diff options
| author | bouyer <bouyer@pkgsrc.org> | 2021-02-03 22:30:21 +0000 |
|---|---|---|
| committer | bouyer <bouyer@pkgsrc.org> | 2021-02-03 22:30:21 +0000 |
| commit | cb6e99b7c5097caafce588426e6dedeb85751860 (patch) | |
| tree | 63507ddd41522742fadf04d8ebd094b1fc3daeea | |
| parent | 83fc8320776e3f9dd89e7c87249269e0689bdffd (diff) | |
| download | pkgsrc-cb6e99b7c5097caafce588426e6dedeb85751860.tar.gz | |
Add upstream patch for Xen Security Advisory 355
Also, fix xenstored looping keeping the CPU 100% busy and leaking
file descriptors.
| -rw-r--r-- | sysutils/xentools413/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xentools413/distinfo | 4 | ||||
| -rw-r--r-- | sysutils/xentools413/patches/patch-XSA355 | 25 | ||||
| -rw-r--r-- | sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c | 29 |
4 files changed, 59 insertions, 3 deletions
diff --git a/sysutils/xentools413/Makefile b/sysutils/xentools413/Makefile index 398686e10a1..1178c49c7be 100644 --- a/sysutils/xentools413/Makefile +++ b/sysutils/xentools413/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.15 2021/01/25 10:50:40 wiz Exp $ +# $NetBSD: Makefile,v 1.16 2021/02/03 22:30:21 bouyer Exp $ # VERSION= 4.13.2 DIST_SUBDIR= xen413 DISTNAME= xen-${VERSION} PKGNAME= xentools413-${VERSION} -PKGREVISION= 2 +PKGREVISION= 3 #PKGREVISION= 0 CATEGORIES= sysutils MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/ diff --git a/sysutils/xentools413/distinfo b/sysutils/xentools413/distinfo index cec1ac51625..36141b654de 100644 --- a/sysutils/xentools413/distinfo +++ b/sysutils/xentools413/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.7 2021/01/08 22:08:45 bouyer Exp $ +$NetBSD: distinfo,v 1.8 2021/02/03 22:30:21 bouyer Exp $ SHA1 (xen413/ipxe-1dd56dbd11082fb622c2ed21cfaced4f47d798a6.tar.gz) = b78d21457bc07b4c4d3e770109c169ddafdacdf5 RMD160 (xen413/ipxe-1dd56dbd11082fb622c2ed21cfaced4f47d798a6.tar.gz) = 846dbcc0f56e87fca8c87b00ca2ed031471d4246 @@ -24,6 +24,7 @@ SHA1 (patch-XSA325) = 59c7fba006588db4accee1068072612777620ac3 SHA1 (patch-XSA330) = dd745d8ae212f139ed32fcf8c99618fc42642d9e SHA1 (patch-XSA352) = 7c4479c029d9bbbf6578ee148cb926bb2d849789 SHA1 (patch-XSA353) = 6983aa18399dcf0ac1471ffdf7c27c1bc041f49c +SHA1 (patch-XSA355) = 73ca5dff042a4a54b06af36e6ace7d09673c05f0 SHA1 (patch-docs_man_xl-disk-configuration.5.pod) = 9261cc5035dba3414e32955da80707baab042476 SHA1 (patch-docs_man_xl.1.pod.in) = ac3525478471a43fd30fa40c7e89d4b5cb164038 SHA1 (patch-docs_man_xl.cfg.5.pod.in) = 5970961552f29c4536a884161a208a27a20dccf4 @@ -98,6 +99,7 @@ SHA1 (patch-tools_xenpaging_xenpaging.c) = 0a154b97f1f452a5f80f7c9a835a1f216f12f SHA1 (patch-tools_xenpmd_xenpmd.c) = 851ce7a295e2f41ffcd966850d8003c82670c751 SHA1 (patch-tools_xenstat_libxenstat_src_xenstat_netbsd.c) = e0f52d2a6ce9c92780209ed5b6f6f2ad1c175221 SHA1 (patch-tools_xenstore_xc.c) = cf49b65cba064667e13bb041d1f0099c76ab6a40 +SHA1 (patch-tools_xenstore_xenstored_core.c) = f3d3011cb945772f298404b3505ca032a8bc06ea SHA1 (patch-tools_xenstore_xs_lib.c) = e3a8f6e3b149c3ab0f4ec8dcfa455983f94e6c16 SHA1 (patch-tools_xentrace_xentrace.c) = f964c7555f454358a39f28a2e75db8ee100a4243 SHA1 (patch-tools_xl_Makefile) = dd4fa8cc66c74eea8b022cd6129aa2831776f2a8 diff --git a/sysutils/xentools413/patches/patch-XSA355 b/sysutils/xentools413/patches/patch-XSA355 new file mode 100644 index 00000000000..64e493a92c3 --- /dev/null +++ b/sysutils/xentools413/patches/patch-XSA355 @@ -0,0 +1,25 @@ +$NetBSD: patch-XSA355,v 1.1 2021/02/03 22:30:22 bouyer Exp $ + +From: Jan Beulich <jbeulich@suse.com> +Subject: memory: fix off-by-one in XSA-346 change + +The comparison against ARRAY_SIZE() needs to be >= in order to avoid +overrunning the pages[] array. + +This is XSA-355. + +Fixes: 5777a3742d88 ("IOMMU: hold page ref until after deferred TLB flush") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Julien Grall <jgrall@amazon.com> + +--- xen/common/memory.c.orig ++++ xen/common/memory.c +@@ -854,7 +854,7 @@ int xenmem_add_to_physmap(struct domain + ++extra.ppage; + + /* Check for continuation if it's not the last iteration. */ +- if ( (++done > ARRAY_SIZE(pages) && extra.ppage) || ++ if ( (++done >= ARRAY_SIZE(pages) && extra.ppage) || + (xatp->size > done && hypercall_preempt_check()) ) + { + rc = start + done; diff --git a/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c b/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c new file mode 100644 index 00000000000..9087f401b2c --- /dev/null +++ b/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c @@ -0,0 +1,29 @@ +$NetBSD: patch-tools_xenstore_xenstored_core.c,v 1.1 2021/02/03 22:30:22 bouyer Exp $ + +On error, don't keep socket connection in ignored state but close them. +When the remote end of a socket is closed, xenstored will flag it as an +error and switch the connection to ignored. But on some OSes (e.g. +NetBSD), poll(2) will return only POLLIN in this case, so sockets in ignored +state will stay open forever in xenstored (and it will loop with CPU 100% +busy). + +Signed-off-by: Manuel Bouyer <bouyer@netbsd.org> +Fixes: d2fa370d3ef9cbe22d7256c608671cdcdf6e0083 +--- + tools/xenstore/xenstored_core.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c +index 1ab6f162cb..0fea598352 100644 +--- tools/xenstore/xenstored_core.c.orig ++++ tools/xenstore/xenstored_core.c +@@ -1440,6 +1440,9 @@ static void ignore_connection(struct connection *conn) + + talloc_free(conn->in); + conn->in = NULL; ++ /* if this is a socket connection, drop it now */ ++ if (conn->fd >= 0) ++ talloc_free(conn); + } + + static const char *sockmsg_string(enum xsd_sockmsg_type type) |