[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel411 Apply upstream patch for XSA306 ...

[bouyer <bouyer%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b07518ce30d6
branches:  trunk
changeset: 345220:b07518ce30d6
user:      bouyer <bouyer%pkgsrc.org@localhost>
date:      Fri Dec 06 17:30:28 2019 +0000

description:
Apply upstream patch for XSA306 security issue.
Bump PKGREVISION

diffstat:

 sysutils/xenkernel411/Makefile             |   4 +-
 sysutils/xenkernel411/distinfo             |   3 +-
 sysutils/xenkernel411/patches/patch-XSA306 |  69 ++++++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 3 deletions(-)

diffs (103 lines):

diff -r d6a93233af29 -r b07518ce30d6 sysutils/xenkernel411/Makefile
--- a/sysutils/xenkernel411/Makefile    Fri Dec 06 16:37:52 2019 +0000
+++ b/sysutils/xenkernel411/Makefile    Fri Dec 06 17:30:28 2019 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.10 2019/11/13 15:00:06 bouyer Exp $
+# $NetBSD: Makefile,v 1.11 2019/12/06 17:30:28 bouyer Exp $
 
 VERSION=       4.11.2
-PKGREVISION=   2
+PKGREVISION=   3
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel411-${VERSION}
 CATEGORIES=    sysutils
diff -r d6a93233af29 -r b07518ce30d6 sysutils/xenkernel411/distinfo
--- a/sysutils/xenkernel411/distinfo    Fri Dec 06 16:37:52 2019 +0000
+++ b/sysutils/xenkernel411/distinfo    Fri Dec 06 17:30:28 2019 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2019/11/13 15:00:06 bouyer Exp $
+$NetBSD: distinfo,v 1.8 2019/12/06 17:30:28 bouyer Exp $
 
 SHA1 (xen411/xen-4.11.2.tar.gz) = 82766db0eca7ce65962732af8a31bb5cce1eb7ce
 RMD160 (xen411/xen-4.11.2.tar.gz) = 6dcb1ac3e72381474912607b30b59fa55d87d38b
@@ -10,6 +10,7 @@
 SHA1 (patch-XSA302) = 12fbb7dfea27f53c70c8115487a2e30595549c2b
 SHA1 (patch-XSA304) = f2c22732227e11a3e77c630f0264a689eed53399
 SHA1 (patch-XSA305) = eb5e0096cbf501fcbd7a5c5f9d1f932b557636b6
+SHA1 (patch-XSA306) = f57201b2ae5f6435ce6ba3c6aac3e9e10cdba3fb
 SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
 SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
 SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b
diff -r d6a93233af29 -r b07518ce30d6 sysutils/xenkernel411/patches/patch-XSA306
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel411/patches/patch-XSA306        Fri Dec 06 17:30:28 2019 +0000
@@ -0,0 +1,69 @@
+$NetBSD: patch-XSA306,v 1.1 2019/12/06 17:30:28 bouyer Exp $
+
+From: Jan Beulich <jbeulich%suse.com@localhost>
+Subject: IOMMU: default to always quarantining PCI devices
+
+XSA-302 relies on the use of libxl's "assignable-add" feature to prepare
+devices to be assigned to untrusted guests.
+
+Unfortunately, this is not considered a strictly required step for
+device assignment. The PCI passthrough documentation on the wiki
+describes alternate ways of preparing devices for assignment, and
+libvirt uses its own ways as well. Hosts where these alternate methods
+are used will still leave the system in a vulnerable state after the
+device comes back from a guest.
+
+Default to always quarantining PCI devices, but provide a command line
+option to revert back to prior behavior (such that people who both
+sufficiently trust their guests and want to be able to use devices in
+Dom0 again after they had been in use by a guest wouldn't need to
+"manually" move such devices back from DomIO to Dom0).
+
+This is XSA-306.
+
+Reported-by: Marek Marczykowski-Górecki <marmarek%invisiblethingslab.com@localhost>
+Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
+Reviewed-by: Wei Liu <wl%xen.org@localhost>
+
+--- xen/drivers/passthrough/iommu.c.orig
++++ xen/drivers/passthrough/iommu.c
+@@ -52,6 +52,7 @@ custom_param("iommu", parse_iommu_param)
+ bool_t __initdata iommu_enable = 1;
+ bool_t __read_mostly iommu_enabled;
+ bool_t __read_mostly force_iommu;
++bool __read_mostly iommu_quarantine = true;
+ bool_t __hwdom_initdata iommu_dom0_strict;
+ bool_t __read_mostly iommu_verbose;
+ bool_t __read_mostly iommu_workaround_bios_bug;
+@@ -99,6 +100,8 @@ static int __init parse_iommu_param(cons
+         else if ( !cmdline_strcmp(s, "force") ||
+                   !cmdline_strcmp(s, "required") )
+             force_iommu = val;
++        else if ( !cmdline_strcmp(s, "quarantine") )
++            iommu_quarantine = val;
+         else if ( !cmdline_strcmp(s, "workaround_bios_bug") )
+             iommu_workaround_bios_bug = val;
+         else if ( !cmdline_strcmp(s, "igfx") )
+--- xen/drivers/passthrough/pci.c.orig
++++ xen/drivers/passthrough/pci.c
+@@ -1511,7 +1511,8 @@ int deassign_device(struct domain *d, u1
+         return -ENODEV;
+ 
+     /* De-assignment from dom_io should de-quarantine the device */
+-    target = (pdev->quarantine && pdev->domain != dom_io) ?
++    target = ((pdev->quarantine || iommu_quarantine) &&
++              pdev->domain != dom_io) ?
+         dom_io : hardware_domain;
+ 
+     while ( pdev->phantom_stride )
+--- xen/include/xen/iommu.h.orig
++++ xen/include/xen/iommu.h
+@@ -29,7 +29,7 @@
+ #include <asm/iommu.h>
+ 
+ extern bool_t iommu_enable, iommu_enabled;
+-extern bool_t force_iommu, iommu_verbose;
++extern bool force_iommu, iommu_quarantine, iommu_verbose;
+ extern bool_t iommu_workaround_bios_bug, iommu_igfx, iommu_passthrough;
+ extern bool_t iommu_snoop, iommu_qinval, iommu_intremap, iommu_intpost;
+ extern bool_t iommu_hap_pt_share;