From: Ian Campbell <ian.campbell@citrix.com>
Date: Tue, 11 Sep 2012 12:06:30 +0000 (+0200)
Subject: tmem: only allow tmem control operations from privileged domains
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7954
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=60172eff1eacf9fff67ee80857f8735a3664c831;p=xen.git

tmem: only allow tmem control operations from privileged domains

This is part of XSA-15 / CVE-2012-3497.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/tmem.c b/xen/common/tmem.c
index 1a8777c284..aedac551d3 100644
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2541,10 +2541,8 @@ static NOINLINE int do_tmem_control(struct tmem_op *op)
     OID *oidp = (OID *)(&op->u.ctrl.oid[0]);
 
     if (!tmh_current_is_privileged())
-    {
-        /* don't fail... mystery: sometimes dom0 fails here */
-        /* return -EPERM; */
-    }
+        return -EPERM;
+
     switch(subop)
     {
     case TMEMC_THAW: