[gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-CVE-2013-6375-XSA-78.patch xen-4.3-CVE-2013-6375-XSA-75.patch - gentoo-commits

From:	"Ian Delaney (idella4)" <idella4@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-CVE-2013-6375-XSA-78.patch xen-4.3-CVE-2013-6375-XSA-75.patch
Date:	Fri, 22 Nov 2013 12:32:16
Message-Id:	`20131122123212.41E492004B@flycatcher.gentoo.org`

1

idella4     13/11/22 12:32:12

2

3

  Added:                xen-CVE-2013-6375-XSA-78.patch

4

                        xen-4.3-CVE-2013-6375-XSA-75.patch

5

  Log:

6

  Adding more security patches to 4.3.0 from Bug #486354, drop old

7

8

  (Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)

9

10

Revision  Changes    Path

11

1.1                  app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch?rev=1.1&content-type=text/plain

15

16

Index: xen-CVE-2013-6375-XSA-78.patch

17

===================================================================

18

http://seclists.org/oss-sec/2013/q4/att-322/xsa78.patch

19

VT-d: fix TLB flushing in dma_pte_clear_one()

20

21

The third parameter of __intel_iommu_iotlb_flush() is to indicate

22

whether the to be flushed entry was a present one. A few lines before,

23

we bailed if !dma_pte_present(*pte), so there's no need to check the

24

flag here again - we can simply always pass TRUE here.

25

26

This is XSA-78.

27

28

Suggested-by: Cheng Yueqiang <yqcheng.2008@×××××××××××××.sg>

29

Signed-off-by: Jan Beulich <jbeulich@××××.com>

30

31

--- a/xen/drivers/passthrough/vtd/iommu.c

32

+++ b/xen/drivers/passthrough/vtd/iommu.c

33

@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom

34

     iommu_flush_cache_entry(pte, sizeof(struct dma_pte));

35

36

     if ( !this_cpu(iommu_dont_flush_iotlb) )

37

-        __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1);

38

+        __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1);

39

40

     unmap_vtd_domain_page(page);

1.1                  app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch

45

46

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch?rev=1.1&view=markup

47

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch?rev=1.1&content-type=text/plain

48

49

Index: xen-4.3-CVE-2013-6375-XSA-75.patch

50

===================================================================

51

nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing

52

53

Otherwise uninitialized data may be used, leading to crashes.

54

55

This is XSA-75.

56

57

Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@××××××.com>

58

Signed-off-by: Jan Beulich <jbeulich@××××.com>

59

Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@××××××.com>

60

61

--- a/xen/arch/x86/hvm/vmx/vvmx.c

62

+++ b/xen/arch/x86/hvm/vmx/vvmx.c

63

@@ -1509,15 +1509,10 @@ static void clear_vvmcs_launched(struct 

64

}

65

}

66

67

-int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)

68

+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)

69

{

70

     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);

71

     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);

72

-    int rc;

73

-

74

-    rc = vmx_inst_check_privilege(regs, 0);

75

-    if ( rc != X86EMUL_OKAY )

76

-        return rc;

77

78

     /* check VMCS is valid and IO BITMAP is set */

79

     if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) &&

80

@@ -1536,6 +1531,10 @@ int nvmx_handle_vmresume(struct cpu_user

81

     struct vcpu *v = current;

82

     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);

83

     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);

84

+    int rc = vmx_inst_check_privilege(regs, 0);

85

+

86

+    if ( rc != X86EMUL_OKAY )

87

+        return rc;

88

89

     if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )

90

{

91

@@ -1555,10 +1554,13 @@ int nvmx_handle_vmresume(struct cpu_user

92

 int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)

93

{

94

     bool_t launched;

95

-    int rc;

96

     struct vcpu *v = current;

97

     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);

98

     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);

99

+    int rc = vmx_inst_check_privilege(regs, 0);

100

+

101

+    if ( rc != X86EMUL_OKAY )

102

+        return rc;

103

104

     if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )

105

{

1	idella4 13/11/22 12:32:12
2
3	Added: xen-CVE-2013-6375-XSA-78.patch
4	xen-4.3-CVE-2013-6375-XSA-75.patch
5	Log:
6	Adding more security patches to 4.3.0 from Bug #486354, drop old
7
8	(Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
9
10	Revision Changes Path
11	1.1 app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch?rev=1.1&content-type=text/plain
15
16	Index: xen-CVE-2013-6375-XSA-78.patch
17	===================================================================
18	http://seclists.org/oss-sec/2013/q4/att-322/xsa78.patch
19	VT-d: fix TLB flushing in dma_pte_clear_one()
20
21	The third parameter of __intel_iommu_iotlb_flush() is to indicate
22	whether the to be flushed entry was a present one. A few lines before,
23	we bailed if !dma_pte_present(*pte), so there's no need to check the
24	flag here again - we can simply always pass TRUE here.
25
26	This is XSA-78.
27
28	Suggested-by: Cheng Yueqiang <yqcheng.2008@×××××××××××××.sg>
29	Signed-off-by: Jan Beulich <jbeulich@××××.com>
30
31	--- a/xen/drivers/passthrough/vtd/iommu.c
32	+++ b/xen/drivers/passthrough/vtd/iommu.c
33	@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom
34	iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
35
36	if ( !this_cpu(iommu_dont_flush_iotlb) )
37	- __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1);
38	+ __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1);
39
40	unmap_vtd_domain_page(page);
41
42
43
44	1.1 app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch
45
46	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch?rev=1.1&view=markup
47	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch?rev=1.1&content-type=text/plain
48
49	Index: xen-4.3-CVE-2013-6375-XSA-75.patch
50	===================================================================
51	nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing
52
53	Otherwise uninitialized data may be used, leading to crashes.
54
55	This is XSA-75.
56
57	Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@××××××.com>
58	Signed-off-by: Jan Beulich <jbeulich@××××.com>
59	Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@××××××.com>
60
61	--- a/xen/arch/x86/hvm/vmx/vvmx.c
62	+++ b/xen/arch/x86/hvm/vmx/vvmx.c
63	@@ -1509,15 +1509,10 @@ static void clear_vvmcs_launched(struct
64	}
65	}
66
67	-int nvmx_vmresume(struct vcpu v, struct cpu_user_regs regs)
68	+static int nvmx_vmresume(struct vcpu v, struct cpu_user_regs regs)
69	{
70	struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
71	struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
72	- int rc;
73	-
74	- rc = vmx_inst_check_privilege(regs, 0);
75	- if ( rc != X86EMUL_OKAY )
76	- return rc;
77
78	/* check VMCS is valid and IO BITMAP is set */
79	if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) &&
80	@@ -1536,6 +1531,10 @@ int nvmx_handle_vmresume(struct cpu_user
81	struct vcpu *v = current;
82	struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
83	struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
84	+ int rc = vmx_inst_check_privilege(regs, 0);
85	+
86	+ if ( rc != X86EMUL_OKAY )
87	+ return rc;
88
89	if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
90	{
91	@@ -1555,10 +1554,13 @@ int nvmx_handle_vmresume(struct cpu_user
92	int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
93	{
94	bool_t launched;
95	- int rc;
96	struct vcpu *v = current;
97	struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
98	struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
99	+ int rc = vmx_inst_check_privilege(regs, 0);
100	+
101	+ if ( rc != X86EMUL_OKAY )
102	+ return rc;
103
104	if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
105	{

Gentoo Archives: gentoo-commits