1 |
idella4 13/11/22 12:32:12 |
2 |
|
3 |
Added: xen-CVE-2013-6375-XSA-78.patch |
4 |
xen-4.3-CVE-2013-6375-XSA-75.patch |
5 |
Log: |
6 |
Adding more security patches to 4.3.0 from Bug #486354, drop old |
7 |
|
8 |
(Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: xen-CVE-2013-6375-XSA-78.patch |
17 |
=================================================================== |
18 |
http://seclists.org/oss-sec/2013/q4/att-322/xsa78.patch |
19 |
VT-d: fix TLB flushing in dma_pte_clear_one() |
20 |
|
21 |
The third parameter of __intel_iommu_iotlb_flush() is to indicate |
22 |
whether the to be flushed entry was a present one. A few lines before, |
23 |
we bailed if !dma_pte_present(*pte), so there's no need to check the |
24 |
flag here again - we can simply always pass TRUE here. |
25 |
|
26 |
This is XSA-78. |
27 |
|
28 |
Suggested-by: Cheng Yueqiang <yqcheng.2008@×××××××××××××.sg> |
29 |
Signed-off-by: Jan Beulich <jbeulich@××××.com> |
30 |
|
31 |
--- a/xen/drivers/passthrough/vtd/iommu.c |
32 |
+++ b/xen/drivers/passthrough/vtd/iommu.c |
33 |
@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom |
34 |
iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); |
35 |
|
36 |
if ( !this_cpu(iommu_dont_flush_iotlb) ) |
37 |
- __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1); |
38 |
+ __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1); |
39 |
|
40 |
unmap_vtd_domain_page(page); |
41 |
|
42 |
|
43 |
|
44 |
1.1 app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch |
45 |
|
46 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch?rev=1.1&view=markup |
47 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch?rev=1.1&content-type=text/plain |
48 |
|
49 |
Index: xen-4.3-CVE-2013-6375-XSA-75.patch |
50 |
=================================================================== |
51 |
nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing |
52 |
|
53 |
Otherwise uninitialized data may be used, leading to crashes. |
54 |
|
55 |
This is XSA-75. |
56 |
|
57 |
Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@××××××.com> |
58 |
Signed-off-by: Jan Beulich <jbeulich@××××.com> |
59 |
Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@××××××.com> |
60 |
|
61 |
--- a/xen/arch/x86/hvm/vmx/vvmx.c |
62 |
+++ b/xen/arch/x86/hvm/vmx/vvmx.c |
63 |
@@ -1509,15 +1509,10 @@ static void clear_vvmcs_launched(struct |
64 |
} |
65 |
} |
66 |
|
67 |
-int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) |
68 |
+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) |
69 |
{ |
70 |
struct nestedvmx *nvmx = &vcpu_2_nvmx(v); |
71 |
struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); |
72 |
- int rc; |
73 |
- |
74 |
- rc = vmx_inst_check_privilege(regs, 0); |
75 |
- if ( rc != X86EMUL_OKAY ) |
76 |
- return rc; |
77 |
|
78 |
/* check VMCS is valid and IO BITMAP is set */ |
79 |
if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) && |
80 |
@@ -1536,6 +1531,10 @@ int nvmx_handle_vmresume(struct cpu_user |
81 |
struct vcpu *v = current; |
82 |
struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); |
83 |
struct nestedvmx *nvmx = &vcpu_2_nvmx(v); |
84 |
+ int rc = vmx_inst_check_privilege(regs, 0); |
85 |
+ |
86 |
+ if ( rc != X86EMUL_OKAY ) |
87 |
+ return rc; |
88 |
|
89 |
if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) |
90 |
{ |
91 |
@@ -1555,10 +1554,13 @@ int nvmx_handle_vmresume(struct cpu_user |
92 |
int nvmx_handle_vmlaunch(struct cpu_user_regs *regs) |
93 |
{ |
94 |
bool_t launched; |
95 |
- int rc; |
96 |
struct vcpu *v = current; |
97 |
struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); |
98 |
struct nestedvmx *nvmx = &vcpu_2_nvmx(v); |
99 |
+ int rc = vmx_inst_check_privilege(regs, 0); |
100 |
+ |
101 |
+ if ( rc != X86EMUL_OKAY ) |
102 |
+ return rc; |
103 |
|
104 |
if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) |
105 |
{ |