pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils apply fixes from upstream for
details: https://anonhg.NetBSD.org/pkgsrc/rev/2788c0c50112
branches: trunk
changeset: 650173:2788c0c50112
user: spz <spz%pkgsrc.org@localhost>
date: Sun Apr 19 13:13:20 2015 +0000
description:
apply fixes from upstream for
XSA-125 Long latency MMIO mapping operations are not preemptible
XSA-126 Unmediated PCI command register access in qemu
diffstat:
sysutils/xenkernel41/Makefile | 4 +-
sysutils/xenkernel41/distinfo | 4 +-
sysutils/xenkernel41/patches/patch-CVE-2015-2752 | 108 +++++++++
sysutils/xenkernel41/patches/patch-CVE-2015-2756 | 142 ++++++++++++
sysutils/xenkernel42/Makefile | 4 +-
sysutils/xenkernel42/distinfo | 4 +-
sysutils/xenkernel42/patches/patch-CVE-2015-2752 | 108 +++++++++
sysutils/xenkernel42/patches/patch-CVE-2015-2756 | 142 ++++++++++++
sysutils/xenkernel45/Makefile | 4 +-
sysutils/xenkernel45/distinfo | 4 +-
sysutils/xenkernel45/patches/patch-CVE-2015-2752 | 97 ++++++++
sysutils/xenkernel45/patches/patch-CVE-2015-2756 | 260 +++++++++++++++++++++++
sysutils/xentools41/Makefile | 4 +-
sysutils/xentools41/distinfo | 4 +-
sysutils/xentools41/patches/patch-CVE-2015-2752 | 83 +++++++
sysutils/xentools41/patches/patch-CVE-2015-2756 | 142 ++++++++++++
sysutils/xentools42/Makefile | 4 +-
sysutils/xentools42/distinfo | 4 +-
sysutils/xentools42/patches/patch-CVE-2015-2752 | 83 +++++++
sysutils/xentools42/patches/patch-CVE-2015-2756 | 142 ++++++++++++
sysutils/xentools45/Makefile | 4 +-
sysutils/xentools45/distinfo | 4 +-
sysutils/xentools45/patches/patch-CVE-2015-2752 | 72 ++++++
sysutils/xentools45/patches/patch-CVE-2015-2756 | 260 +++++++++++++++++++++++
24 files changed, 1669 insertions(+), 18 deletions(-)
diffs (truncated from 1891 to 300 lines):
diff -r f5a15d6a5f7a -r 2788c0c50112 sysutils/xenkernel41/Makefile
--- a/sysutils/xenkernel41/Makefile Sun Apr 19 12:51:36 2015 +0000
+++ b/sysutils/xenkernel41/Makefile Sun Apr 19 13:13:20 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.44 2015/03/10 20:27:16 spz Exp $
+# $NetBSD: Makefile,v 1.45 2015/04/19 13:13:20 spz Exp $
VERSION= 4.1.6.1
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel41-${VERSION}
-PKGREVISION= 15
+PKGREVISION= 16
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff -r f5a15d6a5f7a -r 2788c0c50112 sysutils/xenkernel41/distinfo
--- a/sysutils/xenkernel41/distinfo Sun Apr 19 12:51:36 2015 +0000
+++ b/sysutils/xenkernel41/distinfo Sun Apr 19 13:13:20 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2015/03/10 20:27:16 spz Exp $
+$NetBSD: distinfo,v 1.36 2015/04/19 13:13:20 spz Exp $
SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
@@ -28,6 +28,8 @@
SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60
SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7
SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c
+SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087
+SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98
SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b
SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
diff -r f5a15d6a5f7a -r 2788c0c50112 sysutils/xenkernel41/patches/patch-CVE-2015-2752
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel41/patches/patch-CVE-2015-2752 Sun Apr 19 13:13:20 2015 +0000
@@ -0,0 +1,108 @@
+$NetBSD: patch-CVE-2015-2752,v 1.1 2015/04/19 13:13:20 spz Exp $
+
+Patch for CVE-2015-2752 aka XSA-125 from
+http://xenbits.xenproject.org/xsa/xsa125-4.2.patch
+
+--- tools/libxc/xc_domain.c.orig 2013-09-10 06:42:18.000000000 +0000
++++ tools/libxc/xc_domain.c
+@@ -1322,6 +1322,13 @@ int xc_domain_bind_pt_isa_irq(
+ PT_IRQ_TYPE_ISA, 0, 0, 0, machine_irq));
+ }
+
++#ifndef min
++#define min(X, Y) ({ \
++ const typeof (X) _x = (X); \
++ const typeof (Y) _y = (Y); \
++ (void) (&_x == &_y); \
++ (_x < _y) ? _x : _y; })
++#endif
+ int xc_domain_memory_mapping(
+ xc_interface *xch,
+ uint32_t domid,
+@@ -1331,17 +1338,55 @@ int xc_domain_memory_mapping(
+ uint32_t add_mapping)
+ {
+ DECLARE_DOMCTL;
++ int ret = 0, err;
++ unsigned long done = 0, nr, max_batch_sz;
++
++ if ( !nr_mfns )
++ return 0;
+
+ domctl.cmd = XEN_DOMCTL_memory_mapping;
+ domctl.domain = domid;
+- domctl.u.memory_mapping.first_gfn = first_gfn;
+- domctl.u.memory_mapping.first_mfn = first_mfn;
+- domctl.u.memory_mapping.nr_mfns = nr_mfns;
+ domctl.u.memory_mapping.add_mapping = add_mapping;
++ max_batch_sz = nr_mfns;
++ do
++ {
++ nr = min(nr_mfns - done, max_batch_sz);
++ domctl.u.memory_mapping.nr_mfns = nr;
++ domctl.u.memory_mapping.first_gfn = first_gfn + done;
++ domctl.u.memory_mapping.first_mfn = first_mfn + done;
++ err = do_domctl(xch, &domctl);
++ if ( err && errno == E2BIG )
++ {
++ if ( max_batch_sz <= 1 )
++ break;
++ max_batch_sz >>= 1;
++ continue;
++ }
++ /* Save the first error... */
++ if ( !ret )
++ ret = err;
++ /* .. and ignore the rest of them when removing. */
++ if ( err && add_mapping != DPCI_REMOVE_MAPPING )
++ break;
++
++ done += nr;
++ } while ( done < nr_mfns );
++
++ /*
++ * Undo what we have done unless unmapping, by unmapping the entire region.
++ * Errors here are ignored.
++ */
++ if ( ret && add_mapping != DPCI_REMOVE_MAPPING )
++ xc_domain_memory_mapping(xch, domid, first_gfn, first_mfn, nr_mfns,
++ DPCI_REMOVE_MAPPING);
++
++ /* We might get E2BIG so many times that we never advance. */
++ if ( !done && !ret )
++ ret = -1;
+
+- return do_domctl(xch, &domctl);
++ return ret;
+ }
+-
++#undef min
+ int xc_domain_ioport_mapping(
+ xc_interface *xch,
+ uint32_t domid,
+
+--- xen/arch/x86/domctl.c.orig 2015-04-19 10:54:27.000000000 +0000
++++ xen/arch/x86/domctl.c
+@@ -998,6 +998,11 @@ long arch_do_domctl(
+ (gfn + nr_mfns - 1) < gfn ) /* wrap? */
+ break;
+
++ ret = -E2BIG;
++ /* Must break hypercall up as this could take a while. */
++ if ( nr_mfns > 64 )
++ break;
++
+ ret = -EPERM;
+ if ( !IS_PRIV(current->domain) &&
+ !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) )
+
+--- xen/include/public/domctl.h.orig 2013-09-10 06:42:18.000000000 +0000
++++ xen/include/public/domctl.h
+@@ -505,6 +505,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_domctl_bind_
+
+
+ /* Bind machine I/O address range -> HVM address range. */
++/* If this returns -E2BIG lower nr_mfns value. */
+ /* XEN_DOMCTL_memory_mapping */
+ #define DPCI_ADD_MAPPING 1
+ #define DPCI_REMOVE_MAPPING 0
diff -r f5a15d6a5f7a -r 2788c0c50112 sysutils/xenkernel41/patches/patch-CVE-2015-2756
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel41/patches/patch-CVE-2015-2756 Sun Apr 19 13:13:20 2015 +0000
@@ -0,0 +1,142 @@
+$NetBSD: patch-CVE-2015-2756,v 1.1 2015/04/19 13:13:20 spz Exp $
+
+patch for CVE-2015-2756 aka XSA-126 from
+http://xenbits.xenproject.org/xsa/xsa126-qemut.patch
+
+--- tools/ioemu-qemu-xen/hw/pass-through.c.orig 2013-07-17 10:59:40.000000000 +0000
++++ tools/ioemu-qemu-xen/hw/pass-through.c
+@@ -171,9 +171,6 @@ static int pt_word_reg_read(struct pt_de
+ static int pt_long_reg_read(struct pt_dev *ptdev,
+ struct pt_reg_tbl *cfg_entry,
+ uint32_t *value, uint32_t valid_mask);
+-static int pt_cmd_reg_read(struct pt_dev *ptdev,
+- struct pt_reg_tbl *cfg_entry,
+- uint16_t *value, uint16_t valid_mask);
+ static int pt_bar_reg_read(struct pt_dev *ptdev,
+ struct pt_reg_tbl *cfg_entry,
+ uint32_t *value, uint32_t valid_mask);
+@@ -277,9 +274,9 @@ static struct pt_reg_info_tbl pt_emu_reg
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xF880,
+- .emu_mask = 0x0740,
++ .emu_mask = 0x0743,
+ .init = pt_common_reg_init,
+- .u.w.read = pt_cmd_reg_read,
++ .u.w.read = pt_word_reg_read,
+ .u.w.write = pt_cmd_reg_write,
+ .u.w.restore = pt_cmd_reg_restore,
+ },
+@@ -1865,7 +1862,7 @@ static int pt_dev_is_virtfn(struct pci_d
+ return rc;
+ }
+
+-static int pt_register_regions(struct pt_dev *assigned_device)
++static int pt_register_regions(struct pt_dev *assigned_device, uint16_t *cmd)
+ {
+ int i = 0;
+ uint32_t bar_data = 0;
+@@ -1885,17 +1882,26 @@ static int pt_register_regions(struct pt
+
+ /* Register current region */
+ if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_IO )
++ {
+ pci_register_io_region((PCIDevice *)assigned_device, i,
+ (uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_IO,
+ pt_ioport_map);
++ *cmd |= PCI_COMMAND_IO;
++ }
+ else if ( pci_dev->base_addr[i] & PCI_ADDRESS_SPACE_MEM_PREFETCH )
++ {
+ pci_register_io_region((PCIDevice *)assigned_device, i,
+ (uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM_PREFETCH,
+ pt_iomem_map);
++ *cmd |= PCI_COMMAND_MEMORY;
++ }
+ else
++ {
+ pci_register_io_region((PCIDevice *)assigned_device, i,
+ (uint32_t)pci_dev->size[i], PCI_ADDRESS_SPACE_MEM,
+ pt_iomem_map);
++ *cmd |= PCI_COMMAND_MEMORY;
++ }
+
+ PT_LOG("IO region registered (size=0x%08x base_addr=0x%08x)\n",
+ (uint32_t)(pci_dev->size[i]),
+@@ -3221,27 +3227,6 @@ static int pt_long_reg_read(struct pt_de
+ return 0;
+ }
+
+-/* read Command register */
+-static int pt_cmd_reg_read(struct pt_dev *ptdev,
+- struct pt_reg_tbl *cfg_entry,
+- uint16_t *value, uint16_t valid_mask)
+-{
+- struct pt_reg_info_tbl *reg = cfg_entry->reg;
+- uint16_t valid_emu_mask = 0;
+- uint16_t emu_mask = reg->emu_mask;
+-
+- if ( ptdev->is_virtfn )
+- emu_mask |= PCI_COMMAND_MEMORY;
+- if ( pt_is_iomul(ptdev) )
+- emu_mask |= PCI_COMMAND_IO;
+-
+- /* emulate word register */
+- valid_emu_mask = emu_mask & valid_mask;
+- *value = PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+-
+- return 0;
+-}
+-
+ /* read BAR */
+ static int pt_bar_reg_read(struct pt_dev *ptdev,
+ struct pt_reg_tbl *cfg_entry,
+@@ -3376,19 +3361,13 @@ static int pt_cmd_reg_write(struct pt_de
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+ uint16_t wr_value = *value;
+- uint16_t emu_mask = reg->emu_mask;
+-
+- if ( ptdev->is_virtfn )
+- emu_mask |= PCI_COMMAND_MEMORY;
+- if ( pt_is_iomul(ptdev) )
+- emu_mask |= PCI_COMMAND_IO;
+
+ /* modify emulate register */
+ writable_mask = ~reg->ro_mask & valid_mask;
+ cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~emu_mask & valid_mask;
++ throughable_mask = ~reg->emu_mask & valid_mask;
+
+ if (*value & PCI_COMMAND_DISABLE_INTx)
+ {
+@@ -4151,6 +4130,7 @@ static struct pt_dev * register_real_dev
+ struct pt_dev *assigned_device = NULL;
+ struct pci_dev *pci_dev;
+ uint8_t e_device, e_intx;
++ uint16_t cmd = 0;
+ char *key, *val;
+ int msi_translate, power_mgmt;
+
+@@ -4240,7 +4220,7 @@ static struct pt_dev * register_real_dev
+ assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);
+
+ /* Handle real device's MMIO/PIO BARs */
+- pt_register_regions(assigned_device);
++ pt_register_regions(assigned_device, &cmd);
+
+ /* Setup VGA bios for passthroughed gfx */
+ if ( setup_vga_pt(assigned_device) < 0 )
+@@ -4318,6 +4298,10 @@ static struct pt_dev * register_real_dev
+ }
+
+ out:
++ if (cmd)
++ pci_write_word(pci_dev, PCI_COMMAND,
++ *(uint16_t *)(&assigned_device->dev.config[PCI_COMMAND]) | cmd);
++
+ PT_LOG("Real physical device %02x:%02x.%x registered successfuly!\n"
+ "IRQ type = %s\n", r_bus, r_dev, r_func,
+ assigned_device->msi_trans_en? "MSI-INTx":"INTx");
diff -r f5a15d6a5f7a -r 2788c0c50112 sysutils/xenkernel42/Makefile
--- a/sysutils/xenkernel42/Makefile Sun Apr 19 12:51:36 2015 +0000
+++ b/sysutils/xenkernel42/Makefile Sun Apr 19 13:13:20 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.14 2015/03/18 15:05:51 joerg Exp $
+# $NetBSD: Makefile,v 1.15 2015/04/19 13:13:20 spz Exp $
VERSION= 4.2.5
DISTNAME= xen-${VERSION}
Home |
Main Index |
Thread Index |
Old Index