pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils Update xenkernel46 and xentools46 to 4.6.5. C...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f2d39937dcbc
branches: trunk
changeset: 360053:f2d39937dcbc
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Mon Mar 20 18:17:12 2017 +0000
description:
Update xenkernel46 and xentools46 to 4.6.5. Changes since 4.6.3:
various bug fixes. Includes all security patches up to and including
XSA-209
diffstat:
sysutils/xenkernel46/Makefile | 6 +-
sysutils/xenkernel46/distinfo | 25 +---
sysutils/xenkernel46/patches/patch-XSA-185 | 37 ------
sysutils/xenkernel46/patches/patch-XSA-186-1 | 43 --------
sysutils/xenkernel46/patches/patch-XSA-186-2 | 73 -------------
sysutils/xenkernel46/patches/patch-XSA-187-1 | 44 --------
sysutils/xenkernel46/patches/patch-XSA-187-2 | 144 ---------------------------
sysutils/xenkernel46/patches/patch-XSA-191 | 140 --------------------------
sysutils/xenkernel46/patches/patch-XSA-192 | 66 ------------
sysutils/xenkernel46/patches/patch-XSA-193 | 70 -------------
sysutils/xenkernel46/patches/patch-XSA-195 | 47 --------
sysutils/xenkernel46/patches/patch-XSA-196-1 | 63 -----------
sysutils/xenkernel46/patches/patch-XSA-196-2 | 78 --------------
sysutils/xenkernel46/patches/patch-XSA-200 | 57 ----------
sysutils/xenkernel46/patches/patch-XSA-202 | 75 --------------
sysutils/xenkernel46/patches/patch-XSA-203 | 21 ---
sysutils/xenkernel46/patches/patch-XSA-204 | 71 -------------
sysutils/xentools46/Makefile | 4 +-
sysutils/xentools46/distinfo | 14 +-
sysutils/xentools46/patches/patch-XSA-197-1 | 67 ------------
sysutils/xentools46/patches/patch-XSA-197-2 | 65 ------------
sysutils/xentools46/patches/patch-XSA-198 | 64 ------------
sysutils/xentools46/patches/patch-XSA-199 | 90 ----------------
sysutils/xentools46/version.mk | 4 +-
24 files changed, 17 insertions(+), 1351 deletions(-)
diffs (truncated from 1503 to 300 lines):
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/Makefile
--- a/sysutils/xenkernel46/Makefile Mon Mar 20 18:13:23 2017 +0000
+++ b/sysutils/xenkernel46/Makefile Mon Mar 20 18:17:12 2017 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2017/02/14 21:38:34 joerg Exp $
+# $NetBSD: Makefile,v 1.10 2017/03/20 18:17:12 bouyer Exp $
-VERSION= 4.6.3
+VERSION= 4.6.5
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel46-${VERSION}
-PKGREVISION= 4
+#PKGREVISION= 4
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/distinfo
--- a/sysutils/xenkernel46/distinfo Mon Mar 20 18:13:23 2017 +0000
+++ b/sysutils/xenkernel46/distinfo Mon Mar 20 18:17:12 2017 +0000
@@ -1,25 +1,10 @@
-$NetBSD: distinfo,v 1.6 2017/02/14 21:38:34 joerg Exp $
+$NetBSD: distinfo,v 1.7 2017/03/20 18:17:12 bouyer Exp $
-SHA1 (xen-4.6.3.tar.gz) = 2aa59d0a05a6c5ac7f336f2069c66a54f95c4349
-RMD160 (xen-4.6.3.tar.gz) = 2798bd888ee001a4829165e55feb705a86af4f74
-SHA512 (xen-4.6.3.tar.gz) = 187a860b40c05139f22b8498a5fae1db173c3110d957147af29a56cb83b7111c9dc4946d65f9dffc847001fc01c5e9bf51886eaa1194bb9cfd0b6dbcd43a2c5c
-Size (xen-4.6.3.tar.gz) = 19707041 bytes
+SHA1 (xen-4.6.5.tar.gz) = af371af662211ee1480167b6c9e35142156f3a8d
+RMD160 (xen-4.6.5.tar.gz) = 3f2468d7d3715d14842ac57b2180118ef48e93fa
+SHA512 (xen-4.6.5.tar.gz) = d3e1b16fa9d695a5fc28ca4375b8de3dfcab480437d4d0151972d9f286528c9f667841e7a6888c918c580371d6984658a8d3b92235553c8c9c052d93154547b5
+Size (xen-4.6.5.tar.gz) = 19712756 bytes
SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
-SHA1 (patch-XSA-185) = a2313922aa4dad734b96c80f64fe54eca3c14019
-SHA1 (patch-XSA-186-1) = 71e4a6c4c683891bac50682a3ab69a204fb681ad
-SHA1 (patch-XSA-186-2) = 6094c2efe468e3f31712659be9a71af2cbe8dc1f
-SHA1 (patch-XSA-187-1) = 55ea0c2d9c7d8d9476a5ab97342ff552be4faf56
-SHA1 (patch-XSA-187-2) = f5308fee03a5d73c8aa283eb82cc36a6a3d3bc06
-SHA1 (patch-XSA-191) = adf1b0d6d8a17b6585fd0ecbe0ca77517623e0af
-SHA1 (patch-XSA-192) = b8b289f4af6b2cebeea16246398d2c473a9e90c1
-SHA1 (patch-XSA-193) = 89fdeea8af25de42bbd207df1b2f3dcd3b61778f
-SHA1 (patch-XSA-195) = 0a44b7deda6a17c88e9d1858eeb7c33b0ebaf3f7
-SHA1 (patch-XSA-196-1) = bdcd7673443fbf59aeff8ad019ffbe39758fcaee
-SHA1 (patch-XSA-196-2) = 81b1d46f3ec8a3c5133f6a923fee0ab1b2b1c6a0
-SHA1 (patch-XSA-200) = 37254653e3f9016de0440047465fddce7e9b1874
-SHA1 (patch-XSA-202) = 52cb1da3bb078f6b7574f606b8c9cacdf24f6518
-SHA1 (patch-XSA-203) = 43310c4e95e0070a24e6a847502e057b9e0eefe9
-SHA1 (patch-XSA-204) = 05defb8d99976a712024d35a81f4dde5627107d9
SHA1 (patch-tools_xentrace_xenalyze.c) = ab973cb7090dc90867dcddf9ab8965f8f2f36c46
SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b
SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/patches/patch-XSA-185
--- a/sysutils/xenkernel46/patches/patch-XSA-185 Mon Mar 20 18:13:23 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-$NetBSD: patch-XSA-185,v 1.1 2016/09/08 15:44:07 bouyer Exp $
-
-From 30aba4992b18245c436f16df7326a16c01a51570 Mon Sep 17 00:00:00 2001
-From: Jan Beulich <jbeulich%suse.com@localhost>
-Date: Mon, 8 Aug 2016 10:58:12 +0100
-Subject: x86/32on64: don't allow recursive page tables from L3
-
-L3 entries are special in PAE mode, and hence can't reasonably be used
-for setting up recursive (and hence linear) page table mappings. Since
-abuse is possible when the guest in fact gets run on 4-level page
-tables, this needs to be excluded explicitly.
-
-This is XSA-185.
-
-Reported-by: Jérémie Boutoille <jboutoille%ext.quarkslab.com@localhost>
-Reported-by: æ ¾å°?è?ª(好é£?) <shangcong.lsc%alibaba-inc.com@localhost>
-Signed-off-by: Jan Beulich <jbeulich%suse.com@localhost>
-Reviewed-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
----
- xen/arch/x86/mm.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
-index 109b8be..69b8b8d 100644
---- xen/arch/x86/mm.c.orig
-+++ xen/arch/x86/mm.c
-@@ -1122,7 +1122,9 @@ get_page_from_l3e(
-
- rc = get_page_and_type_from_pagenr(
- l3e_get_pfn(l3e), PGT_l2_page_table, d, partial, 1);
-- if ( unlikely(rc == -EINVAL) && get_l3_linear_pagetable(l3e, pfn, d) )
-+ if ( unlikely(rc == -EINVAL) &&
-+ !is_pv_32bit_domain(d) &&
-+ get_l3_linear_pagetable(l3e, pfn, d) )
- rc = 0;
-
- return rc;
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/patches/patch-XSA-186-1
--- a/sysutils/xenkernel46/patches/patch-XSA-186-1 Mon Mar 20 18:13:23 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-XSA-186-1,v 1.1 2016/09/08 15:44:07 bouyer Exp $
-
-From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Subject: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary
-
-The Force Emulation Prefix is named to follow its PV counterpart for cpuid or
-rdtsc, but isn't really an instruction prefix. It behaves as a break-out into
-Xen, with the purpose of emulating the next instruction in the current state.
-
-It is important to be able to test legal situations which occur in real
-hardware, including instruction which cross certain boundaries, and
-instructions starting at 0.
-
-Reported-by: Brian Marcotte <marcotte%panix.com@localhost>
-Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Reviewed-by: Jan Beulich <jbeulich%suse.com@localhost>
-
---- xen/arch/x86/hvm/svm/svm.c.orig
-+++ xen/arch/x86/hvm/svm/svm.c
-@@ -2139,6 +2139,10 @@ static void svm_vmexit_ud_intercept(stru
- {
- regs->eip += sizeof(sig);
- regs->eflags &= ~X86_EFLAGS_RF;
-+
-+ /* Zero the upper 32 bits of %rip if not in long mode. */
-+ if ( svm_guest_x86_mode(current) != 8 )
-+ regs->eip = regs->_eip;
- }
- }
-
---- xen/arch/x86/hvm/vmx/vmx.c.orig
-+++ xen/arch/x86/hvm/vmx/vmx.c
-@@ -2757,6 +2757,10 @@ static void vmx_vmexit_ud_intercept(stru
- {
- regs->eip += sizeof(sig);
- regs->eflags &= ~X86_EFLAGS_RF;
-+
-+ /* Zero the upper 32 bits of %rip if not in long mode. */
-+ if ( vmx_guest_x86_mode(current) != 8 )
-+ regs->eip = regs->_eip;
- }
- }
-
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/patches/patch-XSA-186-2
--- a/sysutils/xenkernel46/patches/patch-XSA-186-2 Mon Mar 20 18:13:23 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-From e938be013ba73ff08fa4f1d8670501aacefde7fb Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Date: Fri, 22 Jul 2016 16:02:54 +0000
-Subject: [PATCH 1/2] x86/emulate: Correct boundary interactions of emulated
- instructions
-
-This reverts most of c/s 0640ffb6 "x86emul: fix rIP handling".
-
-Experimentally, in long mode processors will execute an instruction stream
-which crosses the 64bit -1 -> 0 virtual boundary, whether the instruction
-boundary is aligned on the virtual boundary, or is misaligned.
-
-In compatibility mode, Intel processors will execute an instruction stream
-which crosses the 32bit -1 -> 0 virtual boundary, while AMD processors raise a
-segmentation fault. Xen's segmentation behaviour matches AMD.
-
-For 16bit code, hardware does not ever truncated %ip. %eip is always used and
-behaves normally as a 32bit register, including in 16bit protected mode
-segments, as well as in Real and Unreal mode.
-
-This is XSA-186
-
-Reported-by: Brian Marcotte <marcotte%panix.com@localhost>
-Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Reviewed-by: Jan Beulich <jbeulich%suse.com@localhost>
----
- xen/arch/x86/x86_emulate/x86_emulate.c | 22 ++++------------------
- 1 file changed, 4 insertions(+), 18 deletions(-)
-
-diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
-index d5a56cf..bf3529a 100644
---- xen/arch/x86/x86_emulate/x86_emulate.c.orig
-+++ xen/arch/x86/x86_emulate/x86_emulate.c
-@@ -1570,10 +1570,6 @@ x86_emulate(
- #endif
- }
-
-- /* Truncate rIP to def_ad_bytes (2 or 4) if necessary. */
-- if ( def_ad_bytes < sizeof(_regs.eip) )
-- _regs.eip &= (1UL << (def_ad_bytes * 8)) - 1;
--
- /* Prefix bytes. */
- for ( ; ; )
- {
-@@ -3906,21 +3902,11 @@ x86_emulate(
-
- /* Commit shadow register state. */
- _regs.eflags &= ~EFLG_RF;
-- switch ( __builtin_expect(def_ad_bytes, sizeof(_regs.eip)) )
-- {
-- uint16_t ip;
-
-- case 2:
-- ip = _regs.eip;
-- _regs.eip = ctxt->regs->eip;
-- *(uint16_t *)&_regs.eip = ip;
-- break;
--#ifdef __x86_64__
-- case 4:
-- _regs.rip = _regs._eip;
-- break;
--#endif
-- }
-+ /* Zero the upper 32 bits of %rip if not in long mode. */
-+ if ( def_ad_bytes < sizeof(_regs.eip) )
-+ _regs.eip = (uint32_t)_regs.eip;
-+
- *ctxt->regs = _regs;
-
- done:
---
-2.1.4
-
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/patches/patch-XSA-187-1
--- a/sysutils/xenkernel46/patches/patch-XSA-187-1 Mon Mar 20 18:13:23 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-$NetBSD: patch-XSA-187-1,v 1.1 2016/09/08 15:44:07 bouyer Exp $
-
-From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Subject: x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
-
-hvm_get_seg_reg() does not perform a range check on its input segment, calls
-hvm_get_segment_register() and writes straight into sh_ctxt->seg_reg[].
-
-x86_seg_none is outside the bounds of sh_ctxt->seg_reg[], and will hit a BUG()
-in {vmx,svm}_get_segment_register().
-
-HVM guests running with shadow paging can end up performing a virtual to
-linear translation with x86_seg_none. This is used for addresses which are
-already linear. However, none of this is a legitimate pagetable update, so
-fail the emulation in such a case.
-
-This is XSA-187
-
-Reported-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Reviewed-by: Tim Deegan <tim%xen.org@localhost>
-
---- xen/arch/x86/mm/shadow/common.c.orig
-+++ xen/arch/x86/mm/shadow/common.c
-@@ -140,9 +140,18 @@ static int hvm_translate_linear_addr(
- struct sh_emulate_ctxt *sh_ctxt,
- unsigned long *paddr)
- {
-- struct segment_register *reg = hvm_get_seg_reg(seg, sh_ctxt);
-+ struct segment_register *reg;
- int okay;
-
-+ /*
-+ * Can arrive here with non-user segments. However, no such cirucmstance
-+ * is part of a legitimate pagetable update, so fail the emulation.
-+ */
-+ if ( !is_x86_user_segment(seg) )
-+ return X86EMUL_UNHANDLEABLE;
-+
-+ reg = hvm_get_seg_reg(seg, sh_ctxt);
-+
- okay = hvm_virtual_to_linear_addr(
- seg, reg, offset, bytes, access_type, sh_ctxt->ctxt.addr_size, paddr);
-
diff -r af7227d9f8a0 -r f2d39937dcbc sysutils/xenkernel46/patches/patch-XSA-187-2
--- a/sysutils/xenkernel46/patches/patch-XSA-187-2 Mon Mar 20 18:13:23 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,144 +0,0 @@
-$NetBSD: patch-XSA-187-2,v 1.1 2016/09/08 15:44:07 bouyer Exp $
-
-From: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Subject: x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
-
-HVM HAP codepaths have space for all segment registers in the seg_reg[]
-cache (with x86_seg_none still risking an array overrun), while the shadow
-codepaths only have space for the user segments.
-
-Range check the input segment of *_get_seg_reg() against the size of the array
-used to cache the results, to avoid overruns in the case that the callers
-don't filter their input suitably.
-
-Subsume the is_x86_user_segment(seg) checks from the shadow code, which were
-an incomplete attempt at range checking, and are now superceeded. Make
-hvm_get_seg_reg() static, as it is not used outside of shadow/common.c
-
-No functional change, but far easier to reason that no overflow is possible.
-
-Reported-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Signed-off-by: Andrew Cooper <andrew.cooper3%citrix.com@localhost>
-Acked-by: Tim Deegan <tim%xen.org@localhost>
-Acked-by: Jan Beulich <jbeulich%suse.com@localhost>
-
---- xen/arch/x86/hvm/emulate.c.orig
-+++ xen/arch/x86/hvm/emulate.c
-@@ -526,6 +526,8 @@ static int hvmemul_virtual_to_linear(
- ? 1 : 4096);
-
- reg = hvmemul_get_seg_reg(seg, hvmemul_ctxt);
-+ if ( IS_ERR(reg) )
-+ return -PTR_ERR(reg);
-
Home |
Main Index |
Thread Index |
Old Index