aboutsummaryrefslogtreecommitdiffstats
path: root/tools/blktap2/drivers/hashtable_utility.c
diff options
context:
space:
mode:
authorIan Jackson <Ian.Jackson@eu.citrix.com>2012-11-14 11:35:06 +0000
committerIan Jackson <Ian.Jackson@eu.citrix.com>2012-11-14 11:35:06 +0000
commit50d1a7fea0a60cd66733cfd8666a95f00d586549 (patch)
treefe0e65652b6deafd04041170b503c7d9d9c241bf /tools/blktap2/drivers/hashtable_utility.c
parentf2e0eab9afae9245f38a31deeafe90953d63ea07 (diff)
downloadxen-50d1a7fea0a60cd66733cfd8666a95f00d586549.tar.gz
xen-50d1a7fea0a60cd66733cfd8666a95f00d586549.tar.bz2
xen-50d1a7fea0a60cd66733cfd8666a95f00d586549.zip
x86/physdev: Range check pirq parameter from guests
Otherwise Xen will read beyond either end of the struct domain.arch.pirq_emuirq array, usually resulting in a fatal page fault. This vulnerability was introduced by c/s 23241:d21100f1d00e, which adds a call to domain_pirq_to_emuirq() which uses the guest provided pirq value before range checking it, and was fixed by c/s 23573:584c2e5e03d9 which changed the behaviour of the domain_pirq_to_emuirq() macro to use radix trees instead of a flat array. This is XSA-21 / CVE-2012-4536. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'tools/blktap2/drivers/hashtable_utility.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 09:15:10 +0000