Wed Feb 3 22:27:16 2021 UTC ()
Add upstream patches for Xen security advisory 355 and 360.
Bump PKGREVSION


(bouyer)
diff -r1.11 -r1.12 pkgsrc/sysutils/xenkernel413/Makefile
diff -r1.8 -r1.9 pkgsrc/sysutils/xenkernel413/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel413/patches/patch-XSA355
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel413/patches/patch-XSA360
cvs diff -r1.11 -r1.12 pkgsrc/sysutils/xenkernel413/Makefile (switch to unified diff)

--- pkgsrc/sysutils/xenkernel413/Makefile 2020/12/16 17:15:22 1.11
+++ pkgsrc/sysutils/xenkernel413/Makefile 2021/02/03 22:27:16 1.12
@@ -1,81 +1,81 @@ @@ -1,81 +1,81 @@
1# $NetBSD: Makefile,v 1.11 2020/12/16 17:15:22 bouyer Exp $ 1# $NetBSD: Makefile,v 1.12 2021/02/03 22:27:16 bouyer Exp $
2 2
3VERSION= 4.13.2 3VERSION= 4.13.2
4PKGREVISION= 4 4PKGREVISION= 5
5DISTNAME= xen-${VERSION} 5DISTNAME= xen-${VERSION}
6PKGNAME= xenkernel413-${VERSION} 6PKGNAME= xenkernel413-${VERSION}
7CATEGORIES= sysutils 7CATEGORIES= sysutils
8MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/ 8MASTER_SITES= https://downloads.xenproject.org/release/xen/${VERSION}/
9DIST_SUBDIR= xen413 9DIST_SUBDIR= xen413
10 10
11MAINTAINER= bouyer@NetBSD.org 11MAINTAINER= bouyer@NetBSD.org
12HOMEPAGE= https://xenproject.org/ 12HOMEPAGE= https://xenproject.org/
13COMMENT= Xen 4.13.x Kernel 13COMMENT= Xen 4.13.x Kernel
14 14
15LICENSE= gnu-gpl-v2 15LICENSE= gnu-gpl-v2
16 16
17ONLY_FOR_PLATFORM= NetBSD-*.*-x86_64 17ONLY_FOR_PLATFORM= NetBSD-*.*-x86_64
18 18
19SSP_SUPPORTED= no 19SSP_SUPPORTED= no
20 20
21NO_CONFIGURE= yes 21NO_CONFIGURE= yes
22USE_TOOLS+= gmake 22USE_TOOLS+= gmake
23 23
24PYTHON_FOR_BUILD_ONLY= YES 24PYTHON_FOR_BUILD_ONLY= YES
25 25
26MAKE_ENV+= OCAML_TOOLS=no 26MAKE_ENV+= OCAML_TOOLS=no
27.if defined(PKGREVISION) && !empty(PKGREVISION) && (${PKGREVISION} != "0") 27.if defined(PKGREVISION) && !empty(PKGREVISION) && (${PKGREVISION} != "0")
28MAKE_ENV+= XEN_VENDORVERSION=nb${PKGREVISION} 28MAKE_ENV+= XEN_VENDORVERSION=nb${PKGREVISION}
29.else 29.else
30MAKE_ENV+= XEN_VENDORVERSION=nb0 30MAKE_ENV+= XEN_VENDORVERSION=nb0
31.endif 31.endif
32 32
33INSTALLATION_DIRS= xen413-kernel 33INSTALLATION_DIRS= xen413-kernel
34XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS} 34XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS}
35 35
36MESSAGE_SUBST+= XENKERNELDIR=${XENKERNELDIR} 36MESSAGE_SUBST+= XENKERNELDIR=${XENKERNELDIR}
37 37
38.include "../../mk/compiler.mk" 38.include "../../mk/compiler.mk"
39.if !empty(PKGSRC_COMPILER:Mclang) 39.if !empty(PKGSRC_COMPILER:Mclang)
40EXTRA_CFLAGS+= -Qunused-arguments -no-integrated-as -Wno-error=format \ 40EXTRA_CFLAGS+= -Qunused-arguments -no-integrated-as -Wno-error=format \
41 -Wno-error=parentheses-equality -Wno-error=enum-conversion \ 41 -Wno-error=parentheses-equality -Wno-error=enum-conversion \
42 -Wno-error=unused-function -Wno-error=unused-const-variable \ 42 -Wno-error=unused-function -Wno-error=unused-const-variable \
43 -Wno-error=ignored-attributes -Wno-error=constant-conversion \ 43 -Wno-error=ignored-attributes -Wno-error=constant-conversion \
44 -Wno-error=address-of-packed-member \ 44 -Wno-error=address-of-packed-member \
45 -Wno-error=initializer-overrides \ 45 -Wno-error=initializer-overrides \
46 -Wno-error=tautological-compare -Wno-error=pragma-pack 46 -Wno-error=tautological-compare -Wno-error=pragma-pack
47.elif !empty(PKGSRC_COMPILER:Mgcc) 47.elif !empty(PKGSRC_COMPILER:Mgcc)
48EXTRA_CFLAGS+= -falign-functions=16 48EXTRA_CFLAGS+= -falign-functions=16
49.endif 49.endif
50 50
51MAKE_ENV+= EXTRA_CFLAGS=${EXTRA_CFLAGS:Q} 51MAKE_ENV+= EXTRA_CFLAGS=${EXTRA_CFLAGS:Q}
52 52
53do-build: 53do-build:
54 cd ${WRKSRC} && ${BUILD_MAKE_CMD} build-xen 54 cd ${WRKSRC} && ${BUILD_MAKE_CMD} build-xen
55 ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen.gz 55 ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen.gz
56 cd ${WRKSRC} && ${MAKE_PROGRAM} clean 56 cd ${WRKSRC} && ${MAKE_PROGRAM} clean
57 echo "CONFIG_DEBUG=y" >> ${WRKSRC}/xen/.config 57 echo "CONFIG_DEBUG=y" >> ${WRKSRC}/xen/.config
58 echo "CONFIG_DEBUG_INFO=y" >> ${WRKSRC}/xen/.config 58 echo "CONFIG_DEBUG_INFO=y" >> ${WRKSRC}/xen/.config
59 echo "# CONFIG_DEBUG_LOCK_PROFILE is not set" >> ${WRKSRC}/xen/.config 59 echo "# CONFIG_DEBUG_LOCK_PROFILE is not set" >> ${WRKSRC}/xen/.config
60 echo "# CONFIG_DEBUG_LOCKS is not set" >> ${WRKSRC}/xen/.config 60 echo "# CONFIG_DEBUG_LOCKS is not set" >> ${WRKSRC}/xen/.config
61 echo "# CONFIG_DEBUG_TRACE is not set" >> ${WRKSRC}/xen/.config 61 echo "# CONFIG_DEBUG_TRACE is not set" >> ${WRKSRC}/xen/.config
62 echo "# CONFIG_XMEM_POOL_POISON is not set" >> ${WRKSRC}/xen/.config 62 echo "# CONFIG_XMEM_POOL_POISON is not set" >> ${WRKSRC}/xen/.config
63 echo "# CONFIG_CRASH_DEBUG is not set" >> ${WRKSRC}/xen/.config 63 echo "# CONFIG_CRASH_DEBUG is not set" >> ${WRKSRC}/xen/.config
64 echo "# CONFIG_FRAME_POINTER is not set" >> ${WRKSRC}/xen/.config 64 echo "# CONFIG_FRAME_POINTER is not set" >> ${WRKSRC}/xen/.config
65 echo "# CONFIG_GCOV is not set" >> ${WRKSRC}/xen/.config 65 echo "# CONFIG_GCOV is not set" >> ${WRKSRC}/xen/.config
66 echo "# CONFIG_LOCK_PROFILE is not set" >> ${WRKSRC}/xen/.config 66 echo "# CONFIG_LOCK_PROFILE is not set" >> ${WRKSRC}/xen/.config
67 echo "# CONFIG_PERF_COUNTERS is not set" >> ${WRKSRC}/xen/.config 67 echo "# CONFIG_PERF_COUNTERS is not set" >> ${WRKSRC}/xen/.config
68 echo "CONFIG_VERBOSE_DEBUG=y" >> ${WRKSRC}/xen/.config 68 echo "CONFIG_VERBOSE_DEBUG=y" >> ${WRKSRC}/xen/.config
69 echo "CONFIG_SCRUB_DEBUG=y" >> ${WRKSRC}/xen/.config 69 echo "CONFIG_SCRUB_DEBUG=y" >> ${WRKSRC}/xen/.config
70 echo "# CONFIG_UBSAN is not set" >> ${WRKSRC}/xen/.config 70 echo "# CONFIG_UBSAN is not set" >> ${WRKSRC}/xen/.config
71 cd ${WRKSRC} && ${BUILD_MAKE_CMD} build-xen 71 cd ${WRKSRC} && ${BUILD_MAKE_CMD} build-xen
72 ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen-debug.gz 72 ${CP} ${WRKSRC}/xen/xen.gz ${WRKDIR}/xen-debug.gz
73 73
74do-install: 74do-install:
75 ${INSTALL_DATA} ${WRKDIR}/xen.gz \ 75 ${INSTALL_DATA} ${WRKDIR}/xen.gz \
76 ${DESTDIR}${XENKERNELDIR}/xen.gz 76 ${DESTDIR}${XENKERNELDIR}/xen.gz
77 ${INSTALL_DATA} ${WRKDIR}/xen-debug.gz \ 77 ${INSTALL_DATA} ${WRKDIR}/xen-debug.gz \
78 ${DESTDIR}${XENKERNELDIR}/xen-debug.gz 78 ${DESTDIR}${XENKERNELDIR}/xen-debug.gz
79 79
80.include "../../lang/python/application.mk" 80.include "../../lang/python/application.mk"
81.include "../../mk/bsd.pkg.mk" 81.include "../../mk/bsd.pkg.mk"
cvs diff -r1.8 -r1.9 pkgsrc/sysutils/xenkernel413/distinfo (switch to unified diff)

--- pkgsrc/sysutils/xenkernel413/distinfo 2020/12/16 17:15:22 1.8
+++ pkgsrc/sysutils/xenkernel413/distinfo 2021/02/03 22:27:16 1.9
@@ -1,19 +1,21 @@ @@ -1,19 +1,21 @@
1$NetBSD: distinfo,v 1.8 2020/12/16 17:15:22 bouyer Exp $ 1$NetBSD: distinfo,v 1.9 2021/02/03 22:27:16 bouyer Exp $
2 2
3SHA1 (xen413/xen-4.13.2.tar.gz) = d514f1de9582c58676420bb2c9fb1c765b44fbff 3SHA1 (xen413/xen-4.13.2.tar.gz) = d514f1de9582c58676420bb2c9fb1c765b44fbff
4RMD160 (xen413/xen-4.13.2.tar.gz) = 96727c20bd84338f8c67c7c584c01ef877bbcb18 4RMD160 (xen413/xen-4.13.2.tar.gz) = 96727c20bd84338f8c67c7c584c01ef877bbcb18
5SHA512 (xen413/xen-4.13.2.tar.gz) = cd3092281c97e9421e303aa288aac04dcccd5536ba7c0ff4d51fbf3d07b5ffacfe3456ba06f5cf63577dafbf8cf3a5d9825ceb5e9ef8ca1427900cc3e57b50a3 5SHA512 (xen413/xen-4.13.2.tar.gz) = cd3092281c97e9421e303aa288aac04dcccd5536ba7c0ff4d51fbf3d07b5ffacfe3456ba06f5cf63577dafbf8cf3a5d9825ceb5e9ef8ca1427900cc3e57b50a3
6Size (xen413/xen-4.13.2.tar.gz) = 39037826 bytes 6Size (xen413/xen-4.13.2.tar.gz) = 39037826 bytes
7SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65 7SHA1 (patch-Config.mk) = 9372a09efd05c9fbdbc06f8121e411fcb7c7ba65
8SHA1 (patch-XSA348) = 70de325f88e004228d2b69b7ae3b4106175be1e0 8SHA1 (patch-XSA348) = 70de325f88e004228d2b69b7ae3b4106175be1e0
9SHA1 (patch-XSA351) = edb0975ab0aa53d7a0ae7816fe170a081eea695e 9SHA1 (patch-XSA351) = edb0975ab0aa53d7a0ae7816fe170a081eea695e
 10SHA1 (patch-XSA355) = 73ca5dff042a4a54b06af36e6ace7d09673c05f0
10SHA1 (patch-XSA358) = 71d5b2e3d19223b986b8572adfbe7355a3a03db6 11SHA1 (patch-XSA358) = 71d5b2e3d19223b986b8572adfbe7355a3a03db6
11SHA1 (patch-XSA359) = 4b778a86fffbe0e2a364e1589d573bbc7c27ff99 12SHA1 (patch-XSA359) = 4b778a86fffbe0e2a364e1589d573bbc7c27ff99
 13SHA1 (patch-XSA360) = c1aa4bdade4d3318bc2dffa83e359f66997b11df
12SHA1 (patch-fixpvh) = fd71e150e0b3a461875c02c4419dbfb30548d8f6 14SHA1 (patch-fixpvh) = fd71e150e0b3a461875c02c4419dbfb30548d8f6
13SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6 15SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
14SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac 16SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
15SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b 17SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b
16SHA1 (patch-xen_arch_x86_boot_build32.mk) = b82c20de9b86ddaa9d05bbc1ff28f970eb78473c 18SHA1 (patch-xen_arch_x86_boot_build32.mk) = b82c20de9b86ddaa9d05bbc1ff28f970eb78473c
17SHA1 (patch-xen_arch_x86_mm_p2m.c) = 6e9b84dc8448eca9677f184e720bbfcb3c6d314e 19SHA1 (patch-xen_arch_x86_mm_p2m.c) = 6e9b84dc8448eca9677f184e720bbfcb3c6d314e
18SHA1 (patch-xen_drivers_passthrough_x86_iommu.c) = 76dd564d5740df587b5ebe4a593dac82ab18edac 20SHA1 (patch-xen_drivers_passthrough_x86_iommu.c) = 76dd564d5740df587b5ebe4a593dac82ab18edac
19SHA1 (patch-xen_tools_symbols.c) = 6070b3b5ccc38a196283cfc1c52f5d87858beb18 21SHA1 (patch-xen_tools_symbols.c) = 6070b3b5ccc38a196283cfc1c52f5d87858beb18
File Added: pkgsrc/sysutils/xenkernel413/patches/Attic/patch-XSA355
$NetBSD: patch-XSA355,v 1.1 2021/02/03 22:27:16 bouyer Exp $

From: Jan Beulich <jbeulich@suse.com>
Subject: memory: fix off-by-one in XSA-346 change

The comparison against ARRAY_SIZE() needs to be >= in order to avoid
overrunning the pages[] array.

This is XSA-355.

Fixes: 5777a3742d88 ("IOMMU: hold page ref until after deferred TLB flush")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>

--- xen/common/memory.c.orig
+++ xen/common/memory.c
@@ -854,7 +854,7 @@ int xenmem_add_to_physmap(struct domain
             ++extra.ppage;
 
         /* Check for continuation if it's not the last iteration. */
-        if ( (++done > ARRAY_SIZE(pages) && extra.ppage) ||
+        if ( (++done >= ARRAY_SIZE(pages) && extra.ppage) ||
              (xatp->size > done && hypercall_preempt_check()) )
         {
             rc = start + done;
File Added: pkgsrc/sysutils/xenkernel413/patches/Attic/patch-XSA360
$NetBSD: patch-XSA360,v 1.1 2021/02/03 22:27:16 bouyer Exp $

From: Roger Pau Monne <roger.pau@citrix.com>
Subject: x86/dpci: do not remove pirqs from domain tree on unbind

A fix for a previous issue removed the pirqs from the domain tree when
they are unbound in order to prevent shared pirqs from triggering a
BUG_ON in __pirq_guest_unbind if they are unbound multiple times. That
caused free_domain_pirqs to no longer unmap the pirqs because they
are gone from the domain pirq tree, thus leaving stale unbound pirqs
after domain destruction if the domain had mapped dpci pirqs after
shutdown.

Take a different approach to fix the original issue, instead of
removing the pirq from d->pirq_tree clear the flags of the dpci pirq
struct to signal that the pirq is now unbound. This prevents calling
pirq_guest_unbind multiple times for the same pirq without having to
remove it from the domain pirq tree.

This is XSA-360.

Fixes: 5b58dad089 ('x86/pass-through: avoid double IRQ unbind during domain cleanup')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- xen/arch/x86/irq.c.orig
+++ xen/arch/x86/irq.c
@@ -1331,7 +1331,7 @@ void (pirq_cleanup_check)(struct pirq *p
     }
 
     if ( radix_tree_delete(&d->pirq_tree, pirq->pirq) != pirq )
-        BUG_ON(!d->is_dying);
+        BUG();
 }
 
 /* Flush all ready EOIs from the top of this CPU's pending-EOI stack. */
--- xen/drivers/passthrough/pci.c.orig
+++ xen/drivers/passthrough/pci.c
@@ -862,6 +862,10 @@ static int pci_clean_dpci_irq(struct dom
 {
     struct dev_intx_gsi_link *digl, *tmp;
 
+    if ( !pirq_dpci->flags )
+        /* Already processed. */
+        return 0;
+
     pirq_guest_unbind(d, dpci_pirq(pirq_dpci));
 
     if ( pt_irq_need_timer(pirq_dpci->flags) )
@@ -872,15 +876,10 @@ static int pci_clean_dpci_irq(struct dom
         list_del(&digl->list);
         xfree(digl);
     }
+    /* Note the pirq is now unbound. */
+    pirq_dpci->flags = 0;
 
-    radix_tree_delete(&d->pirq_tree, dpci_pirq(pirq_dpci)->pirq);
-
-    if ( !pt_pirq_softirq_active(pirq_dpci) )
-        return 0;
-
-    domain_get_irq_dpci(d)->pending_pirq_dpci = pirq_dpci;
-
-    return -ERESTART;
+    return pt_pirq_softirq_active(pirq_dpci) ? -ERESTART : 0;
 }
 
 static int pci_clean_dpci_irqs(struct domain *d)
@@ -897,18 +896,8 @@ static int pci_clean_dpci_irqs(struct do
     hvm_irq_dpci = domain_get_irq_dpci(d);
     if ( hvm_irq_dpci != NULL )
     {
-        int ret = 0;
-
-        if ( hvm_irq_dpci->pending_pirq_dpci )
-        {
-            if ( pt_pirq_softirq_active(hvm_irq_dpci->pending_pirq_dpci) )
-                 ret = -ERESTART;
-            else
-                 hvm_irq_dpci->pending_pirq_dpci = NULL;
-        }
+        int ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL);
 
-        if ( !ret )
-            ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL);
         if ( ret )
         {
             spin_unlock(&d->event_lock);
--- xen/include/asm-x86/hvm/irq.h.orig
+++ xen/include/asm-x86/hvm/irq.h
@@ -160,8 +160,6 @@ struct hvm_irq_dpci {
     DECLARE_BITMAP(isairq_map, NR_ISAIRQS);
     /* Record of mapped Links */
     uint8_t link_cnt[NR_LINK];
-    /* Clean up: Entry with a softirq invocation pending / in progress. */
-    struct hvm_pirq_dpci *pending_pirq_dpci;
 };
 
 /* Machine IRQ to guest device/intx mapping. */