Add patches from upstream fixing XSA-202 and XSA-203

Bump PKGREVISION

4 files changed, 101 insertions, 3 deletions

diff --git a/sysutils/xenkernel46/Makefile b/sysutils/xenkernel46/Makefile
index b1d259710af..a2601156f9c 100644
--- a/sysutils/xenkernel46/Makefile
+++ b/sysutils/xenkernel46/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2016/12/20 18:15:10 gdt Exp $
+# $NetBSD: Makefile,v 1.7 2016/12/21 15:36:39 bouyer Exp $
 
 VERSION=	4.6.3
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel46-${VERSION}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff --git a/sysutils/xenkernel46/distinfo b/sysutils/xenkernel46/distinfo
index 7f29e20354d..41f53b98f5c 100644
--- a/sysutils/xenkernel46/distinfo
+++ b/sysutils/xenkernel46/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2016/12/20 10:22:28 bouyer Exp $
+$NetBSD: distinfo,v 1.5 2016/12/21 15:36:39 bouyer Exp $
 
 SHA1 (xen-4.6.3.tar.gz) = 2aa59d0a05a6c5ac7f336f2069c66a54f95c4349
 RMD160 (xen-4.6.3.tar.gz) = 2798bd888ee001a4829165e55feb705a86af4f74
@@ -17,6 +17,8 @@ SHA1 (patch-XSA-195) = 0a44b7deda6a17c88e9d1858eeb7c33b0ebaf3f7
 SHA1 (patch-XSA-196-1) = bdcd7673443fbf59aeff8ad019ffbe39758fcaee
 SHA1 (patch-XSA-196-2) = 81b1d46f3ec8a3c5133f6a923fee0ab1b2b1c6a0
 SHA1 (patch-XSA-200) = 37254653e3f9016de0440047465fddce7e9b1874
+SHA1 (patch-XSA-202) = 52cb1da3bb078f6b7574f606b8c9cacdf24f6518
+SHA1 (patch-XSA-203) = 43310c4e95e0070a24e6a847502e057b9e0eefe9
 SHA1 (patch-XSA-204) = 05defb8d99976a712024d35a81f4dde5627107d9
 SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b
 SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154
diff --git a/sysutils/xenkernel46/patches/patch-XSA-202 b/sysutils/xenkernel46/patches/patch-XSA-202
new file mode 100644
index 00000000000..2bb8bae74ee
--- /dev/null
+++ b/sysutils/xenkernel46/patches/patch-XSA-202
@@ -0,0 +1,75 @@
+$NetBSD: patch-XSA-202,v 1.1 2016/12/21 15:36:39 bouyer Exp $
+
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86: force EFLAGS.IF on when exiting to PV guests
+
+Guest kernels modifying instructions in the process of being emulated
+for another of their vCPU-s may effect EFLAGS.IF to be cleared upon
+next exiting to guest context, by converting the being emulated
+instruction to CLI (at the right point in time). Prevent any such bad
+effects by always forcing EFLAGS.IF on. And to cover hypothetical other
+similar issues, also force EFLAGS.{IOPL,NT,VM} to zero.
+
+This is XSA-202.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/arch/x86/x86_64/compat/entry.S.orig
++++ xen/arch/x86/x86_64/compat/entry.S
+@@ -174,6 +174,8 @@ compat_bad_hypercall:
+ /* %rbx: struct vcpu, interrupts disabled */
+ ENTRY(compat_restore_all_guest)
+         ASSERT_INTERRUPTS_DISABLED
++        mov   $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11d
++        and   UREGS_eflags(%rsp),%r11d
+ .Lcr4_orig:
+         .skip .Lcr4_alt_end - .Lcr4_alt, 0x90
+ .Lcr4_orig_end:
+@@ -209,6 +211,8 @@ ENTRY(compat_restore_all_guest)
+                              (.Lcr4_orig_end - .Lcr4_orig), \
+                              (.Lcr4_alt_end - .Lcr4_alt)
+         .popsection
++        or    $X86_EFLAGS_IF,%r11
++        mov   %r11d,UREGS_eflags(%rsp)
+         RESTORE_ALL adj=8 compat=1
+ .Lft0:  iretq
+ 
+--- xen/arch/x86/x86_64/entry.S.orig
++++ xen/arch/x86/x86_64/entry.S
+@@ -40,28 +40,29 @@ restore_all_guest:
+         testw $TRAP_syscall,4(%rsp)
+         jz    iret_exit_to_guest
+ 
++        movq  24(%rsp),%r11           # RFLAGS
++        andq  $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11
++        orq   $X86_EFLAGS_IF,%r11
++
+         /* Don't use SYSRET path if the return address is not canonical. */
+         movq  8(%rsp),%rcx
+         sarq  $47,%rcx
+         incl  %ecx
+         cmpl  $1,%ecx
+-        ja    .Lforce_iret
++        movq  8(%rsp),%rcx            # RIP
++        ja    iret_exit_to_guest
+ 
+         cmpw  $FLAT_USER_CS32,16(%rsp)# CS
+-        movq  8(%rsp),%rcx            # RIP
+-        movq  24(%rsp),%r11           # RFLAGS
+         movq  32(%rsp),%rsp           # RSP
+         je    1f
+         sysretq
+ 1:      sysretl
+ 
+-.Lforce_iret:
+-        /* Mimic SYSRET behavior. */
+-        movq  8(%rsp),%rcx            # RIP
+-        movq  24(%rsp),%r11           # RFLAGS
+         ALIGN
+ /* No special register assumptions. */
+ iret_exit_to_guest:
++        andl  $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),24(%rsp)
++        orl   $X86_EFLAGS_IF,24(%rsp)
+         addq  $8,%rsp
+ .Lft0:  iretq
+ 
diff --git a/sysutils/xenkernel46/patches/patch-XSA-203 b/sysutils/xenkernel46/patches/patch-XSA-203
new file mode 100644
index 00000000000..5e739fbdd18
--- /dev/null
+++ b/sysutils/xenkernel46/patches/patch-XSA-203
@@ -0,0 +1,21 @@
+$NetBSD: patch-XSA-203,v 1.1 2016/12/21 15:36:39 bouyer Exp $
+
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/HVM: add missing NULL check before using VMFUNC hook
+
+This is XSA-203.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- xen/arch/x86/hvm/emulate.c.orig
++++ xen/arch/x86/hvm/emulate.c
+@@ -1643,6 +1643,8 @@ static int hvmemul_vmfunc(
+ {
+     int rc;
+ 
++    if ( !hvm_funcs.altp2m_vcpu_emulate_vmfunc )
++        return X86EMUL_UNHANDLEABLE;
+     rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(ctxt->regs);
+     if ( rc != X86EMUL_OKAY )
+         hvmemul_inject_hw_exception(TRAP_invalid_op, 0, ctxt);