head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.24
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.20
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.22
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.18
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.16
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.14
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.12
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.10
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.8
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.6
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.4
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.23;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2017.10.17.10.57.34;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;
commitid	Op7VCttvsVltwobA;

1.1.2.1
date	2017.10.17.10.57.34;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	hV2F1sd8zeL8jrbA;

1.1.2.2
date	2017.10.17.19.17.50;	author bsiegert;	state Exp;
branches;
next	;
commitid	hV2F1sd8zeL8jrbA;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-XSA238,v 1.1 2017/10/17 10:57:34 bouyer Exp $

From: XenProject Security Team <security@@xenproject.org>
Subject: x86/ioreq server: correctly handle bogus
 XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments

Misbehaving device model can pass incorrect XEN_DMOP_map/
unmap_io_range_to_ioreq_server arguments, namely end < start when
specifying address range. When this happens we hit ASSERT(s <= e) in
rangeset_contains_range()/rangeset_overlaps_range() with debug builds.
Production builds will not trap right away but may misbehave later
while handling such bogus ranges.

This is XSA-238.

Signed-off-by: Vitaly Kuznetsov <vkuznets@@redhat.com>
Reviewed-by: Jan Beulich <jbeulich@@suse.com>
---
 xen/arch/x86/hvm/hvm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c
index b2a8b0e986..8c8bf1f0ec 100644
--- xen/arch/x86/hvm/hvm.c.orig
+++ xen/arch/x86/hvm/hvm.c
@@@@ -1271,6 +1271,9 @@@@ int hvm_map_io_range_to_ioreq_server(struct domain *d, ioservid_t id,
     struct hvm_ioreq_server *s;
     int rc;
 
+    if ( start > end )
+        return -EINVAL;
+
     spin_lock_recursive(&d->arch.hvm_domain.ioreq_server.lock);
 
     rc = -ENOENT;
@@@@ -1322,6 +1325,9 @@@@ int hvm_unmap_io_range_from_ioreq_server(struct domain *d, ioservid_t id,
     struct hvm_ioreq_server *s;
     int rc;
 
+    if ( start > end )
+        return -EINVAL;
+
     spin_lock_recursive(&d->arch.hvm_domain.ioreq_server.lock);
 
     rc = -ENOENT;
@


1.1
log
@Update xen*46 to 4.6.6, including fixes up to XSA244.
changes since Xen 4.6.5: mostly bug fixes, including security fixes
for XSA206, XSA211 to XSA244.
PKGREVISION set to 1 to account for the fact that it's not a stock Xen 4.6.6.

Note that, unlike upstream, pv-linear-pt defaults to true, so that
NetBSD PV guests (including dom0) will continue to boot without changes
to boot.cfg
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.2.1
log
@file patch-XSA238 was added on branch pkgsrc-2017Q3 on 2017-10-17 19:17:50 +0000
@
text
@d1 45
@


1.1.2.2
log
@Pullup ticket #5580 - requested by bouyer
sysutils/xenkernel46, sysutils/xentools46: security fix

Revisions pulled up:
- sysutils/xenkernel46/MESSAGE                                  1.2
- sysutils/xenkernel46/Makefile                                 1.14
- sysutils/xenkernel46/distinfo                                 1.10
- sysutils/xenkernel46/patches/patch-XSA-212                    deleted
- sysutils/xenkernel46/patches/patch-XSA226                     1.1
- sysutils/xenkernel46/patches/patch-XSA227                     1.1
- sysutils/xenkernel46/patches/patch-XSA228                     1.1
- sysutils/xenkernel46/patches/patch-XSA230                     1.1
- sysutils/xenkernel46/patches/patch-XSA231                     1.1
- sysutils/xenkernel46/patches/patch-XSA232                     1.1
- sysutils/xenkernel46/patches/patch-XSA234                     1.1
- sysutils/xenkernel46/patches/patch-XSA237                     1.1
- sysutils/xenkernel46/patches/patch-XSA238                     1.1
- sysutils/xenkernel46/patches/patch-XSA239                     1.1
- sysutils/xenkernel46/patches/patch-XSA240                     1.1
- sysutils/xenkernel46/patches/patch-XSA241                     1.1
- sysutils/xenkernel46/patches/patch-XSA242                     1.1
- sysutils/xenkernel46/patches/patch-XSA243                     1.1
- sysutils/xenkernel46/patches/patch-XSA244                     1.1
- sysutils/xentools46/Makefile                                  1.21
- sysutils/xentools46/distinfo                                  1.9
- sysutils/xentools46/patches/patch-XSA-211-1                   deleted
- sysutils/xentools46/patches/patch-XSA-211-2                   deleted
- sysutils/xentools46/patches/patch-XSA228                      1.1
- sysutils/xentools46/patches/patch-XSA233                      1.1
- sysutils/xentools46/patches/patch-XSA240                      1.1
- sysutils/xentools46/version.mk                                1.3

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Tue Oct 17 10:57:35 UTC 2017

   Modified Files:
   	pkgsrc/sysutils/xenkernel46: MESSAGE Makefile distinfo
   	pkgsrc/sysutils/xentools46: Makefile distinfo version.mk
   Added Files:
   	pkgsrc/sysutils/xenkernel46/patches: patch-XSA226 patch-XSA227
   	    patch-XSA228 patch-XSA230 patch-XSA231 patch-XSA232 patch-XSA234
   	    patch-XSA237 patch-XSA238 patch-XSA239 patch-XSA240 patch-XSA241
   	    patch-XSA242 patch-XSA243 patch-XSA244
   	pkgsrc/sysutils/xentools46/patches: patch-XSA228 patch-XSA233
   	    patch-XSA240
   Removed Files:
   	pkgsrc/sysutils/xenkernel46/patches: patch-XSA-212
   	pkgsrc/sysutils/xentools46/patches: patch-XSA-211-1 patch-XSA-211-2

   Log Message:
   Update xen*46 to 4.6.6, including fixes up to XSA244.
   changes since Xen 4.6.5: mostly bug fixes, including security fixes
   for XSA206, XSA211 to XSA244.
   PKGREVISION set to 1 to account for the fact that it's not a stock Xen 4.6.6.

   Note that, unlike upstream, pv-linear-pt defaults to true, so that
   NetBSD PV guests (including dom0) will continue to boot without changes
   to boot.cfg
@
text
@a0 45
$NetBSD: patch-XSA238,v 1.1 2017/10/17 10:57:34 bouyer Exp $

From: XenProject Security Team <security@@xenproject.org>
Subject: x86/ioreq server: correctly handle bogus
 XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments

Misbehaving device model can pass incorrect XEN_DMOP_map/
unmap_io_range_to_ioreq_server arguments, namely end < start when
specifying address range. When this happens we hit ASSERT(s <= e) in
rangeset_contains_range()/rangeset_overlaps_range() with debug builds.
Production builds will not trap right away but may misbehave later
while handling such bogus ranges.

This is XSA-238.

Signed-off-by: Vitaly Kuznetsov <vkuznets@@redhat.com>
Reviewed-by: Jan Beulich <jbeulich@@suse.com>
---
 xen/arch/x86/hvm/hvm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c
index b2a8b0e986..8c8bf1f0ec 100644
--- xen/arch/x86/hvm/hvm.c.orig
+++ xen/arch/x86/hvm/hvm.c
@@@@ -1271,6 +1271,9 @@@@ int hvm_map_io_range_to_ioreq_server(struct domain *d, ioservid_t id,
     struct hvm_ioreq_server *s;
     int rc;
 
+    if ( start > end )
+        return -EINVAL;
+
     spin_lock_recursive(&d->arch.hvm_domain.ioreq_server.lock);
 
     rc = -ENOENT;
@@@@ -1322,6 +1325,9 @@@@ int hvm_unmap_io_range_from_ioreq_server(struct domain *d, ioservid_t id,
     struct hvm_ioreq_server *s;
     int rc;
 
+    if ( start > end )
+        return -EINVAL;
+
     spin_lock_recursive(&d->arch.hvm_domain.ioreq_server.lock);
 
     rc = -ENOENT;
@