summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYixun Lan <dlan@gentoo.org>2014-02-20 15:08:59 +0000
committerYixun Lan <dlan@gentoo.org>2014-02-20 15:08:59 +0000
commit67937c8cff9840b987f1783f035989c70919f000 (patch)
tree06ab96c9a67f1dd85b107cf855644a87c85484cd /app-emulation
parentia64 stable wrt bug #492246 (diff)
downloadgentoo-2-67937c8cff9840b987f1783f035989c70919f000.tar.gz
gentoo-2-67937c8cff9840b987f1783f035989c70919f000.tar.bz2
gentoo-2-67937c8cff9840b987f1783f035989c70919f000.zip
clean old ebuilds
(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Diffstat (limited to 'app-emulation')
-rw-r--r--app-emulation/xen/ChangeLog6
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch252
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch169
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch74
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch200
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch204
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch127
-rw-r--r--app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch255
-rw-r--r--app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch127
-rw-r--r--app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch130
-rw-r--r--app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch41
-rw-r--r--app-emulation/xen/files/xen-4.2-XSA-84.patch153
-rw-r--r--app-emulation/xen/files/xen-4.2-XSA-85.patch31
-rw-r--r--app-emulation/xen/files/xen-4.2-XSA-87.patch21
-rw-r--r--app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch46
-rw-r--r--app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch171
-rw-r--r--app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch57
-rw-r--r--app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch23
-rw-r--r--app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch37
-rw-r--r--app-emulation/xen/xen-4.2.2-r1.ebuild136
-rw-r--r--app-emulation/xen/xen-4.2.2-r4.ebuild146
-rw-r--r--app-emulation/xen/xen-4.3.1-r1.ebuild137
-rw-r--r--app-emulation/xen/xen-4.3.1-r4.ebuild143
23 files changed, 5 insertions, 2681 deletions
diff --git a/app-emulation/xen/ChangeLog b/app-emulation/xen/ChangeLog
index d3f35f1bafc1..6e9462c21b2f 100644
--- a/app-emulation/xen/ChangeLog
+++ b/app-emulation/xen/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for app-emulation/xen
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.153 2014/02/20 10:25:22 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.154 2014/02/20 15:08:59 dlan Exp $
+
+ 20 Feb 2014; Yixun Lan <dlan@gentoo.org> -xen-4.2.2-r1.ebuild,
+ -xen-4.2.2-r4.ebuild, -xen-4.3.1-r1.ebuild, -xen-4.3.1-r4.ebuild:
+ clean old versions
20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> xen-4.2.3.ebuild:
Stable for x86, wrt bug #500528
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch
deleted file mode 100644
index f5ded0a1a564..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch
+++ /dev/null
@@ -1,252 +0,0 @@
-x86: make vcpu_destroy_pagetables() preemptible
-
-... as it may take significant amounts of time.
-
-The function, being moved to mm.c as the better home for it anyway, and
-to avoid having to make a new helper function there non-static, is
-given a "preemptible" parameter temporarily (until, in a subsequent
-patch, its other caller is also being made capable of dealing with
-preemption).
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -73,8 +73,6 @@ void (*dead_idle) (void) __read_mostly =
- static void paravirt_ctxt_switch_from(struct vcpu *v);
- static void paravirt_ctxt_switch_to(struct vcpu *v);
-
--static void vcpu_destroy_pagetables(struct vcpu *v);
--
- static void default_idle(void)
- {
- local_irq_disable();
-@@ -1058,7 +1056,7 @@ void arch_vcpu_reset(struct vcpu *v)
- if ( !is_hvm_vcpu(v) )
- {
- destroy_gdt(v);
-- vcpu_destroy_pagetables(v);
-+ vcpu_destroy_pagetables(v, 0);
- }
- else
- {
-@@ -2069,63 +2067,6 @@ static int relinquish_memory(
- return ret;
- }
-
--static void vcpu_destroy_pagetables(struct vcpu *v)
--{
-- struct domain *d = v->domain;
-- unsigned long pfn;
--
--#ifdef __x86_64__
-- if ( is_pv_32on64_vcpu(v) )
-- {
-- pfn = l4e_get_pfn(*(l4_pgentry_t *)
-- __va(pagetable_get_paddr(v->arch.guest_table)));
--
-- if ( pfn != 0 )
-- {
-- if ( paging_mode_refcounts(d) )
-- put_page(mfn_to_page(pfn));
-- else
-- put_page_and_type(mfn_to_page(pfn));
-- }
--
-- l4e_write(
-- (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)),
-- l4e_empty());
--
-- v->arch.cr3 = 0;
-- return;
-- }
--#endif
--
-- pfn = pagetable_get_pfn(v->arch.guest_table);
-- if ( pfn != 0 )
-- {
-- if ( paging_mode_refcounts(d) )
-- put_page(mfn_to_page(pfn));
-- else
-- put_page_and_type(mfn_to_page(pfn));
-- v->arch.guest_table = pagetable_null();
-- }
--
--#ifdef __x86_64__
-- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
-- pfn = pagetable_get_pfn(v->arch.guest_table_user);
-- if ( pfn != 0 )
-- {
-- if ( !is_pv_32bit_vcpu(v) )
-- {
-- if ( paging_mode_refcounts(d) )
-- put_page(mfn_to_page(pfn));
-- else
-- put_page_and_type(mfn_to_page(pfn));
-- }
-- v->arch.guest_table_user = pagetable_null();
-- }
--#endif
--
-- v->arch.cr3 = 0;
--}
--
- int domain_relinquish_resources(struct domain *d)
- {
- int ret;
-@@ -2143,7 +2084,11 @@ int domain_relinquish_resources(struct d
-
- /* Drop the in-use references to page-table bases. */
- for_each_vcpu ( d, v )
-- vcpu_destroy_pagetables(v);
-+ {
-+ ret = vcpu_destroy_pagetables(v, 1);
-+ if ( ret )
-+ return ret;
-+ }
-
- if ( !is_hvm_domain(d) )
- {
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -2808,6 +2808,82 @@ static void put_superpage(unsigned long
-
- #endif
-
-+static int put_old_guest_table(struct vcpu *v)
-+{
-+ int rc;
-+
-+ if ( !v->arch.old_guest_table )
-+ return 0;
-+
-+ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) )
-+ {
-+ case -EINTR:
-+ case -EAGAIN:
-+ return -EAGAIN;
-+ }
-+
-+ v->arch.old_guest_table = NULL;
-+
-+ return rc;
-+}
-+
-+int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
-+{
-+ unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
-+ struct page_info *page;
-+ int rc = put_old_guest_table(v);
-+
-+ if ( rc )
-+ return rc;
-+
-+#ifdef __x86_64__
-+ if ( is_pv_32on64_vcpu(v) )
-+ mfn = l4e_get_pfn(*(l4_pgentry_t *)mfn_to_virt(mfn));
-+#endif
-+
-+ if ( mfn )
-+ {
-+ page = mfn_to_page(mfn);
-+ if ( paging_mode_refcounts(v->domain) )
-+ put_page(page);
-+ else
-+ rc = put_page_and_type_preemptible(page, preemptible);
-+ }
-+
-+#ifdef __x86_64__
-+ if ( is_pv_32on64_vcpu(v) )
-+ {
-+ if ( !rc )
-+ l4e_write(
-+ (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)),
-+ l4e_empty());
-+ }
-+ else
-+#endif
-+ if ( !rc )
-+ {
-+ v->arch.guest_table = pagetable_null();
-+
-+#ifdef __x86_64__
-+ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
-+ mfn = pagetable_get_pfn(v->arch.guest_table_user);
-+ if ( mfn )
-+ {
-+ page = mfn_to_page(mfn);
-+ if ( paging_mode_refcounts(v->domain) )
-+ put_page(page);
-+ else
-+ rc = put_page_and_type_preemptible(page, preemptible);
-+ }
-+ if ( !rc )
-+ v->arch.guest_table_user = pagetable_null();
-+#endif
-+ }
-+
-+ v->arch.cr3 = 0;
-+
-+ return rc;
-+}
-
- int new_guest_cr3(unsigned long mfn)
- {
-@@ -2994,12 +3070,21 @@ long do_mmuext_op(
- unsigned int foreigndom)
- {
- struct mmuext_op op;
-- int rc = 0, i = 0, okay;
- unsigned long type;
-- unsigned int done = 0;
-+ unsigned int i = 0, done = 0;
- struct vcpu *curr = current;
- struct domain *d = curr->domain;
- struct domain *pg_owner;
-+ int okay, rc = put_old_guest_table(curr);
-+
-+ if ( unlikely(rc) )
-+ {
-+ if ( likely(rc == -EAGAIN) )
-+ rc = hypercall_create_continuation(
-+ __HYPERVISOR_mmuext_op, "hihi", uops, count, pdone,
-+ foreigndom);
-+ return rc;
-+ }
-
- if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
- {
---- a/xen/arch/x86/x86_64/compat/mm.c
-+++ b/xen/arch/x86/x86_64/compat/mm.c
-@@ -365,7 +365,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
- : mcs->call.args[1];
- unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED;
-
-- BUG_ON(left == arg1);
-+ BUG_ON(left == arg1 && left != i);
- BUG_ON(left > count);
- guest_handle_add_offset(nat_ops, i - left);
- guest_handle_subtract_offset(cmp_uops, left);
---- a/xen/include/asm-x86/domain.h
-+++ b/xen/include/asm-x86/domain.h
-@@ -464,6 +464,7 @@ struct arch_vcpu
- pagetable_t guest_table_user; /* (MFN) x86/64 user-space pagetable */
- #endif
- pagetable_t guest_table; /* (MFN) guest notion of cr3 */
-+ struct page_info *old_guest_table; /* partially destructed pagetable */
- /* guest_table holds a ref to the page, and also a type-count unless
- * shadow refcounts are in use */
- pagetable_t shadow_table[4]; /* (MFN) shadow(s) of guest */
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -605,6 +605,7 @@ void audit_domains(void);
- int new_guest_cr3(unsigned long pfn);
- void make_cr3(struct vcpu *v, unsigned long mfn);
- void update_cr3(struct vcpu *v);
-+int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
- void propagate_page_fault(unsigned long addr, u16 error_code);
- void *do_page_walk(struct vcpu *v, unsigned long addr);
-
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch
deleted file mode 100644
index f730b67eca4c..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-x86: make new_guest_cr3() preemptible
-
-... as it may take significant amounts of time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -2889,44 +2889,69 @@ int new_guest_cr3(unsigned long mfn)
- {
- struct vcpu *curr = current;
- struct domain *d = curr->domain;
-- int okay;
-+ int rc;
- unsigned long old_base_mfn;
-
- #ifdef __x86_64__
- if ( is_pv_32on64_domain(d) )
- {
-- okay = paging_mode_refcounts(d)
-- ? 0 /* Old code was broken, but what should it be? */
-- : mod_l4_entry(
-+ rc = paging_mode_refcounts(d)
-+ ? -EINVAL /* Old code was broken, but what should it be? */
-+ : mod_l4_entry(
- __va(pagetable_get_paddr(curr->arch.guest_table)),
- l4e_from_pfn(
- mfn,
- (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)),
-- pagetable_get_pfn(curr->arch.guest_table), 0, 0, curr) == 0;
-- if ( unlikely(!okay) )
-+ pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr);
-+ switch ( rc )
- {
-+ case 0:
-+ break;
-+ case -EINTR:
-+ case -EAGAIN:
-+ return -EAGAIN;
-+ default:
- MEM_LOG("Error while installing new compat baseptr %lx", mfn);
-- return 0;
-+ return rc;
- }
-
- invalidate_shadow_ldt(curr, 0);
- write_ptbase(curr);
-
-- return 1;
-+ return 0;
- }
- #endif
-- okay = paging_mode_refcounts(d)
-- ? get_page_from_pagenr(mfn, d)
-- : !get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 0);
-- if ( unlikely(!okay) )
-+ rc = put_old_guest_table(curr);
-+ if ( unlikely(rc) )
-+ return rc;
-+
-+ old_base_mfn = pagetable_get_pfn(curr->arch.guest_table);
-+ /*
-+ * This is particularly important when getting restarted after the
-+ * previous attempt got preempted in the put-old-MFN phase.
-+ */
-+ if ( old_base_mfn == mfn )
- {
-- MEM_LOG("Error while installing new baseptr %lx", mfn);
-+ write_ptbase(curr);
- return 0;
- }
-
-- invalidate_shadow_ldt(curr, 0);
-+ rc = paging_mode_refcounts(d)
-+ ? (get_page_from_pagenr(mfn, d) ? 0 : -EINVAL)
-+ : get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 1);
-+ switch ( rc )
-+ {
-+ case 0:
-+ break;
-+ case -EINTR:
-+ case -EAGAIN:
-+ return -EAGAIN;
-+ default:
-+ MEM_LOG("Error while installing new baseptr %lx", mfn);
-+ return rc;
-+ }
-
-- old_base_mfn = pagetable_get_pfn(curr->arch.guest_table);
-+ invalidate_shadow_ldt(curr, 0);
-
- curr->arch.guest_table = pagetable_from_pfn(mfn);
- update_cr3(curr);
-@@ -2935,13 +2960,25 @@ int new_guest_cr3(unsigned long mfn)
-
- if ( likely(old_base_mfn != 0) )
- {
-+ struct page_info *page = mfn_to_page(old_base_mfn);
-+
- if ( paging_mode_refcounts(d) )
-- put_page(mfn_to_page(old_base_mfn));
-+ put_page(page);
- else
-- put_page_and_type(mfn_to_page(old_base_mfn));
-+ switch ( rc = put_page_and_type_preemptible(page, 1) )
-+ {
-+ case -EINTR:
-+ rc = -EAGAIN;
-+ case -EAGAIN:
-+ curr->arch.old_guest_table = page;
-+ break;
-+ default:
-+ BUG_ON(rc);
-+ break;
-+ }
- }
-
-- return 1;
-+ return rc;
- }
-
- static struct domain *get_pg_owner(domid_t domid)
-@@ -3239,8 +3276,13 @@ long do_mmuext_op(
- }
-
- case MMUEXT_NEW_BASEPTR:
-- okay = (!paging_mode_translate(d)
-- && new_guest_cr3(op.arg1.mfn));
-+ if ( paging_mode_translate(d) )
-+ okay = 0;
-+ else
-+ {
-+ rc = new_guest_cr3(op.arg1.mfn);
-+ okay = !rc;
-+ }
- break;
-
-
---- a/xen/arch/x86/traps.c
-+++ b/xen/arch/x86/traps.c
-@@ -2407,12 +2407,23 @@ static int emulate_privileged_op(struct
- #endif
- }
- page = get_page_from_gfn(v->domain, gfn, NULL, P2M_ALLOC);
-- rc = page ? new_guest_cr3(page_to_mfn(page)) : 0;
- if ( page )
-+ {
-+ rc = new_guest_cr3(page_to_mfn(page));
- put_page(page);
-+ }
-+ else
-+ rc = -EINVAL;
- domain_unlock(v->domain);
-- if ( rc == 0 ) /* not okay */
-+ switch ( rc )
-+ {
-+ case 0:
-+ break;
-+ case -EAGAIN: /* retry after preemption */
-+ goto skip;
-+ default: /* not okay */
- goto fail;
-+ }
- break;
- }
-
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch
deleted file mode 100644
index 9d5679e7853e..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-x86: make MMUEXT_NEW_USER_BASEPTR preemptible
-
-... as it may take significant amounts of time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -3296,29 +3296,56 @@ long do_mmuext_op(
- break;
- }
-
-+ old_mfn = pagetable_get_pfn(curr->arch.guest_table_user);
-+ /*
-+ * This is particularly important when getting restarted after the
-+ * previous attempt got preempted in the put-old-MFN phase.
-+ */
-+ if ( old_mfn == op.arg1.mfn )
-+ break;
-+
- if ( op.arg1.mfn != 0 )
- {
- if ( paging_mode_refcounts(d) )
- okay = get_page_from_pagenr(op.arg1.mfn, d);
- else
-- okay = !get_page_and_type_from_pagenr(
-- op.arg1.mfn, PGT_root_page_table, d, 0, 0);
-+ {
-+ rc = get_page_and_type_from_pagenr(
-+ op.arg1.mfn, PGT_root_page_table, d, 0, 1);
-+ okay = !rc;
-+ }
- if ( unlikely(!okay) )
- {
-- MEM_LOG("Error while installing new mfn %lx", op.arg1.mfn);
-+ if ( rc == -EINTR )
-+ rc = -EAGAIN;
-+ else if ( rc != -EAGAIN )
-+ MEM_LOG("Error while installing new mfn %lx",
-+ op.arg1.mfn);
- break;
- }
- }
-
-- old_mfn = pagetable_get_pfn(curr->arch.guest_table_user);
- curr->arch.guest_table_user = pagetable_from_pfn(op.arg1.mfn);
-
- if ( old_mfn != 0 )
- {
-+ struct page_info *page = mfn_to_page(old_mfn);
-+
- if ( paging_mode_refcounts(d) )
-- put_page(mfn_to_page(old_mfn));
-+ put_page(page);
- else
-- put_page_and_type(mfn_to_page(old_mfn));
-+ switch ( rc = put_page_and_type_preemptible(page, 1) )
-+ {
-+ case -EINTR:
-+ rc = -EAGAIN;
-+ case -EAGAIN:
-+ curr->arch.old_guest_table = page;
-+ okay = 0;
-+ break;
-+ default:
-+ BUG_ON(rc);
-+ break;
-+ }
- }
-
- break;
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch
deleted file mode 100644
index bbce56789c0c..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch
+++ /dev/null
@@ -1,200 +0,0 @@
-x86: make vcpu_reset() preemptible
-
-... as dropping the old page tables may take significant amounts of
-time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -1051,17 +1051,16 @@ int arch_set_info_guest(
- #undef c
- }
-
--void arch_vcpu_reset(struct vcpu *v)
-+int arch_vcpu_reset(struct vcpu *v)
- {
- if ( !is_hvm_vcpu(v) )
- {
- destroy_gdt(v);
-- vcpu_destroy_pagetables(v, 0);
-- }
-- else
-- {
-- vcpu_end_shutdown_deferral(v);
-+ return vcpu_destroy_pagetables(v);
- }
-+
-+ vcpu_end_shutdown_deferral(v);
-+ return 0;
- }
-
- /*
-@@ -2085,7 +2084,7 @@ int domain_relinquish_resources(struct d
- /* Drop the in-use references to page-table bases. */
- for_each_vcpu ( d, v )
- {
-- ret = vcpu_destroy_pagetables(v, 1);
-+ ret = vcpu_destroy_pagetables(v);
- if ( ret )
- return ret;
- }
---- a/xen/arch/x86/hvm/hvm.c
-+++ b/xen/arch/x86/hvm/hvm.c
-@@ -3509,8 +3509,11 @@ static void hvm_s3_suspend(struct domain
-
- for_each_vcpu ( d, v )
- {
-+ int rc;
-+
- vlapic_reset(vcpu_vlapic(v));
-- vcpu_reset(v);
-+ rc = vcpu_reset(v);
-+ ASSERT(!rc);
- }
-
- vpic_reset(d);
---- a/xen/arch/x86/hvm/vlapic.c
-+++ b/xen/arch/x86/hvm/vlapic.c
-@@ -252,10 +252,13 @@ static void vlapic_init_sipi_action(unsi
- {
- case APIC_DM_INIT: {
- bool_t fpu_initialised;
-+ int rc;
-+
- domain_lock(target->domain);
- /* Reset necessary VCPU state. This does not include FPU state. */
- fpu_initialised = target->fpu_initialised;
-- vcpu_reset(target);
-+ rc = vcpu_reset(target);
-+ ASSERT(!rc);
- target->fpu_initialised = fpu_initialised;
- vlapic_reset(vcpu_vlapic(target));
- domain_unlock(target->domain);
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -2827,7 +2827,7 @@ static int put_old_guest_table(struct vc
- return rc;
- }
-
--int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
-+int vcpu_destroy_pagetables(struct vcpu *v)
- {
- unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
- struct page_info *page;
-@@ -2847,7 +2847,7 @@ int vcpu_destroy_pagetables(struct vcpu
- if ( paging_mode_refcounts(v->domain) )
- put_page(page);
- else
-- rc = put_page_and_type_preemptible(page, preemptible);
-+ rc = put_page_and_type_preemptible(page, 1);
- }
-
- #ifdef __x86_64__
-@@ -2873,7 +2873,7 @@ int vcpu_destroy_pagetables(struct vcpu
- if ( paging_mode_refcounts(v->domain) )
- put_page(page);
- else
-- rc = put_page_and_type_preemptible(page, preemptible);
-+ rc = put_page_and_type_preemptible(page, 1);
- }
- if ( !rc )
- v->arch.guest_table_user = pagetable_null();
---- a/xen/common/domain.c
-+++ b/xen/common/domain.c
-@@ -779,14 +779,18 @@ void domain_unpause_by_systemcontroller(
- domain_unpause(d);
- }
-
--void vcpu_reset(struct vcpu *v)
-+int vcpu_reset(struct vcpu *v)
- {
- struct domain *d = v->domain;
-+ int rc;
-
- vcpu_pause(v);
- domain_lock(d);
-
-- arch_vcpu_reset(v);
-+ set_bit(_VPF_in_reset, &v->pause_flags);
-+ rc = arch_vcpu_reset(v);
-+ if ( rc )
-+ goto out_unlock;
-
- set_bit(_VPF_down, &v->pause_flags);
-
-@@ -802,9 +806,13 @@ void vcpu_reset(struct vcpu *v)
- #endif
- cpumask_clear(v->cpu_affinity_tmp);
- clear_bit(_VPF_blocked, &v->pause_flags);
-+ clear_bit(_VPF_in_reset, &v->pause_flags);
-
-+ out_unlock:
- domain_unlock(v->domain);
- vcpu_unpause(v);
-+
-+ return rc;
- }
-
-
---- a/xen/common/domctl.c
-+++ b/xen/common/domctl.c
-@@ -306,8 +306,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
-
- if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
- {
-- vcpu_reset(v);
-- ret = 0;
-+ ret = vcpu_reset(v);
-+ if ( ret == -EAGAIN )
-+ ret = hypercall_create_continuation(
-+ __HYPERVISOR_domctl, "h", u_domctl);
- goto svc_out;
- }
-
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -605,7 +605,7 @@ void audit_domains(void);
- int new_guest_cr3(unsigned long pfn);
- void make_cr3(struct vcpu *v, unsigned long mfn);
- void update_cr3(struct vcpu *v);
--int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
-+int vcpu_destroy_pagetables(struct vcpu *);
- void propagate_page_fault(unsigned long addr, u16 error_code);
- void *do_page_walk(struct vcpu *v, unsigned long addr);
-
---- a/xen/include/xen/domain.h
-+++ b/xen/include/xen/domain.h
-@@ -13,7 +13,7 @@ typedef union {
- struct vcpu *alloc_vcpu(
- struct domain *d, unsigned int vcpu_id, unsigned int cpu_id);
- struct vcpu *alloc_dom0_vcpu0(void);
--void vcpu_reset(struct vcpu *v);
-+int vcpu_reset(struct vcpu *);
-
- struct xen_domctl_getdomaininfo;
- void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info);
-@@ -67,7 +67,7 @@ void arch_dump_vcpu_info(struct vcpu *v)
-
- void arch_dump_domain_info(struct domain *d);
-
--void arch_vcpu_reset(struct vcpu *v);
-+int arch_vcpu_reset(struct vcpu *);
-
- extern spinlock_t vcpu_alloc_lock;
- bool_t domctl_lock_acquire(void);
---- a/xen/include/xen/sched.h
-+++ b/xen/include/xen/sched.h
-@@ -644,6 +644,9 @@ static inline struct domain *next_domain
- /* VCPU is blocked due to missing mem_sharing ring. */
- #define _VPF_mem_sharing 6
- #define VPF_mem_sharing (1UL<<_VPF_mem_sharing)
-+ /* VCPU is being reset. */
-+#define _VPF_in_reset 7
-+#define VPF_in_reset (1UL<<_VPF_in_reset)
-
- static inline int vcpu_runnable(struct vcpu *v)
- {
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch
deleted file mode 100644
index b584b382c0af..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch
+++ /dev/null
@@ -1,204 +0,0 @@
-x86: make arch_set_info_guest() preemptible
-
-.. as the root page table validation (and the dropping of an eventual
-old one) can require meaningful amounts of time.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -858,6 +858,9 @@ int arch_set_info_guest(
-
- if ( !v->is_initialised )
- {
-+ if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] )
-+ return -EINVAL;
-+
- v->arch.pv_vcpu.ldt_base = c(ldt_base);
- v->arch.pv_vcpu.ldt_ents = c(ldt_ents);
- }
-@@ -955,24 +958,44 @@ int arch_set_info_guest(
- if ( rc != 0 )
- return rc;
-
-+ set_bit(_VPF_in_reset, &v->pause_flags);
-+
- if ( !compat )
-- {
- cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[3]);
-- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
--
-- if ( !cr3_page )
-- {
-- destroy_gdt(v);
-- return -EINVAL;
-- }
-- if ( !paging_mode_refcounts(d)
-- && !get_page_type(cr3_page, PGT_base_page_table) )
-- {
-- put_page(cr3_page);
-- destroy_gdt(v);
-- return -EINVAL;
-- }
-+#ifdef CONFIG_COMPAT
-+ else
-+ cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]);
-+#endif
-+ cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
-
-+ if ( !cr3_page )
-+ rc = -EINVAL;
-+ else if ( paging_mode_refcounts(d) )
-+ /* nothing */;
-+ else if ( cr3_page == v->arch.old_guest_table )
-+ {
-+ v->arch.old_guest_table = NULL;
-+ put_page(cr3_page);
-+ }
-+ else
-+ {
-+ /*
-+ * Since v->arch.guest_table{,_user} are both NULL, this effectively
-+ * is just a call to put_old_guest_table().
-+ */
-+ if ( !compat )
-+ rc = vcpu_destroy_pagetables(v);
-+ if ( !rc )
-+ rc = get_page_type_preemptible(cr3_page,
-+ !compat ? PGT_root_page_table
-+ : PGT_l3_page_table);
-+ if ( rc == -EINTR )
-+ rc = -EAGAIN;
-+ }
-+ if ( rc )
-+ /* handled below */;
-+ else if ( !compat )
-+ {
- v->arch.guest_table = pagetable_from_page(cr3_page);
- #ifdef __x86_64__
- if ( c.nat->ctrlreg[1] )
-@@ -980,56 +1003,44 @@ int arch_set_info_guest(
- cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[1]);
- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
-
-- if ( !cr3_page ||
-- (!paging_mode_refcounts(d)
-- && !get_page_type(cr3_page, PGT_base_page_table)) )
-+ if ( !cr3_page )
-+ rc = -EINVAL;
-+ else if ( !paging_mode_refcounts(d) )
- {
-- if (cr3_page)
-- put_page(cr3_page);
-- cr3_page = pagetable_get_page(v->arch.guest_table);
-- v->arch.guest_table = pagetable_null();
-- if ( paging_mode_refcounts(d) )
-- put_page(cr3_page);
-- else
-- put_page_and_type(cr3_page);
-- destroy_gdt(v);
-- return -EINVAL;
-+ rc = get_page_type_preemptible(cr3_page, PGT_root_page_table);
-+ switch ( rc )
-+ {
-+ case -EINTR:
-+ rc = -EAGAIN;
-+ case -EAGAIN:
-+ v->arch.old_guest_table =
-+ pagetable_get_page(v->arch.guest_table);
-+ v->arch.guest_table = pagetable_null();
-+ break;
-+ }
- }
--
-- v->arch.guest_table_user = pagetable_from_page(cr3_page);
-- }
-- else if ( !(flags & VGCF_in_kernel) )
-- {
-- destroy_gdt(v);
-- return -EINVAL;
-+ if ( !rc )
-+ v->arch.guest_table_user = pagetable_from_page(cr3_page);
- }
- }
- else
- {
- l4_pgentry_t *l4tab;
-
-- cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]);
-- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
--
-- if ( !cr3_page)
-- {
-- destroy_gdt(v);
-- return -EINVAL;
-- }
--
-- if (!paging_mode_refcounts(d)
-- && !get_page_type(cr3_page, PGT_l3_page_table) )
-- {
-- put_page(cr3_page);
-- destroy_gdt(v);
-- return -EINVAL;
-- }
--
- l4tab = __va(pagetable_get_paddr(v->arch.guest_table));
- *l4tab = l4e_from_pfn(page_to_mfn(cr3_page),
- _PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED);
- #endif
- }
-+ if ( rc )
-+ {
-+ if ( cr3_page )
-+ put_page(cr3_page);
-+ destroy_gdt(v);
-+ return rc;
-+ }
-+
-+ clear_bit(_VPF_in_reset, &v->pause_flags);
-
- if ( v->vcpu_id == 0 )
- update_domain_wallclock_time(d);
---- a/xen/common/compat/domain.c
-+++ b/xen/common/compat/domain.c
-@@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid,
- rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt);
- domain_unlock(d);
-
-+ if ( rc == -EAGAIN )
-+ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
-+ cmd, vcpuid, arg);
-+
- xfree(cmp_ctxt);
- break;
- }
---- a/xen/common/domain.c
-+++ b/xen/common/domain.c
-@@ -849,6 +849,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN
- domain_unlock(d);
-
- free_vcpu_guest_context(ctxt);
-+
-+ if ( rc == -EAGAIN )
-+ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
-+ cmd, vcpuid, arg);
-+
- break;
-
- case VCPUOP_up: {
---- a/xen/common/domctl.c
-+++ b/xen/common/domctl.c
-@@ -338,6 +338,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
- domain_pause(d);
- ret = arch_set_info_guest(v, c);
- domain_unpause(d);
-+
-+ if ( ret == -EAGAIN )
-+ ret = hypercall_create_continuation(
-+ __HYPERVISOR_domctl, "h", u_domctl);
- }
-
- svc_out:
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch
deleted file mode 100644
index a18f3ddec493..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-x86: make page table unpinning preemptible
-
-... as it may take significant amounts of time.
-
-Since we can't re-invoke the operation in a second attempt, the
-continuation logic must be slightly tweaked so that we make sure
-do_mmuext_op() gets run one more time even when the preempted unpin
-operation was the last one in a batch.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -3123,6 +3123,14 @@ long do_mmuext_op(
- return rc;
- }
-
-+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
-+ likely(guest_handle_is_null(uops)) )
-+ {
-+ /* See the curr->arch.old_guest_table related
-+ * hypercall_create_continuation() below. */
-+ return (int)foreigndom;
-+ }
-+
- if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
- {
- count &= ~MMU_UPDATE_PREEMPTED;
-@@ -3146,7 +3154,7 @@ long do_mmuext_op(
-
- for ( i = 0; i < count; i++ )
- {
-- if ( hypercall_preempt_check() )
-+ if ( curr->arch.old_guest_table || hypercall_preempt_check() )
- {
- rc = -EAGAIN;
- break;
-@@ -3266,7 +3274,17 @@ long do_mmuext_op(
- break;
- }
-
-- put_page_and_type(page);
-+ switch ( rc = put_page_and_type_preemptible(page, 1) )
-+ {
-+ case -EINTR:
-+ case -EAGAIN:
-+ curr->arch.old_guest_table = page;
-+ rc = 0;
-+ break;
-+ default:
-+ BUG_ON(rc);
-+ break;
-+ }
- put_page(page);
-
- /* A page is dirtied when its pin status is cleared. */
-@@ -3587,9 +3605,27 @@ long do_mmuext_op(
- }
-
- if ( rc == -EAGAIN )
-+ {
-+ ASSERT(i < count);
- rc = hypercall_create_continuation(
- __HYPERVISOR_mmuext_op, "hihi",
- uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
-+ }
-+ else if ( curr->arch.old_guest_table )
-+ {
-+ XEN_GUEST_HANDLE(void) null;
-+
-+ ASSERT(rc || i == count);
-+ set_xen_guest_handle(null, NULL);
-+ /*
-+ * In order to have a way to communicate the final return value to
-+ * our continuation, we pass this in place of "foreigndom", building
-+ * on the fact that this argument isn't needed anymore.
-+ */
-+ rc = hypercall_create_continuation(
-+ __HYPERVISOR_mmuext_op, "hihi", null,
-+ MMU_UPDATE_PREEMPTED, null, rc);
-+ }
-
- put_pg_owner(pg_owner);
-
---- a/xen/arch/x86/x86_64/compat/mm.c
-+++ b/xen/arch/x86/x86_64/compat/mm.c
-@@ -268,6 +268,13 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
- int rc = 0;
- XEN_GUEST_HANDLE(mmuext_op_t) nat_ops;
-
-+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
-+ likely(guest_handle_is_null(cmp_uops)) )
-+ {
-+ set_xen_guest_handle(nat_ops, NULL);
-+ return do_mmuext_op(nat_ops, count, pdone, foreigndom);
-+ }
-+
- preempt_mask = count & MMU_UPDATE_PREEMPTED;
- count ^= preempt_mask;
-
-@@ -370,12 +377,18 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
- guest_handle_add_offset(nat_ops, i - left);
- guest_handle_subtract_offset(cmp_uops, left);
- left = 1;
-- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops));
-- BUG_ON(left != arg1);
-- if (!test_bit(_MCSF_in_multicall, &mcs->flags))
-- regs->_ecx += count - i;
-+ if ( arg1 != MMU_UPDATE_PREEMPTED )
-+ {
-+ BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops,
-+ cmp_uops));
-+ if ( !test_bit(_MCSF_in_multicall, &mcs->flags) )
-+ regs->_ecx += count - i;
-+ else
-+ mcs->compat_call.args[1] += count - i;
-+ }
- else
-- mcs->compat_call.args[1] += count - i;
-+ BUG_ON(hypercall_xlat_continuation(&left, 0));
-+ BUG_ON(left != arg1);
- }
- else
- BUG_ON(err > 0);
diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch
deleted file mode 100644
index 0b7ce18d09cb..000000000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch
+++ /dev/null
@@ -1,255 +0,0 @@
-x86: make page table handling error paths preemptible
-
-... as they may take significant amounts of time.
-
-This requires cloning the tweaked continuation logic from
-do_mmuext_op() to do_mmu_update().
-
-Note that in mod_l[34]_entry() a negative "preemptible" value gets
-passed to put_page_from_l[34]e() now, telling the callee to store the
-respective page in current->arch.old_guest_table (for a hypercall
-continuation to pick up), rather than carrying out the put right away.
-This is going to be made a little more explicit by a subsequent cleanup
-patch.
-
-This is part of CVE-2013-1918 / XSA-45.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -1241,7 +1241,16 @@ static int put_page_from_l3e(l3_pgentry_
- #endif
-
- if ( unlikely(partial > 0) )
-+ {
-+ ASSERT(preemptible >= 0);
- return __put_page_type(l3e_get_page(l3e), preemptible);
-+ }
-+
-+ if ( preemptible < 0 )
-+ {
-+ current->arch.old_guest_table = l3e_get_page(l3e);
-+ return 0;
-+ }
-
- return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible);
- }
-@@ -1254,7 +1263,17 @@ static int put_page_from_l4e(l4_pgentry_
- (l4e_get_pfn(l4e) != pfn) )
- {
- if ( unlikely(partial > 0) )
-+ {
-+ ASSERT(preemptible >= 0);
- return __put_page_type(l4e_get_page(l4e), preemptible);
-+ }
-+
-+ if ( preemptible < 0 )
-+ {
-+ current->arch.old_guest_table = l4e_get_page(l4e);
-+ return 0;
-+ }
-+
- return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible);
- }
- return 1;
-@@ -1549,12 +1568,17 @@ static int alloc_l3_table(struct page_in
- if ( rc < 0 && rc != -EAGAIN && rc != -EINTR )
- {
- MEM_LOG("Failure in alloc_l3_table: entry %d", i);
-+ if ( i )
-+ {
-+ page->nr_validated_ptes = i;
-+ page->partial_pte = 0;
-+ current->arch.old_guest_table = page;
-+ }
- while ( i-- > 0 )
- {
- if ( !is_guest_l3_slot(i) )
- continue;
- unadjust_guest_l3e(pl3e[i], d);
-- put_page_from_l3e(pl3e[i], pfn, 0, 0);
- }
- }
-
-@@ -1584,22 +1608,24 @@ static int alloc_l4_table(struct page_in
- page->nr_validated_ptes = i;
- page->partial_pte = partial ?: 1;
- }
-- else if ( rc == -EINTR )
-+ else if ( rc < 0 )
- {
-+ if ( rc != -EINTR )
-+ MEM_LOG("Failure in alloc_l4_table: entry %d", i);
- if ( i )
- {
- page->nr_validated_ptes = i;
- page->partial_pte = 0;
-- rc = -EAGAIN;
-+ if ( rc == -EINTR )
-+ rc = -EAGAIN;
-+ else
-+ {
-+ if ( current->arch.old_guest_table )
-+ page->nr_validated_ptes++;
-+ current->arch.old_guest_table = page;
-+ }
- }
- }
-- else if ( rc < 0 )
-- {
-- MEM_LOG("Failure in alloc_l4_table: entry %d", i);
-- while ( i-- > 0 )
-- if ( is_guest_l4_slot(d, i) )
-- put_page_from_l4e(pl4e[i], pfn, 0, 0);
-- }
- if ( rc < 0 )
- return rc;
-
-@@ -2047,7 +2073,7 @@ static int mod_l3_entry(l3_pgentry_t *pl
- pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e);
- }
-
-- put_page_from_l3e(ol3e, pfn, 0, 0);
-+ put_page_from_l3e(ol3e, pfn, 0, -preemptible);
- return rc;
- }
-
-@@ -2110,7 +2136,7 @@ static int mod_l4_entry(l4_pgentry_t *pl
- return -EFAULT;
- }
-
-- put_page_from_l4e(ol4e, pfn, 0, 0);
-+ put_page_from_l4e(ol4e, pfn, 0, -preemptible);
- return rc;
- }
-
-@@ -2268,7 +2294,15 @@ static int alloc_page_type(struct page_i
- PRtype_info ": caf=%08lx taf=%" PRtype_info,
- page_to_mfn(page), get_gpfn_from_mfn(page_to_mfn(page)),
- type, page->count_info, page->u.inuse.type_info);
-- page->u.inuse.type_info = 0;
-+ if ( page != current->arch.old_guest_table )
-+ page->u.inuse.type_info = 0;
-+ else
-+ {
-+ ASSERT((page->u.inuse.type_info &
-+ (PGT_count_mask | PGT_validated)) == 1);
-+ get_page_light(page);
-+ page->u.inuse.type_info |= PGT_partial;
-+ }
- }
- else
- {
-@@ -3218,21 +3252,17 @@ long do_mmuext_op(
- }
-
- if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
-- {
-- put_page_and_type(page);
- okay = 0;
-- break;
-- }
--
-- if ( unlikely(test_and_set_bit(_PGT_pinned,
-- &page->u.inuse.type_info)) )
-+ else if ( unlikely(test_and_set_bit(_PGT_pinned,
-+ &page->u.inuse.type_info)) )
- {
- MEM_LOG("Mfn %lx already pinned", page_to_mfn(page));
-- put_page_and_type(page);
- okay = 0;
-- break;
- }
-
-+ if ( unlikely(!okay) )
-+ goto pin_drop;
-+
- /* A page is dirtied when its pin status is set. */
- paging_mark_dirty(pg_owner, page_to_mfn(page));
-
-@@ -3246,7 +3276,13 @@ long do_mmuext_op(
- &page->u.inuse.type_info));
- spin_unlock(&pg_owner->page_alloc_lock);
- if ( drop_ref )
-- put_page_and_type(page);
-+ {
-+ pin_drop:
-+ if ( type == PGT_l1_page_table )
-+ put_page_and_type(page);
-+ else
-+ curr->arch.old_guest_table = page;
-+ }
- }
-
- break;
-@@ -3652,11 +3688,28 @@ long do_mmu_update(
- void *va;
- unsigned long gpfn, gmfn, mfn;
- struct page_info *page;
-- int rc = 0, i = 0;
-- unsigned int cmd, done = 0, pt_dom;
-- struct vcpu *v = current;
-+ unsigned int cmd, i = 0, done = 0, pt_dom;
-+ struct vcpu *curr = current, *v = curr;
- struct domain *d = v->domain, *pt_owner = d, *pg_owner;
- struct domain_mmap_cache mapcache;
-+ int rc = put_old_guest_table(curr);
-+
-+ if ( unlikely(rc) )
-+ {
-+ if ( likely(rc == -EAGAIN) )
-+ rc = hypercall_create_continuation(
-+ __HYPERVISOR_mmu_update, "hihi", ureqs, count, pdone,
-+ foreigndom);
-+ return rc;
-+ }
-+
-+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
-+ likely(guest_handle_is_null(ureqs)) )
-+ {
-+ /* See the curr->arch.old_guest_table related
-+ * hypercall_create_continuation() below. */
-+ return (int)foreigndom;
-+ }
-
- if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
- {
-@@ -3705,7 +3758,7 @@ long do_mmu_update(
-
- for ( i = 0; i < count; i++ )
- {
-- if ( hypercall_preempt_check() )
-+ if ( curr->arch.old_guest_table || hypercall_preempt_check() )
- {
- rc = -EAGAIN;
- break;
-@@ -3886,9 +3939,27 @@ long do_mmu_update(
- }
-
- if ( rc == -EAGAIN )
-+ {
-+ ASSERT(i < count);
- rc = hypercall_create_continuation(
- __HYPERVISOR_mmu_update, "hihi",
- ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
-+ }
-+ else if ( curr->arch.old_guest_table )
-+ {
-+ XEN_GUEST_HANDLE(void) null;
-+
-+ ASSERT(rc || i == count);
-+ set_xen_guest_handle(null, NULL);
-+ /*
-+ * In order to have a way to communicate the final return value to
-+ * our continuation, we pass this in place of "foreigndom", building
-+ * on the fact that this argument isn't needed anymore.
-+ */
-+ rc = hypercall_create_continuation(
-+ __HYPERVISOR_mmu_update, "hihi", null,
-+ MMU_UPDATE_PREEMPTED, null, rc);
-+ }
-
- put_pg_owner(pg_owner);
-
diff --git a/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch b/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch
deleted file mode 100644
index 3dd9cbe14092..000000000000
--- a/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-x86/xsave: fix information leak on AMD CPUs
-
-Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the
-last instruction and operand pointers as well as the last opcode if
-there's no pending unmasked exception (see CVE-2006-1056 and commit
-9747:4d667a139318).
-
-While the FXSR solution sits in the save path, I prefer to have this in
-the restore path because there the handling is simpler (namely in the
-context of the pending changes to properly save the selector values for
-32-bit guest code).
-
-Also this is using FFREE instead of EMMS, as it doesn't seem unlikely
-that in the future we may see CPUs with x87 and SSE/AVX but no MMX
-support. The goal here anyway is just to avoid an FPU stack overflow.
-I would have preferred to use FFREEP instead of FFREE (freeing two
-stack slots at once), but AMD doesn't document that instruction.
-
-This is CVE-2013-2076 / XSA-52.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/arch/x86/xstate.c
-+++ b/xen/arch/x86/xstate.c
-@@ -78,6 +78,21 @@ void xrstor(struct vcpu *v, uint64_t mas
-
- struct xsave_struct *ptr = v->arch.xsave_area;
-
-+ /*
-+ * AMD CPUs don't save/restore FDP/FIP/FOP unless an exception
-+ * is pending. Clear the x87 state here by setting it to fixed
-+ * values. The hypervisor data segment can be sometimes 0 and
-+ * sometimes new user value. Both should be ok. Use the FPU saved
-+ * data block as a safe address because it should be in L1.
-+ */
-+ if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) &&
-+ !(ptr->fpu_sse.fsw & 0x0080) &&
-+ boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
-+ asm volatile ( "fnclex\n\t" /* clear exceptions */
-+ "ffree %%st(7)\n\t" /* clear stack tag */
-+ "fildl %0" /* load to clear state */
-+ : : "m" (ptr->fpu_sse) );
-+
- asm volatile (
- ".byte " REX_PREFIX "0x0f,0xae,0x2f"
- :
-#x86/xsave: recover from faults on XRSTOR
-#
-#Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed
-#to it in the memory block (i.e. aspects not under the control of the
-#hypervisor, other than e.g. proper alignment of the block).
-#
-#Also correct the comment explaining why FXRSTOR needs exception
-#recovery code to not wrongly state that this can only be a result of
-#the control tools passing a bad image.
-#
-#This is CVE-2013-2077 / XSA-53.
-#
-#Signed-off-by: Jan Beulich <jbeulich@suse.com>
-#
---- a/xen/arch/x86/i387.c
-+++ b/xen/arch/x86/i387.c
-@@ -53,7 +53,7 @@ static inline void fpu_fxrstor(struct vc
- /*
- * FXRSTOR can fault if passed a corrupted data block. We handle this
- * possibility, which may occur if the block was passed to us by control
-- * tools, by silently clearing the block.
-+ * tools or through VCPUOP_initialise, by silently clearing the block.
- */
- asm volatile (
- #ifdef __i386__
---- a/xen/arch/x86/xstate.c
-+++ b/xen/arch/x86/xstate.c
-@@ -93,10 +93,25 @@ void xrstor(struct vcpu *v, uint64_t mas
- "fildl %0" /* load to clear state */
- : : "m" (ptr->fpu_sse) );
-
-- asm volatile (
-- ".byte " REX_PREFIX "0x0f,0xae,0x2f"
-- :
-- : "m" (*ptr), "a" (lmask), "d" (hmask), "D"(ptr) );
-+ /*
-+ * XRSTOR can fault if passed a corrupted data block. We handle this
-+ * possibility, which may occur if the block was passed to us by control
-+ * tools or through VCPUOP_initialise, by silently clearing the block.
-+ */
-+ asm volatile ( "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n"
-+ ".section .fixup,\"ax\"\n"
-+ "2: mov %5,%%ecx \n"
-+ " xor %1,%1 \n"
-+ " rep stosb \n"
-+ " lea %2,%0 \n"
-+ " mov %3,%1 \n"
-+ " jmp 1b \n"
-+ ".previous \n"
-+ _ASM_EXTABLE(1b, 2b)
-+ : "+&D" (ptr), "+&a" (lmask)
-+ : "m" (*ptr), "g" (lmask), "d" (hmask),
-+ "m" (xsave_cntxt_size)
-+ : "ecx" );
- }
-
- bool_t xsave_enabled(const struct vcpu *v)
-#x86/xsave: properly check guest input to XSETBV
-#
-#Other than the HVM emulation path, the PV case so far failed to check
-#that YMM state requires SSE state to be enabled, allowing for a #GP to
-#occur upon passing the inputs to XSETBV inside the hypervisor.
-#
-#This is CVE-2013-2078 / XSA-54.
-#
-#Signed-off-by: Jan Beulich <jbeulich@suse.com>
-#
---- a/xen/arch/x86/traps.c
-+++ b/xen/arch/x86/traps.c
-@@ -2205,6 +2205,11 @@ static int emulate_privileged_op(struct
- if ( !(new_xfeature & XSTATE_FP) || (new_xfeature & ~xfeature_mask) )
- goto fail;
-
-+ /* YMM state takes SSE state as prerequisite. */
-+ if ( (xfeature_mask & new_xfeature & XSTATE_YMM) &&
-+ !(new_xfeature & XSTATE_SSE) )
-+ goto fail;
-+
- v->arch.xcr0 = new_xfeature;
- v->arch.xcr0_accum |= new_xfeature;
- set_xcr0(new_xfeature);
diff --git a/app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch b/app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch
deleted file mode 100644
index c3b8aaafa5ae..000000000000
--- a/app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-x86: fix page refcount handling in page table pin error path
-
-In the original patch 7 of the series addressing XSA-45 I mistakenly
-took the addition of the call to get_page_light() in alloc_page_type()
-to cover two decrements that would happen: One for the PGT_partial bit
-that is getting set along with the call, and the other for the page
-reference the caller hold (and would be dropping on its error path).
-But of course the additional page reference is tied to the PGT_partial
-bit, and hence any caller of a function that may leave
-->arch.old_guest_table non-NULL for error cleanup purposes has to make
-sure a respective page reference gets retained.
-
-Similar issues were then also spotted elsewhere: In effect all callers
-of get_page_type_preemptible() need to deal with errors in similar
-ways. To make sure error handling can work this way without leaking
-page references, a respective assertion gets added to that function.
-
-This is CVE-2013-1432 / XSA-58.
-
-Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -941,6 +941,10 @@ int arch_set_info_guest(
- if ( v->vcpu_id == 0 )
- d->vm_assist = c(vm_assist);
-
-+ rc = put_old_guest_table(current);
-+ if ( rc )
-+ return rc;
-+
- if ( !compat )
- rc = (int)set_gdt(v, c.nat->gdt_frames, c.nat->gdt_ents);
- #ifdef CONFIG_COMPAT
-@@ -980,18 +984,24 @@ int arch_set_info_guest(
- }
- else
- {
-- /*
-- * Since v->arch.guest_table{,_user} are both NULL, this effectively
-- * is just a call to put_old_guest_table().
-- */
- if ( !compat )
-- rc = vcpu_destroy_pagetables(v);
-+ rc = put_old_guest_table(v);
- if ( !rc )
- rc = get_page_type_preemptible(cr3_page,
- !compat ? PGT_root_page_table
- : PGT_l3_page_table);
-- if ( rc == -EINTR )
-+ switch ( rc )
-+ {
-+ case -EINTR:
- rc = -EAGAIN;
-+ case -EAGAIN:
-+ case 0:
-+ break;
-+ default:
-+ if ( cr3_page == current->arch.old_guest_table )
-+ cr3_page = NULL;
-+ break;
-+ }
- }
- if ( rc )
- /* handled below */;
-@@ -1018,6 +1028,11 @@ int arch_set_info_guest(
- pagetable_get_page(v->arch.guest_table);
- v->arch.guest_table = pagetable_null();
- break;
-+ default:
-+ if ( cr3_page == current->arch.old_guest_table )
-+ cr3_page = NULL;
-+ case 0:
-+ break;
- }
- }
- if ( !rc )
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -718,7 +718,8 @@ static int get_page_and_type_from_pagenr
- get_page_type_preemptible(page, type) :
- (get_page_type(page, type) ? 0 : -EINVAL));
-
-- if ( unlikely(rc) && partial >= 0 )
-+ if ( unlikely(rc) && partial >= 0 &&
-+ (!preemptible || page != current->arch.old_guest_table) )
- put_page(page);
-
- return rc;
-@@ -2638,6 +2639,7 @@ int put_page_type_preemptible(struct pag
-
- int get_page_type_preemptible(struct page_info *page, unsigned long type)
- {
-+ ASSERT(!current->arch.old_guest_table);
- return __get_page_type(page, type, 1);
- }
-
-@@ -2848,7 +2850,7 @@ static void put_superpage(unsigned long
-
- #endif
-
--static int put_old_guest_table(struct vcpu *v)
-+int put_old_guest_table(struct vcpu *v)
- {
- int rc;
-
-@@ -3253,7 +3255,8 @@ long do_mmuext_op(
- rc = -EAGAIN;
- else if ( rc != -EAGAIN )
- MEM_LOG("Error while pinning mfn %lx", page_to_mfn(page));
-- put_page(page);
-+ if ( page != curr->arch.old_guest_table )
-+ put_page(page);
- break;
- }
-
---- a/xen/include/asm-x86/mm.h
-+++ b/xen/include/asm-x86/mm.h
-@@ -374,6 +374,7 @@ void put_page_type(struct page_info *pag
- int get_page_type(struct page_info *page, unsigned long type);
- int put_page_type_preemptible(struct page_info *page);
- int get_page_type_preemptible(struct page_info *page, unsigned long type);
-+int put_old_guest_table(struct vcpu *);
- int get_page_from_l1e(
- l1_pgentry_t l1e, struct domain *l1e_owner, struct domain *pg_owner);
- void put_page_from_l1e(l1_pgentry_t l1e, struct domain *l1e_owner);
-
diff --git a/app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch b/app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch
deleted file mode 100644
index 490f84e18623..000000000000
--- a/app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-x86: restrict XEN_DOMCTL_getmemlist
-
-Coverity ID 1055652
-
-(See the code comment.)
-
-This is CVE-2013-4553 / XSA-74.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-
---- a/xen/arch/x86/domctl.c
-+++ b/xen/arch/x86/domctl.c
-@@ -385,6 +385,26 @@ long arch_do_domctl(
- break;
- }
-
-+ /*
-+ * XSA-74: This sub-hypercall is broken in several ways:
-+ * - lock order inversion (p2m locks inside page_alloc_lock)
-+ * - no preemption on huge max_pfns input
-+ * - not (re-)checking d->is_dying with page_alloc_lock held
-+ * - not honoring start_pfn input (which libxc also doesn't set)
-+ * Additionally it is rather useless, as the result is stale by
-+ * the time the caller gets to look at it.
-+ * As it only has a single, non-production consumer (xen-mceinj),
-+ * rather than trying to fix it we restrict it for the time being.
-+ */
-+ if ( /* No nested locks inside copy_to_guest_offset(). */
-+ paging_mode_external(current->domain) ||
-+ /* Arbitrary limit capping processing time. */
-+ max_pfns > GB(4) / PAGE_SIZE )
-+ {
-+ ret = -EOPNOTSUPP;
-+ break;
-+ }
-+
- spin_lock(&d->page_alloc_lock);
-
- if ( unlikely(d->is_dying) ) {
diff --git a/app-emulation/xen/files/xen-4.2-XSA-84.patch b/app-emulation/xen/files/xen-4.2-XSA-84.patch
deleted file mode 100644
index 277b6f6667a6..000000000000
--- a/app-emulation/xen/files/xen-4.2-XSA-84.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-flask: fix reading strings from guest memory
-
-Since the string size is being specified by the guest, we must range
-check it properly before doing allocations based on it. While for the
-two cases that are exposed only to trusted guests (via policy
-restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for
-the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit
-gets enforced based on the longest name across all boolean settings.
-
-This is XSA-84.
-
-Reported-by: Matthew Daley <mattd@bugfuzz.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
-
---- a/xen/xsm/flask/flask_op.c
-+++ b/xen/xsm/flask/flask_op.c
-@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(sel_sem);
- /* global data for booleans */
- static int bool_num = 0;
- static int *bool_pending_values = NULL;
-+static size_t bool_maxstr;
- static int flask_security_make_bools(void);
-
- extern int ss_initialized;
-@@ -71,9 +72,15 @@ static int domain_has_security(struct do
- perms, NULL);
- }
-
--static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, uint32_t size)
-+static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf,
-+ size_t size, size_t max_size)
- {
-- char *tmp = xmalloc_bytes(size + 1);
-+ char *tmp;
-+
-+ if ( size > max_size )
-+ return -ENOENT;
-+
-+ tmp = xmalloc_array(char, size + 1);
- if ( !tmp )
- return -ENOMEM;
-
-@@ -99,7 +106,7 @@ static int flask_security_user(struct xe
- if ( rv )
- return rv;
-
-- rv = flask_copyin_string(arg->u.user, &user, arg->size);
-+ rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE);
- if ( rv )
- return rv;
-
-@@ -210,7 +217,7 @@ static int flask_security_context(struct
- if ( rv )
- return rv;
-
-- rv = flask_copyin_string(arg->context, &buf, arg->size);
-+ rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE);
- if ( rv )
- return rv;
-
-@@ -303,7 +310,7 @@ static int flask_security_resolve_bool(s
- if ( arg->bool_id != -1 )
- return 0;
-
-- rv = flask_copyin_string(arg->name, &name, arg->size);
-+ rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr);
- if ( rv )
- return rv;
-
-@@ -334,7 +341,7 @@ static int flask_security_set_bool(struc
- int num;
- int *values;
-
-- rv = security_get_bools(&num, NULL, &values);
-+ rv = security_get_bools(&num, NULL, &values, NULL);
- if ( rv != 0 )
- goto out;
-
-@@ -440,7 +447,7 @@ static int flask_security_make_bools(voi
-
- xfree(bool_pending_values);
-
-- ret = security_get_bools(&num, NULL, &values);
-+ ret = security_get_bools(&num, NULL, &values, &bool_maxstr);
- if ( ret != 0 )
- goto out;
-
---- a/xen/xsm/flask/include/conditional.h
-+++ b/xen/xsm/flask/include/conditional.h
-@@ -13,7 +13,9 @@
- #ifndef _FLASK_CONDITIONAL_H_
- #define _FLASK_CONDITIONAL_H_
-
--int security_get_bools(int *len, char ***names, int **values);
-+#include <xen/types.h>
-+
-+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr);
-
- int security_set_bools(int len, int *values);
-
---- a/xen/xsm/flask/ss/services.c
-+++ b/xen/xsm/flask/ss/services.c
-@@ -1900,7 +1900,7 @@ int security_find_bool(const char *name)
- return rv;
- }
-
--int security_get_bools(int *len, char ***names, int **values)
-+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr)
- {
- int i, rc = -ENOMEM;
-
-@@ -1908,6 +1908,8 @@ int security_get_bools(int *len, char **
- if ( names )
- *names = NULL;
- *values = NULL;
-+ if ( maxstr )
-+ *maxstr = 0;
-
- *len = policydb.p_bools.nprim;
- if ( !*len )
-@@ -1929,16 +1931,17 @@ int security_get_bools(int *len, char **
-
- for ( i = 0; i < *len; i++ )
- {
-- size_t name_len;
-+ size_t name_len = strlen(policydb.p_bool_val_to_name[i]);
-+
- (*values)[i] = policydb.bool_val_to_struct[i]->state;
- if ( names ) {
-- name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
-- (*names)[i] = (char*)xmalloc_array(char, name_len);
-+ (*names)[i] = xmalloc_array(char, name_len + 1);
- if ( !(*names)[i] )
- goto err;
-- strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
-- (*names)[i][name_len - 1] = 0;
-+ strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len + 1);
- }
-+ if ( maxstr && name_len > *maxstr )
-+ *maxstr = name_len;
- }
- rc = 0;
- out:
-@@ -2056,7 +2059,7 @@ static int security_preserve_bools(struc
- struct cond_bool_datum *booldatum;
- struct cond_node *cur;
-
-- rc = security_get_bools(&nbools, &bnames, &bvalues);
-+ rc = security_get_bools(&nbools, &bnames, &bvalues, NULL);
- if ( rc )
- goto out;
- for ( i = 0; i < nbools; i++ )
diff --git a/app-emulation/xen/files/xen-4.2-XSA-85.patch b/app-emulation/xen/files/xen-4.2-XSA-85.patch
deleted file mode 100644
index 2976b2af8248..000000000000
--- a/app-emulation/xen/files/xen-4.2-XSA-85.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 593bc8c63d582ec0fc2b3a35336106cf9c3a8b34 Mon Sep 17 00:00:00 2001
-From: Matthew Daley <mattd@bugfuzz.com>
-Date: Sun, 12 Jan 2014 14:29:32 +1300
-Subject: [PATCH] xsm/flask: correct off-by-one in
- flask_security_avc_cachestats cpu id check
-
-This is XSA-85
-
-Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
----
- xen/xsm/flask/flask_op.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
-index 4426ab9..22878f5 100644
---- a/xen/xsm/flask/flask_op.c
-+++ b/xen/xsm/flask/flask_op.c
-@@ -457,7 +457,7 @@ static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
- {
- struct avc_cache_stats *st;
-
-- if ( arg->cpu > nr_cpu_ids )
-+ if ( arg->cpu >= nr_cpu_ids )
- return -ENOENT;
- if ( !cpu_online(arg->cpu) )
- return -ENOENT;
---
-1.8.5.2
-
diff --git a/app-emulation/xen/files/xen-4.2-XSA-87.patch b/app-emulation/xen/files/xen-4.2-XSA-87.patch
deleted file mode 100644
index 494cf5e2bf5d..000000000000
--- a/app-emulation/xen/files/xen-4.2-XSA-87.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-x86: PHYSDEVOP_{prepare,release}_msix are privileged
-
-Yet this wasn't being enforced.
-
-This is XSA-87.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/arch/x86/physdev.c
-+++ b/xen/arch/x86/physdev.c
-@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
- case PHYSDEVOP_release_msix: {
- struct physdev_pci_device dev;
-
-- if ( copy_from_guest(&dev, arg, 1) )
-+ if ( !IS_PRIV(v->domain) )
-+ ret = -EPERM;
-+ else if ( copy_from_guest(&dev, arg, 1) )
- ret = -EFAULT;
- else
- ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn,
diff --git a/app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch b/app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch
deleted file mode 100644
index 3bb432762a2c..000000000000
--- a/app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-x86/xsave: initialize extended register state when guests enable it
-
-Till now, when setting previously unset bits in XCR0 we wouldn't touch
-the active register state, thus leaving in the newly enabled registers
-whatever a prior user of it left there, i.e. potentially leaking
-information between guests.
-
-This is CVE-2013-1442 / XSA-62.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/xstate.c
-+++ b/xen/arch/x86/xstate.c
-@@ -307,6 +307,7 @@ int validate_xstate(u64 xcr0, u64 xcr0_a
- int handle_xsetbv(u32 index, u64 new_bv)
- {
- struct vcpu *curr = current;
-+ u64 mask;
-
- if ( index != XCR_XFEATURE_ENABLED_MASK )
- return -EOPNOTSUPP;
-@@ -320,9 +321,23 @@ int handle_xsetbv(u32 index, u64 new_bv)
- if ( !set_xcr0(new_bv) )
- return -EFAULT;
-
-+ mask = new_bv & ~curr->arch.xcr0_accum;
- curr->arch.xcr0 = new_bv;
- curr->arch.xcr0_accum |= new_bv;
-
-+ mask &= curr->fpu_dirtied ? ~XSTATE_FP_SSE : XSTATE_NONLAZY;
-+ if ( mask )
-+ {
-+ unsigned long cr0 = read_cr0();
-+
-+ clts();
-+ if ( curr->fpu_dirtied )
-+ asm ( "stmxcsr %0" : "=m" (curr->arch.xsave_area->fpu_sse.mxcsr) );
-+ xrstor(curr, mask);
-+ if ( cr0 & X86_CR0_TS )
-+ write_cr0(cr0);
-+ }
-+
- return 0;
- }
-
diff --git a/app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch b/app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch
deleted file mode 100644
index 5134650e2f88..000000000000
--- a/app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-x86: properly handle hvm_copy_from_guest_{phys,virt}() errors
-
-Ignoring them generally implies using uninitialized data and, in all
-cases dealt with here, potentially leaking hypervisor stack contents to
-guests.
-
-This is XSA-63.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Tim Deegan <tim@xen.org>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/hvm/hvm.c
-+++ b/xen/arch/x86/hvm/hvm.c
-@@ -2308,11 +2308,7 @@ void hvm_task_switch(
-
- rc = hvm_copy_from_guest_virt(
- &tss, prev_tr.base, sizeof(tss), PFEC_page_present);
-- if ( rc == HVMCOPY_bad_gva_to_gfn )
-- goto out;
-- if ( rc == HVMCOPY_gfn_paged_out )
-- goto out;
-- if ( rc == HVMCOPY_gfn_shared )
-+ if ( rc != HVMCOPY_okay )
- goto out;
-
- eflags = regs->eflags;
-@@ -2357,13 +2353,11 @@ void hvm_task_switch(
-
- rc = hvm_copy_from_guest_virt(
- &tss, tr.base, sizeof(tss), PFEC_page_present);
-- if ( rc == HVMCOPY_bad_gva_to_gfn )
-- goto out;
-- if ( rc == HVMCOPY_gfn_paged_out )
-- goto out;
-- /* Note: this could be optimised, if the callee functions knew we want RO
-- * access */
-- if ( rc == HVMCOPY_gfn_shared )
-+ /*
-+ * Note: The HVMCOPY_gfn_shared case could be optimised, if the callee
-+ * functions knew we want RO access.
-+ */
-+ if ( rc != HVMCOPY_okay )
- goto out;
-
-
---- a/xen/arch/x86/hvm/intercept.c
-+++ b/xen/arch/x86/hvm/intercept.c
-@@ -87,17 +87,28 @@ static int hvm_mmio_access(struct vcpu *
- {
- for ( i = 0; i < p->count; i++ )
- {
-- int ret;
--
-- ret = hvm_copy_from_guest_phys(&data,
-- p->data + (sign * i * p->size),
-- p->size);
-- if ( (ret == HVMCOPY_gfn_paged_out) ||
-- (ret == HVMCOPY_gfn_shared) )
-+ switch ( hvm_copy_from_guest_phys(&data,
-+ p->data + sign * i * p->size,
-+ p->size) )
- {
-+ case HVMCOPY_okay:
-+ break;
-+ case HVMCOPY_gfn_paged_out:
-+ case HVMCOPY_gfn_shared:
- rc = X86EMUL_RETRY;
- break;
-+ case HVMCOPY_bad_gfn_to_mfn:
-+ data = ~0;
-+ break;
-+ case HVMCOPY_bad_gva_to_gfn:
-+ ASSERT(0);
-+ /* fall through */
-+ default:
-+ rc = X86EMUL_UNHANDLEABLE;
-+ break;
- }
-+ if ( rc != X86EMUL_OKAY )
-+ break;
- rc = write_handler(v, p->addr + (sign * i * p->size), p->size,
- data);
- if ( rc != X86EMUL_OKAY )
-@@ -165,8 +176,28 @@ static int process_portio_intercept(port
- for ( i = 0; i < p->count; i++ )
- {
- data = 0;
-- (void)hvm_copy_from_guest_phys(&data, p->data + sign*i*p->size,
-- p->size);
-+ switch ( hvm_copy_from_guest_phys(&data,
-+ p->data + sign * i * p->size,
-+ p->size) )
-+ {
-+ case HVMCOPY_okay:
-+ break;
-+ case HVMCOPY_gfn_paged_out:
-+ case HVMCOPY_gfn_shared:
-+ rc = X86EMUL_RETRY;
-+ break;
-+ case HVMCOPY_bad_gfn_to_mfn:
-+ data = ~0;
-+ break;
-+ case HVMCOPY_bad_gva_to_gfn:
-+ ASSERT(0);
-+ /* fall through */
-+ default:
-+ rc = X86EMUL_UNHANDLEABLE;
-+ break;
-+ }
-+ if ( rc != X86EMUL_OKAY )
-+ break;
- rc = action(IOREQ_WRITE, p->addr, p->size, &data);
- if ( rc != X86EMUL_OKAY )
- break;
---- a/xen/arch/x86/hvm/io.c
-+++ b/xen/arch/x86/hvm/io.c
-@@ -340,14 +340,24 @@ static int dpci_ioport_write(uint32_t mp
- data = p->data;
- if ( p->data_is_ptr )
- {
-- int ret;
--
-- ret = hvm_copy_from_guest_phys(&data,
-- p->data + (sign * i * p->size),
-- p->size);
-- if ( (ret == HVMCOPY_gfn_paged_out) &&
-- (ret == HVMCOPY_gfn_shared) )
-+ switch ( hvm_copy_from_guest_phys(&data,
-+ p->data + sign * i * p->size,
-+ p->size) )
-+ {
-+ case HVMCOPY_okay:
-+ break;
-+ case HVMCOPY_gfn_paged_out:
-+ case HVMCOPY_gfn_shared:
- return X86EMUL_RETRY;
-+ case HVMCOPY_bad_gfn_to_mfn:
-+ data = ~0;
-+ break;
-+ case HVMCOPY_bad_gva_to_gfn:
-+ ASSERT(0);
-+ /* fall through */
-+ default:
-+ return X86EMUL_UNHANDLEABLE;
-+ }
- }
-
- switch ( p->size )
---- a/xen/arch/x86/hvm/vmx/realmode.c
-+++ b/xen/arch/x86/hvm/vmx/realmode.c
-@@ -39,7 +39,9 @@ static void realmode_deliver_exception(
-
- again:
- last_byte = (vector * 4) + 3;
-- if ( idtr->limit < last_byte )
-+ if ( idtr->limit < last_byte ||
-+ hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4) !=
-+ HVMCOPY_okay )
- {
- /* Software interrupt? */
- if ( insn_len != 0 )
-@@ -64,8 +66,6 @@ static void realmode_deliver_exception(
- }
- }
-
-- (void)hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4);
--
- frame[0] = regs->eip + insn_len;
- frame[1] = csr->sel;
- frame[2] = regs->eflags & ~X86_EFLAGS_RF;
diff --git a/app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch b/app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch
deleted file mode 100644
index 9b3a7cbe1bed..000000000000
--- a/app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-commit 95a0770282ea2a03f7bc48c6656d5fc79bae0599
-Author: Tim Deegan <tim@xen.org>
-Date: Thu Sep 12 14:16:28 2013 +0100
-
- x86/mm/shadow: Fix initialization of PV shadow L4 tables.
-
- Shadowed PV L4 tables must have the same Xen mappings as their
- unshadowed equivalent. This is done by copying the Xen entries
- verbatim from the idle pagetable, and then using guest_l4_slot()
- in the SHADOW_FOREACH_L4E() iterator to avoid touching those entries.
-
- adc5afbf1c70ef55c260fb93e4b8ce5ccb918706 (x86: support up to 16Tb)
- changed the definition of ROOT_PAGETABLE_XEN_SLOTS to extend right to
- the top of the address space, which causes the shadow code to
- copy Xen mappings into guest-kernel-address slots too.
-
- In the common case, all those slots are zero in the idle pagetable,
- and no harm is done. But if any slot above #271 is non-zero, Xen will
- crash when that slot is later cleared (it attempts to drop
- shadow-pagetable refcounts on its own L4 pagetables).
-
- Fix by using the new ROOT_PAGETABLE_PV_XEN_SLOTS when appropriate.
- Monitor pagetables need the full Xen mappings, so they keep using the
- old name (with its new semantics).
-
- This is XSA-64.
-
- Signed-off-by: Tim Deegan <tim@xen.org>
- Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
- Xen 4.3.x and xen-unstable are vulnerable.
-
-diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c
-index 4c4c2ba..3fed0b6 100644
---- a/xen/arch/x86/mm/shadow/multi.c
-+++ b/xen/arch/x86/mm/shadow/multi.c
-@@ -1433,15 +1433,19 @@ void sh_install_xen_entries_in_l4(struct vcpu *v, mfn_t gl4mfn, mfn_t sl4mfn)
- {
- struct domain *d = v->domain;
- shadow_l4e_t *sl4e;
-+ unsigned int slots;
-
- sl4e = sh_map_domain_page(sl4mfn);
- ASSERT(sl4e != NULL);
- ASSERT(sizeof (l4_pgentry_t) == sizeof (shadow_l4e_t));
-
- /* Copy the common Xen mappings from the idle domain */
-+ slots = (shadow_mode_external(d)
-+ ? ROOT_PAGETABLE_XEN_SLOTS
-+ : ROOT_PAGETABLE_PV_XEN_SLOTS);
- memcpy(&sl4e[ROOT_PAGETABLE_FIRST_XEN_SLOT],
- &idle_pg_table[ROOT_PAGETABLE_FIRST_XEN_SLOT],
-- ROOT_PAGETABLE_XEN_SLOTS * sizeof(l4_pgentry_t));
-+ slots * sizeof(l4_pgentry_t));
-
- /* Install the per-domain mappings for this domain */
- sl4e[shadow_l4_table_offset(PERDOMAIN_VIRT_START)] =
diff --git a/app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch b/app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch
deleted file mode 100644
index 1d9f25abae1f..000000000000
--- a/app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-x86: properly set up fbld emulation operand address
-
-This is CVE-2013-4361 / XSA-66.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
-
---- a/xen/arch/x86/x86_emulate/x86_emulate.c
-+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
-@@ -3156,11 +3156,11 @@ x86_emulate(
- break;
- case 4: /* fbld m80dec */
- ea.bytes = 10;
-- dst = ea;
-+ src = ea;
- if ( (rc = ops->read(src.mem.seg, src.mem.off,
- &src.val, src.bytes, ctxt)) != 0 )
- goto done;
-- emulate_fpu_insn_memdst("fbld", src.val);
-+ emulate_fpu_insn_memsrc("fbld", src.val);
- break;
- case 5: /* fild m64i */
- ea.bytes = 8;
diff --git a/app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch b/app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch
deleted file mode 100644
index d81a0e18a921..000000000000
--- a/app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-x86: check segment descriptor read result in 64-bit OUTS emulation
-
-When emulating such an operation from a 64-bit context (CS has long
-mode set), and the data segment is overridden to FS/GS, the result of
-reading the overridden segment's descriptor (read_descriptor) is not
-checked. If it fails, data_base is left uninitialized.
-
-This can lead to 8 bytes of Xen's stack being leaked to the guest
-(implicitly, i.e. via the address given in a #PF).
-
-Coverity-ID: 1055116
-
-This is CVE-2013-4368 / XSA-67.
-
-Signed-off-by: Matthew Daley <mattjd@gmail.com>
-
-Fix formatting.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/arch/x86/traps.c
-+++ b/xen/arch/x86/traps.c
-@@ -1993,10 +1993,10 @@ static int emulate_privileged_op(struct
- break;
- }
- }
-- else
-- read_descriptor(data_sel, v, regs,
-- &data_base, &data_limit, &ar,
-- 0);
-+ else if ( !read_descriptor(data_sel, v, regs,
-+ &data_base, &data_limit, &ar, 0) ||
-+ !(ar & _SEGMENT_S) || !(ar & _SEGMENT_P) )
-+ goto fail;
- data_limit = ~0UL;
- ar = _SEGMENT_WR|_SEGMENT_S|_SEGMENT_DPL|_SEGMENT_P;
- }
diff --git a/app-emulation/xen/xen-4.2.2-r1.ebuild b/app-emulation/xen/xen-4.2.2-r1.ebuild
deleted file mode 100644
index d69c0484e41c..000000000000
--- a/app-emulation/xen/xen-4.2.2-r1.ebuild
+++ /dev/null
@@ -1,136 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2-r1.ebuild,v 1.6 2013/11/06 06:45:18 idella4 Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_6,2_7} )
-
-if [[ $PV == *9999 ]]; then
- KEYWORDS=""
- REPO="xen-unstable.hg"
- EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
- S="${WORKDIR}/${REPO}"
- live_eclass="mercurial"
-else
- KEYWORDS="amd64 x86"
- SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
-fi
-
-inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask pae xsm"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="
- flask? ( xsm )
- "
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use x86 && use amd64; then
- die "Confusion! Both x86 and amd64 are set in your use flags!"
- elif use x86; then
- export XEN_TARGET_ARCH="x86_32"
- elif use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- elif use xsm ; then
- export "XSM_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Drop .config and fix gcc-4.6
- epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch
-
- if use efi; then
- epatch "${FILESDIR}"/${PN}-4.2-efi.patch
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="boot"
- fi
-
- # if the user *really* wants to use their own custom-cflags, let them
- if use custom-cflags; then
- einfo "User wants their own CFLAGS - removing defaults"
- # try and remove all the default custom-cflags
- find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
- -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
- -i {} \; || die "failed to re-set custom-cflags"
- fi
-
- # not strictly necessary to fix this
- sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
- #Security patches
- epatch "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \
- "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch \
- "${FILESDIR}"/${PN}-4.2-CVE-2013-1432-XSA-58.patch
-
- epatch_user
-}
-
-src_configure() {
- use debug && myopt="${myopt} debug=y"
- use pae && myopt="${myopt} pae=y"
-
- if use custom-cflags; then
- filter-flags -fPIE -fstack-protector
- replace-flags -O3 -O2
- else
- unset CFLAGS
- fi
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
- use pae && myopt="${myopt} pae=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-}
-
-pkg_postinst() {
- elog "Official Xen Guide and the unoffical wiki page:"
- elog " http://www.gentoo.org/doc/en/xen-guide.xml"
- elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
- use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
- use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-}
diff --git a/app-emulation/xen/xen-4.2.2-r4.ebuild b/app-emulation/xen/xen-4.2.2-r4.ebuild
deleted file mode 100644
index d0fbbfb2640d..000000000000
--- a/app-emulation/xen/xen-4.2.2-r4.ebuild
+++ /dev/null
@@ -1,146 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2-r4.ebuild,v 1.2 2014/02/12 14:08:09 keytoaster Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_6,2_7} )
-
-if [[ $PV == *9999 ]]; then
- KEYWORDS=""
- REPO="xen-unstable.hg"
- EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
- S="${WORKDIR}/${REPO}"
- live_eclass="mercurial"
-else
- KEYWORDS="~amd64 ~x86"
- SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
-fi
-
-inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask pae xsm"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="
- flask? ( xsm )
- "
-
-#Security patches
-XSA_PATCHES=(
- "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch
- "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch
- "${FILESDIR}"/${PN}-4.2-CVE-2013-1432-XSA-58.patch
- "${FILESDIR}"/${PN}-4.2-CVE-2013-4553-XSA-74.patch
- "${FILESDIR}"/${PN}-CVE-2013-4554-XSA-76.patch
- "${FILESDIR}"/${PN}-CVE-2013-6400-XSA-80.patch
- "${FILESDIR}"/${PN}-4-XSA-83.patch # bug #499054
- "${FILESDIR}"/${PN}-4.2-XSA-84.patch # bug #500536
- "${FILESDIR}"/${PN}-4.2-XSA-85.patch # bug #500528
- "${FILESDIR}"/${PN}-4.2-XSA-87.patch # bug #499124
-)
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use x86 && use amd64; then
- die "Confusion! Both x86 and amd64 are set in your use flags!"
- elif use x86; then
- export XEN_TARGET_ARCH="x86_32"
- elif use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- elif use xsm ; then
- export "XSM_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Drop .config and fix gcc-4.6
- epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch
-
- if use efi; then
- epatch "${FILESDIR}"/${PN}-4.2-efi.patch
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="boot"
- fi
-
- # if the user *really* wants to use their own custom-cflags, let them
- if use custom-cflags; then
- einfo "User wants their own CFLAGS - removing defaults"
- # try and remove all the default custom-cflags
- find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
- -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
- -i {} \; || die "failed to re-set custom-cflags"
- fi
-
- # not strictly necessary to fix this
- sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
- [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}"
- epatch_user
-}
-
-src_configure() {
- use debug && myopt="${myopt} debug=y"
- use pae && myopt="${myopt} pae=y"
-
- if use custom-cflags; then
- filter-flags -fPIE -fstack-protector
- replace-flags -O3 -O2
- else
- unset CFLAGS
- fi
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
- use pae && myopt="${myopt} pae=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-}
-
-pkg_postinst() {
- elog "Official Xen Guide and the unoffical wiki page:"
- elog " http://www.gentoo.org/doc/en/xen-guide.xml"
- elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
- use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
- use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-}
diff --git a/app-emulation/xen/xen-4.3.1-r1.ebuild b/app-emulation/xen/xen-4.3.1-r1.ebuild
deleted file mode 100644
index 15183ccdb021..000000000000
--- a/app-emulation/xen/xen-4.3.1-r1.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1-r1.ebuild,v 1.4 2013/12/31 02:46:00 idella4 Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-if [[ $PV == *9999 ]]; then
- KEYWORDS=""
- REPO="xen-unstable.hg"
- EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
- S="${WORKDIR}/${REPO}"
- live_eclass="mercurial"
-else
- # support dropped for regular 32 bit hypervisor, Bug 493944
- KEYWORDS="amd64 -x86"
- SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
-fi
-
-inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask pae xsm"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="flask? ( xsm )"
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use x86 && use amd64; then
- die "Confusion! Both x86 and amd64 are set in your use flags!"
- elif use x86; then
- export XEN_TARGET_ARCH="x86_32"
- elif use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- elif use xsm ; then
- export "XSM_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Drop .config and fix gcc-4.6
- epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch
-
- if use efi; then
- epatch "${FILESDIR}"/${PN}-4.2-efi.patch
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="boot"
- fi
-
- # if the user *really* wants to use their own custom-cflags, let them
- if use custom-cflags; then
- einfo "User wants their own CFLAGS - removing defaults"
- # try and remove all the default custom-cflags
- find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
- -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
- -i {} \; || die "failed to re-set custom-cflags"
- fi
-
- # not strictly necessary to fix this
- sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
- # Security patches
- epatch "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch \
- "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch \
- "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch \
- "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch \
- "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch
-
- epatch_user
-}
-
-src_configure() {
- use debug && myopt="${myopt} debug=y"
- use pae && myopt="${myopt} pae=y"
-
- if use custom-cflags; then
- filter-flags -fPIE -fstack-protector
- replace-flags -O3 -O2
- else
- unset CFLAGS
- fi
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
- use pae && myopt="${myopt} pae=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-}
-
-pkg_postinst() {
- elog "Official Xen Guide and the unoffical wiki page:"
- elog " http://www.gentoo.org/doc/en/xen-guide.xml"
- elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
- use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
- use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-}
diff --git a/app-emulation/xen/xen-4.3.1-r4.ebuild b/app-emulation/xen/xen-4.3.1-r4.ebuild
deleted file mode 100644
index 0f5828d882b8..000000000000
--- a/app-emulation/xen/xen-4.3.1-r4.ebuild
+++ /dev/null
@@ -1,143 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1-r4.ebuild,v 1.3 2014/02/07 10:19:00 idella4 Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-if [[ $PV == *9999 ]]; then
- KEYWORDS=""
- REPO="xen-unstable.hg"
- EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
- S="${WORKDIR}/${REPO}"
- live_eclass="mercurial"
-else
- # Set to match entry in stable 4.3.1-r1, Bug 493944
- KEYWORDS="~amd64 -x86"
- SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
-fi
-
-inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask xsm"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="flask? ( xsm )"
-
-# Security patches
-XSA_PATCHES=(
- "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch
- "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch
- "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch
- "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch
- "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch
- "${FILESDIR}"/${PN}-4.3-CVE-2013-4553-XSA-74.patch
- "${FILESDIR}"/${PN}-CVE-2013-4554-XSA-76.patch
- "${FILESDIR}"/${PN}-CVE-2013-6400-XSA-80.patch
- "${FILESDIR}"/${PN}-4-XSA-83.patch #bug #499054
- "${FILESDIR}"/${PN}-4.3-XSA-87.patch #bug #499124
-)
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use x86 && use amd64; then
- die "Confusion! Both x86 and amd64 are set in your use flags!"
- elif use x86; then
- export XEN_TARGET_ARCH="x86_32"
- elif use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- elif use xsm ; then
- export "XSM_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Drop .config and fix gcc-4.6
- epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch
-
- if use efi; then
- epatch "${FILESDIR}"/${PN}-4.2-efi.patch
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="boot"
- fi
-
- # if the user *really* wants to use their own custom-cflags, let them
- if use custom-cflags; then
- einfo "User wants their own CFLAGS - removing defaults"
- # try and remove all the default custom-cflags
- find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
- -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
- -i {} \; || die "failed to re-set custom-cflags"
- fi
-
- # not strictly necessary to fix this
- sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
- [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}"
-
- epatch_user
-}
-
-src_configure() {
- use debug && myopt="${myopt} debug=y"
-
- if use custom-cflags; then
- filter-flags -fPIE -fstack-protector
- replace-flags -O3 -O2
- else
- unset CFLAGS
- fi
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-}
-
-pkg_postinst() {
- elog "Official Xen Guide and the unoffical wiki page:"
- elog " http://www.gentoo.org/doc/en/xen-guide.xml"
- elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
- use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-}