head 1.2; access; symbols pkgsrc-2016Q4:1.1.0.26 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.24 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.22 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.20 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.18 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.16 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.14 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.12 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.10 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.8 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.6 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.4 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.2 pkgsrc-2013Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2016.12.29.19.13.01; author wiz; state dead; branches; next 1.1; commitid kFYPk8EnajcmFUzz; 1.1 date 2013.10.01.14.54.44; author drochner; state Exp; branches; next ; commitid 5JKxvOI8cbQPjB7x; desc @@ 1.2 log @Remove xenkernel and tools versions 3, 33, and 41. As discussed on pkgsrc-users. @ text @$NetBSD: patch-CVE-2013-4355_2,v 1.1 2013/10/01 14:54:44 drochner Exp $ --- xen/arch/x86/hvm/intercept.c.orig 2013-09-10 06:42:18.000000000 +0000 +++ xen/arch/x86/hvm/intercept.c 2013-09-30 15:23:07.000000000 +0000 @@@@ -93,17 +93,28 @@@@ static int hvm_mmio_access(struct vcpu * { for ( i = 0; i < p->count; i++ ) { - int ret; - - ret = hvm_copy_from_guest_phys(&data, - p->data + (sign * i * p->size), - p->size); - if ( (ret == HVMCOPY_gfn_paged_out) || - (ret == HVMCOPY_gfn_shared) ) + switch ( hvm_copy_from_guest_phys(&data, + p->data + sign * i * p->size, + p->size) ) { + case HVMCOPY_okay: + break; + case HVMCOPY_gfn_paged_out: + case HVMCOPY_gfn_shared: rc = X86EMUL_RETRY; break; + case HVMCOPY_bad_gfn_to_mfn: + data = ~0; + break; + case HVMCOPY_bad_gva_to_gfn: + ASSERT(0); + /* fall through */ + default: + rc = X86EMUL_UNHANDLEABLE; + break; } + if ( rc != X86EMUL_OKAY ) + break; rc = write_handler(v, p->addr + (sign * i * p->size), p->size, data); if ( rc != X86EMUL_OKAY ) @@@@ -171,8 +182,28 @@@@ static int process_portio_intercept(port for ( i = 0; i < p->count; i++ ) { data = 0; - (void)hvm_copy_from_guest_phys(&data, p->data + sign*i*p->size, - p->size); + switch ( hvm_copy_from_guest_phys(&data, + p->data + sign * i * p->size, + p->size) ) + { + case HVMCOPY_okay: + break; + case HVMCOPY_gfn_paged_out: + case HVMCOPY_gfn_shared: + rc = X86EMUL_RETRY; + break; + case HVMCOPY_bad_gfn_to_mfn: + data = ~0; + break; + case HVMCOPY_bad_gva_to_gfn: + ASSERT(0); + /* fall through */ + default: + rc = X86EMUL_UNHANDLEABLE; + break; + } + if ( rc != X86EMUL_OKAY ) + break; rc = action(IOREQ_WRITE, p->addr, p->size, &data); if ( rc != X86EMUL_OKAY ) break; @ 1.1 log @add patches from upstream to fix security problems: -Information leak on AVX and/or LWP capable CPUs (CVE-2013-1442 / XSA-62) -Information leaks through I/O instruction emulation (CVE-2013-4355 / XSA-63) -Information leak through fbld instruction emulation (CVE-2013-4361 / XSA-66) bump PKGREV @ text @d1 1 a1 1 $NetBSD$ @