pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils Update xen*46 to 4.6.6, including fixes up to...
details: https://anonhg.NetBSD.org/pkgsrc/rev/40107a3215b9
branches: trunk
changeset: 370450:40107a3215b9
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Tue Oct 17 10:57:34 2017 +0000
description:
Update xen*46 to 4.6.6, including fixes up to XSA244.
changes since Xen 4.6.5: mostly bug fixes, including security fixes
for XSA206, XSA211 to XSA244.
PKGREVISION set to 1 to account for the fact that it's not a stock Xen 4.6.6.
Note that, unlike upstream, pv-linear-pt defaults to true, so that
NetBSD PV guests (including dom0) will continue to boot without changes
to boot.cfg
diffstat:
sysutils/xenkernel46/MESSAGE | 6 +-
sysutils/xenkernel46/Makefile | 4 +-
sysutils/xenkernel46/distinfo | 26 +-
sysutils/xenkernel46/patches/patch-XSA-212 | 89 ----
sysutils/xenkernel46/patches/patch-XSA226 | 431 ++++++++++++++++++++
sysutils/xenkernel46/patches/patch-XSA227 | 68 +++
sysutils/xenkernel46/patches/patch-XSA228 | 200 +++++++++
sysutils/xenkernel46/patches/patch-XSA230 | 40 +
sysutils/xenkernel46/patches/patch-XSA231 | 110 +++++
sysutils/xenkernel46/patches/patch-XSA232 | 25 +
sysutils/xenkernel46/patches/patch-XSA234 | 187 +++++++++
sysutils/xenkernel46/patches/patch-XSA237 | 311 +++++++++++++++
sysutils/xenkernel46/patches/patch-XSA238 | 45 ++
sysutils/xenkernel46/patches/patch-XSA239 | 48 ++
sysutils/xenkernel46/patches/patch-XSA240 | 578 ++++++++++++++++++++++++++++
sysutils/xenkernel46/patches/patch-XSA241 | 122 +++++
sysutils/xenkernel46/patches/patch-XSA242 | 45 ++
sysutils/xenkernel46/patches/patch-XSA243 | 132 ++++++
sysutils/xenkernel46/patches/patch-XSA244 | 53 ++
sysutils/xentools46/Makefile | 4 +-
sysutils/xentools46/distinfo | 15 +-
sysutils/xentools46/patches/patch-XSA-211-1 | 262 ------------
sysutils/xentools46/patches/patch-XSA-211-2 | 227 ----------
sysutils/xentools46/patches/patch-XSA228 | 65 +++
sysutils/xentools46/patches/patch-XSA233 | 54 ++
sysutils/xentools46/patches/patch-XSA240 | 56 ++
sysutils/xentools46/version.mk | 4 +-
27 files changed, 2609 insertions(+), 598 deletions(-)
diffs (truncated from 3358 to 300 lines):
diff -r 6562ff775c18 -r 40107a3215b9 sysutils/xenkernel46/MESSAGE
--- a/sysutils/xenkernel46/MESSAGE Tue Oct 17 10:50:38 2017 +0000
+++ b/sysutils/xenkernel46/MESSAGE Tue Oct 17 10:57:34 2017 +0000
@@ -1,7 +1,11 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.1.1.1 2016/07/04 07:25:13 jnemeth Exp $
+$NetBSD: MESSAGE,v 1.2 2017/10/17 10:57:34 bouyer Exp $
The Xen hypervisor is installed under the following locations:
${XENKERNELDIR}/xen.gz (standard hypervisor)
${XENKERNELDIR}/xen-debug.gz (debug hypervisor)
+
+Note that unlike upstream Xen, pv-linear-pt defaults to true.
+You can disable it using pv-linear-pt=false on the Xen command line,
+but then you can't boot NetBSD in PV mode.
===========================================================================
diff -r 6562ff775c18 -r 40107a3215b9 sysutils/xenkernel46/Makefile
--- a/sysutils/xenkernel46/Makefile Tue Oct 17 10:50:38 2017 +0000
+++ b/sysutils/xenkernel46/Makefile Tue Oct 17 10:57:34 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2017/07/24 08:53:45 maya Exp $
+# $NetBSD: Makefile,v 1.14 2017/10/17 10:57:34 bouyer Exp $
-VERSION= 4.6.5
+VERSION= 4.6.6
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel46-${VERSION}
PKGREVISION= 1
diff -r 6562ff775c18 -r 40107a3215b9 sysutils/xenkernel46/distinfo
--- a/sysutils/xenkernel46/distinfo Tue Oct 17 10:50:38 2017 +0000
+++ b/sysutils/xenkernel46/distinfo Tue Oct 17 10:57:34 2017 +0000
@@ -1,11 +1,25 @@
-$NetBSD: distinfo,v 1.9 2017/05/07 21:21:01 joerg Exp $
+$NetBSD: distinfo,v 1.10 2017/10/17 10:57:34 bouyer Exp $
-SHA1 (xen-4.6.5.tar.gz) = af371af662211ee1480167b6c9e35142156f3a8d
-RMD160 (xen-4.6.5.tar.gz) = 3f2468d7d3715d14842ac57b2180118ef48e93fa
-SHA512 (xen-4.6.5.tar.gz) = d3e1b16fa9d695a5fc28ca4375b8de3dfcab480437d4d0151972d9f286528c9f667841e7a6888c918c580371d6984658a8d3b92235553c8c9c052d93154547b5
-Size (xen-4.6.5.tar.gz) = 19712756 bytes
+SHA1 (xen-4.6.6.tar.gz) = 82f39ef4bf754ffd679ab5d15709bc34a98fccb7
+RMD160 (xen-4.6.6.tar.gz) = 6412f75183647172d72597e8779235b60e1c00f3
+SHA512 (xen-4.6.6.tar.gz) = 4683fe6c44dce3a6f9ff410d026f39094ccd6937ea0052f08ef5e066172ee840548322654cc15d7ded9f5bce10d43b5e46f6a04f16ef3c03ea3ba2cc2f7724ec
+Size (xen-4.6.6.tar.gz) = 19725113 bytes
SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
-SHA1 (patch-XSA-212) = 4637d51bcbb3b11fb0e22940f824ebacdaa15b4f
+SHA1 (patch-XSA226) = eda5aadeebfe09ffebf336a7c0424c0212ba370d
+SHA1 (patch-XSA227) = 8a5e7f65515a83a7d749eb3d01faea1171e2f900
+SHA1 (patch-XSA228) = 0e0cf239660cd4a6f7cabc9ebe63d4c6e1646123
+SHA1 (patch-XSA230) = 339c400d8f0edf773664a493532aacf0c2e71da0
+SHA1 (patch-XSA231) = 780118ad97f011b5eddb05dd5d4c20be427ee670
+SHA1 (patch-XSA232) = 86d633941ac3165ca4034db660a48d60384ea252
+SHA1 (patch-XSA234) = 0b5973597e3a15fb9ce93d6a735f32794983cfc7
+SHA1 (patch-XSA237) = 2a5cd048a04b8cadc67905b9001689b1221edd3e
+SHA1 (patch-XSA238) = e2059991d12f31740650136ec59c62da20c79633
+SHA1 (patch-XSA239) = 10619718e8a1536a7f52eb3838cdb490e6ba8c97
+SHA1 (patch-XSA240) = af3d204e9873fe79b23c714d60dfa91fcbe46ec5
+SHA1 (patch-XSA241) = b506425ca7382190435df6f96800cb0a24aff23e
+SHA1 (patch-XSA242) = afff314771d78ee2482aec3b7693c12bfe00e0ec
+SHA1 (patch-XSA243) = ffe83e9e443a2582047f1d17673d39d6746f4b75
+SHA1 (patch-XSA244) = 95077513502c26f8d6dae7964a0e422556be322a
SHA1 (patch-tools_xentrace_xenalyze.c) = ab973cb7090dc90867dcddf9ab8965f8f2f36c46
SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b
SHA1 (patch-xen_arch_arm_xen.lds.S) = df0e4a13b9b3ae863448172bea28b1b92296327b
diff -r 6562ff775c18 -r 40107a3215b9 sysutils/xenkernel46/patches/patch-XSA-212
--- a/sysutils/xenkernel46/patches/patch-XSA-212 Tue Oct 17 10:50:38 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,89 +0,0 @@
-$NetBSD: patch-XSA-212,v 1.1 2017/04/08 12:17:58 spz Exp $
-
-memory: properly check guest memory ranges in XENMEM_exchange handling
-
-The use of guest_handle_okay() here (as introduced by the XSA-29 fix)
-is insufficient here, guest_handle_subrange_okay() needs to be used
-instead.
-
-Note that the uses are okay in
-- XENMEM_add_to_physmap_batch handling due to the size field being only
- 16 bits wide,
-- livepatch_list() due to the limit of 1024 enforced on the
- number-of-entries input (leaving aside the fact that this can be
- called by a privileged domain only anyway),
-- compat mode handling due to counts there being limited to 32 bits,
-- everywhere else due to guest arrays being accessed sequentially from
- index zero.
-
-This is XSA-212.
-
-Reported-by: Jann Horn <jannh%google.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-
---- xen/common/memory.c
-+++ xen/common/memory.c
-@@ -436,8 +436,8 @@ static long memory_exchange(XEN_GUEST_HA
- goto fail_early;
- }
-
-- if ( !guest_handle_okay(exch.in.extent_start, exch.in.nr_extents) ||
-- !guest_handle_okay(exch.out.extent_start, exch.out.nr_extents) )
-+ if ( !guest_handle_subrange_okay(exch.in.extent_start, exch.nr_exchanged,
-+ exch.in.nr_extents - 1) )
- {
- rc = -EFAULT;
- goto fail_early;
-@@ -447,11 +447,27 @@ static long memory_exchange(XEN_GUEST_HA
- {
- in_chunk_order = exch.out.extent_order - exch.in.extent_order;
- out_chunk_order = 0;
-+
-+ if ( !guest_handle_subrange_okay(exch.out.extent_start,
-+ exch.nr_exchanged >> in_chunk_order,
-+ exch.out.nr_extents - 1) )
-+ {
-+ rc = -EFAULT;
-+ goto fail_early;
-+ }
- }
- else
- {
- in_chunk_order = 0;
- out_chunk_order = exch.in.extent_order - exch.out.extent_order;
-+
-+ if ( !guest_handle_subrange_okay(exch.out.extent_start,
-+ exch.nr_exchanged << out_chunk_order,
-+ exch.out.nr_extents - 1) )
-+ {
-+ rc = -EFAULT;
-+ goto fail_early;
-+ }
- }
-
- d = rcu_lock_domain_by_any_id(exch.in.domid);
---- xen/include/asm-x86/x86_64/uaccess.h
-+++ xen/include/asm-x86/x86_64/uaccess.h
-@@ -29,8 +29,9 @@ extern void *xlat_malloc(unsigned long *
- /*
- * Valid if in +ve half of 48-bit address space, or above Xen-reserved area.
- * This is also valid for range checks (addr, addr+size). As long as the
-- * start address is outside the Xen-reserved area then we will access a
-- * non-canonical address (and thus fault) before ever reaching VIRT_START.
-+ * start address is outside the Xen-reserved area, sequential accesses
-+ * (starting at addr) will hit a non-canonical address (and thus fault)
-+ * before ever reaching VIRT_START.
- */
- #define __addr_ok(addr) \
- (((unsigned long)(addr) < (1UL<<47)) || \
-@@ -40,7 +41,8 @@ extern void *xlat_malloc(unsigned long *
- (__addr_ok(addr) || is_compat_arg_xlat_range(addr, size))
-
- #define array_access_ok(addr, count, size) \
-- (access_ok(addr, (count)*(size)))
-+ (likely(((count) ?: 0UL) < (~0UL / (size))) && \
-+ access_ok(addr, (count) * (size)))
-
- #define __compat_addr_ok(d, addr) \
- ((unsigned long)(addr) < HYPERVISOR_COMPAT_VIRT_START(d))
diff -r 6562ff775c18 -r 40107a3215b9 sysutils/xenkernel46/patches/patch-XSA226
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel46/patches/patch-XSA226 Tue Oct 17 10:57:34 2017 +0000
@@ -0,0 +1,431 @@
+$NetBSD: patch-XSA226,v 1.1 2017/10/17 10:57:34 bouyer Exp $
+
+From: Jan Beulich <jbeulich%suse.com@localhost>
+Subject: gnttab: don't use possibly unbounded tail calls
+
+There is no guarantee that the compiler would actually translate them
+to branches instead of calls, so only ones with a known recursion limit
+are okay:
+- __release_grant_for_copy() can call itself only once, as
+ __acquire_grant_for_copy() won't permit use of multi-level transitive
+ grants,
+- __acquire_grant_for_copy() is fine to call itself with the last
+ argument false, as that prevents further recursion,
+- __acquire_grant_for_copy() must not call itself to recover from an
+ observed change to the active entry's pin count
+
+This is part of CVE-2017-12135 / XSA-226.
+
+Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
+
+--- xen/common/compat/grant_table.c.orig
++++ xen/common/compat/grant_table.c
+@@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int cmd,
+ rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n);
+ if ( rc > 0 )
+ {
+- ASSERT(rc < n);
+- i -= n - rc;
+- n = rc;
++ ASSERT(rc <= n);
++ i -= rc;
++ n -= rc;
+ }
+ if ( rc >= 0 )
+ {
+--- xen/common/grant_table.c.orig
++++ xen/common/grant_table.c
+@@ -2089,8 +2089,10 @@ __release_grant_for_copy(
+
+ if ( td != rd )
+ {
+- /* Recursive calls, but they're tail calls, so it's
+- okay. */
++ /*
++ * Recursive calls, but they're bounded (acquire permits only a single
++ * level of transitivity), so it's okay.
++ */
+ if ( released_write )
+ __release_grant_for_copy(td, trans_gref, 0);
+ else if ( released_read )
+@@ -2241,10 +2243,11 @@ __acquire_grant_for_copy(
+ return rc;
+ }
+
+- /* We dropped the lock, so we have to check that nobody
+- else tried to pin (or, for that matter, unpin) the
+- reference in *this* domain. If they did, just give up
+- and try again. */
++ /*
++ * We dropped the lock, so we have to check that nobody else tried
++ * to pin (or, for that matter, unpin) the reference in *this*
++ * domain. If they did, just give up and tell the caller to retry.
++ */
+ if ( act->pin != old_pin )
+ {
+ __fixup_status_for_copy_pin(act, status);
+@@ -2252,9 +2255,8 @@ __acquire_grant_for_copy(
+ active_entry_release(act);
+ read_unlock(&rgt->lock);
+ put_page(*page);
+- return __acquire_grant_for_copy(rd, gref, ldom, readonly,
+- frame, page, page_off, length,
+- allow_transitive);
++ *page = NULL;
++ return ERESTART;
+ }
+
+ /* The actual remote remote grant may or may not be a
+@@ -2560,7 +2562,7 @@ static int gnttab_copy_one(const struct
+ {
+ gnttab_copy_release_buf(src);
+ rc = gnttab_copy_claim_buf(op, &op->source, src, GNTCOPY_source_gref);
+- if ( rc < 0 )
++ if ( rc )
+ goto out;
+ }
+
+@@ -2570,7 +2572,7 @@ static int gnttab_copy_one(const struct
+ {
+ gnttab_copy_release_buf(dest);
+ rc = gnttab_copy_claim_buf(op, &op->dest, dest, GNTCOPY_dest_gref);
+- if ( rc < 0 )
++ if ( rc )
+ goto out;
+ }
+
+@@ -2579,6 +2581,14 @@ static int gnttab_copy_one(const struct
+ return rc;
+ }
+
++/*
++ * gnttab_copy(), other than the various other helpers of
++ * do_grant_table_op(), returns (besides possible error indicators)
++ * "count - i" rather than "i" to ensure that even if no progress
++ * was made at all (perhaps due to gnttab_copy_one() returning a
++ * positive value) a non-zero value is being handed back (zero needs
++ * to be avoided, as that means "success, all done").
++ */
+ static long gnttab_copy(
+ XEN_GUEST_HANDLE_PARAM(gnttab_copy_t) uop, unsigned int count)
+ {
+@@ -2592,7 +2602,7 @@ static long gnttab_copy(
+ {
+ if ( i && hypercall_preempt_check() )
+ {
+- rc = i;
++ rc = count - i;
+ break;
+ }
+
+@@ -2602,13 +2612,20 @@ static long gnttab_copy(
+ break;
+ }
+
+- op.status = gnttab_copy_one(&op, &dest, &src);
+- if ( op.status != GNTST_okay )
++ rc = gnttab_copy_one(&op, &dest, &src);
++ if ( rc > 0 )
++ {
++ rc = count - i;
++ break;
++ }
++ if ( rc != GNTST_okay )
+ {
+ gnttab_copy_release_buf(&src);
+ gnttab_copy_release_buf(&dest);
+ }
+
++ op.status = rc;
++ rc = 0;
Home |
Main Index |
Thread Index |
Old Index