head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.1.0.2
	pkgsrc-2013Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2013.09.11.18.00.33;	author drochner;	state dead;
branches;
next	1.1;
commitid	76aqq1Rgu8ITY25x;

1.1
date	2013.05.03.16.48.38;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to 4.1.6.1
This release fixes the following critical vulnerabilities:
CVE-2013-1918 / XSA-45: Several long latency operations are not
 preemptible
CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw
 for bridges
CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception
 recovery on XRSTOR
CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception
 recovery on XSETBV
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple
 vulnerabilities in libelf PV kernel handling
CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings
 affecting xend
CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive
 console related xenstore keys
CVE-2013-1432 / XSA-58: Page reference counting error due to
 XSA-45/CVE-2013-1918 fixes
XSA-61: libxl partially sets up HVM passthrough even with disabled iommu
This release contains many bug fixes and improvements. The highlights are:
addressing a regression from the fix for XSA-21
addressing a regression from the fix for XSA-46
bug fixes to low level system state handling, including certain
 hardware errata workarounds

(CVE-2013-1918 and CVE-2013-1952 were patched in pkgsrc before)
@
text
@$NetBSD: patch-CVE-2013-1918_7,v 1.1 2013/05/03 16:48:38 drochner Exp $

--- xen/common/domain.c.orig	2013-05-03 13:28:00.000000000 +0000
+++ xen/common/domain.c
@@@@ -770,14 +770,18 @@@@ int boot_vcpu(struct domain *d, int vcpu
     return arch_set_info_guest(v, ctxt);
 }
 
-void vcpu_reset(struct vcpu *v)
+int vcpu_reset(struct vcpu *v)
 {
     struct domain *d = v->domain;
+    int rc;
 
     vcpu_pause(v);
     domain_lock(d);
 
-    arch_vcpu_reset(v);
+    set_bit(_VPF_in_reset, &v->pause_flags);
+    rc = arch_vcpu_reset(v);
+    if ( rc )
+        goto out_unlock;
 
     set_bit(_VPF_down, &v->pause_flags);
 
@@@@ -793,9 +797,13 @@@@ void vcpu_reset(struct vcpu *v)
 #endif
     cpus_clear(v->cpu_affinity_tmp);
     clear_bit(_VPF_blocked, &v->pause_flags);
+    clear_bit(_VPF_in_reset, &v->pause_flags);
 
+ out_unlock:
     domain_unlock(v->domain);
     vcpu_unpause(v);
+
+    return rc;
 }
 
 
@@@@ -834,6 +842,11 @@@@ long do_vcpu_op(int cmd, int vcpuid, XEN
         domain_unlock(d);
 
         xfree(ctxt);
+
+        if ( rc == -EAGAIN )
+            rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
+                                               cmd, vcpuid, arg);
+
         break;
 
     case VCPUOP_up:
@


1.1
log
@update to 4.1.5
This integrates fixes for all vulnerabilities which were patched
in pkgsrc before.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
 * ACPI APEI/ERST finally working on production systems
 * Bug fixes for other low level system state handling
 * Support for xz compressed Dom0 and DomU kernels
@
text
@d1 1
a1 1
$NetBSD$
@