diff options
| author | tron <tron@pkgsrc.org> | 2012-06-20 17:54:12 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2012-06-20 17:54:12 +0000 |
| commit | 33cae52b1985993e354d8286818ba23d2cd5c967 (patch) | |
| tree | 29f15f957a30a55b1ec0abcf5d65d694159c0080 /sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 | |
| parent | 9c1a84632bd86e38db957a2d3b87806a4512f31b (diff) | |
| download | pkgsrc-33cae52b1985993e354d8286818ba23d2cd5c967.tar.gz | |
Pullup ticket #3837 - requested by bouyer
sysutils/xenkernel41: security patch
Revisions pulled up:
- sysutils/xenkernel41/Makefile 1.7
- sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1 deleted
- sysutils/xenkernel41/patch-xsa9-xen-4.1 deleted
- sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 1.1
- sysutils/xenkernel41/patches/patch-xsa9-xen-4.1 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Tue Jun 19 20:17:07 UTC 2012
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-xsa7-xsa8-xen-4.1
patch-xsa9-xen-4.1
Removed Files:
pkgsrc/sysutils/xenkernel41: patch-xsa7-xsa8-xen-4.1 patch-xsa9-xen-4.1
Log Message:
Move patches to the right place. Bump PKGREVISION
Diffstat (limited to 'sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1')
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 b/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 new file mode 100644 index 00000000000..37eafe35f74 --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 @@ -0,0 +1,124 @@ +$NetBSD: patch-xsa7-xsa8-xen-4.1,v 1.1.2.2 2012/06/20 17:54:12 tron Exp $ + +diff -r 35248be669e7 xen/arch/x86/x86_64/asm-offsets.c +--- xen/arch/x86/x86_64/asm-offsets.c.orig Mon May 14 16:59:12 2012 +0100 ++++ xen/arch/x86/x86_64/asm-offsets.c Thu May 24 11:12:33 2012 +0100 +@@ -90,6 +90,8 @@ void __dummy__(void) + arch.guest_context.trap_ctxt[TRAP_gp_fault].address); + OFFSET(VCPU_gp_fault_sel, struct vcpu, + arch.guest_context.trap_ctxt[TRAP_gp_fault].cs); ++ OFFSET(VCPU_gp_fault_flags, struct vcpu, ++ arch.guest_context.trap_ctxt[TRAP_gp_fault].flags); + OFFSET(VCPU_kernel_sp, struct vcpu, arch.guest_context.kernel_sp); + OFFSET(VCPU_kernel_ss, struct vcpu, arch.guest_context.kernel_ss); + OFFSET(VCPU_guest_context_flags, struct vcpu, arch.guest_context.flags); +diff -r 35248be669e7 xen/arch/x86/x86_64/compat/entry.S +--- xen/arch/x86/x86_64/compat/entry.S.orig Mon May 14 16:59:12 2012 +0100 ++++ xen/arch/x86/x86_64/compat/entry.S Thu May 24 11:12:33 2012 +0100 +@@ -214,6 +214,7 @@ 1: call compat_create_bounce_frame + ENTRY(compat_post_handle_exception) + testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx) + jz compat_test_all_events ++.Lcompat_bounce_exception: + call compat_create_bounce_frame + movb $0,TRAPBOUNCE_flags(%rdx) + jmp compat_test_all_events +@@ -226,19 +227,20 @@ ENTRY(compat_syscall) + leaq VCPU_trap_bounce(%rbx),%rdx + testl $~3,%esi + leal (,%rcx,TBF_INTERRUPT),%ecx +- jz 2f +-1: movq %rax,TRAPBOUNCE_eip(%rdx) ++UNLIKELY_START(z, compat_syscall_gpf) ++ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp) ++ subl $2,UREGS_rip(%rsp) ++ movl $0,TRAPBOUNCE_error_code(%rdx) ++ movl VCPU_gp_fault_addr(%rbx),%eax ++ movzwl VCPU_gp_fault_sel(%rbx),%esi ++ testb $4,VCPU_gp_fault_flags(%rbx) ++ setnz %cl ++ leal TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx ++UNLIKELY_END(compat_syscall_gpf) ++ movq %rax,TRAPBOUNCE_eip(%rdx) + movw %si,TRAPBOUNCE_cs(%rdx) + movb %cl,TRAPBOUNCE_flags(%rdx) +- call compat_create_bounce_frame +- jmp compat_test_all_events +-2: movl $TRAP_gp_fault,UREGS_entry_vector(%rsp) +- subl $2,UREGS_rip(%rsp) +- movq VCPU_gp_fault_addr(%rbx),%rax +- movzwl VCPU_gp_fault_sel(%rbx),%esi +- movb $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl +- movl $0,TRAPBOUNCE_error_code(%rdx) +- jmp 1b ++ jmp .Lcompat_bounce_exception + + ENTRY(compat_sysenter) + cmpl $TRAP_gp_fault,UREGS_entry_vector(%rsp) +diff -r 35248be669e7 xen/arch/x86/x86_64/entry.S +--- xen/arch/x86/x86_64/entry.S.orig Mon May 14 16:59:12 2012 +0100 ++++ xen/arch/x86/x86_64/entry.S Thu May 24 11:12:33 2012 +0100 +@@ -40,6 +40,13 @@ restore_all_guest: + testw $TRAP_syscall,4(%rsp) + jz iret_exit_to_guest + ++ /* Don't use SYSRET path if the return address is not canonical. */ ++ movq 8(%rsp),%rcx ++ sarq $47,%rcx ++ incl %ecx ++ cmpl $1,%ecx ++ ja .Lforce_iret ++ + addq $8,%rsp + popq %rcx # RIP + popq %r11 # CS +@@ -50,6 +57,10 @@ restore_all_guest: + sysretq + 1: sysretl + ++.Lforce_iret: ++ /* Mimic SYSRET behavior. */ ++ movq 8(%rsp),%rcx # RIP ++ movq 24(%rsp),%r11 # RFLAGS + ALIGN + /* No special register assumptions. */ + iret_exit_to_guest: +@@ -278,19 +289,21 @@ sysenter_eflags_saved: + leaq VCPU_trap_bounce(%rbx),%rdx + testq %rax,%rax + leal (,%rcx,TBF_INTERRUPT),%ecx +- jz 2f +-1: movq VCPU_domain(%rbx),%rdi ++UNLIKELY_START(z, sysenter_gpf) ++ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp) ++ subq $2,UREGS_rip(%rsp) ++ movl %eax,TRAPBOUNCE_error_code(%rdx) ++ movq VCPU_gp_fault_addr(%rbx),%rax ++ testb $4,VCPU_gp_fault_flags(%rbx) ++ setnz %cl ++ leal TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx ++UNLIKELY_END(sysenter_gpf) ++ movq VCPU_domain(%rbx),%rdi + movq %rax,TRAPBOUNCE_eip(%rdx) + movb %cl,TRAPBOUNCE_flags(%rdx) + testb $1,DOMAIN_is_32bit_pv(%rdi) + jnz compat_sysenter +- call create_bounce_frame +- jmp test_all_events +-2: movl %eax,TRAPBOUNCE_error_code(%rdx) +- movq VCPU_gp_fault_addr(%rbx),%rax +- movb $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl +- movl $TRAP_gp_fault,UREGS_entry_vector(%rsp) +- jmp 1b ++ jmp .Lbounce_exception + + ENTRY(int80_direct_trap) + pushq $0 +@@ -482,6 +495,7 @@ 1: movq %rsp,%rdi + jnz compat_post_handle_exception + testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx) + jz test_all_events ++.Lbounce_exception: + call create_bounce_frame + movb $0,TRAPBOUNCE_flags(%rdx) + jmp test_all_events |