head 1.2; access; symbols pkgsrc-2016Q4:1.1.0.2 pkgsrc-2016Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2016.12.29.19.13.02; author wiz; state dead; branches; next 1.1; commitid kFYPk8EnajcmFUzz; 1.1 date 2016.11.22.20.53.40; author bouyer; state Exp; branches; next ; commitid o5sczsI7INv1pavz; desc @@ 1.2 log @Remove xenkernel and tools versions 3, 33, and 41. As discussed on pkgsrc-users. @ text @$NetBSD: patch-XSA-195,v 1.1 2016/11/22 20:53:40 bouyer Exp $ backported from: From: Jan Beulich Subject: x86emul: fix huge bit offset handling We must never chop off the high 32 bits. This is XSA-195. Reported-by: George Dunlap Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2016-11-22 15:19:57.000000000 +0100 +++ xen/arch/x86/x86_emulate/x86_emulate.c 2016-11-22 16:03:48.000000000 +0100 @@@@ -1578,6 +1578,12 @@@@ else { /* + * Instructions such as bt can reference an arbitrary offset from + * their memory operand, but the instruction doing the actual + * emulation needs the appropriate op_bytes read from memory. + * Adjust both the source register and memory operand to make an + * equivalent instruction. + * * EA += BitOffset DIV op_bytes*8 * BitOffset = BitOffset MOD op_bytes*8 * DIV truncates towards negative infinity. @@@@ -1589,14 +1595,15 @@@@ src.val = (int32_t)src.val; if ( (long)src.val < 0 ) { - unsigned long byte_offset; - byte_offset = op_bytes + (((-src.val-1) >> 3) & ~(op_bytes-1)); + unsigned long byte_offset = + op_bytes + (((-src.val - 1) >> 3) & ~(op_bytes - 1L)); + ea.mem.off -= byte_offset; src.val = (byte_offset << 3) + src.val; } else { - ea.mem.off += (src.val >> 3) & ~(op_bytes - 1); + ea.mem.off += (src.val >> 3) & ~(op_bytes - 1L); src.val &= (op_bytes << 3) - 1; } } @ 1.1 log @Backport upstream patches, fixing today's XSA 191, 192, 195, 197, 198. Bump PKGREVISIONs @ text @d1 1 a1 1 $NetBSD: patch-XSA-182,v 1.1 2016/07/26 15:59:20 bouyer Exp $ @