diff options
| author | bouyer <bouyer@pkgsrc.org> | 2016-12-21 15:35:44 +0000 |
|---|---|---|
| committer | bouyer <bouyer@pkgsrc.org> | 2016-12-21 15:35:44 +0000 |
| commit | 0b833e5b4af9e0a81faeda16f126831090eaabe4 (patch) | |
| tree | 9225738d80a9c3916f6125adc001627924b841d8 /sysutils/xenkernel42 | |
| parent | 66e0884d1c7e284941ec2bdf7b1da57b61c8e9ea (diff) | |
| download | pkgsrc-0b833e5b4af9e0a81faeda16f126831090eaabe4.tar.gz | |
Apply patch backported from upstream, fixing XSA-202
Bump PKGREVISION
Diffstat (limited to 'sysutils/xenkernel42')
| -rw-r--r-- | sysutils/xenkernel42/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel42/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/xenkernel42/patches/patch-XSA-202 | 69 |
3 files changed, 73 insertions, 3 deletions
diff --git a/sysutils/xenkernel42/Makefile b/sysutils/xenkernel42/Makefile index e4f065a0812..f77aaab99c4 100644 --- a/sysutils/xenkernel42/Makefile +++ b/sysutils/xenkernel42/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.25 2016/12/20 10:22:28 bouyer Exp $ +# $NetBSD: Makefile,v 1.26 2016/12/21 15:35:44 bouyer Exp $ VERSION= 4.2.5 DISTNAME= xen-${VERSION} PKGNAME= xenkernel42-${VERSION} -PKGREVISION= 14 +PKGREVISION= 15 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel42/distinfo b/sysutils/xenkernel42/distinfo index 8471467ea4c..67f8ec3c58b 100644 --- a/sysutils/xenkernel42/distinfo +++ b/sysutils/xenkernel42/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2016/12/20 10:22:28 bouyer Exp $ +$NetBSD: distinfo,v 1.25 2016/12/21 15:35:44 bouyer Exp $ SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 @@ -34,6 +34,7 @@ SHA1 (patch-XSA-191) = 7a5e2e78c457c5922e2ccd711f2a39afba238e40 SHA1 (patch-XSA-192) = f95757227ece59a2f320308edefcf01f1a96212c SHA1 (patch-XSA-195) = bb20234c4db0dc098ea47564732e87710bfcb9d8 SHA1 (patch-XSA-200) = 2f615fa9c4ac43fc98f6c897acb5ee7e4651a668 +SHA1 (patch-XSA-202) = 0effaf281f31d7dadbd9c02cb51b1d29dd0014f9 SHA1 (patch-XSA-204) = f6a59adf3cbd0aab59ccf233240a6b4e9ee2913b SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 diff --git a/sysutils/xenkernel42/patches/patch-XSA-202 b/sysutils/xenkernel42/patches/patch-XSA-202 new file mode 100644 index 00000000000..c3d8ff36a84 --- /dev/null +++ b/sysutils/xenkernel42/patches/patch-XSA-202 @@ -0,0 +1,69 @@ +$NetBSD: patch-XSA-202,v 1.1 2016/12/21 15:35:44 bouyer Exp $ + +From: Jan Beulich <jbeulich@suse.com> +Subject: x86: force EFLAGS.IF on when exiting to PV guests + +Guest kernels modifying instructions in the process of being emulated +for another of their vCPU-s may effect EFLAGS.IF to be cleared upon +next exiting to guest context, by converting the being emulated +instruction to CLI (at the right point in time). Prevent any such bad +effects by always forcing EFLAGS.IF on. And to cover hypothetical other +similar issues, also force EFLAGS.{IOPL,NT,VM} to zero. + +This is XSA-202. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + + +--- xen/arch/x86/x86_64/entry.S.orig ++++ xen/arch/x86/x86_64/entry.S +@@ -41,28 +41,29 @@ restore_all_guest: + testw $TRAP_syscall,4(%rsp) + jz iret_exit_to_guest + ++ movq 24(%rsp),%r11 # RFLAGS ++ andq $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11 ++ orq $X86_EFLAGS_IF,%r11 ++ + /* Don't use SYSRET path if the return address is not canonical. */ + movq 8(%rsp),%rcx + sarq $47,%rcx + incl %ecx + cmpl $1,%ecx +- ja .Lforce_iret ++ movq 8(%rsp),%rcx # RIP ++ ja iret_exit_to_guest + + cmpw $FLAT_USER_CS32,16(%rsp)# CS +- movq 8(%rsp),%rcx # RIP +- movq 24(%rsp),%r11 # RFLAGS + movq 32(%rsp),%rsp # RSP + je 1f + sysretq + 1: sysretl + +-.Lforce_iret: +- /* Mimic SYSRET behavior. */ +- movq 8(%rsp),%rcx # RIP +- movq 24(%rsp),%r11 # RFLAGS + ALIGN + /* No special register assumptions. */ + iret_exit_to_guest: ++ andl $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),24(%rsp) ++ orl $X86_EFLAGS_IF,24(%rsp) + addq $8,%rsp + .Lft0: iretq + +--- xen/arch/x86/x86_64/compat/entry.S.orig 2014-09-02 08:22:57.000000000 +0200 ++++ xen/arch/x86/x86_64/compat/entry.S 2016-12-21 13:23:21.000000000 +0100 +@@ -173,6 +173,10 @@ + /* %rbx: struct vcpu, interrupts disabled */ + ENTRY(compat_restore_all_guest) + ASSERT_INTERRUPTS_DISABLED ++ mov $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11d ++ and UREGS_eflags(%rsp),%r11d ++ or $X86_EFLAGS_IF,%r11 ++ mov %r11d,UREGS_eflags(%rsp) + RESTORE_ALL + addq $8,%rsp + .Lft0: iretq |