[PATCH v4 0/3] Xen iopl fixes
From: Andy Lutomirski
Date: Wed Mar 16 2016 - 17:14:34 EST
Hi all-
For those who are seeing this for the first time: any 64-bit Xen PV
domain with IO port access privileges (in practice, this means dom0
AFAIK) and any user programs that use iopl(3) (various old X
drivers, presumably) is probably vulnerable to privilege escalations
by unprivileged programs running in the same PV domain.
There's a long public description of the issue here:
http://xenbits.xen.org/xsa/advisory-171.html
Changes from v3:
- Add Jan's R-b.
- No longer embargoed
Changes from v2: Pretend v2 never happened...
Changes from v1: Use xen/hypervisor.h instead of xen-ops.h (Jan)
Andy Lutomirski (3):
selftests/x86: Add a iopl test
x86/iopl/64: Properly context-switch IOPL on Xen PV
x86/iopl: Fix iopl capability check on Xen PV
arch/x86/include/asm/xen/hypervisor.h | 2 +
arch/x86/kernel/ioport.c | 12 ++-
arch/x86/kernel/process_64.c | 12 +++
arch/x86/xen/enlighten.c | 2 +-
tools/testing/selftests/x86/Makefile | 2 +-
tools/testing/selftests/x86/iopl.c | 135 ++++++++++++++++++++++++++++++++++
6 files changed, 160 insertions(+), 5 deletions(-)
create mode 100644 tools/testing/selftests/x86/iopl.c
--
2.5.0