diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2016-06-23 10:45:11 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-06-23 10:45:20 +0000 |
| commit | 08e33d0f02c353d47b25b57f4f56a6ba9918fe32 (patch) | |
| tree | e1439083ca6c69950a2fc61c584655d61d3a9668 /main/xen/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch | |
| parent | 34a184ba931dbb3ae96e346f438955810f0eb765 (diff) | |
| download | aports-08e33d0f02c353d47b25b57f4f56a6ba9918fe32.tar.bz2 aports-08e33d0f02c353d47b25b57f4f56a6ba9918fe32.tar.xz | |
main/xen: security upgrade to 4.6.3
XSA-181 CVE-2016-5242
arm: Host crash caused by VMID exhaustion
XSA-180 CVE-2014-3672
Unrestricted qemu logging
XSA-179 CVE-2016-3710 CVE-2016-3712
QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
XSA-178 CVE-2016-4963
Unsanitised driver domain input in libxl device handling
XSA-176 CVE-2016-4480
x86 software guest page walk PS bit handling flaw
XSA-175 CVE-2016-4962
Unsanitised guest input in libxl device handling code
XSA-174 CVE-2016-3961
hugetlbfs use may crash PV Linux guests
Diffstat (limited to 'main/xen/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch')
| -rw-r--r-- | main/xen/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/main/xen/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch b/main/xen/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch deleted file mode 100644 index 56a6e538f4..0000000000 --- a/main/xen/xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch +++ /dev/null @@ -1,41 +0,0 @@ -From c1fce65e2b720684ea6ba76ae59921542bd154bb Mon Sep 17 00:00:00 2001 -From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Date: Fri, 20 Nov 2015 12:22:14 -0500 -Subject: [PATCH 3/3] libvchan: Read prod/cons only once. - -We must ensure that the prod/cons are only read once and that -the compiler won't try to optimize the reads. That is split -the read of these in multiple instructions influencing later -branch code. As such insert barriers when fetching the cons -and prod index. - -This is part of XSA155. - -Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> ---- - tools/libvchan/io.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tools/libvchan/io.c b/tools/libvchan/io.c -index 8a9629b..381cc05 100644 ---- a/tools/libvchan/io.c -+++ b/tools/libvchan/io.c -@@ -117,6 +117,7 @@ static inline int send_notify(struct libxenvchan *ctrl, uint8_t bit) - static inline int raw_get_data_ready(struct libxenvchan *ctrl) - { - uint32_t ready = rd_prod(ctrl) - rd_cons(ctrl); -+ xen_mb(); /* Ensure 'ready' is read only once. */ - if (ready > rd_ring_size(ctrl)) - /* We have no way to return errors. Locking up the ring is - * better than the alternatives. */ -@@ -158,6 +159,7 @@ int libxenvchan_data_ready(struct libxenvchan *ctrl) - static inline int raw_get_buffer_space(struct libxenvchan *ctrl) - { - uint32_t ready = wr_ring_size(ctrl) - (wr_prod(ctrl) - wr_cons(ctrl)); -+ xen_mb(); /* Ensure 'ready' is read only once. */ - if (ready > wr_ring_size(ctrl)) - /* We have no way to return errors. Locking up the ring is - * better than the alternatives. */ --- -2.1.0 - |