Pullup ticket #4514 - requested by bouyer sysutils/xenkernel42: security patch Revisions pulled up: - sysutils/xenkernel42/Makefile 1.9 - sysutils/xenkernel42/distinfo 1.7 - sysutils/xenkernel42/patches/patch-xen_arch_x86_hvm_hvm.c 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Wed Oct 1 17:34:55 UTC 2014 Modified Files: pkgsrc/sysutils/xenkernel42: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel42/patches: patch-xen_arch_x86_hvm_hvm.c Log Message: Add patch from upstream, fixing CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation Bump PKGREVISIONdiff -r1.8 -r1.8.2.1 pkgsrc/sysutils/xenkernel42/Makefile
(tron)
@@ -1,54 +1,55 @@ | @@ -1,54 +1,55 @@ | |||
1 | # $NetBSD: Makefile,v 1.8 2014/09/26 10:39:31 bouyer Exp $ | 1 | # $NetBSD: Makefile,v 1.8.2.1 2014/10/04 15:39:18 tron Exp $ | |
2 | 2 | |||
3 | VERSION= 4.2.5 | 3 | VERSION= 4.2.5 | |
4 | DISTNAME= xen-${VERSION} | 4 | DISTNAME= xen-${VERSION} | |
5 | PKGNAME= xenkernel42-${VERSION} | 5 | PKGNAME= xenkernel42-${VERSION} | |
6 | PKGREVISION= 1 | |||
6 | CATEGORIES= sysutils | 7 | CATEGORIES= sysutils | |
7 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | 8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | |
8 | 9 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://xenproject.org/ | 11 | HOMEPAGE= http://xenproject.org/ | |
11 | COMMENT= Xen 4.2.x Kernel | 12 | COMMENT= Xen 4.2.x Kernel | |
12 | 13 | |||
13 | LICENSE= gnu-gpl-v2 | 14 | LICENSE= gnu-gpl-v2 | |
14 | 15 | |||
15 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | 16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | |
16 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | 17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | |
17 | 18 | |||
18 | NO_CONFIGURE= yes | 19 | NO_CONFIGURE= yes | |
19 | USE_TOOLS+= gmake | 20 | USE_TOOLS+= gmake | |
20 | 21 | |||
21 | PYTHON_FOR_BUILD_ONLY= YES | 22 | PYTHON_FOR_BUILD_ONLY= YES | |
22 | PYTHON_VERSIONS_INCOMPATIBLE= 33 34 # not yet ported as of 4.2.3 | 23 | PYTHON_VERSIONS_INCOMPATIBLE= 33 34 # not yet ported as of 4.2.3 | |
23 | 24 | |||
24 | MAKE_ENV+= OCAML_TOOLS=no | 25 | MAKE_ENV+= OCAML_TOOLS=no | |
25 | 26 | |||
26 | INSTALLATION_DIRS= xen42-kernel | 27 | INSTALLATION_DIRS= xen42-kernel | |
27 | XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS} | 28 | XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS} | |
28 | 29 | |||
29 | MESSAGE_SUBST+= XENKERNELDIR=${XENKERNELDIR} | 30 | MESSAGE_SUBST+= XENKERNELDIR=${XENKERNELDIR} | |
30 | 31 | |||
31 | .include "../../mk/compiler.mk" | 32 | .include "../../mk/compiler.mk" | |
32 | .if !empty(PKGSRC_COMPILER:Mclang) | 33 | .if !empty(PKGSRC_COMPILER:Mclang) | |
33 | EXTRA_CFLAGS+= -Qunused-arguments -no-integrated-as -Wno-error=format \ | 34 | EXTRA_CFLAGS+= -Qunused-arguments -no-integrated-as -Wno-error=format \ | |
34 | -Wno-error=parentheses-equality -Wno-error=enum-conversion \ | 35 | -Wno-error=parentheses-equality -Wno-error=enum-conversion \ | |
35 | -Wno-error=unused-function -Wno-error=unused-const-variable | 36 | -Wno-error=unused-function -Wno-error=unused-const-variable | |
36 | .endif | 37 | .endif | |
37 | 38 | |||
38 | MAKE_ENV+= EXTRA_CFLAGS=${EXTRA_CFLAGS:Q} | 39 | MAKE_ENV+= EXTRA_CFLAGS=${EXTRA_CFLAGS:Q} | |
39 | 40 | |||
40 | do-build: | 41 | do-build: | |
41 | cd ${WRKSRC}/xen && ${BUILD_MAKE_CMD} debug=n build | 42 | cd ${WRKSRC}/xen && ${BUILD_MAKE_CMD} debug=n build | |
42 | ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen.gz | 43 | ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen.gz | |
43 | cd ${WRKSRC}/xen && ${MAKE_PROGRAM} clean | 44 | cd ${WRKSRC}/xen && ${MAKE_PROGRAM} clean | |
44 | cd ${WRKSRC}/xen && ${BUILD_MAKE_CMD} debug=y build | 45 | cd ${WRKSRC}/xen && ${BUILD_MAKE_CMD} debug=y build | |
45 | ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen-debug.gz | 46 | ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen-debug.gz | |
46 | 47 | |||
47 | do-install: | 48 | do-install: | |
48 | ${INSTALL_DATA} ${WRKDIR}/xen.gz \ | 49 | ${INSTALL_DATA} ${WRKDIR}/xen.gz \ | |
49 | ${DESTDIR}${XENKERNELDIR}/xen.gz | 50 | ${DESTDIR}${XENKERNELDIR}/xen.gz | |
50 | ${INSTALL_DATA} ${WRKDIR}/xen-debug.gz \ | 51 | ${INSTALL_DATA} ${WRKDIR}/xen-debug.gz \ | |
51 | ${DESTDIR}${XENKERNELDIR}/xen-debug.gz | 52 | ${DESTDIR}${XENKERNELDIR}/xen-debug.gz | |
52 | 53 | |||
53 | .include "../../lang/python/application.mk" | 54 | .include "../../lang/python/application.mk" | |
54 | .include "../../mk/bsd.pkg.mk" | 55 | .include "../../mk/bsd.pkg.mk" |
@@ -1,11 +1,12 @@ | @@ -1,11 +1,12 @@ | |||
1 | $NetBSD: distinfo,v 1.6 2014/09/26 10:39:31 bouyer Exp $ | 1 | $NetBSD: distinfo,v 1.6.2.1 2014/10/04 15:39:18 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a | 3 | SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a | |
4 | RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 | 4 | RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 | |
5 | Size (xen-4.2.5.tar.gz) = 15671925 bytes | 5 | Size (xen-4.2.5.tar.gz) = 15671925 bytes | |
6 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | 6 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | |
7 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | 7 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | |
8 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | 8 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | |
9 | SHA1 (patch-xen_arch_x86_hvm_hvm.c) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f | |||
9 | SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a | 10 | SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a | |
10 | SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a | 11 | SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a | |
11 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 | 12 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 |
$NetBSD: patch-xen_arch_x86_hvm_hvm.c,v 1.1.2.2 2014/10/04 15:39:18 tron Exp $
x86/HVM: properly bound x2APIC MSR range
While the write path change appears to be purely cosmetic (but still
gets done here for consistency), the read side mistake permitted
accesses beyond the virtual APIC page.
Note that while this isn't fully in line with the specification
(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal
possible fix addressing the security issue and getting x2APIC related
code into a consistent shape (elsewhere a 256 rather than 1024 wide
window is being used too). This will be dealt with subsequently.
This is XSA-108.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- xen/arch/x86/hvm/hvm.c.orig
+++ xen/arch/x86/hvm/hvm.c
@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int
*msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
break;
- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
if ( hvm_x2apic_msr_read(v, msr, msr_content) )
goto gp_fault;
break;
@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int
vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
break;
- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
if ( hvm_x2apic_msr_write(v, msr, msr_content) )
goto gp_fault;
break;