aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen
diff options
context:
space:
mode:
Diffstat (limited to 'main/xen')
-rw-r--r--main/xen/APKBUILD6
-rw-r--r--main/xen/xsa34-4.2.patch30
-rw-r--r--main/xen/xsa35-4.2-with-xsa34.patch24
3 files changed, 59 insertions, 1 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 3c3a8a781b..5e07fabdfe 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.2.1
-pkgrel=4
+pkgrel=5
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86 x86_64"
@@ -22,6 +22,8 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
xsa41.patch
xsa41b.patch
xsa41c.patch
+ xsa34-4.2.patch
+ xsa35-4.2-with-xsa34.patch
xenstored.initd
xenstored.confd
@@ -141,6 +143,8 @@ md5sums="0d48cbe1767b82aba12517898d4e0408 xen-4.2.1.tar.gz
8ad8942000b8a4be4917599cad9209cf xsa41.patch
ed7d0399c6ca6aeee479da5d8f807fe0 xsa41b.patch
2f3dd7bdc59d104370066d6582725575 xsa41c.patch
+af10e1a3f757a184a1d79904a5ef8572 xsa34-4.2.patch
+8270dbf929e26b5e95532d10a697e404 xsa35-4.2-with-xsa34.patch
95d8af17bf844d41a015ff32aae51ba1 xenstored.initd
b017ccdd5e1c27bbf1513e3569d4ff07 xenstored.confd
ed262f15fb880badb53575539468646c xenconsoled.initd
diff --git a/main/xen/xsa34-4.2.patch b/main/xen/xsa34-4.2.patch
new file mode 100644
index 0000000000..f5328eff9f
--- /dev/null
+++ b/main/xen/xsa34-4.2.patch
@@ -0,0 +1,30 @@
+x86_32: don't allow use of nested HVM
+
+There are (indirect) uses of map_domain_page() in the nested HVM code
+that are unsafe when not just using the 1:1 mapping.
+
+This is XSA-34 / CVE-2013-0151.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
+ rc = -EINVAL;
+ break;
+ case HVM_PARAM_NESTEDHVM:
++#ifdef __i386__
++ if ( a.value )
++ rc = -EINVAL;
++#else
+ if ( a.value > 1 )
+ rc = -EINVAL;
+ if ( !is_hvm_domain(d) )
+@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
+ for_each_vcpu(d, v)
+ if ( rc == 0 )
+ rc = nestedhvm_vcpu_initialise(v);
++#endif
+ break;
+ case HVM_PARAM_BUFIOREQ_EVTCHN:
+ rc = -EINVAL;
diff --git a/main/xen/xsa35-4.2-with-xsa34.patch b/main/xen/xsa35-4.2-with-xsa34.patch
new file mode 100644
index 0000000000..89230e2a46
--- /dev/null
+++ b/main/xen/xsa35-4.2-with-xsa34.patch
@@ -0,0 +1,24 @@
+xen: Do not allow guests to enable nested HVM on themselves
+
+There is no reason for this and doing so exposes a memory leak to
+guests. Only toolstacks need write access to this HVM param.
+
+This is XSA-35 / CVE-2013-0152.
+
+Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
+Acked-by: Jan Beulich <JBeulich@suse.com>
+
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -3862,6 +3862,11 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE(void) arg)
+ rc = -EINVAL;
+ break;
+ case HVM_PARAM_NESTEDHVM:
++ if ( !IS_PRIV(current->domain) )
++ {
++ rc = -EPERM;
++ break;
++ }
+ #ifdef __i386__
+ if ( a.value )
+ rc = -EINVAL;