xen/pciback: Save xen_pci_op commands before processing it - kernel

diff options

author	Konrad Rzeszutek Wilk <[email protected]>	2015-11-16 17:40:48 +0000
committer	Konrad Rzeszutek Wilk <[email protected]>	2015-12-18 15:00:47 +0000
commit	8135cf8b092723dbfcc611fe6fdcb3a36c9951c5 (patch)
tree	d1f03969e8a2af5ff9e2b2ea8eaab58405ac30eb /drivers/fpga/fpga-mgr.c
parent	xen-scsiback: safely copy requests (diff)
download	kernel-8135cf8b092723dbfcc611fe6fdcb3a36c9951c5.tar.gz kernel-8135cf8b092723dbfcc611fe6fdcb3a36c9951c5.zip

xen/pciback: Save xen_pci_op commands before processing it

Double fetch vulnerabilities that happen when a variable is fetched twice from shared memory but a security check is only performed the first time. The xen_pcibk_do_op function performs a switch statements on the op->cmd value which is stored in shared memory. Interestingly this can result in a double fetch vulnerability depending on the performed compiler optimization. This patch fixes it by saving the xen_pci_op command before processing it. We also use 'barrier' to make sure that the compiler does not perform any optimization. This is part of XSA155. CC: [email protected] Reviewed-by: Konrad Rzeszutek Wilk <[email protected]> Signed-off-by: Jan Beulich <[email protected]> Signed-off-by: David Vrabel <[email protected]> Signed-off-by: Konrad Rzeszutek Wilk <[email protected]>

Diffstat (limited to 'drivers/fpga/fpga-mgr.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: