main/linux-grsec: xen security fix xsa-43 (CVE-2013-0231)

http://lists.xen.org/archives/html/xen-devel/2013-02/msg00295.html

fixes #1601

2 files changed, 57 insertions, 2 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index cb719e4f8..cc73138bc 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=3.6.11
 _kernver=3.6
-pkgrel=10
+pkgrel=11
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -27,7 +27,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
 	xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
 	xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
-
+	xsa43-pvops.patch
 
 	kernelconfig.x86
 	kernelconfig.x86_64
@@ -162,5 +162,6 @@ d9b4a528e722d10ba53034ebd440c31b  ipv4-remove-output-route-check-in-ipv4_mtu.pat
 286101482a2e4b7d8c0dff16af36b3e9  xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
 89dbb0886c9d17c3c4a5ff4f1443e936  xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
 bce9f08c86570a0a86ef36f1d2e7a2dd  xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
+2399192c10ba600a086a4c946f1b72f2  xsa43-pvops.patch
 373db5888708938c6b1baed6da781fcb  kernelconfig.x86
 190788fb10e79abce9d570d5e87ec3b4  kernelconfig.x86_64"
diff --git a/main/linux-grsec/xsa43-pvops.patch b/main/linux-grsec/xsa43-pvops.patch
new file mode 100644
index 000000000..f1440315d
--- /dev/null
+++ b/main/linux-grsec/xsa43-pvops.patch
@@ -0,0 +1,54 @@
+xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()
+
+... as being guest triggerable (e.g. by invoking
+XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable).
+
+This is CVE-2013-0231 / XSA-43.
+
+Also make the two messages uniform in both their wording and severity.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+
+---
+ drivers/xen/xen-pciback/pciback_ops.c |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- 3.8-rc5/drivers/xen/xen-pciback/pciback_ops.c
++++ 3.8-rc5-xen-pciback-ratelimit/drivers/xen/xen-pciback/pciback_ops.c
+@@ -135,7 +135,6 @@ int xen_pcibk_enable_msi(struct xen_pcib
+ 			 struct pci_dev *dev, struct xen_pci_op *op)
+ {
+ 	struct xen_pcibk_dev_data *dev_data;
+-	int otherend = pdev->xdev->otherend_id;
+ 	int status;
+ 
+ 	if (unlikely(verbose_request))
+@@ -144,8 +143,9 @@ int xen_pcibk_enable_msi(struct xen_pcib
+ 	status = pci_enable_msi(dev);
+ 
+ 	if (status) {
+-		printk(KERN_ERR "error enable msi for guest %x status %x\n",
+-			otherend, status);
++		pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI for guest %u: err %d\n",
++				    pci_name(dev), pdev->xdev->otherend_id,
++				    status);
+ 		op->value = 0;
+ 		return XEN_PCI_ERR_op_failed;
+ 	}
+@@ -223,10 +223,10 @@ int xen_pcibk_enable_msix(struct xen_pci
+ 						pci_name(dev), i,
+ 						op->msix_entries[i].vector);
+ 		}
+-	} else {
+-		printk(KERN_WARNING DRV_NAME ": %s: failed to enable MSI-X: err %d!\n",
+-			pci_name(dev), result);
+-	}
++	} else
++		pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI-X for guest %u: err %d!\n",
++				    pci_name(dev), pdev->xdev->otherend_id,
++				    result);
+ 	kfree(entries);
+ 
+ 	op->value = result;