Fri Dec 6 17:30:28 2019 UTC ()

Apply upstream patch for XSA306 security issue.
Bump PKGREVISION


(bouyer)

diff -r1.10 -r1.11 pkgsrc/sysutils/xenkernel411/Makefile
diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel411/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel411/patches/patch-XSA306

--- pkgsrc/sysutils/xenkernel411/Attic/Makefile 2019/11/13 15:00:06 1.10
+++ pkgsrc/sysutils/xenkernel411/Attic/Makefile 2019/12/06 17:30:28 1.11

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.10 2019/11/13 15:00:06 bouyer Exp $
+# $NetBSD: Makefile,v 1.11 2019/12/06 17:30:28 bouyer Exp $
 VERSION=	4.11.2
-PKGREVISION=	2
+PKGREVISION=	3
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel411-${VERSION}
 CATEGORIES=	sysutils
 MASTER_SITES=	https://downloads.xenproject.org/release/xen/${VERSION}/
 DIST_SUBDIR=	xen411
 MAINTAINER=	bouyer@NetBSD.org
 HOMEPAGE=	https://xenproject.org/
 COMMENT=	Xen 4.11.x Kernel
 LICENSE=	gnu-gpl-v2
 ONLY_FOR_PLATFORM=	Linux-2.6*-x86_64

--- pkgsrc/sysutils/xenkernel411/Attic/distinfo 2019/11/13 15:00:06 1.7
+++ pkgsrc/sysutils/xenkernel411/Attic/distinfo 2019/12/06 17:30:28 1.8

 @@ -1,18 +1,19 @@
-$NetBSD: distinfo,v 1.7 2019/11/13 15:00:06 bouyer Exp $
+$NetBSD: distinfo,v 1.8 2019/12/06 17:30:28 bouyer Exp $
 SHA1 (xen411/xen-4.11.2.tar.gz) = 82766db0eca7ce65962732af8a31bb5cce1eb7ce
 RMD160 (xen411/xen-4.11.2.tar.gz) = 6dcb1ac3e72381474912607b30b59fa55d87d38b
 SHA512 (xen411/xen-4.11.2.tar.gz) = 48d3d926d35eb56c79c06d0abc6e6be2564fadb43367cc7f46881c669a75016707672179c2cca1c4cfb14af2cefd46e2e7f99470cddf7df2886d8435a2de814e
 Size (xen411/xen-4.11.2.tar.gz) = 25164925 bytes
 SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65
 SHA1 (patch-XSA298) = 63e0f96ce3b945b16b98b51b423bafec14cf2be6
 SHA1 (patch-XSA299) = beb7ba1a8f9e0adda161c0da725ff053e674067e
 SHA1 (patch-XSA302) = 12fbb7dfea27f53c70c8115487a2e30595549c2b
 SHA1 (patch-XSA304) = f2c22732227e11a3e77c630f0264a689eed53399
 SHA1 (patch-XSA305) = eb5e0096cbf501fcbd7a5c5f9d1f932b557636b6
 SHA1 (patch-XSA306) = f57201b2ae5f6435ce6ba3c6aac3e9e10cdba3fb
 SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
 SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
 SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b
 SHA1 (patch-xen_arch_x86_boot_build32.mk) = b82c20de9b86ddaa9d05bbc1ff28f970eb78473c
 SHA1 (patch-xen_tools_symbols.c) = 6070b3b5ccc38a196283cfc1c52f5d87858beb18
 SHA1 (patch-zz-bouyer) = bf11b2b81d5c81992c911f670e75dd3aec5ab609

$NetBSD: patch-XSA306,v 1.1 2019/12/06 17:30:28 bouyer Exp $

From: Jan Beulich <jbeulich@suse.com>
Subject: IOMMU: default to always quarantining PCI devices

XSA-302 relies on the use of libxl's "assignable-add" feature to prepare
devices to be assigned to untrusted guests.

Unfortunately, this is not considered a strictly required step for
device assignment. The PCI passthrough documentation on the wiki
describes alternate ways of preparing devices for assignment, and
libvirt uses its own ways as well. Hosts where these alternate methods
are used will still leave the system in a vulnerable state after the
device comes back from a guest.

Default to always quarantining PCI devices, but provide a command line
option to revert back to prior behavior (such that people who both
sufficiently trust their guests and want to be able to use devices in
Dom0 again after they had been in use by a guest wouldn't need to
"manually" move such devices back from DomIO to Dom0).

This is XSA-306.

Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wl@xen.org>

--- xen/drivers/passthrough/iommu.c.orig
+++ xen/drivers/passthrough/iommu.c
@@ -52,6 +52,7 @@ custom_param("iommu", parse_iommu_param)
 bool_t __initdata iommu_enable = 1;
 bool_t __read_mostly iommu_enabled;
 bool_t __read_mostly force_iommu;
+bool __read_mostly iommu_quarantine = true;
 bool_t __hwdom_initdata iommu_dom0_strict;
 bool_t __read_mostly iommu_verbose;
 bool_t __read_mostly iommu_workaround_bios_bug;
@@ -99,6 +100,8 @@ static int __init parse_iommu_param(cons
         else if ( !cmdline_strcmp(s, "force") ||
                   !cmdline_strcmp(s, "required") )
             force_iommu = val;
+        else if ( !cmdline_strcmp(s, "quarantine") )
+            iommu_quarantine = val;
         else if ( !cmdline_strcmp(s, "workaround_bios_bug") )
             iommu_workaround_bios_bug = val;
         else if ( !cmdline_strcmp(s, "igfx") )
--- xen/drivers/passthrough/pci.c.orig
+++ xen/drivers/passthrough/pci.c
@@ -1511,7 +1511,8 @@ int deassign_device(struct domain *d, u1
         return -ENODEV;
 
     /* De-assignment from dom_io should de-quarantine the device */
-    target = (pdev->quarantine && pdev->domain != dom_io) ?
+    target = ((pdev->quarantine || iommu_quarantine) &&
+              pdev->domain != dom_io) ?
         dom_io : hardware_domain;
 
     while ( pdev->phantom_stride )
--- xen/include/xen/iommu.h.orig
+++ xen/include/xen/iommu.h
@@ -29,7 +29,7 @@
 #include <asm/iommu.h>
 
 extern bool_t iommu_enable, iommu_enabled;
-extern bool_t force_iommu, iommu_verbose;
+extern bool force_iommu, iommu_quarantine, iommu_verbose;
 extern bool_t iommu_workaround_bios_bug, iommu_igfx, iommu_passthrough;
 extern bool_t iommu_snoop, iommu_qinval, iommu_intremap, iommu_intpost;
 extern bool_t iommu_hap_pt_share;