Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.4698
xend-xsa153.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xend-xsa153.patch of Package xen.4698
References: bsc#951845 XSA-153 - This is the xend version From 27593ec62bdad8621df910931349d964a6dbaa8c Mon Sep 17 00:00:00 2001 From: Ian Jackson <ian.jackson@eu.citrix.com> Date: Wed, 21 Oct 2015 16:18:30 +0100 Subject: [PATCH XSA-153 v3] libxl: adjust PoD target by memory fudge, too PoD guests need to balloon at least as far as required by PoD, or risk crashing. Currently they don't necessarily know what the right value is, because our memory accounting is (at the very least) confusing. Apply the memory limit fudge factor to the in-hypervisor PoD memory target, too. This will increase the size of the guest's PoD cache by the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures that even with a slightly-off balloon driver, the guest will be stable even under memory pressure. There are two call sites of xc_domain_set_pod_target that need fixing: The one in libxl_set_memory_target is straightforward. The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply setting the PoD target differently does not work because the various amounts of memory during domain construction no longer match up. Instead, we adjust the guest memory target in xenstore (but only for PoD guests). This introduces a 1Mby discrepancy between the balloon target of a PoD guest at boot, and the target set by an apparently-equivalent `xl mem-set' (or similar) later. This approach is low-risk for a security fix but we need to fix this up properly in xen.git#staging and probably also in stable trees. This is XSA-153. Index: xen-4.4.4-testing/tools/python/xen/lowlevel/xc/xc.c =================================================================== --- xen-4.4.4-testing.orig/tools/python/xen/lowlevel/xc/xc.c +++ xen-4.4.4-testing/tools/python/xen/lowlevel/xc/xc.c @@ -1678,7 +1678,8 @@ static PyObject *pyxc_domain_set_target_ if (!PyArg_ParseTuple(args, "ii", &dom, &mem_kb)) return NULL; - mem_pages = mem_kb / 4; + /* bsc#951845 - CVE-2015-7972 XSA-153 */ + mem_pages = (mem_kb + 1024) / 4; if (xc_domain_set_pod_target(self->xc_handle, dom, mem_pages, NULL, NULL, NULL) != 0) Index: xen-4.4.4-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.4.4-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.4.4-testing/tools/python/xen/xend/XendDomainInfo.py @@ -1579,10 +1579,14 @@ class XendDomainInfo: self._safe_set_memory('memory_dynamic_max', target * MiB) if self.domid >= 0: + mem_target_fudge = 0 if target > memory_cur: balloon.free((target - memory_cur) * 1024, self) self.storeVm("memory", target) - self.storeDom("memory/target", target << 10) + # bsc#951845 - CVE-2015-7972 XSA-153 + if self.pod_enabled: + mem_target_fudge = 1 + self.storeDom("memory/target", (target-mem_target_fudge) << 10) xc.domain_set_target_mem(self.domid, (target * 1024)) xen.xend.XendDomain.instance().managed_config_save(self) @@ -1908,6 +1912,10 @@ class XendDomainInfo: if self.info.has_key('security_label'): f('security_label', self.info['security_label']) + # bsc#951845 - CVE-2015-7972 XSA-153 + if self.pod_enabled: + f('memory/target', str((self.info['memory_dynamic_max'] - 1024) / 1024)) + to_store.update(self._vcpuDomDetails()) log.debug("Storing domain details: %s", scrub_password(to_store))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor