Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:114
xen.openSUSE_Evergreen_11.4
CVE-2012-4535-xsa20.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2012-4535-xsa20.patch of Package xen.openSUSE_Evergreen_11.4
References: CVE-2012-4535 XSA-20 bnc#786516 VCPU/timers: Prevent overflow in calculations, leading to DoS vulnerability The timer action for a vcpu periodic timer is to calculate the next expiry time, and to reinsert itself into the timer queue. If the deadline ends up in the past, Xen never leaves __do_softirq(). The affected PCPU will stay in an infinite loop until Xen is killed by the watchdog (if enabled). This is a security problem, XSA-20 / CVE-2012-4535. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -880,6 +880,9 @@ long do_vcpu_op(int cmd, int vcpuid, XEN if ( set.period_ns < MILLISECS(1) ) return -EINVAL; + if ( set.period_ns > STIME_DELTA_MAX ) + return -EINVAL; + v->periodic_period = set.period_ns; vcpu_force_reschedule(v); --- a/xen/include/xen/time.h +++ b/xen/include/xen/time.h @@ -53,6 +53,8 @@ struct tm gmtime(unsigned long t); #define MILLISECS(_ms) ((s_time_t)((_ms) * 1000000ULL)) #define MICROSECS(_us) ((s_time_t)((_us) * 1000ULL)) #define STIME_MAX ((s_time_t)((uint64_t)~0ull>>1)) +/* Chosen so (NOW() + delta) wont overflow without an uptime of 200 years */ +#define STIME_DELTA_MAX ((s_time_t)((uint64_t)~0ull>>2)) extern void update_vcpu_system_time(struct vcpu *v); extern void update_domain_wallclock_time(struct domain *d);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor