1 files changed, 33 insertions, 0 deletions

diff --git a/sysutils/xenkernel42/patches/patch-CVE-2015-8339 b/sysutils/xenkernel42/patches/patch-CVE-2015-8339
new file mode 100644
index 00000000000..52cc287e465
--- /dev/null
+++ b/sysutils/xenkernel42/patches/patch-CVE-2015-8339
@@ -0,0 +1,33 @@
+$NetBSD: patch-CVE-2015-8339,v 1.1.2.2 2016/01/11 20:37:17 bsiegert Exp $
+
+Patch for CVE-2015-8339 and CVE-2015-8340 aka XSA-159, based on
+http://xenbits.xenproject.org/xsa/xsa159.patch
+
+--- xen/common/memory.c.orig
++++ xen/common/memory.c
+@@ -334,7 +334,7 @@ static long memory_exchange(XEN_GUEST_HA
+     PAGE_LIST_HEAD(out_chunk_list);
+     unsigned long in_chunk_order, out_chunk_order;
+     xen_pfn_t     gpfn, gmfn, mfn;
+-    unsigned long i, j, k = 0; /* gcc ... */
++    unsigned long i, j, k;
+     unsigned int  memflags = 0;
+     long          rc = 0;
+     struct domain *d;
+@@ -572,11 +572,12 @@ static long memory_exchange(XEN_GUEST_HA
+  fail:
+     /* Reassign any input pages we managed to steal. */
+     while ( (page = page_list_remove_head(&in_chunk_list)) )
+-    {
+-        put_gfn(d, gmfn + k--);
+         if ( assign_pages(d, page, 0, MEMF_no_refcount) )
+-            BUG();
+-    }
++        {
++            BUG_ON(!d->is_dying);
++            if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
++                put_page(page);
++        }
+ 
+  dying:
+     rcu_unlock_domain(d);