CVS commit: pkgsrc/sysutils/xenkernel418

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/sysutils/xenkernel418
From: "Emmanuel Dreyfus" <manu%netbsd.org@localhost>
Date: Fri, 27 Sep 2024 12:45:50 +0000

Module Name:    pkgsrc
Committed By:   manu
Date:           Fri Sep 27 12:45:49 UTC 2024

Modified Files:
        pkgsrc/sysutils/xenkernel418: Makefile distinfo
Added Files:
        pkgsrc/sysutils/xenkernel418/patches: patch-xen_arch_x86_hvm_lvapic.c
            patch-xen_arch_x86_include_asm_cpufeature.h

Log Message:
Fix XSA-462 / CVE-2024-45817 by patch from upstream


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/sysutils/xenkernel418/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/sysutils/xenkernel418/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_hvm_lvapic.c \
    pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_include_asm_cpufeature.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/sysutils/xenkernel418/Makefile
diff -u pkgsrc/sysutils/xenkernel418/Makefile:1.1 pkgsrc/sysutils/xenkernel418/Makefile:1.2
--- pkgsrc/sysutils/xenkernel418/Makefile:1.1   Tue Nov 21 11:38:26 2023
+++ pkgsrc/sysutils/xenkernel418/Makefile       Fri Sep 27 12:45:49 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2023/11/21 11:38:26 bouyer Exp $
+# $NetBSD: Makefile,v 1.2 2024/09/27 12:45:49 manu Exp $
 # VERSION is set in version.mk as it is shared with other packages
-#PKGREVISION=        1
+PKGREVISION=        1
 
 XENKERNEL:=
 .include        "../../sysutils/xentools418/version.mk"

Index: pkgsrc/sysutils/xenkernel418/distinfo
diff -u pkgsrc/sysutils/xenkernel418/distinfo:1.2 pkgsrc/sysutils/xenkernel418/distinfo:1.3
--- pkgsrc/sysutils/xenkernel418/distinfo:1.2   Tue Sep 10 12:40:14 2024
+++ pkgsrc/sysutils/xenkernel418/distinfo       Fri Sep 27 12:45:49 2024
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2024/09/10 12:40:14 bouyer Exp $
+$NetBSD: distinfo,v 1.3 2024/09/27 12:45:49 manu Exp $
 
 BLAKE2s (xen418/xen-bd51e57.tar.gz) = cc12f497140f71ae2726a575d365a1c19c24315b20d80beff5b0ebbf0a8b2c89
 SHA512 (xen418/xen-bd51e57.tar.gz) = 752fb65b69c43410b04ad5ca34eba320f7afb8de7edac26b807fb7258b2571dc1fff71c271a3f834283ddbe0429b6d6c190fda9e33d9e048cdb97d6dc7ae71dc
@@ -8,5 +8,7 @@ SHA1 (patch-xen_Makefile) = 0c400e8054e9
 SHA1 (patch-xen_arch_x86_Rules.mk) = b0bc391f2ca3e96ce2bcaec5e1fcd66139ff16f9
 SHA1 (patch-xen_arch_x86_boot_build32.lds) = 9157f22876085254844f720853761a2cd0f4876e
 SHA1 (patch-xen_arch_x86_extable.c) = f64b956be1167901a60bf9be1abd98dbfaffb100
+SHA1 (patch-xen_arch_x86_hvm_lvapic.c) = fa68243926fe4ed3ba83cd2f5fa04df529af00c7
+SHA1 (patch-xen_arch_x86_include_asm_cpufeature.h) = 44be1ea31ffda50da1aa69f3ed290b752e57f4e1
 SHA1 (patch-xen_arch_x86_mm_p2m.c) = 6e9b84dc8448eca9677f184e720bbfcb3c6d314e
 SHA1 (patch-xen_tools_check-endbr.sh) = a7268ee5ff11f21fdc5b0bc213498a1923b693be

Added files:

Index: pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_hvm_lvapic.c
diff -u /dev/null pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_hvm_lvapic.c:1.1
--- /dev/null   Fri Sep 27 12:45:50 2024
+++ pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_hvm_lvapic.c        Fri Sep 27 12:45:49 2024
@@ -0,0 +1,51 @@
+$NetBSD: patch-xen_arch_x86_hvm_lvapic.c,v 1.1 2024/09/27 12:45:49 manu Exp $
+
+From https://xenbits.xen.org/xsa/xsa462.patch
+
+From: Jan Beulich <jbeulich%suse.com@localhost>
+Subject: x86/vLAPIC: prevent undue recursion of vlapic_error()
+
+With the error vector set to an illegal value, the function invoking
+vlapic_set_irq() would bring execution back here, with the non-recursive
+lock already held. Avoid the call in this case, merely further updating
+ESR (if necessary).
+
+This is XSA-462 / CVE-2024-45817.
+
+Fixes: 5f32d186a8b1 ("x86/vlapic: don't silently accept bad vectors")
+Reported-by: Federico Serafini <federico.serafini%bugseng.com@localhost>
+Reported-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
+Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+
+diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c
+index 2ec95942713e..8758c4217fab 100644
+--- ./xen/arch/x86/hvm/vlapic.c.orig
++++ ./xen/arch/x86/hvm/vlapic.c
+@@ -112,9 +112,24 @@ static void vlapic_error(struct vlapic *vlapic, unsigned int errmask)
+     if ( (esr & errmask) != errmask )
+     {
+         uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);
++        bool inj = false;
+ 
+-        vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
+         if ( !(lvterr & APIC_LVT_MASKED) )
++        {
++            /*
++             * If LVTERR is unmasked and has an illegal vector, vlapic_set_irq()
++             * will end up back here.  Break the cycle by only injecting LVTERR
++             * if it will succeed, and folding in RECVILL otherwise.
++             */
++            if ( (lvterr & APIC_VECTOR_MASK) >= 16 )
++                 inj = true;
++            else
++                 errmask |= APIC_ESR_RECVILL;
++        }
++
++        vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
++
++        if ( inj )
+             vlapic_set_irq(vlapic, lvterr & APIC_VECTOR_MASK, 0);
+     }
+     spin_unlock_irqrestore(&vlapic->esr_lock, flags);
Index: pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_include_asm_cpufeature.h
diff -u /dev/null pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_include_asm_cpufeature.h:1.1
--- /dev/null   Fri Sep 27 12:45:50 2024
+++ pkgsrc/sysutils/xenkernel418/patches/patch-xen_arch_x86_include_asm_cpufeature.h    Fri Sep 27 12:45:49 2024
@@ -0,0 +1,20 @@
+$NetBSD: patch-xen_arch_x86_include_asm_cpufeature.h,v 1.1 2024/09/27 12:45:49 manu Exp $
+
+Disable Indirect Branch Tracking, which requires endbr64 instructions
+in Xen function's start. Current build fail to produce them, hence 
+we crash if IBT is enabled.
+
+--- ./xen/arch/x86/include/asm/cpufeature.h.orig       2024-06-27 15:00:35.531392406 +0000
++++ ./xen/arch/x86/include/asm/cpufeature.h    2024-06-27 15:02:49.643543717 +0000
+@@ -215,9 +215,10 @@
+ #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH)
+ #define cpu_has_nscb            boot_cpu_has(X86_FEATURE_NSCB)
+ #define cpu_has_xen_lbr         boot_cpu_has(X86_FEATURE_XEN_LBR)
+ #define cpu_has_xen_shstk       boot_cpu_has(X86_FEATURE_XEN_SHSTK)
+-#define cpu_has_xen_ibt         boot_cpu_has(X86_FEATURE_XEN_IBT)
++/* Not ready: we need to make sure we use endbr64 instructions in Xen */
++#define cpu_has_xen_ibt         0 /* boot_cpu_has(X86_FEATURE_XEN_IBT) */
+ 
+ #define cpu_has_msr_tsc_aux     (cpu_has_rdtscp || cpu_has_rdpid)
+ 
+ /* Bugs. */

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/sysutils/xenkernel418
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/sysutils/xenkernel418
Indexes:

Home | Main Index | Thread Index | Old Index