[src/netbsd-6-0]: src/doc 1358

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7f10e5f2406b
branches:  netbsd-6-0
changeset: 775111:7f10e5f2406b
user:      snj <snj%NetBSD.org@localhost>
date:      Fri Jan 08 21:24:58 2016 +0000

description:
1358

diffstat:

 doc/CHANGES-6.0.7 |  19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r c780cd6fe83b -r 7f10e5f2406b doc/CHANGES-6.0.7
--- a/doc/CHANGES-6.0.7 Fri Jan 08 21:24:37 2016 +0000
+++ b/doc/CHANGES-6.0.7 Fri Jan 08 21:24:58 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.55 2015/11/18 07:45:00 msaitoh Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.56 2016/01/08 21:24:58 snj Exp $
 
 A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
 release:
@@ -7098,3 +7098,20 @@
        duplicate pair address.
        fix CID 980463
        [knakahara, ticket #1345]
+
+sys/arch/xen/include/xen-public/io/ring.h      1.3 via patch
+sys/arch/xen/xen/pciback.c                     1.10 via patch
+sys/arch/xen/xen/xbdback_xenbus.c              1.62 via patch
+sys/arch/xen/xen/xennetback_xenbus.c           1.54 via patch
+
+       Apply patch from xsa155: make sure that the backend won't read
+       parts of the request again (possibly because of compiler
+       optimisations), by using copies and barrier.
+       From XSA155:
+       The compiler can emit optimizations in the PV backend drivers
+       which can lead to double fetch vulnerabilities. Specifically
+       the shared memory between the frontend and backend can be fetched
+       twice (during which time the frontend can alter the contents)
+       possibly leading to arbitrary code execution in backend.
+       [bouyer, ticket #1358]
+