab=max_ver:2,transitive
Signed-off-by: Andrew Cooper
Conflict:
docs/misc/xen-command-line.markdown
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 26567225] {CVE-2017-12135}
[4.3.0-55.el6.186.43]
- Revert wrong fix for xsa226 [bug 26567225]
[4.3.0-55.el6.186.42]
- From 3aab881c7331cf93ffd8d2f2dd9adfd18ed4fc99 Mon Sep 17 00:00:00 2001
From: Andrew Cooper
Date: Tue, 20 Jun 2017 19:18:54 +0100
Subject: [PATCH] x86/grant: Disallow misaligned PTEs
Pagetable entries must be aligned to function correctly. Disallow attempts
from the guest to have a grant PTE created at a misaligned address, which
would result in corruption of the L1 table with largely-guest-controlled
values.
This is XSA-227
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 26201029] {CVE-2017-12137}
[4.3.0-55.el6.186.41]
- Prerequisite patch for xsa227-4.5.patch
There is no macro ASSERT_UNREACHABLE before OVM3.4 which is needed by
xsa227-4.5.patch
This chunk is picked from upstream commit cacdb0faaa121ac8f792d5bd34cc6bc7c72d21da
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 26201029] {CVE-2017-12137}
[4.3.0-55.el6.186.40]
- From: Jan Beulich
Subject: gnttab: don't use possibly unbounded tail calls
There is no guarantee that the compiler would actually translate them
to branches instead of calls, so only ones with a known recursion limit
are okay:
- __release_grant_for_copy() can call itself only once, as
__acquire_grant_for_copy() won't permit use of multi-level transitive
grants,
- __acquire_grant_for_copy() is fine to call itself with the last
argument false, as that prevents further recursion,
- __acquire_grant_for_copy() must not call itself to recover from an
observed change to the active entry's pin count
This is XSA-226.
Signed-off-by: Jan Beulich
Reviewed-by: Andrew Cooper
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 26567225] {CVE-2017-12135}
[4.3.0-55.el6.186.39]
- From 69549b08eb9bd3a525c07a97d952673a3d02c76a Mon Sep 17 00:00:00 2001
From: Annie Li
Date: Fri, 7 Jul 2017 14:36:08 -0400
Subject: [PATCH] xen: increase default max grant frames and max maptrack
frames
Commit 9dfba034e increase default max grant frames to 128 which is
still not enough when the guest has more cpus and vbd/vif devices,
so set it to 256. Also the default max maptrack frames needs to be
increased accordingly.
Signed-off-by: Annie Li
Acked-by: Konrad Rzeszutek Wilk
Acked-by: Adnan Misherfi
Backported-by: Zhenzhong Duan [bug 26412357]
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.3 (x86_64) | xen-4.3.0-55.el6.186.45.src.rpm | db9ab0ca0c9160ea9c1404203a9d4f829e07d45311f4d21aa3904dd24cdc27b9 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-4.3.0-55.el6.186.45.x86_64.rpm | f37ac48f49a4750edf136b34bec9dd0ebf5dc469ff762e704d8157c13fe7de05 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-tools-4.3.0-55.el6.186.45.x86_64.rpm | 27a36aeaf97c764d29c2787a586c211810dfafa20e8cc4ce61acc0138235f400 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
