Thu Jul 28 14:09:15 2016 UTC ()
Pullup ticket #5072 - requested by bouyer
sysutils/xenkernel41: security patch

Revisions pulled up:
- sysutils/xenkernel41/Makefile                                 1.50
- sysutils/xenkernel41/distinfo                                 1.43
- sysutils/xenkernel41/patches/patch-XSA-182                    1.1

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Tue Jul 26 15:59:20 UTC 2016

   Modified Files:
   	pkgsrc/sysutils/xenkernel41: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel41/patches: patch-XSA-182

   Log Message:
   Apply security patch from XSA-182. Bump PKGREVISION
   xen 4.2 is not vulnerable to XSA-183.

   To generate a diff of this commit:
   cvs rdiff -u -r1.49 -r1.50 pkgsrc/sysutils/xenkernel41/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/sysutils/xenkernel41/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-XSA-182


(spz)
diff -r1.48 -r1.48.4.1 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.42 -r1.42.4.1 pkgsrc/sysutils/xenkernel41/distinfo
diff -r0 -r1.1.2.2 pkgsrc/sysutils/xenkernel41/patches/patch-XSA-182
cvs diff -r1.48 -r1.48.4.1 pkgsrc/sysutils/xenkernel41/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2016/01/07 17:55:55 1.48
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2016/07/28 14:09:14 1.48.4.1
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1# $NetBSD: Makefile,v 1.48 2016/01/07 17:55:55 bouyer Exp $ 1# $NetBSD: Makefile,v 1.48.4.1 2016/07/28 14:09:14 spz Exp $
2 2
3VERSION= 4.1.6.1 3VERSION= 4.1.6.1
4DISTNAME= xen-${VERSION} 4DISTNAME= xen-${VERSION}
5PKGNAME= xenkernel41-${VERSION} 5PKGNAME= xenkernel41-${VERSION}
6PKGREVISION= 18 6PKGREVISION= 19
7CATEGORIES= sysutils 7CATEGORIES= sysutils
8MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ 8MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
9 9
10MAINTAINER= cegger@NetBSD.org 10MAINTAINER= cegger@NetBSD.org
11HOMEPAGE= http://xen.org/ 11HOMEPAGE= http://xen.org/
12COMMENT= Xen 4.1.x Kernel 12COMMENT= Xen 4.1.x Kernel
13 13
14LICENSE= gnu-gpl-v2 14LICENSE= gnu-gpl-v2
15 15
16ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 16ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64
17ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 17ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386
18 18
19NO_CONFIGURE= yes 19NO_CONFIGURE= yes
cvs diff -r1.42 -r1.42.4.1 pkgsrc/sysutils/xenkernel41/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/sysutils/xenkernel41/Attic/distinfo 2016/03/01 20:09:04 1.42
+++ pkgsrc/sysutils/xenkernel41/Attic/distinfo 2016/07/28 14:09:14 1.42.4.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1$NetBSD: distinfo,v 1.42 2016/03/01 20:09:04 joerg Exp $ 1$NetBSD: distinfo,v 1.42.4.1 2016/07/28 14:09:14 spz Exp $
2 2
3SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 3SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
4RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 4RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
5SHA512 (xen-4.1.6.1.tar.gz) = 5f6106514ffb57708009e3d6763824b13d9038699048d1a91fa09ad223e0391b92b6ea0f25714a0bbf8ac8373c58fc7871ca0bce9c3ff7873d41fb2eeae13ed8 5SHA512 (xen-4.1.6.1.tar.gz) = 5f6106514ffb57708009e3d6763824b13d9038699048d1a91fa09ad223e0391b92b6ea0f25714a0bbf8ac8373c58fc7871ca0bce9c3ff7873d41fb2eeae13ed8
6Size (xen-4.1.6.1.tar.gz) = 10428485 bytes 6Size (xen-4.1.6.1.tar.gz) = 10428485 bytes
7SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1 7SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1
8SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069 8SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069
9SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509 9SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509
10SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f 10SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f
11SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8 11SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8
12SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241 12SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241
13SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15 13SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15
14SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3 14SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3
@@ -27,21 +27,22 @@ SHA1 (patch-CVE-2014-8866) = ee0bc3afb76 @@ -27,21 +27,22 @@ SHA1 (patch-CVE-2014-8866) = ee0bc3afb76
27SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 27SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76
28SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4 28SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4
29SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60 29SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60
30SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7 30SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7
31SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c 31SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c
32SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087 32SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087
33SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98 33SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98
34SHA1 (patch-CVE-2015-7835) = d66fe84abfb921bf435c1ed9b077012937d0c71e 34SHA1 (patch-CVE-2015-7835) = d66fe84abfb921bf435c1ed9b077012937d0c71e
35SHA1 (patch-CVE-2015-7969) = 4eb96025afae4be547f74b9e71a7d8a3a37fc60b 35SHA1 (patch-CVE-2015-7969) = 4eb96025afae4be547f74b9e71a7d8a3a37fc60b
36SHA1 (patch-CVE-2015-7971) = 0d0d36ad99f313afb96111a832eb65ddeaf8010e 36SHA1 (patch-CVE-2015-7971) = 0d0d36ad99f313afb96111a832eb65ddeaf8010e
37SHA1 (patch-CVE-2015-8339) = e5485ab9e73fa9a63c566505b8de805530ac678e 37SHA1 (patch-CVE-2015-8339) = e5485ab9e73fa9a63c566505b8de805530ac678e
38SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 38SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
39SHA1 (patch-XSA-166) = 24fccf8e30ccf910a128e5e0365800191a90524c 39SHA1 (patch-XSA-166) = 24fccf8e30ccf910a128e5e0365800191a90524c
 40SHA1 (patch-XSA-182) = 70a7a6175a4b87ffaf72cbc5a3932f076efa3f9c
40SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b 41SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b
41SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 42SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
42SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b 43SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b
43SHA1 (patch-xen_arch_x86_time.c) = 2c69ac1cb5e0ca06c4f70acb91d2723a32ce98a9 44SHA1 (patch-xen_arch_x86_time.c) = 2c69ac1cb5e0ca06c4f70acb91d2723a32ce98a9
44SHA1 (patch-xen_arch_x86_x86__64_entry.S) = 92bea7885c418e643bd9697abb9655bee9d1750b 45SHA1 (patch-xen_arch_x86_x86__64_entry.S) = 92bea7885c418e643bd9697abb9655bee9d1750b
45SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 46SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0
46SHA1 (patch-xen_drivers_passthrough_vtd_x86_ats.c) = 012ccbb27069c4f2e0361bd127397fdd22027f29 47SHA1 (patch-xen_drivers_passthrough_vtd_x86_ats.c) = 012ccbb27069c4f2e0361bd127397fdd22027f29
47SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 48SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70
File Added: pkgsrc/sysutils/xenkernel41/patches/Attic/patch-XSA-182
$NetBSD: patch-XSA-182,v 1.1.2.2 2016/07/28 14:09:15 spz Exp $

backported from:

From 798c1498f764bfaa7b0b955bab40b01b0610d372 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Mon, 11 Jul 2016 14:32:03 +0100
Subject: [PATCH] x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath

All changes in writeability and cacheability must go through full
re-validation.

Rework the logic as a whitelist, to make it clearer to follow.

This is XSA-182

--- xen/arch/x86/mm.c.orig	2016-07-26 16:51:13.000000000 +0200
+++ xen/arch/x86/mm.c	2016-07-26 16:53:07.000000000 +0200
@@ -1792,6 +1792,14 @@
                   _t ## e_get_intpte(_o), _t ## e_get_intpte(_n),   \
                   (_m), (_v), (_ad))
 
+/*
+ * PTE flags that a guest may change without re-validating the PTE.
+ * All other bits affect translation, caching, or Xen's safety.
+ */
+#define FASTPATH_FLAG_WHITELIST                                     \
+    (_PAGE_NX_BIT | _PAGE_AVAIL_HIGH | _PAGE_AVAIL | _PAGE_GLOBAL | \
+     _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_USER)
+
 /* Update the L1 entry at pl1e to new value nl1e. */
 static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e,
                         unsigned long gl1mfn, int preserve_ad,
@@ -1829,8 +1837,8 @@
             return 0;
         }
 
-        /* Fast path for identical mapping, r/w and presence. */
-        if ( !l1e_has_changed(ol1e, nl1e, _PAGE_RW | _PAGE_PRESENT) )
+        /* Fast path for sufficiently-similar mappings.*/
+        if ( !l1e_has_changed(ol1e, nl1e, ~FASTPATH_FLAG_WHITELIST) )
         {
             adjust_guest_l1e(nl1e, pt_dom);
             rc = UPDATE_ENTRY(l1, pl1e, ol1e, nl1e, gl1mfn, pt_vcpu,
@@ -1897,11 +1905,8 @@
             return 0;
         }
 
-        /* Fast path for identical mapping and presence. */
-        if ( !l2e_has_changed(ol2e, nl2e,
-                              unlikely(opt_allow_superpage)
-                              ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT
-                              : _PAGE_PRESENT) )
+        /* Fast path for sufficiently-similar mappings. */
+        if ( !l2e_has_changed(ol2e, nl2e, ~FASTPATH_FLAG_WHITELIST) )
         {
             adjust_guest_l2e(nl2e, d);
             rc = UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad);
@@ -1965,8 +1970,8 @@
             return -EINVAL;
         }
 
-        /* Fast path for identical mapping and presence. */
-        if ( !l3e_has_changed(ol3e, nl3e, _PAGE_PRESENT) )
+        /* Fast path for sufficiently-similar mappings. */
+        if ( !l3e_has_changed(ol3e, nl3e, ~FASTPATH_FLAG_WHITELIST) )
         {
             adjust_guest_l3e(nl3e, d);
             rc = UPDATE_ENTRY(l3, pl3e, ol3e, nl3e, pfn, vcpu, preserve_ad);
@@ -2035,8 +2040,8 @@
             return -EINVAL;
         }
 
-        /* Fast path for identical mapping and presence. */
-        if ( !l4e_has_changed(ol4e, nl4e, _PAGE_PRESENT) )
+        /* Fast path for sufficiently-similar mappings. */
+        if ( !l4e_has_changed(ol4e, nl4e, ~FASTPATH_FLAG_WHITELIST) )
         {
             adjust_guest_l4e(nl4e, d);
             rc = UPDATE_ENTRY(l4, pl4e, ol4e, nl4e, pfn, vcpu, preserve_ad);
--- xen/include/asm-x86/page.h.orig	2014-09-02 08:22:57.000000000 +0200
+++ xen/include/asm-x86/page.h	2016-07-26 16:39:51.000000000 +0200
@@ -332,6 +332,7 @@
 #define _PAGE_AVAIL2   0x800U
 #define _PAGE_AVAIL    0xE00U
 #define _PAGE_PSE_PAT 0x1000U
+#define _PAGE_AVAIL_HIGH (0x7ffU << 12)
 #define _PAGE_PAGED   0x2000U
 #define _PAGE_SHARED  0x4000U