summaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-02-06 11:30:56 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-02-06 11:36:46 +0000
commitea752b69d8b4ec4921a3112ccc8327d92e00344e (patch)
tree6cb2160fd61ef9f42b8f44ec3822bb52c585b996 /main
parent2be403781eeb53193c8a7cee98731fcea1a5f0b5 (diff)
downloadaports-ea752b69d8b4ec4921a3112ccc8327d92e00344e.tar.bz2
aports-ea752b69d8b4ec4921a3112ccc8327d92e00344e.tar.xz
main/linux-grsec: xen security fix xsa-43 (CVE-2013-0231)
http://lists.xen.org/archives/html/xen-devel/2013-02/msg00295.html fixes #1601
Diffstat (limited to 'main')
-rw-r--r--main/linux-grsec/APKBUILD5
-rw-r--r--main/linux-grsec/xsa43-pvops.patch54
2 files changed, 57 insertions, 2 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index cb719e4f8..cc73138bc 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.6.11
_kernver=3.6
-pkgrel=10
+pkgrel=11
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -27,7 +27,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
-
+ xsa43-pvops.patch
kernelconfig.x86
kernelconfig.x86_64
@@ -162,5 +162,6 @@ d9b4a528e722d10ba53034ebd440c31b ipv4-remove-output-route-check-in-ipv4_mtu.pat
286101482a2e4b7d8c0dff16af36b3e9 xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
89dbb0886c9d17c3c4a5ff4f1443e936 xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
bce9f08c86570a0a86ef36f1d2e7a2dd xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
+2399192c10ba600a086a4c946f1b72f2 xsa43-pvops.patch
373db5888708938c6b1baed6da781fcb kernelconfig.x86
190788fb10e79abce9d570d5e87ec3b4 kernelconfig.x86_64"
diff --git a/main/linux-grsec/xsa43-pvops.patch b/main/linux-grsec/xsa43-pvops.patch
new file mode 100644
index 000000000..f1440315d
--- /dev/null
+++ b/main/linux-grsec/xsa43-pvops.patch
@@ -0,0 +1,54 @@
+xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()
+
+... as being guest triggerable (e.g. by invoking
+XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable).
+
+This is CVE-2013-0231 / XSA-43.
+
+Also make the two messages uniform in both their wording and severity.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+
+---
+ drivers/xen/xen-pciback/pciback_ops.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- 3.8-rc5/drivers/xen/xen-pciback/pciback_ops.c
++++ 3.8-rc5-xen-pciback-ratelimit/drivers/xen/xen-pciback/pciback_ops.c
+@@ -135,7 +135,6 @@ int xen_pcibk_enable_msi(struct xen_pcib
+ struct pci_dev *dev, struct xen_pci_op *op)
+ {
+ struct xen_pcibk_dev_data *dev_data;
+- int otherend = pdev->xdev->otherend_id;
+ int status;
+
+ if (unlikely(verbose_request))
+@@ -144,8 +143,9 @@ int xen_pcibk_enable_msi(struct xen_pcib
+ status = pci_enable_msi(dev);
+
+ if (status) {
+- printk(KERN_ERR "error enable msi for guest %x status %x\n",
+- otherend, status);
++ pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI for guest %u: err %d\n",
++ pci_name(dev), pdev->xdev->otherend_id,
++ status);
+ op->value = 0;
+ return XEN_PCI_ERR_op_failed;
+ }
+@@ -223,10 +223,10 @@ int xen_pcibk_enable_msix(struct xen_pci
+ pci_name(dev), i,
+ op->msix_entries[i].vector);
+ }
+- } else {
+- printk(KERN_WARNING DRV_NAME ": %s: failed to enable MSI-X: err %d!\n",
+- pci_name(dev), result);
+- }
++ } else
++ pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI-X for guest %u: err %d!\n",
++ pci_name(dev), pdev->xdev->otherend_id,
++ result);
+ kfree(entries);
+
+ op->value = result;