add patch from upstream to fix bug in MMIO emulation which can cause guest crashes by unprivileged users, only for HVM guests, and if MMIO is granted to the user process (CVE-2012-3432) bump PKGREVdiff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/Makefile
(drochner)
@@ -1,20 +1,20 @@ | @@ -1,20 +1,20 @@ | |||
1 | # $NetBSD: Makefile,v 1.7 2012/06/19 20:17:06 bouyer Exp $ | 1 | # $NetBSD: Makefile,v 1.8 2012/07/27 18:50:34 drochner Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | VERSION= 4.1.2 | 4 | VERSION= 4.1.2 | |
5 | DISTNAME= xen-${VERSION} | 5 | DISTNAME= xen-${VERSION} | |
6 | PKGNAME= xenkernel41-${VERSION} | 6 | PKGNAME= xenkernel41-${VERSION} | |
7 | PKGREVISION= 2 | 7 | PKGREVISION= 3 | |
8 | CATEGORIES= sysutils | 8 | CATEGORIES= sysutils | |
9 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | 9 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | |
10 | EXTRACT_SUFX= .tar.gz | 10 | EXTRACT_SUFX= .tar.gz | |
11 | 11 | |||
12 | MAINTAINER= cegger@NetBSD.org | 12 | MAINTAINER= cegger@NetBSD.org | |
13 | HOMEPAGE= http://xen.org/ | 13 | HOMEPAGE= http://xen.org/ | |
14 | COMMENT= Xen 4.1.2 Kernel | 14 | COMMENT= Xen 4.1.2 Kernel | |
15 | 15 | |||
16 | LICENSE= gnu-gpl-v2 | 16 | LICENSE= gnu-gpl-v2 | |
17 | 17 | |||
18 | PKG_DESTDIR_SUPPORT= user-destdir | 18 | PKG_DESTDIR_SUPPORT= user-destdir | |
19 | 19 | |||
20 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | 20 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 |
@@ -1,9 +1,10 @@ | @@ -1,9 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.7 2012/06/12 15:59:04 bouyer Exp $ | 1 | $NetBSD: distinfo,v 1.8 2012/07/27 18:50:34 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e | 3 | SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e | |
4 | RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6 | 4 | RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6 | |
5 | Size (xen-4.1.2.tar.gz) = 10365786 bytes | 5 | Size (xen-4.1.2.tar.gz) = 10365786 bytes | |
6 | SHA1 (patch-CVE-2012-3432) = e85b1adf1c683a1d086410f0c4265ed72a86d7fb | |||
6 | SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 | 7 | SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 | |
7 | SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 | 8 | SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 | |
8 | SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515 | 9 | SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515 | |
9 | SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb | 10 | SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb |
$NetBSD: patch-CVE-2012-3432,v 1.1 2012/07/27 18:50:34 drochner Exp $
see http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
--- xen/arch/x86/hvm/io.c.orig 2012-07-27 18:34:15.000000000 +0000
+++ xen/arch/x86/hvm/io.c
@@ -176,6 +176,8 @@ int handle_mmio(void)
rc = hvm_emulate_one(&ctxt);
+ if ( rc != X86EMUL_RETRY )
+ curr->arch.hvm_vcpu.io_state = HVMIO_none;
if ( curr->arch.hvm_vcpu.io_state == HVMIO_awaiting_completion )
curr->arch.hvm_vcpu.io_state = HVMIO_handle_mmio_awaiting_completion;
else