head	1.2;
access;
symbols
	pkgsrc-2017Q4:1.1.0.4
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2018.01.24.23.29.32;	author bouyer;	state dead;
branches;
next	1.1;
commitid	WktdwS8UoS8bvboA;

1.1
date	2017.10.17.08.42.30;	author bouyer;	state Exp;
branches
	1.1.2.1
	1.1.4.1;
next	;
commitid	OJpItiWkoMToMnbA;

1.1.2.1
date	2017.10.17.08.42.30;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	fTgNkUKfFJMQdrbA;

1.1.2.2
date	2017.10.17.19.02.25;	author bsiegert;	state Exp;
branches;
next	;
commitid	fTgNkUKfFJMQdrbA;

1.1.4.1
date	2018.01.28.15.23.24;	author bsiegert;	state dead;
branches;
next	;
commitid	hLOFEOUtck6sHEoA;


desc
@@


1.2
log
@Update xen 4.8 packages to 4.8.3. Changes since 4.8.2: include patches from
all security advisory up to and including XSA254.

While there pass XEN_VENDORVERSION=nb${PKGREVISION} to make so that
'xl info' shows the NetBSD PKGREVISION. If PKGREVISION is not available,
define this as 'nb0'.
@
text
@$NetBSD: patch-XSA240,v 1.1 2017/10/17 08:42:30 bouyer Exp $

From 41d579aad2fee971e5ce0279a9b559a0fdc74452 Mon Sep 17 00:00:00 2001
From: George Dunlap <george.dunlap@@citrix.com>
Date: Fri, 22 Sep 2017 11:46:55 +0100
Subject: [PATCH 2/2] x86/mm: Disable PV linear pagetables by default

Allowing pagetables to point to other pagetables of the same level
(often called 'linear pagetables') has been included in Xen since its
inception.  But it is not used by the most common PV guests (Linux,
NetBSD, minios), and has been the source of a number of subtle
reference-counting bugs.

Add a command-line option to control whether PV linear pagetables are
allowed (disabled by default).

Reported-by: Jann Horn <jannh@@google.com>
Signed-off-by: George Dunlap <george.dunlap@@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>
---
Changes since v2:
- s/_/-/; in command-line option
- Added __read_mostly
---
 docs/misc/xen-command-line.markdown | 15 +++++++++++++++
 xen/arch/x86/mm.c                   |  9 +++++++++
 2 files changed, 24 insertions(+)

diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index 54acc60723..ffa66eb146 100644
--- docs/misc/xen-command-line.markdown.orig
+++ docs/misc/xen-command-line.markdown
@@@@ -1350,6 +1350,21 @@@@ The following resources are available:
     CDP, one COS will corespond two CBMs other than one with CAT, due to the
     sum of CBMs is fixed, that means actual `cos_max` in use will automatically
     reduce to half when CDP is enabled.
+
+### pv-linear-pt
+> `= <boolean>`
+
+> Default: `true`
+
+Allow PV guests to have pagetable entries pointing to other pagetables
+of the same level (i.e., allowing L2 PTEs to point to other L2 pages).
+This technique is often called "linear pagetables", and is sometimes
+used to allow operating systems a simple way to consistently map the
+current process's pagetables into its own virtual address space.
+
+None of the most common PV operating systems (Linux, MiniOS)
+use this technique, but NetBSD in PV mode,  and maybe custom operating
+systems which do.
 
 ### reboot
 > `= t[riple] | k[bd] | a[cpi] | p[ci] | P[ower] | e[fi] | n[o] [, [w]arm | [c]old]`
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 31d4a03840..5d125cff3a 100644
@


1.1
log
@Update xentools48 and xenkernel48 to 4.8.2, and apply security patches up
to XSA244. Keep PKGREVISION to 1 to account for the fact that it's
not a stock Xen 4.8.2.

Note that, unlike upstream, pv-linear-pt defaults to true, so that
NetBSD PV guests (including dom0) will continue to boot without changes
to boot.cfg
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.4.1
log
@Pullup ticket #5693 - requested by bouyer
sysutils/xenkernel48: security fix
sysutils/xentools48: security fix

Revisions pulled up:
- sysutils/xenkernel48/Makefile                                 1.12
- sysutils/xenkernel48/distinfo                                 1.6
- sysutils/xenkernel48/patches/patch-XSA231                     deleted
- sysutils/xenkernel48/patches/patch-XSA232                     deleted
- sysutils/xenkernel48/patches/patch-XSA234                     deleted
- sysutils/xenkernel48/patches/patch-XSA237                     deleted
- sysutils/xenkernel48/patches/patch-XSA238                     deleted
- sysutils/xenkernel48/patches/patch-XSA239                     deleted
- sysutils/xenkernel48/patches/patch-XSA240                     deleted
- sysutils/xenkernel48/patches/patch-XSA241                     deleted
- sysutils/xenkernel48/patches/patch-XSA242                     deleted
- sysutils/xenkernel48/patches/patch-XSA243                     deleted
- sysutils/xenkernel48/patches/patch-XSA244                     deleted
- sysutils/xenkernel48/patches/patch-XSA246                     deleted
- sysutils/xenkernel48/patches/patch-XSA247                     deleted
- sysutils/xenkernel48/patches/patch-XSA248                     deleted
- sysutils/xenkernel48/patches/patch-XSA249                     deleted
- sysutils/xenkernel48/patches/patch-XSA250                     deleted
- sysutils/xenkernel48/patches/patch-XSA251                     deleted
- sysutils/xenkernel48/patches/patch-XSA254-1                   deleted
- sysutils/xenkernel48/patches/patch-XSA254-2                   deleted
- sysutils/xenkernel48/patches/patch-XSA254-3                   deleted
- sysutils/xenkernel48/patches/patch-XSA254-4                   deleted
- sysutils/xentools48/Makefile                                  1.16
- sysutils/xentools48/distinfo                                  1.7-1.8
- sysutils/xentools48/patches/patch-XSA233                      deleted
- sysutils/xentools48/patches/patch-XSA240                      deleted

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Jan 24 23:29:33 UTC 2018

   Modified Files:
   	pkgsrc/sysutils/xenkernel48: Makefile distinfo
   	pkgsrc/sysutils/xentools48: Makefile distinfo
   Removed Files:
   	pkgsrc/sysutils/xenkernel48/patches: patch-XSA231 patch-XSA232
   	    patch-XSA234 patch-XSA237 patch-XSA238 patch-XSA239 patch-XSA240
   	    patch-XSA241 patch-XSA242 patch-XSA243 patch-XSA244 patch-XSA246
   	    patch-XSA247 patch-XSA248 patch-XSA249 patch-XSA250 patch-XSA251
   	    patch-XSA254-1 patch-XSA254-2 patch-XSA254-3 patch-XSA254-4
   	pkgsrc/sysutils/xentools48/patches: patch-XSA233 patch-XSA240

   Log Message:
   Update xen 4.8 packages to 4.8.3. Changes since 4.8.2: include patches from
   all security advisory up to and including XSA254.

   While there pass XEN_VENDORVERSION=nb${PKGREVISION} to make so that
   'xl info' shows the NetBSD PKGREVISION. If PKGREVISION is not available,
   define this as 'nb0'.

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Sat Jan 27 16:44:40 UTC 2018

   Modified Files:
   	pkgsrc/sysutils/xentools48: distinfo

   Log Message:
   Remove entries for patch-XSA233 and patch-XSA240 which have been deleted.
@
text
@d1 1
a1 1
$NetBSD: patch-XSA240,v 1.1 2017/10/17 08:42:30 bouyer Exp $
@


1.1.2.1
log
@file patch-XSA240 was added on branch pkgsrc-2017Q3 on 2017-10-17 19:02:25 +0000
@
text
@d1 56
@


1.1.2.2
log
@Pullup ticket #5579 - requested by bouyer
sysutils/xenkernel48, sysutils/xentools48: security fix

Revisions pulled up:
- sysutils/xenkernel48/MESSAGE                                  1.2
- sysutils/xenkernel48/Makefile                                 1.6
- sysutils/xenkernel48/distinfo                                 1.3
- sysutils/xenkernel48/patches/patch-XSA-212                    deleted
- sysutils/xenkernel48/patches/patch-XSA231                     1.1
- sysutils/xenkernel48/patches/patch-XSA232                     1.1
- sysutils/xenkernel48/patches/patch-XSA234                     1.1
- sysutils/xenkernel48/patches/patch-XSA237                     1.1
- sysutils/xenkernel48/patches/patch-XSA238                     1.1
- sysutils/xenkernel48/patches/patch-XSA239                     1.1
- sysutils/xenkernel48/patches/patch-XSA240                     1.1
- sysutils/xenkernel48/patches/patch-XSA241                     1.1
- sysutils/xenkernel48/patches/patch-XSA242                     1.1
- sysutils/xenkernel48/patches/patch-XSA243                     1.1
- sysutils/xenkernel48/patches/patch-XSA244                     1.1
- sysutils/xentools48/Makefile                                  1.8
- sysutils/xentools48/distinfo                                  1.4
- sysutils/xentools48/patches/patch-XSA-211-1                   deleted
- sysutils/xentools48/patches/patch-XSA-211-2                   deleted
- sysutils/xentools48/patches/patch-XSA233                      1.1
- sysutils/xentools48/patches/patch-XSA240                      1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Tue Oct 17 08:42:30 UTC 2017

   Modified Files:
   	pkgsrc/sysutils/xenkernel48: MESSAGE Makefile distinfo
   	pkgsrc/sysutils/xentools48: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel48/patches: patch-XSA231 patch-XSA232
   	    patch-XSA234 patch-XSA237 patch-XSA238 patch-XSA239 patch-XSA240
   	    patch-XSA241 patch-XSA242 patch-XSA243 patch-XSA244
   	pkgsrc/sysutils/xentools48/patches: patch-XSA233 patch-XSA240
   Removed Files:
   	pkgsrc/sysutils/xenkernel48/patches: patch-XSA-212
   	pkgsrc/sysutils/xentools48/patches: patch-XSA-211-1 patch-XSA-211-2

   Log Message:
   Update xentools48 and xenkernel48 to 4.8.2, and apply security patches up
   to XSA244. Keep PKGREVISION to 1 to account for the fact that it's
   not a stock Xen 4.8.2.

   Note that, unlike upstream, pv-linear-pt defaults to true, so that
   NetBSD PV guests (including dom0) will continue to boot without changes
   to boot.cfg
@
text
@a0 56
$NetBSD: patch-XSA240,v 1.1 2017/10/17 08:42:30 bouyer Exp $

From 41d579aad2fee971e5ce0279a9b559a0fdc74452 Mon Sep 17 00:00:00 2001
From: George Dunlap <george.dunlap@@citrix.com>
Date: Fri, 22 Sep 2017 11:46:55 +0100
Subject: [PATCH 2/2] x86/mm: Disable PV linear pagetables by default

Allowing pagetables to point to other pagetables of the same level
(often called 'linear pagetables') has been included in Xen since its
inception.  But it is not used by the most common PV guests (Linux,
NetBSD, minios), and has been the source of a number of subtle
reference-counting bugs.

Add a command-line option to control whether PV linear pagetables are
allowed (disabled by default).

Reported-by: Jann Horn <jannh@@google.com>
Signed-off-by: George Dunlap <george.dunlap@@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>
---
Changes since v2:
- s/_/-/; in command-line option
- Added __read_mostly
---
 docs/misc/xen-command-line.markdown | 15 +++++++++++++++
 xen/arch/x86/mm.c                   |  9 +++++++++
 2 files changed, 24 insertions(+)

diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index 54acc60723..ffa66eb146 100644
--- docs/misc/xen-command-line.markdown.orig
+++ docs/misc/xen-command-line.markdown
@@@@ -1350,6 +1350,21 @@@@ The following resources are available:
     CDP, one COS will corespond two CBMs other than one with CAT, due to the
     sum of CBMs is fixed, that means actual `cos_max` in use will automatically
     reduce to half when CDP is enabled.
+
+### pv-linear-pt
+> `= <boolean>`
+
+> Default: `true`
+
+Allow PV guests to have pagetable entries pointing to other pagetables
+of the same level (i.e., allowing L2 PTEs to point to other L2 pages).
+This technique is often called "linear pagetables", and is sometimes
+used to allow operating systems a simple way to consistently map the
+current process's pagetables into its own virtual address space.
+
+None of the most common PV operating systems (Linux, MiniOS)
+use this technique, but NetBSD in PV mode,  and maybe custom operating
+systems which do.
 
 ### reboot
 > `= t[riple] | k[bd] | a[cpi] | p[ci] | P[ower] | e[fi] | n[o] [, [w]arm | [c]old]`
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 31d4a03840..5d125cff3a 100644
@