pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q3]: pkgsrc/sysutils Pullup ticket #5579 - requested by bo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/d1a8ca3c1dcf
branches: pkgsrc-2017Q3
changeset: 408535:d1a8ca3c1dcf
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Oct 17 19:02:25 2017 +0000
description:
Pullup ticket #5579 - requested by bouyer
sysutils/xenkernel48, sysutils/xentools48: security fix
Revisions pulled up:
- sysutils/xenkernel48/MESSAGE 1.2
- sysutils/xenkernel48/Makefile 1.6
- sysutils/xenkernel48/distinfo 1.3
- sysutils/xenkernel48/patches/patch-XSA-212 deleted
- sysutils/xenkernel48/patches/patch-XSA231 1.1
- sysutils/xenkernel48/patches/patch-XSA232 1.1
- sysutils/xenkernel48/patches/patch-XSA234 1.1
- sysutils/xenkernel48/patches/patch-XSA237 1.1
- sysutils/xenkernel48/patches/patch-XSA238 1.1
- sysutils/xenkernel48/patches/patch-XSA239 1.1
- sysutils/xenkernel48/patches/patch-XSA240 1.1
- sysutils/xenkernel48/patches/patch-XSA241 1.1
- sysutils/xenkernel48/patches/patch-XSA242 1.1
- sysutils/xenkernel48/patches/patch-XSA243 1.1
- sysutils/xenkernel48/patches/patch-XSA244 1.1
- sysutils/xentools48/Makefile 1.8
- sysutils/xentools48/distinfo 1.4
- sysutils/xentools48/patches/patch-XSA-211-1 deleted
- sysutils/xentools48/patches/patch-XSA-211-2 deleted
- sysutils/xentools48/patches/patch-XSA233 1.1
- sysutils/xentools48/patches/patch-XSA240 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Tue Oct 17 08:42:30 UTC 2017
Modified Files:
pkgsrc/sysutils/xenkernel48: MESSAGE Makefile distinfo
pkgsrc/sysutils/xentools48: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel48/patches: patch-XSA231 patch-XSA232
patch-XSA234 patch-XSA237 patch-XSA238 patch-XSA239 patch-XSA240
patch-XSA241 patch-XSA242 patch-XSA243 patch-XSA244
pkgsrc/sysutils/xentools48/patches: patch-XSA233 patch-XSA240
Removed Files:
pkgsrc/sysutils/xenkernel48/patches: patch-XSA-212
pkgsrc/sysutils/xentools48/patches: patch-XSA-211-1 patch-XSA-211-2
Log Message:
Update xentools48 and xenkernel48 to 4.8.2, and apply security patches up
to XSA244. Keep PKGREVISION to 1 to account for the fact that it's
not a stock Xen 4.8.2.
Note that, unlike upstream, pv-linear-pt defaults to true, so that
NetBSD PV guests (including dom0) will continue to boot without changes
to boot.cfg
diffstat:
sysutils/xenkernel48/MESSAGE | 6 +-
sysutils/xenkernel48/Makefile | 4 +-
sysutils/xenkernel48/distinfo | 22 +-
sysutils/xenkernel48/patches/patch-XSA-212 | 89 ----
sysutils/xenkernel48/patches/patch-XSA231 | 110 +++++
sysutils/xenkernel48/patches/patch-XSA232 | 25 +
sysutils/xenkernel48/patches/patch-XSA234 | 187 +++++++++
sysutils/xenkernel48/patches/patch-XSA237 | 311 +++++++++++++++
sysutils/xenkernel48/patches/patch-XSA238 | 47 ++
sysutils/xenkernel48/patches/patch-XSA239 | 48 ++
sysutils/xenkernel48/patches/patch-XSA240 | 578 ++++++++++++++++++++++++++++
sysutils/xenkernel48/patches/patch-XSA241 | 122 +++++
sysutils/xenkernel48/patches/patch-XSA242 | 45 ++
sysutils/xenkernel48/patches/patch-XSA243 | 95 ++++
sysutils/xenkernel48/patches/patch-XSA244 | 61 ++
sysutils/xentools48/Makefile | 6 +-
sysutils/xentools48/distinfo | 14 +-
sysutils/xentools48/patches/patch-XSA-211-1 | 266 ------------
sysutils/xentools48/patches/patch-XSA-211-2 | 227 ----------
sysutils/xentools48/patches/patch-XSA233 | 54 ++
sysutils/xentools48/patches/patch-XSA240 | 56 ++
21 files changed, 1772 insertions(+), 601 deletions(-)
diffs (truncated from 2500 to 300 lines):
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/MESSAGE
--- a/sysutils/xenkernel48/MESSAGE Tue Oct 17 05:49:49 2017 +0000
+++ b/sysutils/xenkernel48/MESSAGE Tue Oct 17 19:02:25 2017 +0000
@@ -1,7 +1,11 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.1 2017/03/30 09:15:09 bouyer Exp $
+$NetBSD: MESSAGE,v 1.1.6.1 2017/10/17 19:02:25 bsiegert Exp $
The Xen hypervisor is installed under the following locations:
${XENKERNELDIR}/xen.gz (standard hypervisor)
${XENKERNELDIR}/xen-debug.gz (debug hypervisor)
+
+Note that unlike upstream Xen, pv-linear-pt defaults to true.
+You can disable it using pv-linear-pt=false on the Xen command line,
+but then you can't boot NetBSD in PV mode.
===========================================================================
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/Makefile
--- a/sysutils/xenkernel48/Makefile Tue Oct 17 05:49:49 2017 +0000
+++ b/sysutils/xenkernel48/Makefile Tue Oct 17 19:02:25 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2017/07/24 08:53:45 maya Exp $
+# $NetBSD: Makefile,v 1.5.4.1 2017/10/17 19:02:25 bsiegert Exp $
-VERSION= 4.8.0
+VERSION= 4.8.2
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel48-${VERSION}
PKGREVISION= 1
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/distinfo
--- a/sysutils/xenkernel48/distinfo Tue Oct 17 05:49:49 2017 +0000
+++ b/sysutils/xenkernel48/distinfo Tue Oct 17 19:02:25 2017 +0000
@@ -1,11 +1,21 @@
-$NetBSD: distinfo,v 1.2 2017/04/08 12:30:42 spz Exp $
+$NetBSD: distinfo,v 1.2.6.1 2017/10/17 19:02:25 bsiegert Exp $
-SHA1 (xen48/xen-4.8.0.tar.gz) = c2403899b13e1e8b8da391aceecbfc932d583a88
-RMD160 (xen48/xen-4.8.0.tar.gz) = b79b1e2587caa9c6fe68d2996a4fd42f95c1fe7b
-SHA512 (xen48/xen-4.8.0.tar.gz) = 70b95553f9813573b12e52999a4df8701dec430f23c36a8dc70d25a46bb4bc9234e5b7feb74a04062af4c8d6b6bcfe947d90b2b172416206812e54bac9797454
-Size (xen48/xen-4.8.0.tar.gz) = 22499917 bytes
+SHA1 (xen48/xen-4.8.2.tar.gz) = 184c57ce9e71e34b3cbdd318524021f44946efbe
+RMD160 (xen48/xen-4.8.2.tar.gz) = f4126cb0f7ff427ed7d20ce399dcd1077c599343
+SHA512 (xen48/xen-4.8.2.tar.gz) = 7805531f73d23ecfff3439770e62d387f4254a444875670d53a0a739323e5d4d8f8fcc478f8936ee1ae8aff3e0229549e47c01c606365a8ce060dd5c503e87da
+Size (xen48/xen-4.8.2.tar.gz) = 22522336 bytes
SHA1 (patch-Config.mk) = abf55aa58792315e758ee3785a763cfa8c2da68f
-SHA1 (patch-XSA-212) = 4637d51bcbb3b11fb0e22940f824ebacdaa15b4f
+SHA1 (patch-XSA231) = fc249a68ea53064ff7d95f24380f66f3fc3393e7
+SHA1 (patch-XSA232) = 86d633941ac3165ca4034db660a48d60384ea252
+SHA1 (patch-XSA234) = acf4170a410d9f314c0cc0c5c092db6bb6cc69a0
+SHA1 (patch-XSA237) = 3125554b155bd650480934a37d89d1a7471dfb20
+SHA1 (patch-XSA238) = 58b6fcb73d314d7f06256ed3769210e49197aa90
+SHA1 (patch-XSA239) = 10619718e8a1536a7f52eb3838cdb490e6ba8c97
+SHA1 (patch-XSA240) = dca90d33d30167edbe07071795f18159e3e20c57
+SHA1 (patch-XSA241) = b506425ca7382190435df6f96800cb0a24aff23e
+SHA1 (patch-XSA242) = afff314771d78ee2482aec3b7693c12bfe00e0ec
+SHA1 (patch-XSA243) = 75eef49628bc0b3bd4fe8b023cb2da75928103a7
+SHA1 (patch-XSA244) = 2739ff8a920630088853a9076f71ca2caf639320
SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b
SHA1 (patch-xen_Rules.mk) = 5f33a667bae67c85d997a968c0f8b014b707d13c
SHA1 (patch-xen_arch_x86_Rules.mk) = e2d148fb308c37c047ca41a678471217b6166977
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/patches/patch-XSA-212
--- a/sysutils/xenkernel48/patches/patch-XSA-212 Tue Oct 17 05:49:49 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,89 +0,0 @@
-$NetBSD: patch-XSA-212,v 1.1 2017/04/08 12:30:43 spz Exp $
-
-memory: properly check guest memory ranges in XENMEM_exchange handling
-
-The use of guest_handle_okay() here (as introduced by the XSA-29 fix)
-is insufficient here, guest_handle_subrange_okay() needs to be used
-instead.
-
-Note that the uses are okay in
-- XENMEM_add_to_physmap_batch handling due to the size field being only
- 16 bits wide,
-- livepatch_list() due to the limit of 1024 enforced on the
- number-of-entries input (leaving aside the fact that this can be
- called by a privileged domain only anyway),
-- compat mode handling due to counts there being limited to 32 bits,
-- everywhere else due to guest arrays being accessed sequentially from
- index zero.
-
-This is XSA-212.
-
-Reported-by: Jann Horn <jannh%google.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-
---- xen/common/memory.c
-+++ xen/common/memory.c
-@@ -436,8 +436,8 @@ static long memory_exchange(XEN_GUEST_HA
- goto fail_early;
- }
-
-- if ( !guest_handle_okay(exch.in.extent_start, exch.in.nr_extents) ||
-- !guest_handle_okay(exch.out.extent_start, exch.out.nr_extents) )
-+ if ( !guest_handle_subrange_okay(exch.in.extent_start, exch.nr_exchanged,
-+ exch.in.nr_extents - 1) )
- {
- rc = -EFAULT;
- goto fail_early;
-@@ -447,11 +447,27 @@ static long memory_exchange(XEN_GUEST_HA
- {
- in_chunk_order = exch.out.extent_order - exch.in.extent_order;
- out_chunk_order = 0;
-+
-+ if ( !guest_handle_subrange_okay(exch.out.extent_start,
-+ exch.nr_exchanged >> in_chunk_order,
-+ exch.out.nr_extents - 1) )
-+ {
-+ rc = -EFAULT;
-+ goto fail_early;
-+ }
- }
- else
- {
- in_chunk_order = 0;
- out_chunk_order = exch.in.extent_order - exch.out.extent_order;
-+
-+ if ( !guest_handle_subrange_okay(exch.out.extent_start,
-+ exch.nr_exchanged << out_chunk_order,
-+ exch.out.nr_extents - 1) )
-+ {
-+ rc = -EFAULT;
-+ goto fail_early;
-+ }
- }
-
- d = rcu_lock_domain_by_any_id(exch.in.domid);
---- xen/include/asm-x86/x86_64/uaccess.h
-+++ xen/include/asm-x86/x86_64/uaccess.h
-@@ -29,8 +29,9 @@ extern void *xlat_malloc(unsigned long *
- /*
- * Valid if in +ve half of 48-bit address space, or above Xen-reserved area.
- * This is also valid for range checks (addr, addr+size). As long as the
-- * start address is outside the Xen-reserved area then we will access a
-- * non-canonical address (and thus fault) before ever reaching VIRT_START.
-+ * start address is outside the Xen-reserved area, sequential accesses
-+ * (starting at addr) will hit a non-canonical address (and thus fault)
-+ * before ever reaching VIRT_START.
- */
- #define __addr_ok(addr) \
- (((unsigned long)(addr) < (1UL<<47)) || \
-@@ -40,7 +41,8 @@ extern void *xlat_malloc(unsigned long *
- (__addr_ok(addr) || is_compat_arg_xlat_range(addr, size))
-
- #define array_access_ok(addr, count, size) \
-- (access_ok(addr, (count)*(size)))
-+ (likely(((count) ?: 0UL) < (~0UL / (size))) && \
-+ access_ok(addr, (count) * (size)))
-
- #define __compat_addr_ok(d, addr) \
- ((unsigned long)(addr) < HYPERVISOR_COMPAT_VIRT_START(d))
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/patches/patch-XSA231
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel48/patches/patch-XSA231 Tue Oct 17 19:02:25 2017 +0000
@@ -0,0 +1,110 @@
+$NetBSD: patch-XSA231,v 1.1.2.2 2017/10/17 19:02:25 bsiegert Exp $
+
+From: George Dunlap <george.dunlap%citrix.com@localhost>
+Subject: xen/mm: make sure node is less than MAX_NUMNODES
+
+The output of MEMF_get_node(memflags) can be as large as nodeid_t can
+hold (currently 255). This is then used as an index to arrays of size
+MAX_NUMNODE, which is 64 on x86 and 1 on ARM, can be passed in by an
+untrusted guest (via memory_exchange and increase_reservation) and is
+not currently bounds-checked.
+
+Check the value in page_alloc.c before using it, and also check the
+value in the hypercall call sites and return -EINVAL if appropriate.
+Don't permit domains other than the hardware or control domain to
+allocate node-constrained memory.
+
+This is XSA-231.
+
+Reported-by: Matthew Daley <mattd%bugfuzz.com@localhost>
+Signed-off-by: George Dunlap <george.dunlap%citrix.com@localhost>
+Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
+Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+
+--- xen/common/memory.c.orig
++++ xen/common/memory.c
+@@ -411,6 +411,31 @@ static void decrease_reservation(struct
+ a->nr_done = i;
+ }
+
++static bool propagate_node(unsigned int xmf, unsigned int *memflags)
++{
++ const struct domain *currd = current->domain;
++
++ BUILD_BUG_ON(XENMEMF_get_node(0) != NUMA_NO_NODE);
++ BUILD_BUG_ON(MEMF_get_node(0) != NUMA_NO_NODE);
++
++ if ( XENMEMF_get_node(xmf) == NUMA_NO_NODE )
++ return true;
++
++ if ( is_hardware_domain(currd) || is_control_domain(currd) )
++ {
++ if ( XENMEMF_get_node(xmf) >= MAX_NUMNODES )
++ return false;
++
++ *memflags |= MEMF_node(XENMEMF_get_node(xmf));
++ if ( xmf & XENMEMF_exact_node_request )
++ *memflags |= MEMF_exact_node;
++ }
++ else if ( xmf & XENMEMF_exact_node_request )
++ return false;
++
++ return true;
++}
++
+ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
+ {
+ struct xen_memory_exchange exch;
+@@ -483,6 +508,12 @@ static long memory_exchange(XEN_GUEST_HA
+ }
+ }
+
++ if ( unlikely(!propagate_node(exch.out.mem_flags, &memflags)) )
++ {
++ rc = -EINVAL;
++ goto fail_early;
++ }
++
+ d = rcu_lock_domain_by_any_id(exch.in.domid);
+ if ( d == NULL )
+ {
+@@ -501,7 +532,6 @@ static long memory_exchange(XEN_GUEST_HA
+ d,
+ XENMEMF_get_address_bits(exch.out.mem_flags) ? :
+ (BITS_PER_LONG+PAGE_SHIFT)));
+- memflags |= MEMF_node(XENMEMF_get_node(exch.out.mem_flags));
+
+ for ( i = (exch.nr_exchanged >> in_chunk_order);
+ i < (exch.in.nr_extents >> in_chunk_order);
+@@ -864,12 +894,8 @@ static int construct_memop_from_reservat
+ }
+ read_unlock(&d->vnuma_rwlock);
+ }
+- else
+- {
+- a->memflags |= MEMF_node(XENMEMF_get_node(r->mem_flags));
+- if ( r->mem_flags & XENMEMF_exact_node_request )
+- a->memflags |= MEMF_exact_node;
+- }
++ else if ( unlikely(!propagate_node(r->mem_flags, &a->memflags)) )
++ return -EINVAL;
+
+ return 0;
+ }
+--- xen/common/page_alloc.c.orig
++++ xen/common/page_alloc.c
+@@ -706,9 +706,13 @@ static struct page_info *alloc_heap_page
+ if ( node >= MAX_NUMNODES )
+ node = cpu_to_node(smp_processor_id());
+ }
++ else if ( unlikely(node >= MAX_NUMNODES) )
++ {
++ ASSERT_UNREACHABLE();
++ return NULL;
++ }
+ first_node = node;
+
+- ASSERT(node < MAX_NUMNODES);
+ ASSERT(zone_lo <= zone_hi);
+ ASSERT(zone_hi < NR_ZONES);
+
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/patches/patch-XSA232
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel48/patches/patch-XSA232 Tue Oct 17 19:02:25 2017 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-XSA232,v 1.1.2.2 2017/10/17 19:02:25 bsiegert Exp $
+
+From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+Subject: grant_table: fix GNTTABOP_cache_flush handling
+
+Don't fall over a NULL grant_table pointer when the owner of the domain
+is a system domain (DOMID_{XEN,IO} etc).
+
+This is XSA-232.
+
+Reported-by: Matthew Daley <mattd%bugfuzz.com@localhost>
+Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
+Reviewed-by: Jan Beulich <jbeulich%suse.com@localhost>
+
+--- xen/common/grant_table.c.orig
++++ xen/common/grant_table.c
+@@ -3053,7 +3053,7 @@ static int cache_flush(gnttab_cache_flus
+
+ page = mfn_to_page(mfn);
+ owner = page_get_owner_and_reference(page);
+- if ( !owner )
++ if ( !owner || !owner->grant_table )
+ {
+ rcu_unlock_domain(d);
+ return -EPERM;
diff -r 8b8101a31218 -r d1a8ca3c1dcf sysutils/xenkernel48/patches/patch-XSA234
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel48/patches/patch-XSA234 Tue Oct 17 19:02:25 2017 +0000
@@ -0,0 +1,187 @@
+$NetBSD: patch-XSA234,v 1.1.2.2 2017/10/17 19:02:25 bsiegert Exp $
Home |
Main Index |
Thread Index |
Old Index