head	1.2;
access;
symbols
	pkgsrc-2016Q4:1.1.0.18
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.16
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.14
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.12
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.10
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.8
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.6
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.4
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.2
	pkgsrc-2014Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.12.29.19.13.02;	author wiz;	state dead;
branches;
next	1.1;
commitid	kFYPk8EnajcmFUzz;

1.1
date	2014.11.27.15.36.02;	author bouyer;	state Exp;
branches;
next	;
commitid	LdhG8IFZZBWRYPZx;


desc
@@


1.2
log
@Remove xenkernel and tools versions 3, 33, and 41.

As discussed on pkgsrc-users.
@
text
@$NetBSD: patch-CVE-2014-8594,v 1.1 2014/11/27 15:36:02 bouyer Exp $

x86: don't allow page table updates on non-PV page tables in do_mmu_update()

paging_write_guest_entry() and paging_cmpxchg_guest_entry() aren't
consistently supported for non-PV guests (they'd deref NULL for PVH or
non-HAP HVM ones). Don't allow respective MMU_* operations on the
page tables of such domains.

This is XSA-109.

Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Acked-by: Tim Deegan <tim@@xen.org>

--- xen/arch/x86/mm.c.orig	2014-11-27 15:21:15.000000000 +0100
+++ xen/arch/x86/mm.c	2014-11-27 15:26:06.000000000 +0100
@@@@ -3695,6 +3695,10 @@@@
         {
             p2m_type_t p2mt;
 
+	    rc = -EOPNOTSUPP;
+	    if ( unlikely(paging_mode_refcounts(pt_owner)) )
+	        break;
+
             rc = xsm_mmu_normal_update(d, pg_owner, req.val);
             if ( rc )
                 break;
@


1.1
log
@backport patches from Xen advisory:
CVE-2014-7188/XSA-108:
x86/HVM: properly bound x2APIC MSR range, fixing:
A buggy or malicious HVM guest can crash the host or read data
relating to other guests or the hypervisor itself.

CVE-2014-8594/XSA-109:
x86: don't allow page table updates on non-PV page tables in do_mmu_update(),
fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.

CVE-2014-8595/XSA-110:
x86emul: enforce privilege level restrictions when loading CS, fixing:
Malicious HVM guest user mode code may be able to elevate its
privileges to guest supervisor mode, or to crash the guest.

CVE-2014-8866/XSA-111:
x86: limit checks in hypercall_xlat_continuation() to actual arguments, fixing:
A buggy or malicious HVM guest can crash the host.

CVE-2014-8867/XSA-112:
x86/HVM: confine internally handled MMIO to solitary regions, fixing:
A buggy or malicious HVM guest can crash the host.

CVE-2014-9030/XSA-113:
x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE, fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.
@
text
@d1 1
a1 1
$NetBSD: patch-Config.mk,v 1.1 2013/06/13 21:49:59 joerg Exp $
@