diff options
author | Yixun Lan <dlan@gentoo.org> | 2014-02-20 15:08:59 +0000 |
---|---|---|
committer | Yixun Lan <dlan@gentoo.org> | 2014-02-20 15:08:59 +0000 |
commit | 67937c8cff9840b987f1783f035989c70919f000 (patch) | |
tree | 06ab96c9a67f1dd85b107cf855644a87c85484cd /app-emulation | |
parent | ia64 stable wrt bug #492246 (diff) | |
download | gentoo-2-67937c8cff9840b987f1783f035989c70919f000.tar.gz gentoo-2-67937c8cff9840b987f1783f035989c70919f000.tar.bz2 gentoo-2-67937c8cff9840b987f1783f035989c70919f000.zip |
clean old ebuilds
(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Diffstat (limited to 'app-emulation')
23 files changed, 5 insertions, 2681 deletions
diff --git a/app-emulation/xen/ChangeLog b/app-emulation/xen/ChangeLog index d3f35f1bafc1..6e9462c21b2f 100644 --- a/app-emulation/xen/ChangeLog +++ b/app-emulation/xen/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for app-emulation/xen # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.153 2014/02/20 10:25:22 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.154 2014/02/20 15:08:59 dlan Exp $ + + 20 Feb 2014; Yixun Lan <dlan@gentoo.org> -xen-4.2.2-r1.ebuild, + -xen-4.2.2-r4.ebuild, -xen-4.3.1-r1.ebuild, -xen-4.3.1-r4.ebuild: + clean old versions 20 Feb 2014; Agostino Sarubbo <ago@gentoo.org> xen-4.2.3.ebuild: Stable for x86, wrt bug #500528 diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch deleted file mode 100644 index f5ded0a1a564..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_1.patch +++ /dev/null @@ -1,252 +0,0 @@ -x86: make vcpu_destroy_pagetables() preemptible - -... as it may take significant amounts of time. - -The function, being moved to mm.c as the better home for it anyway, and -to avoid having to make a new helper function there non-static, is -given a "preemptible" parameter temporarily (until, in a subsequent -patch, its other caller is also being made capable of dealing with -preemption). - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -73,8 +73,6 @@ void (*dead_idle) (void) __read_mostly = - static void paravirt_ctxt_switch_from(struct vcpu *v); - static void paravirt_ctxt_switch_to(struct vcpu *v); - --static void vcpu_destroy_pagetables(struct vcpu *v); -- - static void default_idle(void) - { - local_irq_disable(); -@@ -1058,7 +1056,7 @@ void arch_vcpu_reset(struct vcpu *v) - if ( !is_hvm_vcpu(v) ) - { - destroy_gdt(v); -- vcpu_destroy_pagetables(v); -+ vcpu_destroy_pagetables(v, 0); - } - else - { -@@ -2069,63 +2067,6 @@ static int relinquish_memory( - return ret; - } - --static void vcpu_destroy_pagetables(struct vcpu *v) --{ -- struct domain *d = v->domain; -- unsigned long pfn; -- --#ifdef __x86_64__ -- if ( is_pv_32on64_vcpu(v) ) -- { -- pfn = l4e_get_pfn(*(l4_pgentry_t *) -- __va(pagetable_get_paddr(v->arch.guest_table))); -- -- if ( pfn != 0 ) -- { -- if ( paging_mode_refcounts(d) ) -- put_page(mfn_to_page(pfn)); -- else -- put_page_and_type(mfn_to_page(pfn)); -- } -- -- l4e_write( -- (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)), -- l4e_empty()); -- -- v->arch.cr3 = 0; -- return; -- } --#endif -- -- pfn = pagetable_get_pfn(v->arch.guest_table); -- if ( pfn != 0 ) -- { -- if ( paging_mode_refcounts(d) ) -- put_page(mfn_to_page(pfn)); -- else -- put_page_and_type(mfn_to_page(pfn)); -- v->arch.guest_table = pagetable_null(); -- } -- --#ifdef __x86_64__ -- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ -- pfn = pagetable_get_pfn(v->arch.guest_table_user); -- if ( pfn != 0 ) -- { -- if ( !is_pv_32bit_vcpu(v) ) -- { -- if ( paging_mode_refcounts(d) ) -- put_page(mfn_to_page(pfn)); -- else -- put_page_and_type(mfn_to_page(pfn)); -- } -- v->arch.guest_table_user = pagetable_null(); -- } --#endif -- -- v->arch.cr3 = 0; --} -- - int domain_relinquish_resources(struct domain *d) - { - int ret; -@@ -2143,7 +2084,11 @@ int domain_relinquish_resources(struct d - - /* Drop the in-use references to page-table bases. */ - for_each_vcpu ( d, v ) -- vcpu_destroy_pagetables(v); -+ { -+ ret = vcpu_destroy_pagetables(v, 1); -+ if ( ret ) -+ return ret; -+ } - - if ( !is_hvm_domain(d) ) - { ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2808,6 +2808,82 @@ static void put_superpage(unsigned long - - #endif - -+static int put_old_guest_table(struct vcpu *v) -+{ -+ int rc; -+ -+ if ( !v->arch.old_guest_table ) -+ return 0; -+ -+ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) ) -+ { -+ case -EINTR: -+ case -EAGAIN: -+ return -EAGAIN; -+ } -+ -+ v->arch.old_guest_table = NULL; -+ -+ return rc; -+} -+ -+int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible) -+{ -+ unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); -+ struct page_info *page; -+ int rc = put_old_guest_table(v); -+ -+ if ( rc ) -+ return rc; -+ -+#ifdef __x86_64__ -+ if ( is_pv_32on64_vcpu(v) ) -+ mfn = l4e_get_pfn(*(l4_pgentry_t *)mfn_to_virt(mfn)); -+#endif -+ -+ if ( mfn ) -+ { -+ page = mfn_to_page(mfn); -+ if ( paging_mode_refcounts(v->domain) ) -+ put_page(page); -+ else -+ rc = put_page_and_type_preemptible(page, preemptible); -+ } -+ -+#ifdef __x86_64__ -+ if ( is_pv_32on64_vcpu(v) ) -+ { -+ if ( !rc ) -+ l4e_write( -+ (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)), -+ l4e_empty()); -+ } -+ else -+#endif -+ if ( !rc ) -+ { -+ v->arch.guest_table = pagetable_null(); -+ -+#ifdef __x86_64__ -+ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ -+ mfn = pagetable_get_pfn(v->arch.guest_table_user); -+ if ( mfn ) -+ { -+ page = mfn_to_page(mfn); -+ if ( paging_mode_refcounts(v->domain) ) -+ put_page(page); -+ else -+ rc = put_page_and_type_preemptible(page, preemptible); -+ } -+ if ( !rc ) -+ v->arch.guest_table_user = pagetable_null(); -+#endif -+ } -+ -+ v->arch.cr3 = 0; -+ -+ return rc; -+} - - int new_guest_cr3(unsigned long mfn) - { -@@ -2994,12 +3070,21 @@ long do_mmuext_op( - unsigned int foreigndom) - { - struct mmuext_op op; -- int rc = 0, i = 0, okay; - unsigned long type; -- unsigned int done = 0; -+ unsigned int i = 0, done = 0; - struct vcpu *curr = current; - struct domain *d = curr->domain; - struct domain *pg_owner; -+ int okay, rc = put_old_guest_table(curr); -+ -+ if ( unlikely(rc) ) -+ { -+ if ( likely(rc == -EAGAIN) ) -+ rc = hypercall_create_continuation( -+ __HYPERVISOR_mmuext_op, "hihi", uops, count, pdone, -+ foreigndom); -+ return rc; -+ } - - if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) - { ---- a/xen/arch/x86/x86_64/compat/mm.c -+++ b/xen/arch/x86/x86_64/compat/mm.c -@@ -365,7 +365,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm - : mcs->call.args[1]; - unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED; - -- BUG_ON(left == arg1); -+ BUG_ON(left == arg1 && left != i); - BUG_ON(left > count); - guest_handle_add_offset(nat_ops, i - left); - guest_handle_subtract_offset(cmp_uops, left); ---- a/xen/include/asm-x86/domain.h -+++ b/xen/include/asm-x86/domain.h -@@ -464,6 +464,7 @@ struct arch_vcpu - pagetable_t guest_table_user; /* (MFN) x86/64 user-space pagetable */ - #endif - pagetable_t guest_table; /* (MFN) guest notion of cr3 */ -+ struct page_info *old_guest_table; /* partially destructed pagetable */ - /* guest_table holds a ref to the page, and also a type-count unless - * shadow refcounts are in use */ - pagetable_t shadow_table[4]; /* (MFN) shadow(s) of guest */ ---- a/xen/include/asm-x86/mm.h -+++ b/xen/include/asm-x86/mm.h -@@ -605,6 +605,7 @@ void audit_domains(void); - int new_guest_cr3(unsigned long pfn); - void make_cr3(struct vcpu *v, unsigned long mfn); - void update_cr3(struct vcpu *v); -+int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible); - void propagate_page_fault(unsigned long addr, u16 error_code); - void *do_page_walk(struct vcpu *v, unsigned long addr); - diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch deleted file mode 100644 index f730b67eca4c..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_2.patch +++ /dev/null @@ -1,169 +0,0 @@ -x86: make new_guest_cr3() preemptible - -... as it may take significant amounts of time. - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2889,44 +2889,69 @@ int new_guest_cr3(unsigned long mfn) - { - struct vcpu *curr = current; - struct domain *d = curr->domain; -- int okay; -+ int rc; - unsigned long old_base_mfn; - - #ifdef __x86_64__ - if ( is_pv_32on64_domain(d) ) - { -- okay = paging_mode_refcounts(d) -- ? 0 /* Old code was broken, but what should it be? */ -- : mod_l4_entry( -+ rc = paging_mode_refcounts(d) -+ ? -EINVAL /* Old code was broken, but what should it be? */ -+ : mod_l4_entry( - __va(pagetable_get_paddr(curr->arch.guest_table)), - l4e_from_pfn( - mfn, - (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)), -- pagetable_get_pfn(curr->arch.guest_table), 0, 0, curr) == 0; -- if ( unlikely(!okay) ) -+ pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr); -+ switch ( rc ) - { -+ case 0: -+ break; -+ case -EINTR: -+ case -EAGAIN: -+ return -EAGAIN; -+ default: - MEM_LOG("Error while installing new compat baseptr %lx", mfn); -- return 0; -+ return rc; - } - - invalidate_shadow_ldt(curr, 0); - write_ptbase(curr); - -- return 1; -+ return 0; - } - #endif -- okay = paging_mode_refcounts(d) -- ? get_page_from_pagenr(mfn, d) -- : !get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 0); -- if ( unlikely(!okay) ) -+ rc = put_old_guest_table(curr); -+ if ( unlikely(rc) ) -+ return rc; -+ -+ old_base_mfn = pagetable_get_pfn(curr->arch.guest_table); -+ /* -+ * This is particularly important when getting restarted after the -+ * previous attempt got preempted in the put-old-MFN phase. -+ */ -+ if ( old_base_mfn == mfn ) - { -- MEM_LOG("Error while installing new baseptr %lx", mfn); -+ write_ptbase(curr); - return 0; - } - -- invalidate_shadow_ldt(curr, 0); -+ rc = paging_mode_refcounts(d) -+ ? (get_page_from_pagenr(mfn, d) ? 0 : -EINVAL) -+ : get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 1); -+ switch ( rc ) -+ { -+ case 0: -+ break; -+ case -EINTR: -+ case -EAGAIN: -+ return -EAGAIN; -+ default: -+ MEM_LOG("Error while installing new baseptr %lx", mfn); -+ return rc; -+ } - -- old_base_mfn = pagetable_get_pfn(curr->arch.guest_table); -+ invalidate_shadow_ldt(curr, 0); - - curr->arch.guest_table = pagetable_from_pfn(mfn); - update_cr3(curr); -@@ -2935,13 +2960,25 @@ int new_guest_cr3(unsigned long mfn) - - if ( likely(old_base_mfn != 0) ) - { -+ struct page_info *page = mfn_to_page(old_base_mfn); -+ - if ( paging_mode_refcounts(d) ) -- put_page(mfn_to_page(old_base_mfn)); -+ put_page(page); - else -- put_page_and_type(mfn_to_page(old_base_mfn)); -+ switch ( rc = put_page_and_type_preemptible(page, 1) ) -+ { -+ case -EINTR: -+ rc = -EAGAIN; -+ case -EAGAIN: -+ curr->arch.old_guest_table = page; -+ break; -+ default: -+ BUG_ON(rc); -+ break; -+ } - } - -- return 1; -+ return rc; - } - - static struct domain *get_pg_owner(domid_t domid) -@@ -3239,8 +3276,13 @@ long do_mmuext_op( - } - - case MMUEXT_NEW_BASEPTR: -- okay = (!paging_mode_translate(d) -- && new_guest_cr3(op.arg1.mfn)); -+ if ( paging_mode_translate(d) ) -+ okay = 0; -+ else -+ { -+ rc = new_guest_cr3(op.arg1.mfn); -+ okay = !rc; -+ } - break; - - ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -2407,12 +2407,23 @@ static int emulate_privileged_op(struct - #endif - } - page = get_page_from_gfn(v->domain, gfn, NULL, P2M_ALLOC); -- rc = page ? new_guest_cr3(page_to_mfn(page)) : 0; - if ( page ) -+ { -+ rc = new_guest_cr3(page_to_mfn(page)); - put_page(page); -+ } -+ else -+ rc = -EINVAL; - domain_unlock(v->domain); -- if ( rc == 0 ) /* not okay */ -+ switch ( rc ) -+ { -+ case 0: -+ break; -+ case -EAGAIN: /* retry after preemption */ -+ goto skip; -+ default: /* not okay */ - goto fail; -+ } - break; - } - diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch deleted file mode 100644 index 9d5679e7853e..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_3.patch +++ /dev/null @@ -1,74 +0,0 @@ -x86: make MMUEXT_NEW_USER_BASEPTR preemptible - -... as it may take significant amounts of time. - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -3296,29 +3296,56 @@ long do_mmuext_op( - break; - } - -+ old_mfn = pagetable_get_pfn(curr->arch.guest_table_user); -+ /* -+ * This is particularly important when getting restarted after the -+ * previous attempt got preempted in the put-old-MFN phase. -+ */ -+ if ( old_mfn == op.arg1.mfn ) -+ break; -+ - if ( op.arg1.mfn != 0 ) - { - if ( paging_mode_refcounts(d) ) - okay = get_page_from_pagenr(op.arg1.mfn, d); - else -- okay = !get_page_and_type_from_pagenr( -- op.arg1.mfn, PGT_root_page_table, d, 0, 0); -+ { -+ rc = get_page_and_type_from_pagenr( -+ op.arg1.mfn, PGT_root_page_table, d, 0, 1); -+ okay = !rc; -+ } - if ( unlikely(!okay) ) - { -- MEM_LOG("Error while installing new mfn %lx", op.arg1.mfn); -+ if ( rc == -EINTR ) -+ rc = -EAGAIN; -+ else if ( rc != -EAGAIN ) -+ MEM_LOG("Error while installing new mfn %lx", -+ op.arg1.mfn); - break; - } - } - -- old_mfn = pagetable_get_pfn(curr->arch.guest_table_user); - curr->arch.guest_table_user = pagetable_from_pfn(op.arg1.mfn); - - if ( old_mfn != 0 ) - { -+ struct page_info *page = mfn_to_page(old_mfn); -+ - if ( paging_mode_refcounts(d) ) -- put_page(mfn_to_page(old_mfn)); -+ put_page(page); - else -- put_page_and_type(mfn_to_page(old_mfn)); -+ switch ( rc = put_page_and_type_preemptible(page, 1) ) -+ { -+ case -EINTR: -+ rc = -EAGAIN; -+ case -EAGAIN: -+ curr->arch.old_guest_table = page; -+ okay = 0; -+ break; -+ default: -+ BUG_ON(rc); -+ break; -+ } - } - - break; diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch deleted file mode 100644 index bbce56789c0c..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_4.patch +++ /dev/null @@ -1,200 +0,0 @@ -x86: make vcpu_reset() preemptible - -... as dropping the old page tables may take significant amounts of -time. - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -1051,17 +1051,16 @@ int arch_set_info_guest( - #undef c - } - --void arch_vcpu_reset(struct vcpu *v) -+int arch_vcpu_reset(struct vcpu *v) - { - if ( !is_hvm_vcpu(v) ) - { - destroy_gdt(v); -- vcpu_destroy_pagetables(v, 0); -- } -- else -- { -- vcpu_end_shutdown_deferral(v); -+ return vcpu_destroy_pagetables(v); - } -+ -+ vcpu_end_shutdown_deferral(v); -+ return 0; - } - - /* -@@ -2085,7 +2084,7 @@ int domain_relinquish_resources(struct d - /* Drop the in-use references to page-table bases. */ - for_each_vcpu ( d, v ) - { -- ret = vcpu_destroy_pagetables(v, 1); -+ ret = vcpu_destroy_pagetables(v); - if ( ret ) - return ret; - } ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3509,8 +3509,11 @@ static void hvm_s3_suspend(struct domain - - for_each_vcpu ( d, v ) - { -+ int rc; -+ - vlapic_reset(vcpu_vlapic(v)); -- vcpu_reset(v); -+ rc = vcpu_reset(v); -+ ASSERT(!rc); - } - - vpic_reset(d); ---- a/xen/arch/x86/hvm/vlapic.c -+++ b/xen/arch/x86/hvm/vlapic.c -@@ -252,10 +252,13 @@ static void vlapic_init_sipi_action(unsi - { - case APIC_DM_INIT: { - bool_t fpu_initialised; -+ int rc; -+ - domain_lock(target->domain); - /* Reset necessary VCPU state. This does not include FPU state. */ - fpu_initialised = target->fpu_initialised; -- vcpu_reset(target); -+ rc = vcpu_reset(target); -+ ASSERT(!rc); - target->fpu_initialised = fpu_initialised; - vlapic_reset(vcpu_vlapic(target)); - domain_unlock(target->domain); ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2827,7 +2827,7 @@ static int put_old_guest_table(struct vc - return rc; - } - --int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible) -+int vcpu_destroy_pagetables(struct vcpu *v) - { - unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); - struct page_info *page; -@@ -2847,7 +2847,7 @@ int vcpu_destroy_pagetables(struct vcpu - if ( paging_mode_refcounts(v->domain) ) - put_page(page); - else -- rc = put_page_and_type_preemptible(page, preemptible); -+ rc = put_page_and_type_preemptible(page, 1); - } - - #ifdef __x86_64__ -@@ -2873,7 +2873,7 @@ int vcpu_destroy_pagetables(struct vcpu - if ( paging_mode_refcounts(v->domain) ) - put_page(page); - else -- rc = put_page_and_type_preemptible(page, preemptible); -+ rc = put_page_and_type_preemptible(page, 1); - } - if ( !rc ) - v->arch.guest_table_user = pagetable_null(); ---- a/xen/common/domain.c -+++ b/xen/common/domain.c -@@ -779,14 +779,18 @@ void domain_unpause_by_systemcontroller( - domain_unpause(d); - } - --void vcpu_reset(struct vcpu *v) -+int vcpu_reset(struct vcpu *v) - { - struct domain *d = v->domain; -+ int rc; - - vcpu_pause(v); - domain_lock(d); - -- arch_vcpu_reset(v); -+ set_bit(_VPF_in_reset, &v->pause_flags); -+ rc = arch_vcpu_reset(v); -+ if ( rc ) -+ goto out_unlock; - - set_bit(_VPF_down, &v->pause_flags); - -@@ -802,9 +806,13 @@ void vcpu_reset(struct vcpu *v) - #endif - cpumask_clear(v->cpu_affinity_tmp); - clear_bit(_VPF_blocked, &v->pause_flags); -+ clear_bit(_VPF_in_reset, &v->pause_flags); - -+ out_unlock: - domain_unlock(v->domain); - vcpu_unpause(v); -+ -+ return rc; - } - - ---- a/xen/common/domctl.c -+++ b/xen/common/domctl.c -@@ -306,8 +306,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc - - if ( guest_handle_is_null(op->u.vcpucontext.ctxt) ) - { -- vcpu_reset(v); -- ret = 0; -+ ret = vcpu_reset(v); -+ if ( ret == -EAGAIN ) -+ ret = hypercall_create_continuation( -+ __HYPERVISOR_domctl, "h", u_domctl); - goto svc_out; - } - ---- a/xen/include/asm-x86/mm.h -+++ b/xen/include/asm-x86/mm.h -@@ -605,7 +605,7 @@ void audit_domains(void); - int new_guest_cr3(unsigned long pfn); - void make_cr3(struct vcpu *v, unsigned long mfn); - void update_cr3(struct vcpu *v); --int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible); -+int vcpu_destroy_pagetables(struct vcpu *); - void propagate_page_fault(unsigned long addr, u16 error_code); - void *do_page_walk(struct vcpu *v, unsigned long addr); - ---- a/xen/include/xen/domain.h -+++ b/xen/include/xen/domain.h -@@ -13,7 +13,7 @@ typedef union { - struct vcpu *alloc_vcpu( - struct domain *d, unsigned int vcpu_id, unsigned int cpu_id); - struct vcpu *alloc_dom0_vcpu0(void); --void vcpu_reset(struct vcpu *v); -+int vcpu_reset(struct vcpu *); - - struct xen_domctl_getdomaininfo; - void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info); -@@ -67,7 +67,7 @@ void arch_dump_vcpu_info(struct vcpu *v) - - void arch_dump_domain_info(struct domain *d); - --void arch_vcpu_reset(struct vcpu *v); -+int arch_vcpu_reset(struct vcpu *); - - extern spinlock_t vcpu_alloc_lock; - bool_t domctl_lock_acquire(void); ---- a/xen/include/xen/sched.h -+++ b/xen/include/xen/sched.h -@@ -644,6 +644,9 @@ static inline struct domain *next_domain - /* VCPU is blocked due to missing mem_sharing ring. */ - #define _VPF_mem_sharing 6 - #define VPF_mem_sharing (1UL<<_VPF_mem_sharing) -+ /* VCPU is being reset. */ -+#define _VPF_in_reset 7 -+#define VPF_in_reset (1UL<<_VPF_in_reset) - - static inline int vcpu_runnable(struct vcpu *v) - { diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch deleted file mode 100644 index b584b382c0af..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_5.patch +++ /dev/null @@ -1,204 +0,0 @@ -x86: make arch_set_info_guest() preemptible - -.. as the root page table validation (and the dropping of an eventual -old one) can require meaningful amounts of time. - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -858,6 +858,9 @@ int arch_set_info_guest( - - if ( !v->is_initialised ) - { -+ if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] ) -+ return -EINVAL; -+ - v->arch.pv_vcpu.ldt_base = c(ldt_base); - v->arch.pv_vcpu.ldt_ents = c(ldt_ents); - } -@@ -955,24 +958,44 @@ int arch_set_info_guest( - if ( rc != 0 ) - return rc; - -+ set_bit(_VPF_in_reset, &v->pause_flags); -+ - if ( !compat ) -- { - cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[3]); -- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); -- -- if ( !cr3_page ) -- { -- destroy_gdt(v); -- return -EINVAL; -- } -- if ( !paging_mode_refcounts(d) -- && !get_page_type(cr3_page, PGT_base_page_table) ) -- { -- put_page(cr3_page); -- destroy_gdt(v); -- return -EINVAL; -- } -+#ifdef CONFIG_COMPAT -+ else -+ cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]); -+#endif -+ cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); - -+ if ( !cr3_page ) -+ rc = -EINVAL; -+ else if ( paging_mode_refcounts(d) ) -+ /* nothing */; -+ else if ( cr3_page == v->arch.old_guest_table ) -+ { -+ v->arch.old_guest_table = NULL; -+ put_page(cr3_page); -+ } -+ else -+ { -+ /* -+ * Since v->arch.guest_table{,_user} are both NULL, this effectively -+ * is just a call to put_old_guest_table(). -+ */ -+ if ( !compat ) -+ rc = vcpu_destroy_pagetables(v); -+ if ( !rc ) -+ rc = get_page_type_preemptible(cr3_page, -+ !compat ? PGT_root_page_table -+ : PGT_l3_page_table); -+ if ( rc == -EINTR ) -+ rc = -EAGAIN; -+ } -+ if ( rc ) -+ /* handled below */; -+ else if ( !compat ) -+ { - v->arch.guest_table = pagetable_from_page(cr3_page); - #ifdef __x86_64__ - if ( c.nat->ctrlreg[1] ) -@@ -980,56 +1003,44 @@ int arch_set_info_guest( - cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[1]); - cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); - -- if ( !cr3_page || -- (!paging_mode_refcounts(d) -- && !get_page_type(cr3_page, PGT_base_page_table)) ) -+ if ( !cr3_page ) -+ rc = -EINVAL; -+ else if ( !paging_mode_refcounts(d) ) - { -- if (cr3_page) -- put_page(cr3_page); -- cr3_page = pagetable_get_page(v->arch.guest_table); -- v->arch.guest_table = pagetable_null(); -- if ( paging_mode_refcounts(d) ) -- put_page(cr3_page); -- else -- put_page_and_type(cr3_page); -- destroy_gdt(v); -- return -EINVAL; -+ rc = get_page_type_preemptible(cr3_page, PGT_root_page_table); -+ switch ( rc ) -+ { -+ case -EINTR: -+ rc = -EAGAIN; -+ case -EAGAIN: -+ v->arch.old_guest_table = -+ pagetable_get_page(v->arch.guest_table); -+ v->arch.guest_table = pagetable_null(); -+ break; -+ } - } -- -- v->arch.guest_table_user = pagetable_from_page(cr3_page); -- } -- else if ( !(flags & VGCF_in_kernel) ) -- { -- destroy_gdt(v); -- return -EINVAL; -+ if ( !rc ) -+ v->arch.guest_table_user = pagetable_from_page(cr3_page); - } - } - else - { - l4_pgentry_t *l4tab; - -- cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]); -- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); -- -- if ( !cr3_page) -- { -- destroy_gdt(v); -- return -EINVAL; -- } -- -- if (!paging_mode_refcounts(d) -- && !get_page_type(cr3_page, PGT_l3_page_table) ) -- { -- put_page(cr3_page); -- destroy_gdt(v); -- return -EINVAL; -- } -- - l4tab = __va(pagetable_get_paddr(v->arch.guest_table)); - *l4tab = l4e_from_pfn(page_to_mfn(cr3_page), - _PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED); - #endif - } -+ if ( rc ) -+ { -+ if ( cr3_page ) -+ put_page(cr3_page); -+ destroy_gdt(v); -+ return rc; -+ } -+ -+ clear_bit(_VPF_in_reset, &v->pause_flags); - - if ( v->vcpu_id == 0 ) - update_domain_wallclock_time(d); ---- a/xen/common/compat/domain.c -+++ b/xen/common/compat/domain.c -@@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid, - rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt); - domain_unlock(d); - -+ if ( rc == -EAGAIN ) -+ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", -+ cmd, vcpuid, arg); -+ - xfree(cmp_ctxt); - break; - } ---- a/xen/common/domain.c -+++ b/xen/common/domain.c -@@ -849,6 +849,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN - domain_unlock(d); - - free_vcpu_guest_context(ctxt); -+ -+ if ( rc == -EAGAIN ) -+ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", -+ cmd, vcpuid, arg); -+ - break; - - case VCPUOP_up: { ---- a/xen/common/domctl.c -+++ b/xen/common/domctl.c -@@ -338,6 +338,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc - domain_pause(d); - ret = arch_set_info_guest(v, c); - domain_unpause(d); -+ -+ if ( ret == -EAGAIN ) -+ ret = hypercall_create_continuation( -+ __HYPERVISOR_domctl, "h", u_domctl); - } - - svc_out: diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch deleted file mode 100644 index a18f3ddec493..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_6.patch +++ /dev/null @@ -1,127 +0,0 @@ -x86: make page table unpinning preemptible - -... as it may take significant amounts of time. - -Since we can't re-invoke the operation in a second attempt, the -continuation logic must be slightly tweaked so that we make sure -do_mmuext_op() gets run one more time even when the preempted unpin -operation was the last one in a batch. - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -3123,6 +3123,14 @@ long do_mmuext_op( - return rc; - } - -+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && -+ likely(guest_handle_is_null(uops)) ) -+ { -+ /* See the curr->arch.old_guest_table related -+ * hypercall_create_continuation() below. */ -+ return (int)foreigndom; -+ } -+ - if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) - { - count &= ~MMU_UPDATE_PREEMPTED; -@@ -3146,7 +3154,7 @@ long do_mmuext_op( - - for ( i = 0; i < count; i++ ) - { -- if ( hypercall_preempt_check() ) -+ if ( curr->arch.old_guest_table || hypercall_preempt_check() ) - { - rc = -EAGAIN; - break; -@@ -3266,7 +3274,17 @@ long do_mmuext_op( - break; - } - -- put_page_and_type(page); -+ switch ( rc = put_page_and_type_preemptible(page, 1) ) -+ { -+ case -EINTR: -+ case -EAGAIN: -+ curr->arch.old_guest_table = page; -+ rc = 0; -+ break; -+ default: -+ BUG_ON(rc); -+ break; -+ } - put_page(page); - - /* A page is dirtied when its pin status is cleared. */ -@@ -3587,9 +3605,27 @@ long do_mmuext_op( - } - - if ( rc == -EAGAIN ) -+ { -+ ASSERT(i < count); - rc = hypercall_create_continuation( - __HYPERVISOR_mmuext_op, "hihi", - uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom); -+ } -+ else if ( curr->arch.old_guest_table ) -+ { -+ XEN_GUEST_HANDLE(void) null; -+ -+ ASSERT(rc || i == count); -+ set_xen_guest_handle(null, NULL); -+ /* -+ * In order to have a way to communicate the final return value to -+ * our continuation, we pass this in place of "foreigndom", building -+ * on the fact that this argument isn't needed anymore. -+ */ -+ rc = hypercall_create_continuation( -+ __HYPERVISOR_mmuext_op, "hihi", null, -+ MMU_UPDATE_PREEMPTED, null, rc); -+ } - - put_pg_owner(pg_owner); - ---- a/xen/arch/x86/x86_64/compat/mm.c -+++ b/xen/arch/x86/x86_64/compat/mm.c -@@ -268,6 +268,13 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm - int rc = 0; - XEN_GUEST_HANDLE(mmuext_op_t) nat_ops; - -+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && -+ likely(guest_handle_is_null(cmp_uops)) ) -+ { -+ set_xen_guest_handle(nat_ops, NULL); -+ return do_mmuext_op(nat_ops, count, pdone, foreigndom); -+ } -+ - preempt_mask = count & MMU_UPDATE_PREEMPTED; - count ^= preempt_mask; - -@@ -370,12 +377,18 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm - guest_handle_add_offset(nat_ops, i - left); - guest_handle_subtract_offset(cmp_uops, left); - left = 1; -- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops)); -- BUG_ON(left != arg1); -- if (!test_bit(_MCSF_in_multicall, &mcs->flags)) -- regs->_ecx += count - i; -+ if ( arg1 != MMU_UPDATE_PREEMPTED ) -+ { -+ BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, -+ cmp_uops)); -+ if ( !test_bit(_MCSF_in_multicall, &mcs->flags) ) -+ regs->_ecx += count - i; -+ else -+ mcs->compat_call.args[1] += count - i; -+ } - else -- mcs->compat_call.args[1] += count - i; -+ BUG_ON(hypercall_xlat_continuation(&left, 0)); -+ BUG_ON(left != arg1); - } - else - BUG_ON(err > 0); diff --git a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch b/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch deleted file mode 100644 index 0b7ce18d09cb..000000000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-1918-XSA-45_7.patch +++ /dev/null @@ -1,255 +0,0 @@ -x86: make page table handling error paths preemptible - -... as they may take significant amounts of time. - -This requires cloning the tweaked continuation logic from -do_mmuext_op() to do_mmu_update(). - -Note that in mod_l[34]_entry() a negative "preemptible" value gets -passed to put_page_from_l[34]e() now, telling the callee to store the -respective page in current->arch.old_guest_table (for a hypercall -continuation to pick up), rather than carrying out the put right away. -This is going to be made a little more explicit by a subsequent cleanup -patch. - -This is part of CVE-2013-1918 / XSA-45. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -1241,7 +1241,16 @@ static int put_page_from_l3e(l3_pgentry_ - #endif - - if ( unlikely(partial > 0) ) -+ { -+ ASSERT(preemptible >= 0); - return __put_page_type(l3e_get_page(l3e), preemptible); -+ } -+ -+ if ( preemptible < 0 ) -+ { -+ current->arch.old_guest_table = l3e_get_page(l3e); -+ return 0; -+ } - - return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible); - } -@@ -1254,7 +1263,17 @@ static int put_page_from_l4e(l4_pgentry_ - (l4e_get_pfn(l4e) != pfn) ) - { - if ( unlikely(partial > 0) ) -+ { -+ ASSERT(preemptible >= 0); - return __put_page_type(l4e_get_page(l4e), preemptible); -+ } -+ -+ if ( preemptible < 0 ) -+ { -+ current->arch.old_guest_table = l4e_get_page(l4e); -+ return 0; -+ } -+ - return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible); - } - return 1; -@@ -1549,12 +1568,17 @@ static int alloc_l3_table(struct page_in - if ( rc < 0 && rc != -EAGAIN && rc != -EINTR ) - { - MEM_LOG("Failure in alloc_l3_table: entry %d", i); -+ if ( i ) -+ { -+ page->nr_validated_ptes = i; -+ page->partial_pte = 0; -+ current->arch.old_guest_table = page; -+ } - while ( i-- > 0 ) - { - if ( !is_guest_l3_slot(i) ) - continue; - unadjust_guest_l3e(pl3e[i], d); -- put_page_from_l3e(pl3e[i], pfn, 0, 0); - } - } - -@@ -1584,22 +1608,24 @@ static int alloc_l4_table(struct page_in - page->nr_validated_ptes = i; - page->partial_pte = partial ?: 1; - } -- else if ( rc == -EINTR ) -+ else if ( rc < 0 ) - { -+ if ( rc != -EINTR ) -+ MEM_LOG("Failure in alloc_l4_table: entry %d", i); - if ( i ) - { - page->nr_validated_ptes = i; - page->partial_pte = 0; -- rc = -EAGAIN; -+ if ( rc == -EINTR ) -+ rc = -EAGAIN; -+ else -+ { -+ if ( current->arch.old_guest_table ) -+ page->nr_validated_ptes++; -+ current->arch.old_guest_table = page; -+ } - } - } -- else if ( rc < 0 ) -- { -- MEM_LOG("Failure in alloc_l4_table: entry %d", i); -- while ( i-- > 0 ) -- if ( is_guest_l4_slot(d, i) ) -- put_page_from_l4e(pl4e[i], pfn, 0, 0); -- } - if ( rc < 0 ) - return rc; - -@@ -2047,7 +2073,7 @@ static int mod_l3_entry(l3_pgentry_t *pl - pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e); - } - -- put_page_from_l3e(ol3e, pfn, 0, 0); -+ put_page_from_l3e(ol3e, pfn, 0, -preemptible); - return rc; - } - -@@ -2110,7 +2136,7 @@ static int mod_l4_entry(l4_pgentry_t *pl - return -EFAULT; - } - -- put_page_from_l4e(ol4e, pfn, 0, 0); -+ put_page_from_l4e(ol4e, pfn, 0, -preemptible); - return rc; - } - -@@ -2268,7 +2294,15 @@ static int alloc_page_type(struct page_i - PRtype_info ": caf=%08lx taf=%" PRtype_info, - page_to_mfn(page), get_gpfn_from_mfn(page_to_mfn(page)), - type, page->count_info, page->u.inuse.type_info); -- page->u.inuse.type_info = 0; -+ if ( page != current->arch.old_guest_table ) -+ page->u.inuse.type_info = 0; -+ else -+ { -+ ASSERT((page->u.inuse.type_info & -+ (PGT_count_mask | PGT_validated)) == 1); -+ get_page_light(page); -+ page->u.inuse.type_info |= PGT_partial; -+ } - } - else - { -@@ -3218,21 +3252,17 @@ long do_mmuext_op( - } - - if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 ) -- { -- put_page_and_type(page); - okay = 0; -- break; -- } -- -- if ( unlikely(test_and_set_bit(_PGT_pinned, -- &page->u.inuse.type_info)) ) -+ else if ( unlikely(test_and_set_bit(_PGT_pinned, -+ &page->u.inuse.type_info)) ) - { - MEM_LOG("Mfn %lx already pinned", page_to_mfn(page)); -- put_page_and_type(page); - okay = 0; -- break; - } - -+ if ( unlikely(!okay) ) -+ goto pin_drop; -+ - /* A page is dirtied when its pin status is set. */ - paging_mark_dirty(pg_owner, page_to_mfn(page)); - -@@ -3246,7 +3276,13 @@ long do_mmuext_op( - &page->u.inuse.type_info)); - spin_unlock(&pg_owner->page_alloc_lock); - if ( drop_ref ) -- put_page_and_type(page); -+ { -+ pin_drop: -+ if ( type == PGT_l1_page_table ) -+ put_page_and_type(page); -+ else -+ curr->arch.old_guest_table = page; -+ } - } - - break; -@@ -3652,11 +3688,28 @@ long do_mmu_update( - void *va; - unsigned long gpfn, gmfn, mfn; - struct page_info *page; -- int rc = 0, i = 0; -- unsigned int cmd, done = 0, pt_dom; -- struct vcpu *v = current; -+ unsigned int cmd, i = 0, done = 0, pt_dom; -+ struct vcpu *curr = current, *v = curr; - struct domain *d = v->domain, *pt_owner = d, *pg_owner; - struct domain_mmap_cache mapcache; -+ int rc = put_old_guest_table(curr); -+ -+ if ( unlikely(rc) ) -+ { -+ if ( likely(rc == -EAGAIN) ) -+ rc = hypercall_create_continuation( -+ __HYPERVISOR_mmu_update, "hihi", ureqs, count, pdone, -+ foreigndom); -+ return rc; -+ } -+ -+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && -+ likely(guest_handle_is_null(ureqs)) ) -+ { -+ /* See the curr->arch.old_guest_table related -+ * hypercall_create_continuation() below. */ -+ return (int)foreigndom; -+ } - - if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) - { -@@ -3705,7 +3758,7 @@ long do_mmu_update( - - for ( i = 0; i < count; i++ ) - { -- if ( hypercall_preempt_check() ) -+ if ( curr->arch.old_guest_table || hypercall_preempt_check() ) - { - rc = -EAGAIN; - break; -@@ -3886,9 +3939,27 @@ long do_mmu_update( - } - - if ( rc == -EAGAIN ) -+ { -+ ASSERT(i < count); - rc = hypercall_create_continuation( - __HYPERVISOR_mmu_update, "hihi", - ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom); -+ } -+ else if ( curr->arch.old_guest_table ) -+ { -+ XEN_GUEST_HANDLE(void) null; -+ -+ ASSERT(rc || i == count); -+ set_xen_guest_handle(null, NULL); -+ /* -+ * In order to have a way to communicate the final return value to -+ * our continuation, we pass this in place of "foreigndom", building -+ * on the fact that this argument isn't needed anymore. -+ */ -+ rc = hypercall_create_continuation( -+ __HYPERVISOR_mmu_update, "hihi", null, -+ MMU_UPDATE_PREEMPTED, null, rc); -+ } - - put_pg_owner(pg_owner); - diff --git a/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch b/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch deleted file mode 100644 index 3dd9cbe14092..000000000000 --- a/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch +++ /dev/null @@ -1,127 +0,0 @@ -x86/xsave: fix information leak on AMD CPUs - -Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the -last instruction and operand pointers as well as the last opcode if -there's no pending unmasked exception (see CVE-2006-1056 and commit -9747:4d667a139318). - -While the FXSR solution sits in the save path, I prefer to have this in -the restore path because there the handling is simpler (namely in the -context of the pending changes to properly save the selector values for -32-bit guest code). - -Also this is using FFREE instead of EMMS, as it doesn't seem unlikely -that in the future we may see CPUs with x87 and SSE/AVX but no MMX -support. The goal here anyway is just to avoid an FPU stack overflow. -I would have preferred to use FFREEP instead of FFREE (freeing two -stack slots at once), but AMD doesn't document that instruction. - -This is CVE-2013-2076 / XSA-52. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/arch/x86/xstate.c -+++ b/xen/arch/x86/xstate.c -@@ -78,6 +78,21 @@ void xrstor(struct vcpu *v, uint64_t mas - - struct xsave_struct *ptr = v->arch.xsave_area; - -+ /* -+ * AMD CPUs don't save/restore FDP/FIP/FOP unless an exception -+ * is pending. Clear the x87 state here by setting it to fixed -+ * values. The hypervisor data segment can be sometimes 0 and -+ * sometimes new user value. Both should be ok. Use the FPU saved -+ * data block as a safe address because it should be in L1. -+ */ -+ if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) && -+ !(ptr->fpu_sse.fsw & 0x0080) && -+ boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) -+ asm volatile ( "fnclex\n\t" /* clear exceptions */ -+ "ffree %%st(7)\n\t" /* clear stack tag */ -+ "fildl %0" /* load to clear state */ -+ : : "m" (ptr->fpu_sse) ); -+ - asm volatile ( - ".byte " REX_PREFIX "0x0f,0xae,0x2f" - : -#x86/xsave: recover from faults on XRSTOR -# -#Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed -#to it in the memory block (i.e. aspects not under the control of the -#hypervisor, other than e.g. proper alignment of the block). -# -#Also correct the comment explaining why FXRSTOR needs exception -#recovery code to not wrongly state that this can only be a result of -#the control tools passing a bad image. -# -#This is CVE-2013-2077 / XSA-53. -# -#Signed-off-by: Jan Beulich <jbeulich@suse.com> -# ---- a/xen/arch/x86/i387.c -+++ b/xen/arch/x86/i387.c -@@ -53,7 +53,7 @@ static inline void fpu_fxrstor(struct vc - /* - * FXRSTOR can fault if passed a corrupted data block. We handle this - * possibility, which may occur if the block was passed to us by control -- * tools, by silently clearing the block. -+ * tools or through VCPUOP_initialise, by silently clearing the block. - */ - asm volatile ( - #ifdef __i386__ ---- a/xen/arch/x86/xstate.c -+++ b/xen/arch/x86/xstate.c -@@ -93,10 +93,25 @@ void xrstor(struct vcpu *v, uint64_t mas - "fildl %0" /* load to clear state */ - : : "m" (ptr->fpu_sse) ); - -- asm volatile ( -- ".byte " REX_PREFIX "0x0f,0xae,0x2f" -- : -- : "m" (*ptr), "a" (lmask), "d" (hmask), "D"(ptr) ); -+ /* -+ * XRSTOR can fault if passed a corrupted data block. We handle this -+ * possibility, which may occur if the block was passed to us by control -+ * tools or through VCPUOP_initialise, by silently clearing the block. -+ */ -+ asm volatile ( "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" -+ ".section .fixup,\"ax\"\n" -+ "2: mov %5,%%ecx \n" -+ " xor %1,%1 \n" -+ " rep stosb \n" -+ " lea %2,%0 \n" -+ " mov %3,%1 \n" -+ " jmp 1b \n" -+ ".previous \n" -+ _ASM_EXTABLE(1b, 2b) -+ : "+&D" (ptr), "+&a" (lmask) -+ : "m" (*ptr), "g" (lmask), "d" (hmask), -+ "m" (xsave_cntxt_size) -+ : "ecx" ); - } - - bool_t xsave_enabled(const struct vcpu *v) -#x86/xsave: properly check guest input to XSETBV -# -#Other than the HVM emulation path, the PV case so far failed to check -#that YMM state requires SSE state to be enabled, allowing for a #GP to -#occur upon passing the inputs to XSETBV inside the hypervisor. -# -#This is CVE-2013-2078 / XSA-54. -# -#Signed-off-by: Jan Beulich <jbeulich@suse.com> -# ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -2205,6 +2205,11 @@ static int emulate_privileged_op(struct - if ( !(new_xfeature & XSTATE_FP) || (new_xfeature & ~xfeature_mask) ) - goto fail; - -+ /* YMM state takes SSE state as prerequisite. */ -+ if ( (xfeature_mask & new_xfeature & XSTATE_YMM) && -+ !(new_xfeature & XSTATE_SSE) ) -+ goto fail; -+ - v->arch.xcr0 = new_xfeature; - v->arch.xcr0_accum |= new_xfeature; - set_xcr0(new_xfeature); diff --git a/app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch b/app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch deleted file mode 100644 index c3b8aaafa5ae..000000000000 --- a/app-emulation/xen/files/xen-4.2-CVE-2013-1432-XSA-58.patch +++ /dev/null @@ -1,130 +0,0 @@ -x86: fix page refcount handling in page table pin error path - -In the original patch 7 of the series addressing XSA-45 I mistakenly -took the addition of the call to get_page_light() in alloc_page_type() -to cover two decrements that would happen: One for the PGT_partial bit -that is getting set along with the call, and the other for the page -reference the caller hold (and would be dropping on its error path). -But of course the additional page reference is tied to the PGT_partial -bit, and hence any caller of a function that may leave -->arch.old_guest_table non-NULL for error cleanup purposes has to make -sure a respective page reference gets retained. - -Similar issues were then also spotted elsewhere: In effect all callers -of get_page_type_preemptible() need to deal with errors in similar -ways. To make sure error handling can work this way without leaking -page references, a respective assertion gets added to that function. - -This is CVE-2013-1432 / XSA-58. - -Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -941,6 +941,10 @@ int arch_set_info_guest( - if ( v->vcpu_id == 0 ) - d->vm_assist = c(vm_assist); - -+ rc = put_old_guest_table(current); -+ if ( rc ) -+ return rc; -+ - if ( !compat ) - rc = (int)set_gdt(v, c.nat->gdt_frames, c.nat->gdt_ents); - #ifdef CONFIG_COMPAT -@@ -980,18 +984,24 @@ int arch_set_info_guest( - } - else - { -- /* -- * Since v->arch.guest_table{,_user} are both NULL, this effectively -- * is just a call to put_old_guest_table(). -- */ - if ( !compat ) -- rc = vcpu_destroy_pagetables(v); -+ rc = put_old_guest_table(v); - if ( !rc ) - rc = get_page_type_preemptible(cr3_page, - !compat ? PGT_root_page_table - : PGT_l3_page_table); -- if ( rc == -EINTR ) -+ switch ( rc ) -+ { -+ case -EINTR: - rc = -EAGAIN; -+ case -EAGAIN: -+ case 0: -+ break; -+ default: -+ if ( cr3_page == current->arch.old_guest_table ) -+ cr3_page = NULL; -+ break; -+ } - } - if ( rc ) - /* handled below */; -@@ -1018,6 +1028,11 @@ int arch_set_info_guest( - pagetable_get_page(v->arch.guest_table); - v->arch.guest_table = pagetable_null(); - break; -+ default: -+ if ( cr3_page == current->arch.old_guest_table ) -+ cr3_page = NULL; -+ case 0: -+ break; - } - } - if ( !rc ) ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -718,7 +718,8 @@ static int get_page_and_type_from_pagenr - get_page_type_preemptible(page, type) : - (get_page_type(page, type) ? 0 : -EINVAL)); - -- if ( unlikely(rc) && partial >= 0 ) -+ if ( unlikely(rc) && partial >= 0 && -+ (!preemptible || page != current->arch.old_guest_table) ) - put_page(page); - - return rc; -@@ -2638,6 +2639,7 @@ int put_page_type_preemptible(struct pag - - int get_page_type_preemptible(struct page_info *page, unsigned long type) - { -+ ASSERT(!current->arch.old_guest_table); - return __get_page_type(page, type, 1); - } - -@@ -2848,7 +2850,7 @@ static void put_superpage(unsigned long - - #endif - --static int put_old_guest_table(struct vcpu *v) -+int put_old_guest_table(struct vcpu *v) - { - int rc; - -@@ -3253,7 +3255,8 @@ long do_mmuext_op( - rc = -EAGAIN; - else if ( rc != -EAGAIN ) - MEM_LOG("Error while pinning mfn %lx", page_to_mfn(page)); -- put_page(page); -+ if ( page != curr->arch.old_guest_table ) -+ put_page(page); - break; - } - ---- a/xen/include/asm-x86/mm.h -+++ b/xen/include/asm-x86/mm.h -@@ -374,6 +374,7 @@ void put_page_type(struct page_info *pag - int get_page_type(struct page_info *page, unsigned long type); - int put_page_type_preemptible(struct page_info *page); - int get_page_type_preemptible(struct page_info *page, unsigned long type); -+int put_old_guest_table(struct vcpu *); - int get_page_from_l1e( - l1_pgentry_t l1e, struct domain *l1e_owner, struct domain *pg_owner); - void put_page_from_l1e(l1_pgentry_t l1e, struct domain *l1e_owner); - diff --git a/app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch b/app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch deleted file mode 100644 index 490f84e18623..000000000000 --- a/app-emulation/xen/files/xen-4.2-CVE-2013-4553-XSA-74.patch +++ /dev/null @@ -1,41 +0,0 @@ -x86: restrict XEN_DOMCTL_getmemlist - -Coverity ID 1055652 - -(See the code comment.) - -This is CVE-2013-4553 / XSA-74. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/domctl.c -+++ b/xen/arch/x86/domctl.c -@@ -385,6 +385,26 @@ long arch_do_domctl( - break; - } - -+ /* -+ * XSA-74: This sub-hypercall is broken in several ways: -+ * - lock order inversion (p2m locks inside page_alloc_lock) -+ * - no preemption on huge max_pfns input -+ * - not (re-)checking d->is_dying with page_alloc_lock held -+ * - not honoring start_pfn input (which libxc also doesn't set) -+ * Additionally it is rather useless, as the result is stale by -+ * the time the caller gets to look at it. -+ * As it only has a single, non-production consumer (xen-mceinj), -+ * rather than trying to fix it we restrict it for the time being. -+ */ -+ if ( /* No nested locks inside copy_to_guest_offset(). */ -+ paging_mode_external(current->domain) || -+ /* Arbitrary limit capping processing time. */ -+ max_pfns > GB(4) / PAGE_SIZE ) -+ { -+ ret = -EOPNOTSUPP; -+ break; -+ } -+ - spin_lock(&d->page_alloc_lock); - - if ( unlikely(d->is_dying) ) { diff --git a/app-emulation/xen/files/xen-4.2-XSA-84.patch b/app-emulation/xen/files/xen-4.2-XSA-84.patch deleted file mode 100644 index 277b6f6667a6..000000000000 --- a/app-emulation/xen/files/xen-4.2-XSA-84.patch +++ /dev/null @@ -1,153 +0,0 @@ -flask: fix reading strings from guest memory - -Since the string size is being specified by the guest, we must range -check it properly before doing allocations based on it. While for the -two cases that are exposed only to trusted guests (via policy -restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for -the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit -gets enforced based on the longest name across all boolean settings. - -This is XSA-84. - -Reported-by: Matthew Daley <mattd@bugfuzz.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> - ---- a/xen/xsm/flask/flask_op.c -+++ b/xen/xsm/flask/flask_op.c -@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(sel_sem); - /* global data for booleans */ - static int bool_num = 0; - static int *bool_pending_values = NULL; -+static size_t bool_maxstr; - static int flask_security_make_bools(void); - - extern int ss_initialized; -@@ -71,9 +72,15 @@ static int domain_has_security(struct do - perms, NULL); - } - --static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, uint32_t size) -+static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, -+ size_t size, size_t max_size) - { -- char *tmp = xmalloc_bytes(size + 1); -+ char *tmp; -+ -+ if ( size > max_size ) -+ return -ENOENT; -+ -+ tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - -@@ -99,7 +106,7 @@ static int flask_security_user(struct xe - if ( rv ) - return rv; - -- rv = flask_copyin_string(arg->u.user, &user, arg->size); -+ rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); - if ( rv ) - return rv; - -@@ -210,7 +217,7 @@ static int flask_security_context(struct - if ( rv ) - return rv; - -- rv = flask_copyin_string(arg->context, &buf, arg->size); -+ rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); - if ( rv ) - return rv; - -@@ -303,7 +310,7 @@ static int flask_security_resolve_bool(s - if ( arg->bool_id != -1 ) - return 0; - -- rv = flask_copyin_string(arg->name, &name, arg->size); -+ rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); - if ( rv ) - return rv; - -@@ -334,7 +341,7 @@ static int flask_security_set_bool(struc - int num; - int *values; - -- rv = security_get_bools(&num, NULL, &values); -+ rv = security_get_bools(&num, NULL, &values, NULL); - if ( rv != 0 ) - goto out; - -@@ -440,7 +447,7 @@ static int flask_security_make_bools(voi - - xfree(bool_pending_values); - -- ret = security_get_bools(&num, NULL, &values); -+ ret = security_get_bools(&num, NULL, &values, &bool_maxstr); - if ( ret != 0 ) - goto out; - ---- a/xen/xsm/flask/include/conditional.h -+++ b/xen/xsm/flask/include/conditional.h -@@ -13,7 +13,9 @@ - #ifndef _FLASK_CONDITIONAL_H_ - #define _FLASK_CONDITIONAL_H_ - --int security_get_bools(int *len, char ***names, int **values); -+#include <xen/types.h> -+ -+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr); - - int security_set_bools(int len, int *values); - ---- a/xen/xsm/flask/ss/services.c -+++ b/xen/xsm/flask/ss/services.c -@@ -1900,7 +1900,7 @@ int security_find_bool(const char *name) - return rv; - } - --int security_get_bools(int *len, char ***names, int **values) -+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr) - { - int i, rc = -ENOMEM; - -@@ -1908,6 +1908,8 @@ int security_get_bools(int *len, char ** - if ( names ) - *names = NULL; - *values = NULL; -+ if ( maxstr ) -+ *maxstr = 0; - - *len = policydb.p_bools.nprim; - if ( !*len ) -@@ -1929,16 +1931,17 @@ int security_get_bools(int *len, char ** - - for ( i = 0; i < *len; i++ ) - { -- size_t name_len; -+ size_t name_len = strlen(policydb.p_bool_val_to_name[i]); -+ - (*values)[i] = policydb.bool_val_to_struct[i]->state; - if ( names ) { -- name_len = strlen(policydb.p_bool_val_to_name[i]) + 1; -- (*names)[i] = (char*)xmalloc_array(char, name_len); -+ (*names)[i] = xmalloc_array(char, name_len + 1); - if ( !(*names)[i] ) - goto err; -- strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len); -- (*names)[i][name_len - 1] = 0; -+ strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len + 1); - } -+ if ( maxstr && name_len > *maxstr ) -+ *maxstr = name_len; - } - rc = 0; - out: -@@ -2056,7 +2059,7 @@ static int security_preserve_bools(struc - struct cond_bool_datum *booldatum; - struct cond_node *cur; - -- rc = security_get_bools(&nbools, &bnames, &bvalues); -+ rc = security_get_bools(&nbools, &bnames, &bvalues, NULL); - if ( rc ) - goto out; - for ( i = 0; i < nbools; i++ ) diff --git a/app-emulation/xen/files/xen-4.2-XSA-85.patch b/app-emulation/xen/files/xen-4.2-XSA-85.patch deleted file mode 100644 index 2976b2af8248..000000000000 --- a/app-emulation/xen/files/xen-4.2-XSA-85.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 593bc8c63d582ec0fc2b3a35336106cf9c3a8b34 Mon Sep 17 00:00:00 2001 -From: Matthew Daley <mattd@bugfuzz.com> -Date: Sun, 12 Jan 2014 14:29:32 +1300 -Subject: [PATCH] xsm/flask: correct off-by-one in - flask_security_avc_cachestats cpu id check - -This is XSA-85 - -Signed-off-by: Matthew Daley <mattd@bugfuzz.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Ian Campbell <ian.campbell@citrix.com> ---- - xen/xsm/flask/flask_op.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c -index 4426ab9..22878f5 100644 ---- a/xen/xsm/flask/flask_op.c -+++ b/xen/xsm/flask/flask_op.c -@@ -457,7 +457,7 @@ static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg) - { - struct avc_cache_stats *st; - -- if ( arg->cpu > nr_cpu_ids ) -+ if ( arg->cpu >= nr_cpu_ids ) - return -ENOENT; - if ( !cpu_online(arg->cpu) ) - return -ENOENT; --- -1.8.5.2 - diff --git a/app-emulation/xen/files/xen-4.2-XSA-87.patch b/app-emulation/xen/files/xen-4.2-XSA-87.patch deleted file mode 100644 index 494cf5e2bf5d..000000000000 --- a/app-emulation/xen/files/xen-4.2-XSA-87.patch +++ /dev/null @@ -1,21 +0,0 @@ -x86: PHYSDEVOP_{prepare,release}_msix are privileged - -Yet this wasn't being enforced. - -This is XSA-87. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/arch/x86/physdev.c -+++ b/xen/arch/x86/physdev.c -@@ -612,7 +612,9 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H - case PHYSDEVOP_release_msix: { - struct physdev_pci_device dev; - -- if ( copy_from_guest(&dev, arg, 1) ) -+ if ( !IS_PRIV(v->domain) ) -+ ret = -EPERM; -+ else if ( copy_from_guest(&dev, arg, 1) ) - ret = -EFAULT; - else - ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, diff --git a/app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch b/app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch deleted file mode 100644 index 3bb432762a2c..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-1442-XSA-62.patch +++ /dev/null @@ -1,46 +0,0 @@ -x86/xsave: initialize extended register state when guests enable it - -Till now, when setting previously unset bits in XCR0 we wouldn't touch -the active register state, thus leaving in the newly enabled registers -whatever a prior user of it left there, i.e. potentially leaking -information between guests. - -This is CVE-2013-1442 / XSA-62. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/xstate.c -+++ b/xen/arch/x86/xstate.c -@@ -307,6 +307,7 @@ int validate_xstate(u64 xcr0, u64 xcr0_a - int handle_xsetbv(u32 index, u64 new_bv) - { - struct vcpu *curr = current; -+ u64 mask; - - if ( index != XCR_XFEATURE_ENABLED_MASK ) - return -EOPNOTSUPP; -@@ -320,9 +321,23 @@ int handle_xsetbv(u32 index, u64 new_bv) - if ( !set_xcr0(new_bv) ) - return -EFAULT; - -+ mask = new_bv & ~curr->arch.xcr0_accum; - curr->arch.xcr0 = new_bv; - curr->arch.xcr0_accum |= new_bv; - -+ mask &= curr->fpu_dirtied ? ~XSTATE_FP_SSE : XSTATE_NONLAZY; -+ if ( mask ) -+ { -+ unsigned long cr0 = read_cr0(); -+ -+ clts(); -+ if ( curr->fpu_dirtied ) -+ asm ( "stmxcsr %0" : "=m" (curr->arch.xsave_area->fpu_sse.mxcsr) ); -+ xrstor(curr, mask); -+ if ( cr0 & X86_CR0_TS ) -+ write_cr0(cr0); -+ } -+ - return 0; - } - diff --git a/app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch b/app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch deleted file mode 100644 index 5134650e2f88..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4355-XSA-63.patch +++ /dev/null @@ -1,171 +0,0 @@ -x86: properly handle hvm_copy_from_guest_{phys,virt}() errors - -Ignoring them generally implies using uninitialized data and, in all -cases dealt with here, potentially leaking hypervisor stack contents to -guests. - -This is XSA-63. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Tim Deegan <tim@xen.org> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -2308,11 +2308,7 @@ void hvm_task_switch( - - rc = hvm_copy_from_guest_virt( - &tss, prev_tr.base, sizeof(tss), PFEC_page_present); -- if ( rc == HVMCOPY_bad_gva_to_gfn ) -- goto out; -- if ( rc == HVMCOPY_gfn_paged_out ) -- goto out; -- if ( rc == HVMCOPY_gfn_shared ) -+ if ( rc != HVMCOPY_okay ) - goto out; - - eflags = regs->eflags; -@@ -2357,13 +2353,11 @@ void hvm_task_switch( - - rc = hvm_copy_from_guest_virt( - &tss, tr.base, sizeof(tss), PFEC_page_present); -- if ( rc == HVMCOPY_bad_gva_to_gfn ) -- goto out; -- if ( rc == HVMCOPY_gfn_paged_out ) -- goto out; -- /* Note: this could be optimised, if the callee functions knew we want RO -- * access */ -- if ( rc == HVMCOPY_gfn_shared ) -+ /* -+ * Note: The HVMCOPY_gfn_shared case could be optimised, if the callee -+ * functions knew we want RO access. -+ */ -+ if ( rc != HVMCOPY_okay ) - goto out; - - ---- a/xen/arch/x86/hvm/intercept.c -+++ b/xen/arch/x86/hvm/intercept.c -@@ -87,17 +87,28 @@ static int hvm_mmio_access(struct vcpu * - { - for ( i = 0; i < p->count; i++ ) - { -- int ret; -- -- ret = hvm_copy_from_guest_phys(&data, -- p->data + (sign * i * p->size), -- p->size); -- if ( (ret == HVMCOPY_gfn_paged_out) || -- (ret == HVMCOPY_gfn_shared) ) -+ switch ( hvm_copy_from_guest_phys(&data, -+ p->data + sign * i * p->size, -+ p->size) ) - { -+ case HVMCOPY_okay: -+ break; -+ case HVMCOPY_gfn_paged_out: -+ case HVMCOPY_gfn_shared: - rc = X86EMUL_RETRY; - break; -+ case HVMCOPY_bad_gfn_to_mfn: -+ data = ~0; -+ break; -+ case HVMCOPY_bad_gva_to_gfn: -+ ASSERT(0); -+ /* fall through */ -+ default: -+ rc = X86EMUL_UNHANDLEABLE; -+ break; - } -+ if ( rc != X86EMUL_OKAY ) -+ break; - rc = write_handler(v, p->addr + (sign * i * p->size), p->size, - data); - if ( rc != X86EMUL_OKAY ) -@@ -165,8 +176,28 @@ static int process_portio_intercept(port - for ( i = 0; i < p->count; i++ ) - { - data = 0; -- (void)hvm_copy_from_guest_phys(&data, p->data + sign*i*p->size, -- p->size); -+ switch ( hvm_copy_from_guest_phys(&data, -+ p->data + sign * i * p->size, -+ p->size) ) -+ { -+ case HVMCOPY_okay: -+ break; -+ case HVMCOPY_gfn_paged_out: -+ case HVMCOPY_gfn_shared: -+ rc = X86EMUL_RETRY; -+ break; -+ case HVMCOPY_bad_gfn_to_mfn: -+ data = ~0; -+ break; -+ case HVMCOPY_bad_gva_to_gfn: -+ ASSERT(0); -+ /* fall through */ -+ default: -+ rc = X86EMUL_UNHANDLEABLE; -+ break; -+ } -+ if ( rc != X86EMUL_OKAY ) -+ break; - rc = action(IOREQ_WRITE, p->addr, p->size, &data); - if ( rc != X86EMUL_OKAY ) - break; ---- a/xen/arch/x86/hvm/io.c -+++ b/xen/arch/x86/hvm/io.c -@@ -340,14 +340,24 @@ static int dpci_ioport_write(uint32_t mp - data = p->data; - if ( p->data_is_ptr ) - { -- int ret; -- -- ret = hvm_copy_from_guest_phys(&data, -- p->data + (sign * i * p->size), -- p->size); -- if ( (ret == HVMCOPY_gfn_paged_out) && -- (ret == HVMCOPY_gfn_shared) ) -+ switch ( hvm_copy_from_guest_phys(&data, -+ p->data + sign * i * p->size, -+ p->size) ) -+ { -+ case HVMCOPY_okay: -+ break; -+ case HVMCOPY_gfn_paged_out: -+ case HVMCOPY_gfn_shared: - return X86EMUL_RETRY; -+ case HVMCOPY_bad_gfn_to_mfn: -+ data = ~0; -+ break; -+ case HVMCOPY_bad_gva_to_gfn: -+ ASSERT(0); -+ /* fall through */ -+ default: -+ return X86EMUL_UNHANDLEABLE; -+ } - } - - switch ( p->size ) ---- a/xen/arch/x86/hvm/vmx/realmode.c -+++ b/xen/arch/x86/hvm/vmx/realmode.c -@@ -39,7 +39,9 @@ static void realmode_deliver_exception( - - again: - last_byte = (vector * 4) + 3; -- if ( idtr->limit < last_byte ) -+ if ( idtr->limit < last_byte || -+ hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4) != -+ HVMCOPY_okay ) - { - /* Software interrupt? */ - if ( insn_len != 0 ) -@@ -64,8 +66,6 @@ static void realmode_deliver_exception( - } - } - -- (void)hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4); -- - frame[0] = regs->eip + insn_len; - frame[1] = csr->sel; - frame[2] = regs->eflags & ~X86_EFLAGS_RF; diff --git a/app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch b/app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch deleted file mode 100644 index 9b3a7cbe1bed..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4356-XSA-64.patch +++ /dev/null @@ -1,57 +0,0 @@ -commit 95a0770282ea2a03f7bc48c6656d5fc79bae0599 -Author: Tim Deegan <tim@xen.org> -Date: Thu Sep 12 14:16:28 2013 +0100 - - x86/mm/shadow: Fix initialization of PV shadow L4 tables. - - Shadowed PV L4 tables must have the same Xen mappings as their - unshadowed equivalent. This is done by copying the Xen entries - verbatim from the idle pagetable, and then using guest_l4_slot() - in the SHADOW_FOREACH_L4E() iterator to avoid touching those entries. - - adc5afbf1c70ef55c260fb93e4b8ce5ccb918706 (x86: support up to 16Tb) - changed the definition of ROOT_PAGETABLE_XEN_SLOTS to extend right to - the top of the address space, which causes the shadow code to - copy Xen mappings into guest-kernel-address slots too. - - In the common case, all those slots are zero in the idle pagetable, - and no harm is done. But if any slot above #271 is non-zero, Xen will - crash when that slot is later cleared (it attempts to drop - shadow-pagetable refcounts on its own L4 pagetables). - - Fix by using the new ROOT_PAGETABLE_PV_XEN_SLOTS when appropriate. - Monitor pagetables need the full Xen mappings, so they keep using the - old name (with its new semantics). - - This is XSA-64. - - Signed-off-by: Tim Deegan <tim@xen.org> - Reviewed-by: Jan Beulich <jbeulich@suse.com> - - Xen 4.3.x and xen-unstable are vulnerable. - -diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c -index 4c4c2ba..3fed0b6 100644 ---- a/xen/arch/x86/mm/shadow/multi.c -+++ b/xen/arch/x86/mm/shadow/multi.c -@@ -1433,15 +1433,19 @@ void sh_install_xen_entries_in_l4(struct vcpu *v, mfn_t gl4mfn, mfn_t sl4mfn) - { - struct domain *d = v->domain; - shadow_l4e_t *sl4e; -+ unsigned int slots; - - sl4e = sh_map_domain_page(sl4mfn); - ASSERT(sl4e != NULL); - ASSERT(sizeof (l4_pgentry_t) == sizeof (shadow_l4e_t)); - - /* Copy the common Xen mappings from the idle domain */ -+ slots = (shadow_mode_external(d) -+ ? ROOT_PAGETABLE_XEN_SLOTS -+ : ROOT_PAGETABLE_PV_XEN_SLOTS); - memcpy(&sl4e[ROOT_PAGETABLE_FIRST_XEN_SLOT], - &idle_pg_table[ROOT_PAGETABLE_FIRST_XEN_SLOT], -- ROOT_PAGETABLE_XEN_SLOTS * sizeof(l4_pgentry_t)); -+ slots * sizeof(l4_pgentry_t)); - - /* Install the per-domain mappings for this domain */ - sl4e[shadow_l4_table_offset(PERDOMAIN_VIRT_START)] = diff --git a/app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch b/app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch deleted file mode 100644 index 1d9f25abae1f..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4361-XSA-66.patch +++ /dev/null @@ -1,23 +0,0 @@ -x86: properly set up fbld emulation operand address - -This is CVE-2013-4361 / XSA-66. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> - ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -3156,11 +3156,11 @@ x86_emulate( - break; - case 4: /* fbld m80dec */ - ea.bytes = 10; -- dst = ea; -+ src = ea; - if ( (rc = ops->read(src.mem.seg, src.mem.off, - &src.val, src.bytes, ctxt)) != 0 ) - goto done; -- emulate_fpu_insn_memdst("fbld", src.val); -+ emulate_fpu_insn_memsrc("fbld", src.val); - break; - case 5: /* fild m64i */ - ea.bytes = 8; diff --git a/app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch b/app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch deleted file mode 100644 index d81a0e18a921..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4368-XSA-67.patch +++ /dev/null @@ -1,37 +0,0 @@ -x86: check segment descriptor read result in 64-bit OUTS emulation - -When emulating such an operation from a 64-bit context (CS has long -mode set), and the data segment is overridden to FS/GS, the result of -reading the overridden segment's descriptor (read_descriptor) is not -checked. If it fails, data_base is left uninitialized. - -This can lead to 8 bytes of Xen's stack being leaked to the guest -(implicitly, i.e. via the address given in a #PF). - -Coverity-ID: 1055116 - -This is CVE-2013-4368 / XSA-67. - -Signed-off-by: Matthew Daley <mattjd@gmail.com> - -Fix formatting. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -1993,10 +1993,10 @@ static int emulate_privileged_op(struct - break; - } - } -- else -- read_descriptor(data_sel, v, regs, -- &data_base, &data_limit, &ar, -- 0); -+ else if ( !read_descriptor(data_sel, v, regs, -+ &data_base, &data_limit, &ar, 0) || -+ !(ar & _SEGMENT_S) || !(ar & _SEGMENT_P) ) -+ goto fail; - data_limit = ~0UL; - ar = _SEGMENT_WR|_SEGMENT_S|_SEGMENT_DPL|_SEGMENT_P; - } diff --git a/app-emulation/xen/xen-4.2.2-r1.ebuild b/app-emulation/xen/xen-4.2.2-r1.ebuild deleted file mode 100644 index d69c0484e41c..000000000000 --- a/app-emulation/xen/xen-4.2.2-r1.ebuild +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2-r1.ebuild,v 1.6 2013/11/06 06:45:18 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="amd64 x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm ) - " - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \ - "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch \ - "${FILESDIR}"/${PN}-4.2-CVE-2013-1432-XSA-58.patch - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.2.2-r4.ebuild b/app-emulation/xen/xen-4.2.2-r4.ebuild deleted file mode 100644 index d0fbbfb2640d..000000000000 --- a/app-emulation/xen/xen-4.2.2-r4.ebuild +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2-r4.ebuild,v 1.2 2014/02/12 14:08:09 keytoaster Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="~amd64 ~x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm ) - " - -#Security patches -XSA_PATCHES=( - "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch - "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch - "${FILESDIR}"/${PN}-4.2-CVE-2013-1432-XSA-58.patch - "${FILESDIR}"/${PN}-4.2-CVE-2013-4553-XSA-74.patch - "${FILESDIR}"/${PN}-CVE-2013-4554-XSA-76.patch - "${FILESDIR}"/${PN}-CVE-2013-6400-XSA-80.patch - "${FILESDIR}"/${PN}-4-XSA-83.patch # bug #499054 - "${FILESDIR}"/${PN}-4.2-XSA-84.patch # bug #500536 - "${FILESDIR}"/${PN}-4.2-XSA-85.patch # bug #500528 - "${FILESDIR}"/${PN}-4.2-XSA-87.patch # bug #499124 -) - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}" - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.3.1-r1.ebuild b/app-emulation/xen/xen-4.3.1-r1.ebuild deleted file mode 100644 index 15183ccdb021..000000000000 --- a/app-emulation/xen/xen-4.3.1-r1.ebuild +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1-r1.ebuild,v 1.4 2013/12/31 02:46:00 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python2_7 ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - # support dropped for regular 32 bit hypervisor, Bug 493944 - KEYWORDS="amd64 -x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="flask? ( xsm )" - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - # Security patches - epatch "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch \ - "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch \ - "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch \ - "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch \ - "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.3.1-r4.ebuild b/app-emulation/xen/xen-4.3.1-r4.ebuild deleted file mode 100644 index 0f5828d882b8..000000000000 --- a/app-emulation/xen/xen-4.3.1-r4.ebuild +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1-r4.ebuild,v 1.3 2014/02/07 10:19:00 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python2_7 ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - # Set to match entry in stable 4.3.1-r1, Bug 493944 - KEYWORDS="~amd64 -x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="flask? ( xsm )" - -# Security patches -XSA_PATCHES=( - "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch - "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch - "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch - "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch - "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch - "${FILESDIR}"/${PN}-4.3-CVE-2013-4553-XSA-74.patch - "${FILESDIR}"/${PN}-CVE-2013-4554-XSA-76.patch - "${FILESDIR}"/${PN}-CVE-2013-6400-XSA-80.patch - "${FILESDIR}"/${PN}-4-XSA-83.patch #bug #499054 - "${FILESDIR}"/${PN}-4.3-XSA-87.patch #bug #499124 -) - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}" - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} |