From 33cae52b1985993e354d8286818ba23d2cd5c967 Mon Sep 17 00:00:00 2001
From: tron <tron@pkgsrc.org>
Date: Wed, 20 Jun 2012 17:54:12 +0000
Subject: Pullup ticket #3837 - requested by bouyer sysutils/xenkernel41:
 security patch

Revisions pulled up:
- sysutils/xenkernel41/Makefile                                 1.7
- sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1                  deleted
- sysutils/xenkernel41/patch-xsa9-xen-4.1                       deleted
- sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1          1.1
- sysutils/xenkernel41/patches/patch-xsa9-xen-4.1               1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Tue Jun 19 20:17:07 UTC 2012

   Modified Files:
   	pkgsrc/sysutils/xenkernel41: Makefile
   Added Files:
   	pkgsrc/sysutils/xenkernel41/patches: patch-xsa7-xsa8-xen-4.1
   	    patch-xsa9-xen-4.1
   Removed Files:
   	pkgsrc/sysutils/xenkernel41: patch-xsa7-xsa8-xen-4.1 patch-xsa9-xen-4.1

   Log Message:
   Move patches to the right place. Bump PKGREVISION
---
 sysutils/xenkernel41/Makefile                      |   4 +-
 sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1       | 124 ---------------------
 sysutils/xenkernel41/patch-xsa9-xen-4.1            |  48 --------
 .../xenkernel41/patches/patch-xsa7-xsa8-xen-4.1    | 124 +++++++++++++++++++++
 sysutils/xenkernel41/patches/patch-xsa9-xen-4.1    |  48 ++++++++
 5 files changed, 174 insertions(+), 174 deletions(-)
 delete mode 100644 sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1
 delete mode 100644 sysutils/xenkernel41/patch-xsa9-xen-4.1
 create mode 100644 sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1
 create mode 100644 sysutils/xenkernel41/patches/patch-xsa9-xen-4.1

diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile
index 11839569b38..1c501f1ba56 100644
--- a/sysutils/xenkernel41/Makefile
+++ b/sysutils/xenkernel41/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.5.4.1 2012/06/13 11:06:17 tron Exp $
+# $NetBSD: Makefile,v 1.5.4.2 2012/06/20 17:54:12 tron Exp $
 #
 
 VERSION=	4.1.2
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel41-${VERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 EXTRACT_SUFX=	.tar.gz
diff --git a/sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1 b/sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1
deleted file mode 100644
index 495b2c7428d..00000000000
--- a/sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1
+++ /dev/null
@@ -1,124 +0,0 @@
-$NetBSD: patch-xsa7-xsa8-xen-4.1,v 1.1.2.2 2012/06/13 11:06:17 tron Exp $
-
-diff -r 35248be669e7 xen/arch/x86/x86_64/asm-offsets.c
---- xen/arch/x86/x86_64/asm-offsets.c.orig	Mon May 14 16:59:12 2012 +0100
-+++ xen/arch/x86/x86_64/asm-offsets.c	Thu May 24 11:12:33 2012 +0100
-@@ -90,6 +90,8 @@ void __dummy__(void)
-            arch.guest_context.trap_ctxt[TRAP_gp_fault].address);
-     OFFSET(VCPU_gp_fault_sel, struct vcpu,
-            arch.guest_context.trap_ctxt[TRAP_gp_fault].cs);
-+    OFFSET(VCPU_gp_fault_flags, struct vcpu,
-+           arch.guest_context.trap_ctxt[TRAP_gp_fault].flags);
-     OFFSET(VCPU_kernel_sp, struct vcpu, arch.guest_context.kernel_sp);
-     OFFSET(VCPU_kernel_ss, struct vcpu, arch.guest_context.kernel_ss);
-     OFFSET(VCPU_guest_context_flags, struct vcpu, arch.guest_context.flags);
-diff -r 35248be669e7 xen/arch/x86/x86_64/compat/entry.S
---- xen/arch/x86/x86_64/compat/entry.S.orig	Mon May 14 16:59:12 2012 +0100
-+++ xen/arch/x86/x86_64/compat/entry.S	Thu May 24 11:12:33 2012 +0100
-@@ -214,6 +214,7 @@ 1:      call  compat_create_bounce_frame
- ENTRY(compat_post_handle_exception)
-         testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
-         jz    compat_test_all_events
-+.Lcompat_bounce_exception:
-         call  compat_create_bounce_frame
-         movb  $0,TRAPBOUNCE_flags(%rdx)
-         jmp   compat_test_all_events
-@@ -226,19 +227,20 @@ ENTRY(compat_syscall)
-         leaq  VCPU_trap_bounce(%rbx),%rdx
-         testl $~3,%esi
-         leal  (,%rcx,TBF_INTERRUPT),%ecx
--        jz    2f
--1:      movq  %rax,TRAPBOUNCE_eip(%rdx)
-+UNLIKELY_START(z, compat_syscall_gpf)
-+        movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
-+        subl  $2,UREGS_rip(%rsp)
-+        movl  $0,TRAPBOUNCE_error_code(%rdx)
-+        movl  VCPU_gp_fault_addr(%rbx),%eax
-+        movzwl VCPU_gp_fault_sel(%rbx),%esi
-+        testb $4,VCPU_gp_fault_flags(%rbx)
-+        setnz %cl
-+        leal  TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
-+UNLIKELY_END(compat_syscall_gpf)
-+        movq  %rax,TRAPBOUNCE_eip(%rdx)
-         movw  %si,TRAPBOUNCE_cs(%rdx)
-         movb  %cl,TRAPBOUNCE_flags(%rdx)
--        call  compat_create_bounce_frame
--        jmp   compat_test_all_events
--2:      movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
--        subl  $2,UREGS_rip(%rsp)
--        movq  VCPU_gp_fault_addr(%rbx),%rax
--        movzwl VCPU_gp_fault_sel(%rbx),%esi
--        movb  $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
--        movl  $0,TRAPBOUNCE_error_code(%rdx)
--        jmp   1b
-+        jmp   .Lcompat_bounce_exception
- 
- ENTRY(compat_sysenter)
-         cmpl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
-diff -r 35248be669e7 xen/arch/x86/x86_64/entry.S
---- xen/arch/x86/x86_64/entry.S.orig	Mon May 14 16:59:12 2012 +0100
-+++ xen/arch/x86/x86_64/entry.S	Thu May 24 11:12:33 2012 +0100
-@@ -40,6 +40,13 @@ restore_all_guest:
-         testw $TRAP_syscall,4(%rsp)
-         jz    iret_exit_to_guest
- 
-+        /* Don't use SYSRET path if the return address is not canonical. */
-+        movq  8(%rsp),%rcx
-+        sarq  $47,%rcx
-+        incl  %ecx
-+        cmpl  $1,%ecx
-+        ja    .Lforce_iret
-+
-         addq  $8,%rsp
-         popq  %rcx                    # RIP
-         popq  %r11                    # CS
-@@ -50,6 +57,10 @@ restore_all_guest:
-         sysretq
- 1:      sysretl
- 
-+.Lforce_iret:
-+        /* Mimic SYSRET behavior. */
-+        movq  8(%rsp),%rcx            # RIP
-+        movq  24(%rsp),%r11           # RFLAGS
-         ALIGN
- /* No special register assumptions. */
- iret_exit_to_guest:
-@@ -278,19 +289,21 @@ sysenter_eflags_saved:
-         leaq  VCPU_trap_bounce(%rbx),%rdx
-         testq %rax,%rax
-         leal  (,%rcx,TBF_INTERRUPT),%ecx
--        jz    2f
--1:      movq  VCPU_domain(%rbx),%rdi
-+UNLIKELY_START(z, sysenter_gpf)
-+        movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
-+        subq  $2,UREGS_rip(%rsp)
-+        movl  %eax,TRAPBOUNCE_error_code(%rdx)
-+        movq  VCPU_gp_fault_addr(%rbx),%rax
-+        testb $4,VCPU_gp_fault_flags(%rbx)
-+        setnz %cl
-+        leal  TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
-+UNLIKELY_END(sysenter_gpf)
-+        movq  VCPU_domain(%rbx),%rdi
-         movq  %rax,TRAPBOUNCE_eip(%rdx)
-         movb  %cl,TRAPBOUNCE_flags(%rdx)
-         testb $1,DOMAIN_is_32bit_pv(%rdi)
-         jnz   compat_sysenter
--        call  create_bounce_frame
--        jmp   test_all_events
--2:      movl  %eax,TRAPBOUNCE_error_code(%rdx)
--        movq  VCPU_gp_fault_addr(%rbx),%rax
--        movb  $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
--        movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
--        jmp   1b
-+        jmp   .Lbounce_exception
- 
- ENTRY(int80_direct_trap)
-         pushq $0
-@@ -482,6 +495,7 @@ 1:      movq  %rsp,%rdi
-         jnz   compat_post_handle_exception
-         testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
-         jz    test_all_events
-+.Lbounce_exception:
-         call  create_bounce_frame
-         movb  $0,TRAPBOUNCE_flags(%rdx)
-         jmp   test_all_events
diff --git a/sysutils/xenkernel41/patch-xsa9-xen-4.1 b/sysutils/xenkernel41/patch-xsa9-xen-4.1
deleted file mode 100644
index bbbc2521994..00000000000
--- a/sysutils/xenkernel41/patch-xsa9-xen-4.1
+++ /dev/null
@@ -1,48 +0,0 @@
-$NetBSD: patch-xsa9-xen-4.1,v 1.1.2.2 2012/06/13 11:06:17 tron Exp $
-
-x86-64: detect processors subject to AMD erratum #121 and refuse to boot
-
-Processors with this erratum are subject to a DoS attack by unprivileged
-guest users.
-
-This is XSA-9 / CVE-2006-0744.
-
-Signed-off-by: Jan Beulich <JBeulich@suse.com>
-Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
-
---- xen/arch/x86/cpu/amd.c.orig
-+++ xen/arch/x86/cpu/amd.c
-@@ -32,6 +32,9 @@
- static char opt_famrev[14];
- string_param("cpuid_mask_cpu", opt_famrev);
- 
-+static int opt_allow_unsafe;
-+boolean_param("allow_unsafe", opt_allow_unsafe);
-+
- static inline void wrmsr_amd(unsigned int index, unsigned int lo, 
- 		unsigned int hi)
- {
-@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp
- 		clear_bit(X86_FEATURE_MCE, c->x86_capability);
- 
- #ifdef __x86_64__
-+	if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
-+		panic("Xen will not boot on this CPU for security reasons.\n"
-+		      "Pass \"allow_unsafe\" if you're trusting all your"
-+		      " (PV) guest kernels.\n");
-+
- 	/* AMD CPUs do not support SYSENTER outside of legacy mode. */
- 	clear_bit(X86_FEATURE_SEP, c->x86_capability);
- 
---- xen/include/asm-x86/amd.h.orig
-+++ xen/include/asm-x86/amd.h
-@@ -127,6 +127,9 @@
- #define AMD_MODEL_RANGE_START(range)    (((range) >> 12) & 0xfff)
- #define AMD_MODEL_RANGE_END(range)      ((range) & 0xfff)
- 
-+#define AMD_ERRATUM_121                                                 \
-+    AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf))
-+
- #define AMD_ERRATUM_170                                                 \
-     AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf))
- 
diff --git a/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 b/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1
new file mode 100644
index 00000000000..37eafe35f74
--- /dev/null
+++ b/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1
@@ -0,0 +1,124 @@
+$NetBSD: patch-xsa7-xsa8-xen-4.1,v 1.1.2.2 2012/06/20 17:54:12 tron Exp $
+
+diff -r 35248be669e7 xen/arch/x86/x86_64/asm-offsets.c
+--- xen/arch/x86/x86_64/asm-offsets.c.orig	Mon May 14 16:59:12 2012 +0100
++++ xen/arch/x86/x86_64/asm-offsets.c	Thu May 24 11:12:33 2012 +0100
+@@ -90,6 +90,8 @@ void __dummy__(void)
+            arch.guest_context.trap_ctxt[TRAP_gp_fault].address);
+     OFFSET(VCPU_gp_fault_sel, struct vcpu,
+            arch.guest_context.trap_ctxt[TRAP_gp_fault].cs);
++    OFFSET(VCPU_gp_fault_flags, struct vcpu,
++           arch.guest_context.trap_ctxt[TRAP_gp_fault].flags);
+     OFFSET(VCPU_kernel_sp, struct vcpu, arch.guest_context.kernel_sp);
+     OFFSET(VCPU_kernel_ss, struct vcpu, arch.guest_context.kernel_ss);
+     OFFSET(VCPU_guest_context_flags, struct vcpu, arch.guest_context.flags);
+diff -r 35248be669e7 xen/arch/x86/x86_64/compat/entry.S
+--- xen/arch/x86/x86_64/compat/entry.S.orig	Mon May 14 16:59:12 2012 +0100
++++ xen/arch/x86/x86_64/compat/entry.S	Thu May 24 11:12:33 2012 +0100
+@@ -214,6 +214,7 @@ 1:      call  compat_create_bounce_frame
+ ENTRY(compat_post_handle_exception)
+         testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
+         jz    compat_test_all_events
++.Lcompat_bounce_exception:
+         call  compat_create_bounce_frame
+         movb  $0,TRAPBOUNCE_flags(%rdx)
+         jmp   compat_test_all_events
+@@ -226,19 +227,20 @@ ENTRY(compat_syscall)
+         leaq  VCPU_trap_bounce(%rbx),%rdx
+         testl $~3,%esi
+         leal  (,%rcx,TBF_INTERRUPT),%ecx
+-        jz    2f
+-1:      movq  %rax,TRAPBOUNCE_eip(%rdx)
++UNLIKELY_START(z, compat_syscall_gpf)
++        movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
++        subl  $2,UREGS_rip(%rsp)
++        movl  $0,TRAPBOUNCE_error_code(%rdx)
++        movl  VCPU_gp_fault_addr(%rbx),%eax
++        movzwl VCPU_gp_fault_sel(%rbx),%esi
++        testb $4,VCPU_gp_fault_flags(%rbx)
++        setnz %cl
++        leal  TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
++UNLIKELY_END(compat_syscall_gpf)
++        movq  %rax,TRAPBOUNCE_eip(%rdx)
+         movw  %si,TRAPBOUNCE_cs(%rdx)
+         movb  %cl,TRAPBOUNCE_flags(%rdx)
+-        call  compat_create_bounce_frame
+-        jmp   compat_test_all_events
+-2:      movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+-        subl  $2,UREGS_rip(%rsp)
+-        movq  VCPU_gp_fault_addr(%rbx),%rax
+-        movzwl VCPU_gp_fault_sel(%rbx),%esi
+-        movb  $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
+-        movl  $0,TRAPBOUNCE_error_code(%rdx)
+-        jmp   1b
++        jmp   .Lcompat_bounce_exception
+ 
+ ENTRY(compat_sysenter)
+         cmpl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+diff -r 35248be669e7 xen/arch/x86/x86_64/entry.S
+--- xen/arch/x86/x86_64/entry.S.orig	Mon May 14 16:59:12 2012 +0100
++++ xen/arch/x86/x86_64/entry.S	Thu May 24 11:12:33 2012 +0100
+@@ -40,6 +40,13 @@ restore_all_guest:
+         testw $TRAP_syscall,4(%rsp)
+         jz    iret_exit_to_guest
+ 
++        /* Don't use SYSRET path if the return address is not canonical. */
++        movq  8(%rsp),%rcx
++        sarq  $47,%rcx
++        incl  %ecx
++        cmpl  $1,%ecx
++        ja    .Lforce_iret
++
+         addq  $8,%rsp
+         popq  %rcx                    # RIP
+         popq  %r11                    # CS
+@@ -50,6 +57,10 @@ restore_all_guest:
+         sysretq
+ 1:      sysretl
+ 
++.Lforce_iret:
++        /* Mimic SYSRET behavior. */
++        movq  8(%rsp),%rcx            # RIP
++        movq  24(%rsp),%r11           # RFLAGS
+         ALIGN
+ /* No special register assumptions. */
+ iret_exit_to_guest:
+@@ -278,19 +289,21 @@ sysenter_eflags_saved:
+         leaq  VCPU_trap_bounce(%rbx),%rdx
+         testq %rax,%rax
+         leal  (,%rcx,TBF_INTERRUPT),%ecx
+-        jz    2f
+-1:      movq  VCPU_domain(%rbx),%rdi
++UNLIKELY_START(z, sysenter_gpf)
++        movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
++        subq  $2,UREGS_rip(%rsp)
++        movl  %eax,TRAPBOUNCE_error_code(%rdx)
++        movq  VCPU_gp_fault_addr(%rbx),%rax
++        testb $4,VCPU_gp_fault_flags(%rbx)
++        setnz %cl
++        leal  TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
++UNLIKELY_END(sysenter_gpf)
++        movq  VCPU_domain(%rbx),%rdi
+         movq  %rax,TRAPBOUNCE_eip(%rdx)
+         movb  %cl,TRAPBOUNCE_flags(%rdx)
+         testb $1,DOMAIN_is_32bit_pv(%rdi)
+         jnz   compat_sysenter
+-        call  create_bounce_frame
+-        jmp   test_all_events
+-2:      movl  %eax,TRAPBOUNCE_error_code(%rdx)
+-        movq  VCPU_gp_fault_addr(%rbx),%rax
+-        movb  $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
+-        movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+-        jmp   1b
++        jmp   .Lbounce_exception
+ 
+ ENTRY(int80_direct_trap)
+         pushq $0
+@@ -482,6 +495,7 @@ 1:      movq  %rsp,%rdi
+         jnz   compat_post_handle_exception
+         testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
+         jz    test_all_events
++.Lbounce_exception:
+         call  create_bounce_frame
+         movb  $0,TRAPBOUNCE_flags(%rdx)
+         jmp   test_all_events
diff --git a/sysutils/xenkernel41/patches/patch-xsa9-xen-4.1 b/sysutils/xenkernel41/patches/patch-xsa9-xen-4.1
new file mode 100644
index 00000000000..caa8117c6b2
--- /dev/null
+++ b/sysutils/xenkernel41/patches/patch-xsa9-xen-4.1
@@ -0,0 +1,48 @@
+$NetBSD: patch-xsa9-xen-4.1,v 1.1.2.2 2012/06/20 17:54:12 tron Exp $
+
+x86-64: detect processors subject to AMD erratum #121 and refuse to boot
+
+Processors with this erratum are subject to a DoS attack by unprivileged
+guest users.
+
+This is XSA-9 / CVE-2006-0744.
+
+Signed-off-by: Jan Beulich <JBeulich@suse.com>
+Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
+
+--- xen/arch/x86/cpu/amd.c.orig
++++ xen/arch/x86/cpu/amd.c
+@@ -32,6 +32,9 @@
+ static char opt_famrev[14];
+ string_param("cpuid_mask_cpu", opt_famrev);
+ 
++static int opt_allow_unsafe;
++boolean_param("allow_unsafe", opt_allow_unsafe);
++
+ static inline void wrmsr_amd(unsigned int index, unsigned int lo, 
+ 		unsigned int hi)
+ {
+@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp
+ 		clear_bit(X86_FEATURE_MCE, c->x86_capability);
+ 
+ #ifdef __x86_64__
++	if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
++		panic("Xen will not boot on this CPU for security reasons.\n"
++		      "Pass \"allow_unsafe\" if you're trusting all your"
++		      " (PV) guest kernels.\n");
++
+ 	/* AMD CPUs do not support SYSENTER outside of legacy mode. */
+ 	clear_bit(X86_FEATURE_SEP, c->x86_capability);
+ 
+--- xen/include/asm-x86/amd.h.orig
++++ xen/include/asm-x86/amd.h
+@@ -127,6 +127,9 @@
+ #define AMD_MODEL_RANGE_START(range)    (((range) >> 12) & 0xfff)
+ #define AMD_MODEL_RANGE_END(range)      ((range) & 0xfff)
+ 
++#define AMD_ERRATUM_121                                                 \
++    AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf))
++
+ #define AMD_ERRATUM_170                                                 \
+     AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf))
+ 
-- 
cgit v1.2.3