main/xen: security fixes

XSA-204 CVE-2016-10013 x86: Mishandling of SYSCALL singlestep during emulation XSA-203 CVE-2016-10025 x86: missing NULL pointer check in VMFUNC emulation XSA-202 CVE-2016-10024 x86 PV guests may be able to mask interrupts fixes #6570
author: Natanael Copa <ncopa@alpinelinux.org> 2016-12-22 08:33:27 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2016-12-22 08:33:27 +0000
commit: c9bd97cb9fba54aa4c29080700c26c31cab4009a (patch)
tree: d018092a0a160954d8d03fdb269b97318f5846a9 /main/xen/xsa203-4.7.patch
parent: 35c385207644f8b6dcbf48dceb579ba290bf5708 (diff)
download: aports-c9bd97cb9fba54aa4c29080700c26c31cab4009a.tar.bz2
aports-c9bd97cb9fba54aa4c29080700c26c31cab4009a.tar.xz
1 files changed, 19 insertions, 0 deletions
diff --git a/main/xen/xsa203-4.7.patch b/main/xen/xsa203-4.7.patch
new file mode 100644
index 0000000000..d623d8468b
--- /dev/null
+++ b/main/xen/xsa203-4.7.patch
@@ -0,0 +1,19 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/HVM: add missing NULL check before using VMFUNC hook
+
+This is XSA-203.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- a/xen/arch/x86/hvm/emulate.c
++++ b/xen/arch/x86/hvm/emulate.c
+@@ -1643,6 +1643,8 @@ static int hvmemul_vmfunc(
+ {
+     int rc;
+ 
++    if ( !hvm_funcs.altp2m_vcpu_emulate_vmfunc )
++        return X86EMUL_UNHANDLEABLE;
+     rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(ctxt->regs);
+     if ( rc != X86EMUL_OKAY )
+         hvmemul_inject_hw_exception(TRAP_invalid_op, 0, ctxt);
author	Natanael Copa <ncopa@alpinelinux.org>	2016-12-22 08:33:27 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2016-12-22 08:33:27 +0000
commit	c9bd97cb9fba54aa4c29080700c26c31cab4009a (patch)
tree	d018092a0a160954d8d03fdb269b97318f5846a9 /main/xen/xsa203-4.7.patch
parent	35c385207644f8b6dcbf48dceb579ba290bf5708 (diff)
download	aports-c9bd97cb9fba54aa4c29080700c26c31cab4009a.tar.bz2 aports-c9bd97cb9fba54aa4c29080700c26c31cab4009a.tar.xz