Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 022597A210 for ; Sat, 8 Apr 2017 12:18:00 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 6EEF984DBB; Sat, 8 Apr 2017 12:18:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id F25AC84DB5 for ; Sat, 8 Apr 2017 12:17:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id cgrxC0OEimQ0 for ; Sat, 8 Apr 2017 12:17:59 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 5984A84CE2 for ; Sat, 8 Apr 2017 12:17:59 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id F0BD2FBE4; Sat, 8 Apr 2017 12:17:58 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_149165387851070" MIME-Version: 1.0 Date: Sat, 8 Apr 2017 12:17:58 +0000 From: "S.P.Zeidler" Subject: CVS commit: pkgsrc/sysutils/xenkernel46 To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20170408121758.F0BD2FBE4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_149165387851070 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: spz Date: Sat Apr 8 12:17:58 UTC 2017 Modified Files: pkgsrc/sysutils/xenkernel46: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel46/patches: patch-XSA-212 Log Message: add patch for XSA-212 from upstream (http://xenbits.xen.org/xsa/advisory-212.html) To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 pkgsrc/sysutils/xenkernel46/Makefile cvs rdiff -u -r1.7 -r1.8 pkgsrc/sysutils/xenkernel46/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xenkernel46/patches/patch-XSA-212 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_149165387851070 Content-Disposition: inline Content-Length: 5547 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/sysutils/xenkernel46/Makefile diff -u pkgsrc/sysutils/xenkernel46/Makefile:1.10 pkgsrc/sysutils/xenkernel46/Makefile:1.11 --- pkgsrc/sysutils/xenkernel46/Makefile:1.10 Mon Mar 20 18:17:12 2017 +++ pkgsrc/sysutils/xenkernel46/Makefile Sat Apr 8 12:17:58 2017 @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.10 2017/03/20 18:17:12 bouyer Exp $ +# $NetBSD: Makefile,v 1.11 2017/04/08 12:17:58 spz Exp $ VERSION= 4.6.5 DISTNAME= xen-${VERSION} PKGNAME= xenkernel46-${VERSION} -#PKGREVISION= 4 +PKGREVISION= 1 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ Index: pkgsrc/sysutils/xenkernel46/distinfo diff -u pkgsrc/sysutils/xenkernel46/distinfo:1.7 pkgsrc/sysutils/xenkernel46/distinfo:1.8 --- pkgsrc/sysutils/xenkernel46/distinfo:1.7 Mon Mar 20 18:17:12 2017 +++ pkgsrc/sysutils/xenkernel46/distinfo Sat Apr 8 12:17:58 2017 @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.7 2017/03/20 18:17:12 bouyer Exp $ +$NetBSD: distinfo,v 1.8 2017/04/08 12:17:58 spz Exp $ SHA1 (xen-4.6.5.tar.gz) = af371af662211ee1480167b6c9e35142156f3a8d RMD160 (xen-4.6.5.tar.gz) = 3f2468d7d3715d14842ac57b2180118ef48e93fa SHA512 (xen-4.6.5.tar.gz) = d3e1b16fa9d695a5fc28ca4375b8de3dfcab480437d4d0151972d9f286528c9f667841e7a6888c918c580371d6984658a8d3b92235553c8c9c052d93154547b5 Size (xen-4.6.5.tar.gz) = 19712756 bytes SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf +SHA1 (patch-XSA-212) = 4637d51bcbb3b11fb0e22940f824ebacdaa15b4f SHA1 (patch-tools_xentrace_xenalyze.c) = ab973cb7090dc90867dcddf9ab8965f8f2f36c46 SHA1 (patch-xen_Makefile) = be3f4577a205b23187b91319f91c50720919f70b SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154 Added files: Index: pkgsrc/sysutils/xenkernel46/patches/patch-XSA-212 diff -u /dev/null pkgsrc/sysutils/xenkernel46/patches/patch-XSA-212:1.1 --- /dev/null Sat Apr 8 12:17:58 2017 +++ pkgsrc/sysutils/xenkernel46/patches/patch-XSA-212 Sat Apr 8 12:17:58 2017 @@ -0,0 +1,89 @@ +$NetBSD: patch-XSA-212,v 1.1 2017/04/08 12:17:58 spz Exp $ + +memory: properly check guest memory ranges in XENMEM_exchange handling + +The use of guest_handle_okay() here (as introduced by the XSA-29 fix) +is insufficient here, guest_handle_subrange_okay() needs to be used +instead. + +Note that the uses are okay in +- XENMEM_add_to_physmap_batch handling due to the size field being only + 16 bits wide, +- livepatch_list() due to the limit of 1024 enforced on the + number-of-entries input (leaving aside the fact that this can be + called by a privileged domain only anyway), +- compat mode handling due to counts there being limited to 32 bits, +- everywhere else due to guest arrays being accessed sequentially from + index zero. + +This is XSA-212. + +Reported-by: Jann Horn +Signed-off-by: Jan Beulich +Reviewed-by: Andrew Cooper + +--- xen/common/memory.c ++++ xen/common/memory.c +@@ -436,8 +436,8 @@ static long memory_exchange(XEN_GUEST_HA + goto fail_early; + } + +- if ( !guest_handle_okay(exch.in.extent_start, exch.in.nr_extents) || +- !guest_handle_okay(exch.out.extent_start, exch.out.nr_extents) ) ++ if ( !guest_handle_subrange_okay(exch.in.extent_start, exch.nr_exchanged, ++ exch.in.nr_extents - 1) ) + { + rc = -EFAULT; + goto fail_early; +@@ -447,11 +447,27 @@ static long memory_exchange(XEN_GUEST_HA + { + in_chunk_order = exch.out.extent_order - exch.in.extent_order; + out_chunk_order = 0; ++ ++ if ( !guest_handle_subrange_okay(exch.out.extent_start, ++ exch.nr_exchanged >> in_chunk_order, ++ exch.out.nr_extents - 1) ) ++ { ++ rc = -EFAULT; ++ goto fail_early; ++ } + } + else + { + in_chunk_order = 0; + out_chunk_order = exch.in.extent_order - exch.out.extent_order; ++ ++ if ( !guest_handle_subrange_okay(exch.out.extent_start, ++ exch.nr_exchanged << out_chunk_order, ++ exch.out.nr_extents - 1) ) ++ { ++ rc = -EFAULT; ++ goto fail_early; ++ } + } + + d = rcu_lock_domain_by_any_id(exch.in.domid); +--- xen/include/asm-x86/x86_64/uaccess.h ++++ xen/include/asm-x86/x86_64/uaccess.h +@@ -29,8 +29,9 @@ extern void *xlat_malloc(unsigned long * + /* + * Valid if in +ve half of 48-bit address space, or above Xen-reserved area. + * This is also valid for range checks (addr, addr+size). As long as the +- * start address is outside the Xen-reserved area then we will access a +- * non-canonical address (and thus fault) before ever reaching VIRT_START. ++ * start address is outside the Xen-reserved area, sequential accesses ++ * (starting at addr) will hit a non-canonical address (and thus fault) ++ * before ever reaching VIRT_START. + */ + #define __addr_ok(addr) \ + (((unsigned long)(addr) < (1UL<<47)) || \ +@@ -40,7 +41,8 @@ extern void *xlat_malloc(unsigned long * + (__addr_ok(addr) || is_compat_arg_xlat_range(addr, size)) + + #define array_access_ok(addr, count, size) \ +- (access_ok(addr, (count)*(size))) ++ (likely(((count) ?: 0UL) < (~0UL / (size))) && \ ++ access_ok(addr, (count) * (size))) + + #define __compat_addr_ok(d, addr) \ + ((unsigned long)(addr) < HYPERVISOR_COMPAT_VIRT_START(d)) --_----------=_149165387851070--