Wed Jun 20 17:54:12 2012 UTC ()
Pullup ticket #3837 - requested by bouyer
sysutils/xenkernel41: security patch
Revisions pulled up:
- sysutils/xenkernel41/Makefile 1.7
- sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1 deleted
- sysutils/xenkernel41/patch-xsa9-xen-4.1 deleted
- sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1 1.1
- sysutils/xenkernel41/patches/patch-xsa9-xen-4.1 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Tue Jun 19 20:17:07 UTC 2012
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-xsa7-xsa8-xen-4.1
patch-xsa9-xen-4.1
Removed Files:
pkgsrc/sysutils/xenkernel41: patch-xsa7-xsa8-xen-4.1 patch-xsa9-xen-4.1
Log Message:
Move patches to the right place. Bump PKGREVISION
(tron)
diff -r1.5.4.1 -r1.5.4.2 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.1.2.2 -r0 pkgsrc/sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1
diff -r1.1.2.2 -r0 pkgsrc/sysutils/xenkernel41/patch-xsa9-xen-4.1
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel41/patches/patch-xsa9-xen-4.1
--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/06/13 11:06:17 1.5.4.1
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/06/20 17:54:12 1.5.4.2
| @@ -1,20 +1,20 @@ | | | @@ -1,20 +1,20 @@ |
1 | # $NetBSD: Makefile,v 1.5.4.1 2012/06/13 11:06:17 tron Exp $ | | 1 | # $NetBSD: Makefile,v 1.5.4.2 2012/06/20 17:54:12 tron Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | VERSION= 4.1.2 | | 4 | VERSION= 4.1.2 |
5 | DISTNAME= xen-${VERSION} | | 5 | DISTNAME= xen-${VERSION} |
6 | PKGNAME= xenkernel41-${VERSION} | | 6 | PKGNAME= xenkernel41-${VERSION} |
7 | PKGREVISION= 1 | | 7 | PKGREVISION= 2 |
8 | CATEGORIES= sysutils | | 8 | CATEGORIES= sysutils |
9 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | | 9 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ |
10 | EXTRACT_SUFX= .tar.gz | | 10 | EXTRACT_SUFX= .tar.gz |
11 | | | 11 | |
12 | MAINTAINER= cegger@NetBSD.org | | 12 | MAINTAINER= cegger@NetBSD.org |
13 | HOMEPAGE= http://xen.org/ | | 13 | HOMEPAGE= http://xen.org/ |
14 | COMMENT= Xen 4.1.2 Kernel | | 14 | COMMENT= Xen 4.1.2 Kernel |
15 | | | 15 | |
16 | LICENSE= gnu-gpl-v2 | | 16 | LICENSE= gnu-gpl-v2 |
17 | | | 17 | |
18 | PKG_DESTDIR_SUPPORT= user-destdir | | 18 | PKG_DESTDIR_SUPPORT= user-destdir |
19 | | | 19 | |
20 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | | 20 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 |
$NetBSD: patch-xsa7-xsa8-xen-4.1,v 1.1.2.2 2012/06/20 17:54:12 tron Exp $
diff -r 35248be669e7 xen/arch/x86/x86_64/asm-offsets.c
--- xen/arch/x86/x86_64/asm-offsets.c.orig Mon May 14 16:59:12 2012 +0100
+++ xen/arch/x86/x86_64/asm-offsets.c Thu May 24 11:12:33 2012 +0100
@@ -90,6 +90,8 @@ void __dummy__(void)
arch.guest_context.trap_ctxt[TRAP_gp_fault].address);
OFFSET(VCPU_gp_fault_sel, struct vcpu,
arch.guest_context.trap_ctxt[TRAP_gp_fault].cs);
+ OFFSET(VCPU_gp_fault_flags, struct vcpu,
+ arch.guest_context.trap_ctxt[TRAP_gp_fault].flags);
OFFSET(VCPU_kernel_sp, struct vcpu, arch.guest_context.kernel_sp);
OFFSET(VCPU_kernel_ss, struct vcpu, arch.guest_context.kernel_ss);
OFFSET(VCPU_guest_context_flags, struct vcpu, arch.guest_context.flags);
diff -r 35248be669e7 xen/arch/x86/x86_64/compat/entry.S
--- xen/arch/x86/x86_64/compat/entry.S.orig Mon May 14 16:59:12 2012 +0100
+++ xen/arch/x86/x86_64/compat/entry.S Thu May 24 11:12:33 2012 +0100
@@ -214,6 +214,7 @@ 1: call compat_create_bounce_frame
ENTRY(compat_post_handle_exception)
testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
jz compat_test_all_events
+.Lcompat_bounce_exception:
call compat_create_bounce_frame
movb $0,TRAPBOUNCE_flags(%rdx)
jmp compat_test_all_events
@@ -226,19 +227,20 @@ ENTRY(compat_syscall)
leaq VCPU_trap_bounce(%rbx),%rdx
testl $~3,%esi
leal (,%rcx,TBF_INTERRUPT),%ecx
- jz 2f
-1: movq %rax,TRAPBOUNCE_eip(%rdx)
+UNLIKELY_START(z, compat_syscall_gpf)
+ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+ subl $2,UREGS_rip(%rsp)
+ movl $0,TRAPBOUNCE_error_code(%rdx)
+ movl VCPU_gp_fault_addr(%rbx),%eax
+ movzwl VCPU_gp_fault_sel(%rbx),%esi
+ testb $4,VCPU_gp_fault_flags(%rbx)
+ setnz %cl
+ leal TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
+UNLIKELY_END(compat_syscall_gpf)
+ movq %rax,TRAPBOUNCE_eip(%rdx)
movw %si,TRAPBOUNCE_cs(%rdx)
movb %cl,TRAPBOUNCE_flags(%rdx)
- call compat_create_bounce_frame
- jmp compat_test_all_events
-2: movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
- subl $2,UREGS_rip(%rsp)
- movq VCPU_gp_fault_addr(%rbx),%rax
- movzwl VCPU_gp_fault_sel(%rbx),%esi
- movb $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
- movl $0,TRAPBOUNCE_error_code(%rdx)
- jmp 1b
+ jmp .Lcompat_bounce_exception
ENTRY(compat_sysenter)
cmpl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
diff -r 35248be669e7 xen/arch/x86/x86_64/entry.S
--- xen/arch/x86/x86_64/entry.S.orig Mon May 14 16:59:12 2012 +0100
+++ xen/arch/x86/x86_64/entry.S Thu May 24 11:12:33 2012 +0100
@@ -40,6 +40,13 @@ restore_all_guest:
testw $TRAP_syscall,4(%rsp)
jz iret_exit_to_guest
+ /* Don't use SYSRET path if the return address is not canonical. */
+ movq 8(%rsp),%rcx
+ sarq $47,%rcx
+ incl %ecx
+ cmpl $1,%ecx
+ ja .Lforce_iret
+
addq $8,%rsp
popq %rcx # RIP
popq %r11 # CS
@@ -50,6 +57,10 @@ restore_all_guest:
sysretq
1: sysretl
+.Lforce_iret:
+ /* Mimic SYSRET behavior. */
+ movq 8(%rsp),%rcx # RIP
+ movq 24(%rsp),%r11 # RFLAGS
ALIGN
/* No special register assumptions. */
iret_exit_to_guest:
@@ -278,19 +289,21 @@ sysenter_eflags_saved:
leaq VCPU_trap_bounce(%rbx),%rdx
testq %rax,%rax
leal (,%rcx,TBF_INTERRUPT),%ecx
- jz 2f
-1: movq VCPU_domain(%rbx),%rdi
+UNLIKELY_START(z, sysenter_gpf)
+ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+ subq $2,UREGS_rip(%rsp)
+ movl %eax,TRAPBOUNCE_error_code(%rdx)
+ movq VCPU_gp_fault_addr(%rbx),%rax
+ testb $4,VCPU_gp_fault_flags(%rbx)
+ setnz %cl
+ leal TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
+UNLIKELY_END(sysenter_gpf)
+ movq VCPU_domain(%rbx),%rdi
movq %rax,TRAPBOUNCE_eip(%rdx)
movb %cl,TRAPBOUNCE_flags(%rdx)
testb $1,DOMAIN_is_32bit_pv(%rdi)
jnz compat_sysenter
- call create_bounce_frame
- jmp test_all_events
-2: movl %eax,TRAPBOUNCE_error_code(%rdx)
- movq VCPU_gp_fault_addr(%rbx),%rax
- movb $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
- movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
- jmp 1b
+ jmp .Lbounce_exception
ENTRY(int80_direct_trap)
pushq $0
@@ -482,6 +495,7 @@ 1: movq %rsp,%rdi
jnz compat_post_handle_exception
testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
jz test_all_events
+.Lbounce_exception:
call create_bounce_frame
movb $0,TRAPBOUNCE_flags(%rdx)
jmp test_all_events
$NetBSD: patch-xsa9-xen-4.1,v 1.1.2.2 2012/06/20 17:54:12 tron Exp $
x86-64: detect processors subject to AMD erratum #121 and refuse to boot
Processors with this erratum are subject to a DoS attack by unprivileged
guest users.
This is XSA-9 / CVE-2006-0744.
Signed-off-by: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
--- xen/arch/x86/cpu/amd.c.orig
+++ xen/arch/x86/cpu/amd.c
@@ -32,6 +32,9 @@
static char opt_famrev[14];
string_param("cpuid_mask_cpu", opt_famrev);
+static int opt_allow_unsafe;
+boolean_param("allow_unsafe", opt_allow_unsafe);
+
static inline void wrmsr_amd(unsigned int index, unsigned int lo,
unsigned int hi)
{
@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp
clear_bit(X86_FEATURE_MCE, c->x86_capability);
#ifdef __x86_64__
+ if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
+ panic("Xen will not boot on this CPU for security reasons.\n"
+ "Pass \"allow_unsafe\" if you're trusting all your"
+ " (PV) guest kernels.\n");
+
/* AMD CPUs do not support SYSENTER outside of legacy mode. */
clear_bit(X86_FEATURE_SEP, c->x86_capability);
--- xen/include/asm-x86/amd.h.orig
+++ xen/include/asm-x86/amd.h
@@ -127,6 +127,9 @@
#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
+#define AMD_ERRATUM_121 \
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf))
+
#define AMD_ERRATUM_170 \
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf))