xen: XSA-34 and XSA-35

Security fixes for nested virtualization. This only apply to Xen
4.2.x, only edge and 2.5.x Alpine Linux systems are affected.

1 files changed, 30 insertions, 0 deletions

diff --git a/main/xen/xsa34-4.2.patch b/main/xen/xsa34-4.2.patch
new file mode 100644
index 000000000..f5328eff9
--- /dev/null
+++ b/main/xen/xsa34-4.2.patch
@@ -0,0 +1,30 @@
+x86_32: don't allow use of nested HVM
+
+There are (indirect) uses of map_domain_page() in the nested HVM code
+that are unsafe when not just using the 1:1 mapping.
+
+This is XSA-34 / CVE-2013-0151.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
+                     rc = -EINVAL;
+                 break;
+             case HVM_PARAM_NESTEDHVM:
++#ifdef __i386__
++                if ( a.value )
++                    rc = -EINVAL;
++#else
+                 if ( a.value > 1 )
+                     rc = -EINVAL;
+                 if ( !is_hvm_domain(d) )
+@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
+                     for_each_vcpu(d, v)
+                         if ( rc == 0 )
+                             rc = nestedhvm_vcpu_initialise(v);
++#endif
+                 break;
+             case HVM_PARAM_BUFIOREQ_EVTCHN:
+                 rc = -EINVAL;