From c79838c3a14eed1cee24731f89d7b1171751d304 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 11 Aug 2016 15:33:46 +0000 Subject: main/xen: upgrade to 4.7.0 and add secfixes fixes for: - CVE-2016-6258 - CVE-2016-6259 - CVE-2016-5403 --- main/xen/APKBUILD | 112 +++++++-- main/xen/gcc5-cflags.patch | 21 -- main/xen/gnutls-3.4.0.patch | 36 --- main/xen/init-xenstore-domain.patch | 10 - .../patch-gcc6-etherboot-ath9k-9287-array.patch | 68 ++++++ main/xen/patch-gcc6-etherboot-e1000_phy.c.patch | 20 ++ main/xen/patch-gcc6-etherboot-igb_phy.c.patch | 20 ++ main/xen/patch-gcc6-etherboot-no-pie.patch | 13 ++ ...gcc6-etherboot-rm-unused-string-functions.patch | 257 +++++++++++++++++++++ main/xen/patch-gcc6-etherboot-via-rhine.c.patch | 21 ++ main/xen/patch-gcc6-etherboot-via-velocity.c.patch | 12 + main/xen/rombios-no-pie.patch | 26 +++ ...s-writeback-upon-unsuccessful-MMX-SSE-AVX.patch | 41 ---- main/xen/xsa182-unstable.patch | 102 ++++++++ main/xen/xsa183-unstable.patch | 75 ++++++ main/xen/xsa184-qemut-master.patch | 43 ++++ main/xen/xsa184-qemuu-master.patch | 43 ++++ 17 files changed, 797 insertions(+), 123 deletions(-) delete mode 100644 main/xen/gcc5-cflags.patch delete mode 100644 main/xen/gnutls-3.4.0.patch delete mode 100644 main/xen/init-xenstore-domain.patch create mode 100644 main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch create mode 100644 main/xen/patch-gcc6-etherboot-e1000_phy.c.patch create mode 100644 main/xen/patch-gcc6-etherboot-igb_phy.c.patch create mode 100644 main/xen/patch-gcc6-etherboot-no-pie.patch create mode 100644 main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch create mode 100644 main/xen/patch-gcc6-etherboot-via-rhine.c.patch create mode 100644 main/xen/patch-gcc6-etherboot-via-velocity.c.patch create mode 100644 main/xen/rombios-no-pie.patch delete mode 100644 main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch create mode 100644 main/xen/xsa182-unstable.patch create mode 100644 main/xen/xsa183-unstable.patch create mode 100644 main/xen/xsa184-qemut-master.patch create mode 100644 main/xen/xsa184-qemuu-master.patch (limited to 'main/xen') diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index afc4cf7a70..dfb40dde2e 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Roger Pau Monne # Maintainer: William Pitcock pkgname=xen -pkgver=4.6.3 -pkgrel=1 +pkgver=4.7.0 +pkgrel=0 pkgdesc="Xen hypervisor" url="http://www.xen.org/" arch="x86_64 armhf" @@ -15,6 +15,12 @@ depends_dev="openssl-dev python-dev e2fsprogs-dev gettext zlib-dev ncurses-dev e2fsprogs-dev linux-headers argp-standalone" makedepends="$depends_dev autoconf automake libtool " +# secfixes: +# 4.7.0-r0: +# - CVE-2016-6258 XSA-182 +# - CVE-2016-6259 XSA-183 +# - CVE-2016-5403 XSA-184 + case "$CARCH" in x86*) depends="$depends syslinux" @@ -53,14 +59,17 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g http://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz + xsa182-unstable.patch + xsa183-unstable.patch + xsa184-qemut-master.patch + xsa184-qemuu-master.patch + qemu-coroutine-gthread.patch qemu-xen_paths.patch hotplug-vif-vtrill.patch + rombios-no-pie.patch 0001-ipxe-dont-clobber-ebp.patch - gcc5-cflags.patch - - init-xenstore-domain.patch musl-support.patch musl-hvmloader-fix-stdint.patch @@ -70,6 +79,21 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g xen-hotplug-lockfd.patch xen-fd-is-file.c + patch-gcc6-etherboot-nonnull-compare.patch::https://git.ipxe.org/ipxe.git/patch/e2f14c2f8c10674dbbd4f1228d79dc4c9be213b5 + patch-gcc6-etherboot-rm-unused-string-functions.patch + patch-gcc6-etherboot-nic.c.patch::https://git.ipxe.org/ipxe.git/patch/a5885fbc19c4b60dc1a21624d1a9d1b77a93504e + patch-gcc6-etherboot-ath.patch::https://git.ipxe.org/ipxe.git/patch/63037bdce4a325e5e1da85ffcdf27b77ac670c01 + patch-gcc6-etherboot-sis190.patch::https://git.ipxe.org/ipxe.git/patch/65b32a0b7000f70a5bb1d33190d40f9b04c93172 + patch-gcc6-etherboot-skge.patch::https://git.ipxe.org/ipxe.git/patch/76ec2a0540b25dbd183b9ce185583a4b24278cf1 + patch-gcc6-etherboot-via-velocity.c.patch + patch-gcc6-etherboot-via-rhine.c.patch + patch-gcc6-etherboot-e1000_phy.c.patch + patch-gcc6-etherboot-igb_phy.c.patch + patch-gcc6-etherboot-ath9k-9287-array.patch + patch-gcc6-etherboot-no-pie.patch + patch-gcc6-etherboot-link-header.patch::https://git.ipxe.org/ipxe.git/patch/6324bd9389521c7e86384591f41eb78a81e9af47 + patch-gcc6-etherboot-eth_broadcast.patch::https://git.ipxe.org/ipxe.git/patch/1cbb1581f16e235fafc963c906ad02b38d5457bd + xenstored.initd xenstored.confd xenconsoled.initd @@ -84,11 +108,18 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g _builddir="$srcdir"/$pkgname-$pkgver _seabios=/usr/share/seabios/bios-256k.bin prepare() { - local i _failed= + local i _failed= _series= cd "$_builddir" for i in $source; do case $i in + *-etherboot-*) + p=${i%%::*} + p=${p##*/} + msg "adding to ipxe: $p" + cp "$srcdir"/$p tools/firmware/etherboot/patches/ + echo "$p" >> tools/firmware/etherboot/patches/series + ;; *.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \ || _failed="$_failed $i" ;; @@ -245,7 +276,7 @@ hypervisor() { mv "$pkgdir"/boot "$subpkgdir"/ } -md5sums="26419d8477082dbdb32ec75b00f00643 xen-4.6.3.tar.gz +md5sums="3aa4e01bf37a3a5bc8572907cb88e649 xen-4.7.0.tar.gz dd60683d7057917e34630b4a787932e8 gmp-4.3.2.tar.bz2 cd3f3eb54446be6003156158d51f4884 grub-0.97.tar.gz 36cc57650cffda9a0269493be2a169bb lwip-1.3.0.tar.gz @@ -255,18 +286,35 @@ cec05e7785497c5e19da2f114b934ffd pciutils-2.2.9.tar.bz2 e26becb8a6a2b6695f6b3e8097593db8 tpm_emulator-0.7.4.tar.gz debc62758716a169df9f62e6ab2bc634 zlib-1.2.3.tar.gz 7496268cebf47d5c9ccb0696e3b26065 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz +d162fdb5a2def649a18e377dfb8c618e xsa182-unstable.patch +4e89035687d1fcdabe34610f947871ae xsa183-unstable.patch +95bc220677fc2bb9a3df4dc14a0b31f6 xsa184-qemut-master.patch +cc0904605d03a9e4f6f21d16824e41c9 xsa184-qemuu-master.patch de1a3db370b87cfb0bddb51796b50315 qemu-coroutine-gthread.patch 08bfdf8caff5d631f53660bf3fd4edaf qemu-xen_paths.patch e449bb3359b490804ffc7b0ae08d62a0 hotplug-vif-vtrill.patch +5fab5487fe92fa29302db9ccb04af564 rombios-no-pie.patch 3a04998db5cc3c5c86f3b46e97e9cd82 0001-ipxe-dont-clobber-ebp.patch -a0b70cd1190345396d97170bf2d11663 gcc5-cflags.patch -cadc904edee45ea4824439b1e9558b37 init-xenstore-domain.patch 0984e3000de17a6d14b8014a3ced46a4 musl-support.patch 513456607a2adfaa0baf1e3ae5124b23 musl-hvmloader-fix-stdint.patch c9313a790faa727205627a1657b9bf06 stdint_local.h c13f954d041a6fa78d0d241ad1780c0b elf_local.h 750138c31ec96d1a11fe0c665ac07e9e xen-hotplug-lockfd.patch 649f77b90978cd2b6d506ac44ec6c393 xen-fd-is-file.c +ea983c48b69eea3885627b2c8da8afec patch-gcc6-etherboot-nonnull-compare.patch +c1b73e5b708002b77b50827742c3af09 patch-gcc6-etherboot-rm-unused-string-functions.patch +e10ec3a62e8dc47052b8d8be77520af7 patch-gcc6-etherboot-nic.c.patch +78433fdb5ed0d9f71a1d2b8103a886c9 patch-gcc6-etherboot-ath.patch +83b0416745dffdfedec8caab7d20b758 patch-gcc6-etherboot-sis190.patch +24ece1158115e508e6a5db0a086f065c patch-gcc6-etherboot-skge.patch +465ca7d4841fe34b7b4d9d99257cd092 patch-gcc6-etherboot-via-velocity.c.patch +b136a8d31272eec48c766065bba260ca patch-gcc6-etherboot-via-rhine.c.patch +ef2d246f23e5ca152a4057617041bac6 patch-gcc6-etherboot-e1000_phy.c.patch +05b86753c6e6ca90af038b499fd564f0 patch-gcc6-etherboot-igb_phy.c.patch +74a5f930491bbc4333c84fff36029a1c patch-gcc6-etherboot-ath9k-9287-array.patch +567de70c3355c9724ebfdb02d7806435 patch-gcc6-etherboot-no-pie.patch +4ae9e861dc0a9b1873236399ba8cff6d patch-gcc6-etherboot-link-header.patch +ce606e447bc4884dffc59080cd10acfd patch-gcc6-etherboot-eth_broadcast.patch 4aeda68bf5b168019762fcf6edb661d3 xenstored.initd d86504e12f05deca6b3eeeb90157160e xenstored.confd d1dd5fc9a8b00f7373d789f9b5a605b9 xenconsoled.initd @@ -276,7 +324,7 @@ dcdd1de2c29e469e834a02ede4f47806 xendomains.confd 9df68ac65dc3f372f5d61183abdc83ff xen-consoles.logrotate 6a2f777c16678d84039acf670d86fff6 xenqemu.confd e1c9e1c83a5cc49224608a48060bd677 xenqemu.initd" -sha256sums="02badfce9a037bd1bd4a94210c1f6b85467746216c71795805102b514bcf1fc4 xen-4.6.3.tar.gz +sha256sums="be5876144d49729572ae06142e0bb93f1c1f2695578141eff2931995add24623 xen-4.7.0.tar.gz 936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775 gmp-4.3.2.tar.bz2 4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b grub-0.97.tar.gz 772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f lwip-1.3.0.tar.gz @@ -286,18 +334,35 @@ f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24 pciutils-2.2.9 4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459 tpm_emulator-0.7.4.tar.gz 1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e zlib-1.2.3.tar.gz 632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz +303400b9a832a3c1d423cc2cc97c2f00482793722f9ef7dd246783a049ac2792 xsa182-unstable.patch +ea0ea4b294332814330f222e6d78eea3b19c394eac8ae22feb4a5bd21e90331f xsa183-unstable.patch +88c939c64b8f9fc9f86d0a30517d5455462d1ff837aa4285a9cb189b54c0cf20 xsa184-qemut-master.patch +3877e19992c4532b8b2a37e151fe6a6187a1bbee2b54c1718b995260bb0fcf65 xsa184-qemuu-master.patch 3941f99b49c7e8dafc9fae8aad2136a14c6d84533cd542cc5f1040a41ef7c6fe qemu-coroutine-gthread.patch e4e5e838e259a3116978aabbcebc1865a895179a7fcbf4bad195c83e9b4c0f98 qemu-xen_paths.patch dd1e784bc455eb62cb85b3fa24bfc34f575ceaab9597ef6a2f1ee7ff7b3cae0a hotplug-vif-vtrill.patch +74cb62a4614dd042ea9169112fb677bfef751a760aae34c7e73391fa857a8429 rombios-no-pie.patch ac8bbd0b864c7de278fd9b68392b71863581ec21622c2e9b87e501e492e414d3 0001-ipxe-dont-clobber-ebp.patch -8226200f17448e20784ad985ffe47aba1e8401364d9a2b6301818ca043f9ec35 gcc5-cflags.patch -f246382763746536bafc77f117cc6e689c6c9ee8dd2608c02dbfe9f025701589 init-xenstore-domain.patch 2fea4ceec8872f5560023fa135e3ff03d6deee4299e53d3a33ec59c31779b2c5 musl-support.patch 479b9605e85c865be6117b6d1993124dbbb7da7f95d0e896e4c0fe5cdfeb74d3 musl-hvmloader-fix-stdint.patch 6b4ad2a9fdb3e23b06c8c1961a46b06c15a46471fe6fb13cdc269da37466f334 stdint_local.h 7f1ed2db24d8eba87a08eea0601a9ab339209906fdfa74c8c03564a1a6e6471e elf_local.h b183ed028a8c42a64e6fd3fb4b2b6dad832f52ed838fceb69bf681de4e7d794f xen-hotplug-lockfd.patch d0b3e5f282a07878341c38f40d01041ed37623757a99d6e0a420ca64d1f4ef2a xen-fd-is-file.c +17bb27d95c86af8cc5e499b1b0db9b95bba3f45910d55b420f9f1f5452355fab patch-gcc6-etherboot-nonnull-compare.patch +5d5fe7bf52cbae9da20cfd1fc798699b2355a1af907ebf7f764e227891a759bb patch-gcc6-etherboot-rm-unused-string-functions.patch +9f34f8ecb9a44c688275b838c83efd233bb817f5e222629eac98e116168d704c patch-gcc6-etherboot-nic.c.patch +cdf7c4a089fe1fe493aafaf669decc3c9e071a0950da77dce526c09088d1c931 patch-gcc6-etherboot-ath.patch +32595581467772b9fa0fbb5384c99caefeb2cee3306b94b9bd2722084454f5a2 patch-gcc6-etherboot-sis190.patch +c73d1653b9b1d97ddce717817dc74429cd94c7b22989a08604eaa60df63f75f8 patch-gcc6-etherboot-skge.patch +448caed900ada2c030738218f5b82f5e29d9dc2e1beef9ebd49cbeb23734df0d patch-gcc6-etherboot-via-velocity.c.patch +61b1518c8d41792ec3b36e0fbfc265adb6c9304945a6fa18d6cc5a197e34b94f patch-gcc6-etherboot-via-rhine.c.patch +577f06e38a9ecbd3576907f2ba1c5040f4f1573fe92912635230702ad157b2e7 patch-gcc6-etherboot-e1000_phy.c.patch +80a24e9504d3893e83dc60550ffe364a873aaf3dafb52dcdade13f61f2ec0ee5 patch-gcc6-etherboot-igb_phy.c.patch +a15d73e0fb51fe3c1cf8b80a5ff17d532444016d14495d90d9e642ec60f320a6 patch-gcc6-etherboot-ath9k-9287-array.patch +2269932e8645c11e7fe60eeb6e0720841c2b5ddac2e6965ead1527d3e5924ee9 patch-gcc6-etherboot-no-pie.patch +cace870b6629003b55d9df9ef24f3445067239b913c006b6e23da511c1a21d78 patch-gcc6-etherboot-link-header.patch +be05ccd8975af402dcba3a3dc78c173319b2edd636bac11ac11163091453b704 patch-gcc6-etherboot-eth_broadcast.patch 90a8fc315bfe305581b3873890b1c1c8da6f62b5d06b73b79bac7a74671bbb07 xenstored.initd 991bb7c9da02941556e29714bd96b26e39e57e0a5b514eadd78d9bfa3fa5a9dc xenstored.confd d13719093a2c3824525f36ac91ac3c9bd1154e5ba0974e5441e4a2ab5e883521 xenconsoled.initd @@ -307,7 +372,7 @@ d13719093a2c3824525f36ac91ac3c9bd1154e5ba0974e5441e4a2ab5e883521 xenconsoled.in 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 xen-consoles.logrotate 4cfcddcade5d055422ab4543e8caa6e5c5eee7625c41880a9000b7a87c7c424e xenqemu.confd c92bbb1166edd61141fdf678116974209c4422daf373cdd5bc438aa4adb25b8d xenqemu.initd" -sha512sums="187a860b40c05139f22b8498a5fae1db173c3110d957147af29a56cb83b7111c9dc4946d65f9dffc847001fc01c5e9bf51886eaa1194bb9cfd0b6dbcd43a2c5c xen-4.6.3.tar.gz +sha512sums="2c52c8ef145dfab7d069e79318d5d631e1106a0ddc79d88b3bacf36c7f15cea67dccb704a245e785d2a1e42c6fb6c0ad74832f564aaeec025ad7b864031f0921 xen-4.7.0.tar.gz 2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf gmp-4.3.2.tar.bz2 c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb grub-0.97.tar.gz 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d lwip-1.3.0.tar.gz @@ -317,18 +382,35 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36 4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35 tpm_emulator-0.7.4.tar.gz 021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e zlib-1.2.3.tar.gz c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz +e0a195ca377be7e4d584eff451d7b077406f54ca64c94b1515a4b23318fed33880da759144237de3be4abc92572037c8f5119b6b70ffc26a1872a771d769b8b2 xsa182-unstable.patch +a5c23c5ecc6c01875da2c0791c3d62334f3709dff12cb6a1b7a486778da7604994b610a6fc1fb12a46aca409b833c1f37ca704006cd52a283f1ead66a4d9af2a xsa183-unstable.patch +14c07d077a9d60a03859ca1b92347517c93faf88db06f8cb0515e486a3919afa8401203161ff671dda8fbdb64e6ca5e86120f1b8f65e6bfaa63a8c6a33211bad xsa184-qemut-master.patch +862e00d9cd126f8323f9c9706bf6ce7896d97e68e647416c699d9f2e01b88083a5fea346b13403577311384946912123f64bf5a568f1a6f92077d28923df54c6 xsa184-qemuu-master.patch c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562 qemu-coroutine-gthread.patch 1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3 hotplug-vif-vtrill.patch +71d0ebcda62259a1bf056807363015f2370f12daa5774f16150da42cba66bb5b65ec82f1f806fe147346560aa4d0e78bc5b5d8ae9f7e82d0aabae9d63fc876f6 rombios-no-pie.patch a6455988477a29d856924651db5e14f96d835413b956278d2291cbb8e5877d7bf6f462890f607ecf1c7b4003997295d0ba7852e110fc20df3a3edf1845e778ba 0001-ipxe-dont-clobber-ebp.patch -68ea6d4798f107fc2fd134c970cd7f7b9aeafe3efaf9501bbd5ec35e7e212f1d637c15c21c7a257c0709c2a2d441f6c6192abad39fd23b3ecba69bcefbb3e930 gcc5-cflags.patch -76ffe70833928a9e19dedbf42e87f6267c4d15e7dc8710fba9b7874245a5d5b4c43a27ef97c3b121cbcd5a8470f1216a3f64114cb5b83325cb30fa2040721b66 init-xenstore-domain.patch 76bd60768b296752ca11195bb03a57584686461da45255cb540977111a73c42b5b92362fd46d97bfd20487c96971dd5aed7eae7d8bf1aad7d5199adb875d4962 musl-support.patch 08cf7fac825dd3da5f33856abf6692da00d8928ab73050b3ae0a643ddb97c8ae323238a80152fd31595ac1c31678d559232264258c189e2c05ecaf33e295f13e musl-hvmloader-fix-stdint.patch 9dcb481c5b83c7df23e87be717d8a9234014f26a0f80893e125fe8110e2923562d95162d18ff64c08b5782cd7c085f90378a9e0802b3995c077c8ba32bbb669f stdint_local.h 853467a2d055c5bfbdc7bdca175a334241be44a7c5ac3c0a84a4bc5463b5c070b66d37e2a557429ef860727a6b7350683af758cc2494d85b6be4d883143a2c0d elf_local.h 79cb1b6b81b17cb87a064dfe3548949dfb80f64f203cac11ef327102b7a25794549ce2d9c019ebf05f752214da8e05065e9219d069e679c0ae5bee3d090c685e xen-hotplug-lockfd.patch e76816c6ad0e91dc5f81947f266da3429b20e6d976c3e8c41202c6179532eec878a3f0913921ef3ac853c5dbad8082da3c9cd53b65081910516feb492577b7fc xen-fd-is-file.c +be0f4d00d0952883f2e0f5cabff4bda9bbfc1ff728389065a7a820875b191cf37890a272d3f9a0398fa86bbad20f6a2c16d2b7f30f3e03d746ee1d72b8ae3614 patch-gcc6-etherboot-nonnull-compare.patch +55cf5ced4ff02d7a94bcdddbfdd0f4894c07991fa0be1829787f9498401340f0da30d2f118f4798c87e6097b13f14e1829cdc8024227ad0a561d5d8e08fc14ac patch-gcc6-etherboot-rm-unused-string-functions.patch +fac0d9c790aa49ded45ab46304dada4d3526e62594dc837e0578ebff6e75d9e87d0451447deb8bc0a82b898e1d414d759bff67b71f84ef20d23655496769c939 patch-gcc6-etherboot-nic.c.patch +4a47a6b3f0fa1061aaa7a3cecd8bc39d7200eac1861189bcb3f9aa82eec68272bc9b7e861f787f0edb894edf0e17cafdc3a5e53924893fec48c7269a129aac5b patch-gcc6-etherboot-ath.patch +3c5a8a05e73e688993438196c0d799f2a9d41d7f092722a42ddbb420c464f54cf870e071b71b0c1e0e96a0b934ae229bb7dff16ca0538c1ceebe7e44c51f374b patch-gcc6-etherboot-sis190.patch +d4de0c94b850b886ceaa519d327fbfb80028147395694a31aed76de1a6f4ea001a356f11fb833c963b3934268313611193e21c615273cbc99c9911b847ca0233 patch-gcc6-etherboot-skge.patch +4676979566c78d8f8dc46083dd2959bd871fdc5e790ec0846f47cd74f6740117e217a1b382d03302965769afcdf3f299ec9abd584b27430c4ed69e6776081194 patch-gcc6-etherboot-via-velocity.c.patch +be4a3f48a7a3de745693ef1b8d1ab487ee3d8d7ed1b2e98ed94af7d52fb1db2fd724f8fada267a5ef9caa41721431e0e66d18d9cfc6557bfb8a1f95f44eeba68 patch-gcc6-etherboot-via-rhine.c.patch +1bec93daf9c2df4904828f6473c64a46d2da1401b6aac5c33b1c411f8bfc0be119109db7c6582bb38aa178a28a3401072cac2636f1c631392fcffeed88bc0950 patch-gcc6-etherboot-e1000_phy.c.patch +78093aa78c4711001adef6f29588535ca000931bcfca7c247d5ff4ef24eff2a553919ec5bae2f7d40236513d3bfa04e3baf20fdba5cd1ce8bd4957b8deebeb3c patch-gcc6-etherboot-igb_phy.c.patch +cca8b3230d33261efffb30cfc42661a6ec09433e3aa80d50710112d73c6b45c81dc0fa259072dc42ca31c5cec8ceca84b0a4f44ed85716f2e2d3287ddc84b7ec patch-gcc6-etherboot-ath9k-9287-array.patch +a87f907b193203d6710515d48fb88dfd1c22ec4ca4a710822f1327df9902e4d66552208bc6b1c7fbd1816946edeccb3ffb374397b3e5b629be1b130bb763315e patch-gcc6-etherboot-no-pie.patch +3126cdc1338d14338b56defddb96e99a12aff0f847365386a89fd54469ed08e17abbb10827ce08ca515895c6b50c37d189b1f84712de938ce0db2f8817c1de6e patch-gcc6-etherboot-link-header.patch +44561a76fa7abab4dd9c150d4b14c83432fea1813c5455f7321f71b28ece47f56002fae6bec25c5d63259a961136dfd29c4ac4d9649a0a7b3b5dbcd5b62fc111 patch-gcc6-etherboot-eth_broadcast.patch 52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd 093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd 3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd diff --git a/main/xen/gcc5-cflags.patch b/main/xen/gcc5-cflags.patch deleted file mode 100644 index d8e0bcdac2..0000000000 --- a/main/xen/gcc5-cflags.patch +++ /dev/null @@ -1,21 +0,0 @@ -gcc5 gives array-bounds warning on xen/common/symbols.c - also maybe-uninitialized warning on xen/xsm/flask/ss/policydb.c - ---- xen-4.5.0/xen/common/Makefile.orig 2015-01-12 16:53:24.000000000 +0000 -+++ xen-4.5.0/xen/common/Makefile 2015-02-14 15:40:29.722759007 +0000 -@@ -72,3 +72,5 @@ - - subdir-y += libelf - subdir-$(HAS_DEVICE_TREE) += libfdt -+ -+CFLAGS += -Wno-error=array-bounds ---- xen-4.5.0/xen/xsm/flask/Makefile.orig 2015-01-12 16:53:24.000000000 +0000 -+++ xen-4.5.0/xen/xsm/flask/Makefile 2015-02-14 16:49:54.376183206 +0000 -@@ -5,6 +5,7 @@ - subdir-y += ss - - CFLAGS += -I./include -+CFLAGS += -Wno-error=maybe-uninitialized - - AWK = awk - diff --git a/main/xen/gnutls-3.4.0.patch b/main/xen/gnutls-3.4.0.patch deleted file mode 100644 index 9d2ed166dd..0000000000 --- a/main/xen/gnutls-3.4.0.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- ./tools/qemu-xen-traditional/vnc.c.orig -+++ ./tools/qemu-xen-traditional/vnc.c -@@ -2137,10 +2137,6 @@ - - - static int vnc_start_tls(struct VncState *vs) { -- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; -- static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; -- static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0}; -- static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; - - VNC_DEBUG("Do TLS setup\n"); - if (vnc_tls_initialize() < 0) { -@@ -2161,21 +2157,7 @@ - return -1; - } - -- if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) { -- gnutls_deinit(vs->tls_session); -- vs->tls_session = NULL; -- vnc_client_error(vs); -- return -1; -- } -- -- if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { -- gnutls_deinit(vs->tls_session); -- vs->tls_session = NULL; -- vnc_client_error(vs); -- return -1; -- } -- -- if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { -+ if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); diff --git a/main/xen/init-xenstore-domain.patch b/main/xen/init-xenstore-domain.patch deleted file mode 100644 index 7bbedb918c..0000000000 --- a/main/xen/init-xenstore-domain.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- ./tools/xenstore/Makefile.orig -+++ ./tools/xenstore/Makefile -@@ -139,6 +139,7 @@ - endif - $(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir) - $(INSTALL_PROG) xenstore $(DESTDIR)$(bindir) -+ $(INSTALL_PROG) init-xenstore-domain $(DESTDIR)$(bindir) - set -e ; for c in $(CLIENTS) ; do \ - ln -f $(DESTDIR)$(bindir)/xenstore $(DESTDIR)$(bindir)/$${c} ; \ - done diff --git a/main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch b/main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch new file mode 100644 index 0000000000..7b1f369b1e --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-ath9k-9287-array.patch @@ -0,0 +1,68 @@ +From 83d6f1f15f8cce844b0a131cbc63e444620e48b5 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 14 Mar 2016 15:18:36 +0100 +Subject: ath9k: fix buffer overrun for ar9287 + +Code that was added back in 2.6.38 has an obvious overflow +when accessing a static array, and at the time it was added +only a code comment was put in front of it as a reminder +to have it reviewed properly. + +This has not happened, but gcc-6 now points to the specific +overflow: + +drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs': +drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds] + maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4]; + ~~~~~~~~~~~~~~~~~~~~~~~~~^~~ + +It turns out that the correct array length exists in the local +'intercepts' variable of this function, so we can just use that +instead of hardcoding '4', so this patch changes all three +instances to use that variable. The other two instances were +already correct, but it's more consistent this way. + +Signed-off-by: Arnd Bergmann +Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs") +Signed-off-by: David S. Miller +--- + drivers/net/wireless/ath/ath9k/eeprom.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath9k/eeprom.c b/drivers/net/wireless/ath/ath9k/eeprom.c +index 73fb423..a794157 100644 +--- a/src/drivers/net/ath/ath9k/ath9k_eeprom.c ++++ b/src/drivers/net/ath/ath9k/ath9k_eeprom.c +@@ -477,10 +477,9 @@ void ath9k_hw_get_gain_boundaries_pdadcs(struct ath_hw *ah, + + if (match) { + if (AR_SREV_9287(ah)) { +- /* FIXME: array overrun? */ + for (i = 0; i < numXpdGains; i++) { + minPwrT4[i] = data_9287[idxL].pwrPdg[i][0]; +- maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4]; ++ maxPwrT4[i] = data_9287[idxL].pwrPdg[i][intercepts - 1]; + ath9k_hw_fill_vpd_table(minPwrT4[i], maxPwrT4[i], + data_9287[idxL].pwrPdg[i], + data_9287[idxL].vpdPdg[i], +@@ -490,7 +489,7 @@ void ath9k_hw_get_gain_boundaries_pdadcs(struct ath_hw *ah, + } else if (eeprom_4k) { + for (i = 0; i < numXpdGains; i++) { + minPwrT4[i] = data_4k[idxL].pwrPdg[i][0]; +- maxPwrT4[i] = data_4k[idxL].pwrPdg[i][4]; ++ maxPwrT4[i] = data_4k[idxL].pwrPdg[i][intercepts - 1]; + ath9k_hw_fill_vpd_table(minPwrT4[i], maxPwrT4[i], + data_4k[idxL].pwrPdg[i], + data_4k[idxL].vpdPdg[i], +@@ -500,7 +499,7 @@ void ath9k_hw_get_gain_boundaries_pdadcs(struct ath_hw *ah, + } else { + for (i = 0; i < numXpdGains; i++) { + minPwrT4[i] = data_def[idxL].pwrPdg[i][0]; +- maxPwrT4[i] = data_def[idxL].pwrPdg[i][4]; ++ maxPwrT4[i] = data_def[idxL].pwrPdg[i][intercepts - 1]; + ath9k_hw_fill_vpd_table(minPwrT4[i], maxPwrT4[i], + data_def[idxL].pwrPdg[i], + data_def[idxL].vpdPdg[i], +-- +cgit v0.12 + diff --git a/main/xen/patch-gcc6-etherboot-e1000_phy.c.patch b/main/xen/patch-gcc6-etherboot-e1000_phy.c.patch new file mode 100644 index 0000000000..4cd6c246c1 --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-e1000_phy.c.patch @@ -0,0 +1,20 @@ +diff -aur a/src/drivers/net/e1000/e1000_phy.c b/src/drivers/net/e1000/e1000_phy.c +--- a/src/drivers/net/e1000/e1000_phy.c 2016-05-12 19:40:13.950772568 +1000 ++++ b/src/drivers/net/e1000/e1000_phy.c 2016-05-12 19:41:08.429089344 +1000 +@@ -164,7 +164,7 @@ + + DEBUGFUNC("e1000_get_phy_id"); + +- if (!(phy->ops.read_reg)) ++ if (!(phy->ops.read_reg)) { + goto out; + + ret_val = phy->ops.read_reg(hw, PHY_ID1, &phy_id); +@@ -179,6 +179,7 @@ + + phy->id |= (u32)(phy_id & PHY_REVISION_MASK); + phy->revision = (u32)(phy_id & ~PHY_REVISION_MASK); ++ } + + out: + return ret_val; diff --git a/main/xen/patch-gcc6-etherboot-igb_phy.c.patch b/main/xen/patch-gcc6-etherboot-igb_phy.c.patch new file mode 100644 index 0000000000..44beb4baa9 --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-igb_phy.c.patch @@ -0,0 +1,20 @@ +diff -aur a/src/drivers/net/igb/igb_phy.c b/src/drivers/net/igb/igb_phy.c +--- a/src/drivers/net/igb/igb_phy.c 2016-05-12 19:53:45.063246296 +1000 ++++ b/src/drivers/net/igb/igb_phy.c 2016-05-12 19:54:09.992692278 +1000 +@@ -88,7 +88,7 @@ + + DEBUGFUNC("igb_get_phy_id"); + +- if (!(phy->ops.read_reg)) ++ if (!(phy->ops.read_reg)) { + goto out; + + ret_val = phy->ops.read_reg(hw, PHY_ID1, &phy_id); +@@ -103,6 +103,7 @@ + + phy->id |= (u32)(phy_id & PHY_REVISION_MASK); + phy->revision = (u32)(phy_id & ~PHY_REVISION_MASK); ++ } + + out: + return ret_val; diff --git a/main/xen/patch-gcc6-etherboot-no-pie.patch b/main/xen/patch-gcc6-etherboot-no-pie.patch new file mode 100644 index 0000000000..c4500259a6 --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-no-pie.patch @@ -0,0 +1,13 @@ +diff --git a/src/Makefile b/src/Makefile +index e2425d7..20111d7 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -4,7 +4,7 @@ + # + + CLEANUP := +-CFLAGS := ++CFLAGS := -fno-pie + ASFLAGS := + LDFLAGS := + MAKEDEPS := Makefile diff --git a/main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch b/main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch new file mode 100644 index 0000000000..991d433301 --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-rm-unused-string-functions.patch @@ -0,0 +1,257 @@ +From b54167b8b6a35c7dab19bbe4b421d447036558d4 Mon Sep 17 00:00:00 2001 +From: Michael Brown +Date: Mon, 16 Feb 2015 15:33:32 +0000 +Subject: [PATCH] [libc] Remove unused string functions + +Signed-off-by: Michael Brown +--- + src/core/stringextra.c | 188 ------------------------------------------------ + src/include/string.h | 6 -- + 2 files changed, 0 insertions(+), 194 deletions(-) + +diff --git a/src/core/stringextra.c b/src/core/stringextra.c +index 0a50985..18ffc63 100644 +--- a/src/core/stringextra.c ++++ b/src/core/stringextra.c +@@ -38,122 +38,6 @@ FILE_LICENCE ( GPL2_ONLY ); + + /* *** FROM string.c *** */ + +-#ifndef __HAVE_ARCH_STRNICMP +-/** +- * strnicmp - Case insensitive, length-limited string comparison +- * @s1: One string +- * @s2: The other string +- * @len: the maximum number of characters to compare +- */ +-int strnicmp(const char *s1, const char *s2, size_t len) +-{ +- /* Yes, Virginia, it had better be unsigned */ +- unsigned char c1, c2; +- +- c1 = 0; c2 = 0; +- if (len) { +- do { +- c1 = *s1; c2 = *s2; +- s1++; s2++; +- if (!c1) +- break; +- if (!c2) +- break; +- if (c1 == c2) +- continue; +- c1 = tolower(c1); +- c2 = tolower(c2); +- if (c1 != c2) +- break; +- } while (--len); +- } +- return (int)c1 - (int)c2; +-} +-#endif +- +-char * ___strtok; +- +-#ifndef __HAVE_ARCH_STRNCAT +-/** +- * strncat - Append a length-limited, %NUL-terminated string to another +- * @dest: The string to be appended to +- * @src: The string to append to it +- * @count: The maximum numbers of bytes to copy +- * +- * Note that in contrast to strncpy, strncat ensures the result is +- * terminated. +- */ +-char * strncat(char *dest, const char *src, size_t count) +-{ +- char *tmp = dest; +- +- if (count) { +- while (*dest) +- dest++; +- while ((*dest++ = *src++)) { +- if (--count == 0) { +- *dest = '\0'; +- break; +- } +- } +- } +- +- return tmp; +-} +-#endif +- +-#ifndef __HAVE_ARCH_STRSPN +-/** +- * strspn - Calculate the length of the initial substring of @s which only +- * contain letters in @accept +- * @s: The string to be searched +- * @accept: The string to search for +- */ +-size_t strspn(const char *s, const char *accept) +-{ +- const char *p; +- const char *a; +- size_t count = 0; +- +- for (p = s; *p != '\0'; ++p) { +- for (a = accept; *a != '\0'; ++a) { +- if (*p == *a) +- break; +- } +- if (*a == '\0') +- return count; +- ++count; +- } +- +- return count; +-} +-#endif +- +-#ifndef __HAVE_ARCH_STRCSPN +-/** +- * strcspn - Calculate the length of the initial substring of @s which only +- * contain letters not in @reject +- * @s: The string to be searched +- * @accept: The string to search for +- */ +-size_t strcspn(const char *s, const char *reject) +-{ +- const char *p; +- const char *r; +- size_t count = 0; +- +- for (p = s; *p != '\0'; ++p) { +- for (r = reject; *r != '\0'; ++r) { +- if (*p == *r) +- return count; +- } +- ++count; +- } +- +- return count; +-} +-#endif +- + #ifndef __HAVE_ARCH_STRPBRK + /** + * strpbrk - Find the first occurrence of a set of characters +@@ -174,35 +58,6 @@ char * strpbrk(const char * cs,const char * ct) + } + #endif + +-#ifndef __HAVE_ARCH_STRTOK +-/** +- * strtok - Split a string into tokens +- * @s: The string to be searched +- * @ct: The characters to search for +- * +- * WARNING: strtok is deprecated, use strsep instead. +- */ +-char * strtok(char * s,const char * ct) +-{ +- char *sbegin, *send; +- +- sbegin = s ? s : ___strtok; +- if (!sbegin) { +- return NULL; +- } +- sbegin += strspn(sbegin,ct); +- if (*sbegin == '\0') { +- ___strtok = NULL; +- return( NULL ); +- } +- send = strpbrk( sbegin, ct); +- if (send && *send != '\0') +- *send++ = '\0'; +- ___strtok = send; +- return (sbegin); +-} +-#endif +- + #ifndef __HAVE_ARCH_STRSEP + /** + * strsep - Split a string into tokens +@@ -230,46 +85,3 @@ char * strsep(char **s, const char *ct) + return sbegin; + } + #endif +- +-#ifndef __HAVE_ARCH_BCOPY +-/** +- * bcopy - Copy one area of memory to another +- * @src: Where to copy from +- * @dest: Where to copy to +- * @count: The size of the area. +- * +- * Note that this is the same as memcpy(), with the arguments reversed. +- * memcpy() is the standard, bcopy() is a legacy BSD function. +- * +- * You should not use this function to access IO space, use memcpy_toio() +- * or memcpy_fromio() instead. +- */ +-char * bcopy(const char * src, char * dest, int count) +-{ +- return memmove(dest,src,count); +-} +-#endif +- +-#ifndef __HAVE_ARCH_MEMSCAN +-/** +- * memscan - Find a character in an area of memory. +- * @addr: The memory area +- * @c: The byte to search for +- * @size: The size of the area. +- * +- * returns the address of the first occurrence of @c, or 1 byte past +- * the area if @c is not found +- */ +-void * memscan(const void * addr, int c, size_t size) +-{ +- unsigned char * p = (unsigned char *) addr; +- +- while (size) { +- if (*p == c) +- return (void *) p; +- p++; +- size--; +- } +- return (void *) p; +-} +-#endif +diff --git a/src/include/string.h b/src/include/string.h +index 3482e1b..dfd78a6 100644 +--- a/src/include/string.h ++++ b/src/include/string.h +@@ -19,11 +19,9 @@ FILE_LICENCE ( GPL2_ONLY ); + #include + #include + +-int __pure strnicmp(const char *s1, const char *s2, size_t len) __nonnull; + char * strcpy(char * dest,const char *src) __nonnull; + char * strncpy(char * dest,const char *src,size_t count) __nonnull; + char * strcat(char * dest, const char * src) __nonnull; +-char * strncat(char *dest, const char *src, size_t count) __nonnull; + int __pure strcmp(const char * cs,const char * ct) __nonnull; + int __pure strncmp(const char * cs,const char * ct, + size_t count) __nonnull; +@@ -31,16 +29,12 @@ char * __pure strchr(const char * s, int c) __nonnull; + char * __pure strrchr(const char * s, int c) __nonnull; + size_t __pure strlen(const char * s) __nonnull; + size_t __pure strnlen(const char * s, size_t count) __nonnull; +-size_t __pure strspn(const char *s, const char *accept) __nonnull; +-size_t __pure strcspn(const char *s, const char *reject) __nonnull; + char * __pure strpbrk(const char * cs,const char * ct) __nonnull; +-char * strtok(char * s,const char * ct) __nonnull; + char * strsep(char **s, const char *ct) __nonnull; + void * memset(void * s,int c,size_t count) __nonnull; + void * memmove(void * dest,const void *src,size_t count) __nonnull; + int __pure memcmp(const void * cs,const void * ct, + size_t count) __nonnull; +-void * __pure memscan(const void * addr, int c, size_t size) __nonnull; + char * __pure strstr(const char * s1,const char * s2) __nonnull; + void * __pure memchr(const void *s, int c, size_t n) __nonnull; + char * __malloc strdup(const char *s) __nonnull; +-- +1.7.9 + diff --git a/main/xen/patch-gcc6-etherboot-via-rhine.c.patch b/main/xen/patch-gcc6-etherboot-via-rhine.c.patch new file mode 100644 index 0000000000..697208ae3f --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-via-rhine.c.patch @@ -0,0 +1,21 @@ +diff -aru a/src/drivers/net/via-rhine.c b/src/drivers/net/via-rhine.c +--- a/src/drivers/net/via-rhine.c 2016-05-12 19:24:14.047825550 +1000 ++++ b/src/drivers/net/via-rhine.c 2016-05-12 19:33:18.061858418 +1000 +@@ -945,13 +945,15 @@ + /* added comment by guard */ + /* For supporting VT6107, please use revision id to recognize different chips in driver */ + // if (tp->chip_id == 0x3065) +- if( tp->chip_revision < 0x80 && tp->chip_revision >=0x40 ) ++ if( tp->chip_revision < 0x80 && tp->chip_revision >=0x40 ) { + intr_status |= inb(nic->ioaddr + IntrStatus2) << 16; + intr_status = (intr_status & ~DEFAULT_INTR); +- if ( action == ENABLE ) ++ if ( action == ENABLE ) { + intr_status = intr_status | DEFAULT_INTR; + outw(intr_status, nic->ioaddr + IntrEnable); ++ } + break; ++ } + case FORCE : + outw(0x0010, nic->ioaddr + 0x84); + break; diff --git a/main/xen/patch-gcc6-etherboot-via-velocity.c.patch b/main/xen/patch-gcc6-etherboot-via-velocity.c.patch new file mode 100644 index 0000000000..36a3d81158 --- /dev/null +++ b/main/xen/patch-gcc6-etherboot-via-velocity.c.patch @@ -0,0 +1,12 @@ +diff -aur a/src/drivers/net/via-velocity.c b/src/drivers/net/via-velocity.c +--- a/src/drivers/net/via-velocity.c 2016-05-12 19:14:33.231788641 +1000 ++++ b/src/drivers/net/via-velocity.c 2016-05-12 19:17:08.235494746 +1000 +@@ -69,7 +69,7 @@ + + /* NIC specific static variables go here */ + #define VELOCITY_PARAM(N,D) \ +- static const int N[MAX_UNITS]=OPTION_DEFAULT; ++ static __attribute__ ((unused)) const int N[MAX_UNITS]=OPTION_DEFAULT; + /* MODULE_PARM(N, "1-" __MODULE_STRING(MAX_UNITS) "i");\ + MODULE_PARM_DESC(N, D); */ + diff --git a/main/xen/rombios-no-pie.patch b/main/xen/rombios-no-pie.patch new file mode 100644 index 0000000000..3e98bb497d --- /dev/null +++ b/main/xen/rombios-no-pie.patch @@ -0,0 +1,26 @@ +diff --git a/tools/firmware/rombios/32bit/Makefile b/tools/firmware/rombios/32bit/Makefile +index 396906c..07168eb 100644 +--- a/tools/firmware/rombios/32bit/Makefile ++++ b/tools/firmware/rombios/32bit/Makefile +@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/firmware/Rules.mk + + TARGET = 32bitbios_flat.h + +-CFLAGS += $(CFLAGS_xeninclude) -I.. ++CFLAGS += $(CFLAGS_xeninclude) -I.. -fno-pie + + SUBDIRS = tcgbios + +diff --git a/tools/firmware/rombios/32bit/tcgbios/Makefile b/tools/firmware/rombios/32bit/tcgbios/Makefile +index f6f2649..104496a 100644 +--- a/tools/firmware/rombios/32bit/tcgbios/Makefile ++++ b/tools/firmware/rombios/32bit/tcgbios/Makefile +@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/firmware/Rules.mk + + TARGET = tcgbiosext.o + +-CFLAGS += $(CFLAGS_xeninclude) -I.. -I../.. ++CFLAGS += $(CFLAGS_xeninclude) -I.. -I../.. -fno-pie + + .PHONY: all + all: $(TARGET) diff --git a/main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch b/main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch deleted file mode 100644 index ac73aa7a25..0000000000 --- a/main/xen/x86emul-suppress-writeback-upon-unsuccessful-MMX-SSE-AVX.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2bb230972c5ddb1ca823f47750b5d46a9d302d0e Mon Sep 17 00:00:00 2001 -From: Jan Beulich -Date: Thu, 19 May 2016 12:06:33 +0200 -Subject: [PATCH] x86emul: suppress writeback upon unsuccessful MMX/SSE/AVX - insn emulation - -This in particular prevents updating guest IP when handling the retry -needed to forward the memory access to qemu. - -Signed-off-by: Jan Beulich -Reviewed-by: Andrew Cooper -Release-acked-by: Wei Liu ---- - xen/arch/x86/x86_emulate/x86_emulate.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c -index 621332b..d7c6d90 100644 ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -4178,6 +4178,8 @@ x86_emulate( - if ( !rc && (b & 1) && (ea.type == OP_MEM) ) - rc = ops->write(ea.mem.seg, ea.mem.off, mmvalp, - ea.bytes, ctxt); -+ if ( rc ) -+ goto done; - dst.type = OP_NONE; - break; - } -@@ -4430,6 +4432,8 @@ x86_emulate( - if ( !rc && (b != 0x6f) && (ea.type == OP_MEM) ) - rc = ops->write(ea.mem.seg, ea.mem.off, mmvalp, - ea.bytes, ctxt); -+ if ( rc ) -+ goto done; - dst.type = OP_NONE; - break; - } --- -2.1.4 - diff --git a/main/xen/xsa182-unstable.patch b/main/xen/xsa182-unstable.patch new file mode 100644 index 0000000000..3e40e8a530 --- /dev/null +++ b/main/xen/xsa182-unstable.patch @@ -0,0 +1,102 @@ +From 00593655e231ed5ea20704120037026e33b83fbb Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Mon, 11 Jul 2016 14:32:03 +0100 +Subject: [PATCH] x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath + +All changes in writeability and cacheability must go through full +re-validation. + +Rework the logic as a whitelist, to make it clearer to follow. + +This is XSA-182 + +Reported-by: Jérémie Boutoille +Signed-off-by: Andrew Cooper +Reviewed-by: Tim Deegan +--- + xen/arch/x86/mm.c | 28 ++++++++++++++++------------ + xen/include/asm-x86/page.h | 1 + + 2 files changed, 17 insertions(+), 12 deletions(-) + +diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c +index dbcf6cb..56ca19f 100644 +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -1852,6 +1852,14 @@ static inline int update_intpte(intpte_t *p, + _t ## e_get_intpte(_o), _t ## e_get_intpte(_n), \ + (_m), (_v), (_ad)) + ++/* ++ * PTE flags that a guest may change without re-validating the PTE. ++ * All other bits affect translation, caching, or Xen's safety. ++ */ ++#define FASTPATH_FLAG_WHITELIST \ ++ (_PAGE_NX_BIT | _PAGE_AVAIL_HIGH | _PAGE_AVAIL | _PAGE_GLOBAL | \ ++ _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_USER) ++ + /* Update the L1 entry at pl1e to new value nl1e. */ + static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e, + unsigned long gl1mfn, int preserve_ad, +@@ -1891,9 +1899,8 @@ static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e, + nl1e = l1e_from_pfn(page_to_mfn(page), l1e_get_flags(nl1e)); + } + +- /* Fast path for identical mapping, r/w, presence, and cachability. */ +- if ( !l1e_has_changed(ol1e, nl1e, +- PAGE_CACHE_ATTRS | _PAGE_RW | _PAGE_PRESENT) ) ++ /* Fast path for sufficiently-similar mappings. */ ++ if ( !l1e_has_changed(ol1e, nl1e, ~FASTPATH_FLAG_WHITELIST) ) + { + adjust_guest_l1e(nl1e, pt_dom); + rc = UPDATE_ENTRY(l1, pl1e, ol1e, nl1e, gl1mfn, pt_vcpu, +@@ -1970,11 +1977,8 @@ static int mod_l2_entry(l2_pgentry_t *pl2e, + return -EINVAL; + } + +- /* Fast path for identical mapping and presence. */ +- if ( !l2e_has_changed(ol2e, nl2e, +- unlikely(opt_allow_superpage) +- ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT +- : _PAGE_PRESENT) ) ++ /* Fast path for sufficiently-similar mappings. */ ++ if ( !l2e_has_changed(ol2e, nl2e, ~FASTPATH_FLAG_WHITELIST) ) + { + adjust_guest_l2e(nl2e, d); + if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) ) +@@ -2039,8 +2043,8 @@ static int mod_l3_entry(l3_pgentry_t *pl3e, + return -EINVAL; + } + +- /* Fast path for identical mapping and presence. */ +- if ( !l3e_has_changed(ol3e, nl3e, _PAGE_PRESENT) ) ++ /* Fast path for sufficiently-similar mappings. */ ++ if ( !l3e_has_changed(ol3e, nl3e, ~FASTPATH_FLAG_WHITELIST) ) + { + adjust_guest_l3e(nl3e, d); + rc = UPDATE_ENTRY(l3, pl3e, ol3e, nl3e, pfn, vcpu, preserve_ad); +@@ -2103,8 +2107,8 @@ static int mod_l4_entry(l4_pgentry_t *pl4e, + return -EINVAL; + } + +- /* Fast path for identical mapping and presence. */ +- if ( !l4e_has_changed(ol4e, nl4e, _PAGE_PRESENT) ) ++ /* Fast path for sufficiently-similar mappings. */ ++ if ( !l4e_has_changed(ol4e, nl4e, ~FASTPATH_FLAG_WHITELIST) ) + { + adjust_guest_l4e(nl4e, d); + rc = UPDATE_ENTRY(l4, pl4e, ol4e, nl4e, pfn, vcpu, preserve_ad); +diff --git a/xen/include/asm-x86/page.h b/xen/include/asm-x86/page.h +index 224852a..4ae387f 100644 +--- a/xen/include/asm-x86/page.h ++++ b/xen/include/asm-x86/page.h +@@ -313,6 +313,7 @@ void efi_update_l4_pgtable(unsigned int l4idx, l4_pgentry_t); + #define _PAGE_AVAIL2 _AC(0x800,U) + #define _PAGE_AVAIL _AC(0xE00,U) + #define _PAGE_PSE_PAT _AC(0x1000,U) ++#define _PAGE_AVAIL_HIGH (_AC(0x7ff, U) << 12) + #define _PAGE_NX (cpu_has_nx ? _PAGE_NX_BIT : 0) + /* non-architectural flags */ + #define _PAGE_PAGED 0x2000U +-- +2.1.4 + diff --git a/main/xen/xsa183-unstable.patch b/main/xen/xsa183-unstable.patch new file mode 100644 index 0000000000..573c530112 --- /dev/null +++ b/main/xen/xsa183-unstable.patch @@ -0,0 +1,75 @@ +From 2fd4f34058fb5f87fbd80978dbd2cb458aff565d Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Wed, 15 Jun 2016 18:32:14 +0100 +Subject: [PATCH] x86/entry: Avoid SMAP violation in + compat_create_bounce_frame() + +A 32bit guest kernel might be running on user mappings. +compat_create_bounce_frame() must whitelist its guest accesses to avoid +risking a SMAP violation. + +For both variants of create_bounce_frame(), re-blacklist user accesses if +execution exits via an exception table redirection. + +This is XSA-183 / CVE-2016-6259 + +Signed-off-by: Andrew Cooper +Reviewed-by: George Dunlap +Reviewed-by: Jan Beulich +--- +v2: + * Include CLAC on the exit paths from compat_create_bounce_frame which occur + from faults attempting to load %fs + * Reposition ASM_STAC to avoid breaking the macro-op fusion of test/jz +--- + xen/arch/x86/x86_64/compat/entry.S | 3 +++ + xen/arch/x86/x86_64/entry.S | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S +index 7f02afd..e80c53c 100644 +--- a/xen/arch/x86/x86_64/compat/entry.S ++++ b/xen/arch/x86/x86_64/compat/entry.S +@@ -318,6 +318,7 @@ ENTRY(compat_int80_direct_trap) + compat_create_bounce_frame: + ASSERT_INTERRUPTS_ENABLED + mov %fs,%edi ++ ASM_STAC + testb $2,UREGS_cs+8(%rsp) + jz 1f + /* Push new frame at registered guest-OS stack base. */ +@@ -364,6 +365,7 @@ compat_create_bounce_frame: + movl TRAPBOUNCE_error_code(%rdx),%eax + .Lft8: movl %eax,%fs:(%rsi) # ERROR CODE + 1: ++ ASM_CLAC + /* Rewrite our stack frame and return to guest-OS mode. */ + /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */ + andl $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\ +@@ -403,6 +405,7 @@ compat_crash_page_fault_4: + addl $4,%esi + compat_crash_page_fault: + .Lft14: mov %edi,%fs ++ ASM_CLAC + movl %esi,%edi + call show_page_walk + jmp dom_crash_sync_extable +diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S +index ad8c64c..f7178cd 100644 +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -420,9 +420,11 @@ domain_crash_page_fault_16: + domain_crash_page_fault_8: + addq $8,%rsi + domain_crash_page_fault: ++ ASM_CLAC + movq %rsi,%rdi + call show_page_walk + ENTRY(dom_crash_sync_extable) ++ ASM_CLAC + # Get out of the guest-save area of the stack. + GET_STACK_END(ax) + leaq STACK_CPUINFO_FIELD(guest_cpu_user_regs)(%rax),%rsp +-- +2.1.4 + diff --git a/main/xen/xsa184-qemut-master.patch b/main/xen/xsa184-qemut-master.patch new file mode 100644 index 0000000000..b376f33a52 --- /dev/null +++ b/main/xen/xsa184-qemut-master.patch @@ -0,0 +1,43 @@ +From 17d8c4e47dfb41cb6778520ff2eab7a11fe12dfd Mon Sep 17 00:00:00 2001 +From: P J P +Date: Tue, 26 Jul 2016 15:31:59 +0100 +Subject: [PATCH] virtio: error out if guest exceeds virtqueue size + +A broken or malicious guest can submit more requests than the virtqueue +size permits. + +The guest can submit requests without bothering to wait for completion +and is therefore not bound by virtqueue size. This requires reusing +vring descriptors in more than one request, which is incorrect but +possible. Processing a request allocates a VirtQueueElement and +therefore causes unbounded memory allocation controlled by the guest. + +Exit with an error if the guest provides more requests than the +virtqueue size permits. This bounds memory allocation and makes the +buggy guest visible to the user. + +Reported-by: Zhenhao Hong +Signed-off-by: Stefan Hajnoczi +--- + hw/virtio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/virtio.c b/hw/virtio.c +index c26feff..42897bf 100644 +--- a/tools/qemu-xen-traditional/hw/virtio.c ++++ b/tools/qemu-xen-traditional/hw/virtio.c +@@ -421,6 +421,11 @@ int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem) + /* When we start there are none of either input nor output. */ + elem->out_num = elem->in_num = 0; + ++ if (vq->inuse >= vq->vring.num) { ++ fprintf(stderr, "Virtqueue size exceeded"); ++ exit(1); ++ } ++ + i = head = virtqueue_get_head(vq, vq->last_avail_idx++); + do { + struct iovec *sg; +-- +2.1.4 + diff --git a/main/xen/xsa184-qemuu-master.patch b/main/xen/xsa184-qemuu-master.patch new file mode 100644 index 0000000000..bbe44e8fcb --- /dev/null +++ b/main/xen/xsa184-qemuu-master.patch @@ -0,0 +1,43 @@ +From e469db25d6b2e5c71cd15451889226641c53a5cd Mon Sep 17 00:00:00 2001 +From: P J P +Date: Mon, 25 Jul 2016 17:37:18 +0530 +Subject: [PATCH] virtio: error out if guest exceeds virtqueue size + +A broken or malicious guest can submit more requests than the virtqueue +size permits. + +The guest can submit requests without bothering to wait for completion +and is therefore not bound by virtqueue size. This requires reusing +vring descriptors in more than one request, which is incorrect but +possible. Processing a request allocates a VirtQueueElement and +therefore causes unbounded memory allocation controlled by the guest. + +Exit with an error if the guest provides more requests than the +virtqueue size permits. This bounds memory allocation and makes the +buggy guest visible to the user. + +Reported-by: Zhenhao Hong +Signed-off-by: Stefan Hajnoczi +--- + hw/virtio/virtio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c +index d24f775..f8ac0fb 100644 +--- a/tools/qemu-xen/hw/virtio/virtio.c ++++ b/tools/qemu-xen/hw/virtio/virtio.c +@@ -483,6 +483,11 @@ int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem) + + max = vq->vring.num; + ++ if (vq->inuse >= max) { ++ error_report("Virtqueue size exceeded"); ++ exit(1); ++ } ++ + i = head = virtqueue_get_head(vq, vq->last_avail_idx++); + if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) { + vring_set_avail_event(vq, vq->last_avail_idx); +-- +2.1.4 + -- cgit v1.2.3