head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.22
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.18
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.20
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.16
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.14
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.12
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.10
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.8
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.6
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.4
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.2
	pkgsrc-2017Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.23;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2017.12.15.14.00.44;	author bouyer;	state Exp;
branches;
next	;
commitid	vstkKXHtT1V3EZiA;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-XSA249,v 1.1 2017/12/15 14:00:44 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: x86/shadow: fix refcount overflow check

Commit c385d27079 ("x86 shadow: for multi-page shadows, explicitly track
the first page") reduced the refcount width to 25, without adjusting the
overflow check. Eliminate the disconnect by using a manifest constant.

Interestingly, up to commit 047782fa01 ("Out-of-sync L1 shadows: OOS
snapshot") the refcount was 27 bits wide, yet the check was already
using 26.

This is XSA-249.

Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: George Dunlap <george.dunlap@@citrix.com>
Reviewed-by: Tim Deegan <tim@@xen.org>
---
v2: Simplify expression back to the style it was.

--- xen/arch/x86/mm/shadow/private.h.orig
+++ xen/arch/x86/mm/shadow/private.h
@@@@ -529,7 +529,7 @@@@ static inline int sh_get_ref(struct doma
     x = sp->u.sh.count;
     nx = x + 1;
 
-    if ( unlikely(nx >= 1U<<26) )
+    if ( unlikely(nx >= (1U << PAGE_SH_REFCOUNT_WIDTH)) )
     {
         SHADOW_PRINTK("shadow ref overflow, gmfn=%lx smfn=%lx\n",
                        __backpointer(sp), mfn_x(smfn));
--- xen/include/asm-x86/mm.h.orig
+++ xen/include/asm-x86/mm.h
@@@@ -82,7 +82,8 @@@@ struct page_info
             unsigned long type:5;   /* What kind of shadow is this? */
             unsigned long pinned:1; /* Is the shadow pinned? */
             unsigned long head:1;   /* Is this the first page of the shadow? */
-            unsigned long count:25; /* Reference count */
+#define PAGE_SH_REFCOUNT_WIDTH 25
+            unsigned long count:PAGE_SH_REFCOUNT_WIDTH; /* Reference count */
         } sh;
 
         /* Page is on a free list: ((count_info & PGC_count_mask) == 0). */
@


1.1
log
@Apply patches from upstream, fixing security issues XSA246 up to XSA251.
Also update patch-XSA240 from upstream, fixing issues in linear page table
handling introduced by the original XSA240 patch.
Bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@