pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/sysutils/xenkernel45



Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Apr  8 11:47:34 UTC 2017

Modified Files:
        pkgsrc/sysutils/xenkernel45: Makefile distinfo
Added Files:
        pkgsrc/sysutils/xenkernel45/patches: patch-XSA-212

Log Message:
add patch for XSA-212 from upstream
(http://xenbits.xen.org/xsa/advisory-212.html)


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 pkgsrc/sysutils/xenkernel45/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/sysutils/xenkernel45/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xenkernel45/patches/patch-XSA-212

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/sysutils/xenkernel45/Makefile
diff -u pkgsrc/sysutils/xenkernel45/Makefile:1.29 pkgsrc/sysutils/xenkernel45/Makefile:1.30
--- pkgsrc/sysutils/xenkernel45/Makefile:1.29   Mon Mar 20 18:11:10 2017
+++ pkgsrc/sysutils/xenkernel45/Makefile        Sat Apr  8 11:47:33 2017
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.29 2017/03/20 18:11:10 bouyer Exp $
+# $NetBSD: Makefile,v 1.30 2017/04/08 11:47:33 spz Exp $
 
 VERSION=       4.5.5
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel45-${VERSION}
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 

Index: pkgsrc/sysutils/xenkernel45/distinfo
diff -u pkgsrc/sysutils/xenkernel45/distinfo:1.22 pkgsrc/sysutils/xenkernel45/distinfo:1.23
--- pkgsrc/sysutils/xenkernel45/distinfo:1.22   Mon Mar 20 18:11:10 2017
+++ pkgsrc/sysutils/xenkernel45/distinfo        Sat Apr  8 11:47:33 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2017/03/20 18:11:10 bouyer Exp $
+$NetBSD: distinfo,v 1.23 2017/04/08 11:47:33 spz Exp $
 
 SHA1 (xen-4.5.5.tar.gz) = 4073d411c72d3298baacfc15577b92b9ae577073
 RMD160 (xen-4.5.5.tar.gz) = 34132ab04752dc594fbdc1404c95f402b7bbbe39
@@ -15,6 +15,7 @@ SHA1 (patch-XSA-200) = 37254653e3f9016de
 SHA1 (patch-XSA-202) = 52cb1da3bb078f6b7574f606b8c9cacdf24f6518
 SHA1 (patch-XSA-204) = 4d5616f418e3ea010af4cb9e5d1ad14c8adcbf1c
 SHA1 (patch-XSA-207) = e567afa1999bdb12800e7df43d5fdf8564d67fb1
+SHA1 (patch-XSA-212) = 4637d51bcbb3b11fb0e22940f824ebacdaa15b4f
 SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe
 SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154
 SHA1 (patch-xen_common_page__alloc.c) = c4d606de1cada8cf89b5abd16efada3d58c68a03

Added files:

Index: pkgsrc/sysutils/xenkernel45/patches/patch-XSA-212
diff -u /dev/null pkgsrc/sysutils/xenkernel45/patches/patch-XSA-212:1.1
--- /dev/null   Sat Apr  8 11:47:34 2017
+++ pkgsrc/sysutils/xenkernel45/patches/patch-XSA-212   Sat Apr  8 11:47:33 2017
@@ -0,0 +1,89 @@
+$NetBSD: patch-XSA-212,v 1.1 2017/04/08 11:47:33 spz Exp $
+
+memory: properly check guest memory ranges in XENMEM_exchange handling
+
+The use of guest_handle_okay() here (as introduced by the XSA-29 fix)
+is insufficient here, guest_handle_subrange_okay() needs to be used
+instead.
+
+Note that the uses are okay in
+- XENMEM_add_to_physmap_batch handling due to the size field being only
+  16 bits wide,
+- livepatch_list() due to the limit of 1024 enforced on the
+  number-of-entries input (leaving aside the fact that this can be
+  called by a privileged domain only anyway),
+- compat mode handling due to counts there being limited to 32 bits,
+- everywhere else due to guest arrays being accessed sequentially from
+  index zero.
+
+This is XSA-212.
+
+Reported-by: Jann Horn <jannh%google.com@localhost>
+Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
+Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+
+--- xen/common/memory.c
++++ xen/common/memory.c
+@@ -436,8 +436,8 @@ static long memory_exchange(XEN_GUEST_HA
+         goto fail_early;
+     }
+ 
+-    if ( !guest_handle_okay(exch.in.extent_start, exch.in.nr_extents) ||
+-         !guest_handle_okay(exch.out.extent_start, exch.out.nr_extents) )
++    if ( !guest_handle_subrange_okay(exch.in.extent_start, exch.nr_exchanged,
++                                     exch.in.nr_extents - 1) )
+     {
+         rc = -EFAULT;
+         goto fail_early;
+@@ -447,11 +447,27 @@ static long memory_exchange(XEN_GUEST_HA
+     {
+         in_chunk_order  = exch.out.extent_order - exch.in.extent_order;
+         out_chunk_order = 0;
++
++        if ( !guest_handle_subrange_okay(exch.out.extent_start,
++                                         exch.nr_exchanged >> in_chunk_order,
++                                         exch.out.nr_extents - 1) )
++        {
++            rc = -EFAULT;
++            goto fail_early;
++        }
+     }
+     else
+     {
+         in_chunk_order  = 0;
+         out_chunk_order = exch.in.extent_order - exch.out.extent_order;
++
++        if ( !guest_handle_subrange_okay(exch.out.extent_start,
++                                         exch.nr_exchanged << out_chunk_order,
++                                         exch.out.nr_extents - 1) )
++        {
++            rc = -EFAULT;
++            goto fail_early;
++        }
+     }
+ 
+     d = rcu_lock_domain_by_any_id(exch.in.domid);
+--- xen/include/asm-x86/x86_64/uaccess.h
++++ xen/include/asm-x86/x86_64/uaccess.h
+@@ -29,8 +29,9 @@ extern void *xlat_malloc(unsigned long *
+ /*
+  * Valid if in +ve half of 48-bit address space, or above Xen-reserved area.
+  * This is also valid for range checks (addr, addr+size). As long as the
+- * start address is outside the Xen-reserved area then we will access a
+- * non-canonical address (and thus fault) before ever reaching VIRT_START.
++ * start address is outside the Xen-reserved area, sequential accesses
++ * (starting at addr) will hit a non-canonical address (and thus fault)
++ * before ever reaching VIRT_START.
+  */
+ #define __addr_ok(addr) \
+     (((unsigned long)(addr) < (1UL<<47)) || \
+@@ -40,7 +41,8 @@ extern void *xlat_malloc(unsigned long *
+     (__addr_ok(addr) || is_compat_arg_xlat_range(addr, size))
+ 
+ #define array_access_ok(addr, count, size) \
+-    (access_ok(addr, (count)*(size)))
++    (likely(((count) ?: 0UL) < (~0UL / (size))) && \
++     access_ok(addr, (count) * (size)))
+ 
+ #define __compat_addr_ok(d, addr) \
+     ((unsigned long)(addr) < HYPERVISOR_COMPAT_VIRT_START(d))



Home | Main Index | Thread Index | Old Index