diff options
Diffstat (limited to 'app-emulation/xen/files')
3 files changed, 0 insertions, 111 deletions
diff --git a/app-emulation/xen/files/xen-4-CVE-2012-5634-XSA-33.patch b/app-emulation/xen/files/xen-4-CVE-2012-5634-XSA-33.patch deleted file mode 100644 index 20342ec..0000000 --- a/app-emulation/xen/files/xen-4-CVE-2012-5634-XSA-33.patch +++ /dev/null @@ -1,18 +0,0 @@ -VT-d: fix interrupt remapping source validation for devices behind legacy bridges -Using SVT_VERIFY_BUS here doesn't make sense; - -native Linux also uses SVT_VERIFY_SID_SQ here instead. -This is XSA-33 / CVE-2012-5634. -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- xen/drivers/passthrough/vtd/intremap.c -+++ xen/drivers/passthrough/vtd/intremap.c -@@ -466,7 +466,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) - set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, - (bus << 8) | pdev->bus); - else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) -- set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, -+ set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); - } - break; diff --git a/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch b/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch deleted file mode 100644 index f074fa6..0000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch +++ /dev/null @@ -1,70 +0,0 @@ -commit 66141b2e068fa39f28bdda6be05882e323663687 -Author: Michael Young -Date: Tue Jan 22 22:22:10 2013 +0000 - - Security fix from nested virtualization CVE-2013-0151, - restore status option to xend which is used by libvirt -#diff --git a/xsa34-4.2.patch b/xsa34-4.2.patch -#new file mode 100644 -#index 0000000..f5328ef -#--- /dev/null -#+++ xsa34-4.2.patch -#@@ -0,0 +1,30 @@ -#+x86_32: don't allow use of nested HVM -#+ -#+There are (indirect) uses of map_domain_page() in the nested HVM code -#+that are unsafe when not just using the 1:1 mapping. -#+ -#+This is XSA-34 / CVE-2013-0151. -#+ -#+Signed-off-by: Jan Beulich -#+ -#diff --git a/xsa35-4.2-with-xsa34.patch b/xsa35-4.2-with-xsa34.patch -#new file mode 100644 -#index 0000000..28c6171 -#--- /dev/null -#+++ xsa35-4.2-with-xsa34.patch -#@@ -0,0 +1,24 @@ -#+xen: Do not allow guests to enable nested HVM on themselves -#+ -#+There is no reason for this and doing so exposes a memory leak to -#+guests. Only toolstacks need write access to this HVM param. -#+ -#+This is XSA-35 / CVE-2013-0152. -#+ -#+Signed-off-by: Ian Campbell -#+Acked-by: Jan Beulich -#+ ---- xen/arch/x86/hvm/hvm.c -+++ xen/arch/x86/hvm/hvm.c -@@ -3858,6 +3858,11 @@ - rc = -EINVAL; - break; - case HVM_PARAM_NESTEDHVM: -+ if ( !IS_PRIV(current->domain) ) -+ { -+ rc = -EPERM; -+ break; -+ } - if ( a.value > 1 ) - rc = -EINVAL; - if ( !is_hvm_domain(d) ) -@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE - rc = -EINVAL; - break; - case HVM_PARAM_NESTEDHVM: -+#ifdef __i386__ -+ if ( a.value ) -+ rc = -EINVAL; -+#else - if ( a.value > 1 ) - rc = -EINVAL; - if ( !is_hvm_domain(d) ) -@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE - for_each_vcpu(d, v) - if ( rc == 0 ) - rc = nestedhvm_vcpu_initialise(v); -+#endif - break; - case HVM_PARAM_BUFIOREQ_EVTCHN: - rc = -EINVAL; diff --git a/app-emulation/xen/files/xen-4-CVE-2013-0154-XSA-37.patch b/app-emulation/xen/files/xen-4-CVE-2013-0154-XSA-37.patch deleted file mode 100644 index bb43acd..0000000 --- a/app-emulation/xen/files/xen-4-CVE-2013-0154-XSA-37.patch +++ /dev/null @@ -1,23 +0,0 @@ -x86: fix assertion in get_page_type() - -c/s 22998:e9fab50d7b61 (and immediately following ones) made it -possible that __get_page_type() returns other than -EINVAL, in -particular -EBUSY. Consequently, the assertion in get_page_type() -should check for only the return values we absolutely don't expect to -see there. - -This is XSA-37 / CVE-2013-0154. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- xen/arch/x86/mm.c -+++ xen/arch/x86/mm.c -@@ -2586,7 +2586,7 @@ int get_page_type(struct page_info *page - int rc = __get_page_type(page, type, 0); - if ( likely(rc == 0) ) - return 1; -- ASSERT(rc == -EINVAL); -+ ASSERT(rc != -EINTR && rc != -EAGAIN); - return 0; - } - |