head	1.2;
access;
symbols
	pkgsrc-2019Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2019.12.13.13.44.21;	author bouyer;	state dead;
branches;
next	1.1;
commitid	w6P0WFKdEprc9yOB;

1.1
date	2019.12.06.17.30.28;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;
commitid	tO2a4Ac3sL9JDFNB;

1.1.2.1
date	2019.12.06.17.30.28;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	3I6dFAW9IQ43aONB;

1.1.2.2
date	2019.12.07.19.10.08;	author bsiegert;	state Exp;
branches;
next	1.1.2.3;
commitid	3I6dFAW9IQ43aONB;

1.1.2.3
date	2019.12.16.13.51.58;	author bsiegert;	state dead;
branches;
next	;
commitid	TcQZmrJvhj3Y6WOB;


desc
@@


1.2
log
@Update xenkernel411 to 4.11.3nb1, and xentools411 to 4.11.3
(PKGREVISION not reset on xenkernel411 on purpose, to enphasis that it's
not a stock Xen 4.11.3 kernel).
Changes since 4.11.2:
- includes all security patches up to XSA306
- other minor bug fixes, hardware support and performances improvements

In addition, xenkernel411 includes all security patches released since 4.11.3,
up to XSA311
@
text
@$NetBSD: patch-XSA306,v 1.1 2019/12/06 17:30:28 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: IOMMU: default to always quarantining PCI devices

XSA-302 relies on the use of libxl's "assignable-add" feature to prepare
devices to be assigned to untrusted guests.

Unfortunately, this is not considered a strictly required step for
device assignment. The PCI passthrough documentation on the wiki
describes alternate ways of preparing devices for assignment, and
libvirt uses its own ways as well. Hosts where these alternate methods
are used will still leave the system in a vulnerable state after the
device comes back from a guest.

Default to always quarantining PCI devices, but provide a command line
option to revert back to prior behavior (such that people who both
sufficiently trust their guests and want to be able to use devices in
Dom0 again after they had been in use by a guest wouldn't need to
"manually" move such devices back from DomIO to Dom0).

This is XSA-306.

Reported-by: Marek Marczykowski-Górecki <marmarek@@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Wei Liu <wl@@xen.org>

--- xen/drivers/passthrough/iommu.c.orig
+++ xen/drivers/passthrough/iommu.c
@@@@ -52,6 +52,7 @@@@ custom_param("iommu", parse_iommu_param)
 bool_t __initdata iommu_enable = 1;
 bool_t __read_mostly iommu_enabled;
 bool_t __read_mostly force_iommu;
+bool __read_mostly iommu_quarantine = true;
 bool_t __hwdom_initdata iommu_dom0_strict;
 bool_t __read_mostly iommu_verbose;
 bool_t __read_mostly iommu_workaround_bios_bug;
@@@@ -99,6 +100,8 @@@@ static int __init parse_iommu_param(cons
         else if ( !cmdline_strcmp(s, "force") ||
                   !cmdline_strcmp(s, "required") )
             force_iommu = val;
+        else if ( !cmdline_strcmp(s, "quarantine") )
+            iommu_quarantine = val;
         else if ( !cmdline_strcmp(s, "workaround_bios_bug") )
             iommu_workaround_bios_bug = val;
         else if ( !cmdline_strcmp(s, "igfx") )
--- xen/drivers/passthrough/pci.c.orig
+++ xen/drivers/passthrough/pci.c
@@@@ -1511,7 +1511,8 @@@@ int deassign_device(struct domain *d, u1
         return -ENODEV;
 
     /* De-assignment from dom_io should de-quarantine the device */
-    target = (pdev->quarantine && pdev->domain != dom_io) ?
+    target = ((pdev->quarantine || iommu_quarantine) &&
+              pdev->domain != dom_io) ?
         dom_io : hardware_domain;
 
     while ( pdev->phantom_stride )
--- xen/include/xen/iommu.h.orig
+++ xen/include/xen/iommu.h
@@@@ -29,7 +29,7 @@@@
 #include <asm/iommu.h>
 
 extern bool_t iommu_enable, iommu_enabled;
-extern bool_t force_iommu, iommu_verbose;
+extern bool force_iommu, iommu_quarantine, iommu_verbose;
 extern bool_t iommu_workaround_bios_bug, iommu_igfx, iommu_passthrough;
 extern bool_t iommu_snoop, iommu_qinval, iommu_intremap, iommu_intpost;
 extern bool_t iommu_hap_pt_share;
@


1.1
log
@Apply upstream patch for XSA306 security issue.
Bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.2.1
log
@file patch-XSA306 was added on branch pkgsrc-2019Q3 on 2019-12-07 19:10:08 +0000
@
text
@d1 69
@


1.1.2.2
log
@Pullup ticket #6096 - requested by bouyer
sysutils/xenkernel411: security fix

Revisions pulled up:
- sysutils/xenkernel411/Makefile                                1.11
- sysutils/xenkernel411/distinfo                                1.8
- sysutils/xenkernel411/patches/patch-XSA306                    1.1

---
   Module Name:    pkgsrc
   Committed By:   bouyer
   Date:           Fri Dec  6 17:30:28 UTC 2019

   Modified Files:
           pkgsrc/sysutils/xenkernel411: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/xenkernel411/patches: patch-XSA306

   Log Message:
   Apply upstream patch for XSA306 security issue.
   Bump PKGREVISION
@
text
@a0 69
$NetBSD: patch-XSA306,v 1.1 2019/12/06 17:30:28 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: IOMMU: default to always quarantining PCI devices

XSA-302 relies on the use of libxl's "assignable-add" feature to prepare
devices to be assigned to untrusted guests.

Unfortunately, this is not considered a strictly required step for
device assignment. The PCI passthrough documentation on the wiki
describes alternate ways of preparing devices for assignment, and
libvirt uses its own ways as well. Hosts where these alternate methods
are used will still leave the system in a vulnerable state after the
device comes back from a guest.

Default to always quarantining PCI devices, but provide a command line
option to revert back to prior behavior (such that people who both
sufficiently trust their guests and want to be able to use devices in
Dom0 again after they had been in use by a guest wouldn't need to
"manually" move such devices back from DomIO to Dom0).

This is XSA-306.

Reported-by: Marek Marczykowski-Górecki <marmarek@@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Wei Liu <wl@@xen.org>

--- xen/drivers/passthrough/iommu.c.orig
+++ xen/drivers/passthrough/iommu.c
@@@@ -52,6 +52,7 @@@@ custom_param("iommu", parse_iommu_param)
 bool_t __initdata iommu_enable = 1;
 bool_t __read_mostly iommu_enabled;
 bool_t __read_mostly force_iommu;
+bool __read_mostly iommu_quarantine = true;
 bool_t __hwdom_initdata iommu_dom0_strict;
 bool_t __read_mostly iommu_verbose;
 bool_t __read_mostly iommu_workaround_bios_bug;
@@@@ -99,6 +100,8 @@@@ static int __init parse_iommu_param(cons
         else if ( !cmdline_strcmp(s, "force") ||
                   !cmdline_strcmp(s, "required") )
             force_iommu = val;
+        else if ( !cmdline_strcmp(s, "quarantine") )
+            iommu_quarantine = val;
         else if ( !cmdline_strcmp(s, "workaround_bios_bug") )
             iommu_workaround_bios_bug = val;
         else if ( !cmdline_strcmp(s, "igfx") )
--- xen/drivers/passthrough/pci.c.orig
+++ xen/drivers/passthrough/pci.c
@@@@ -1511,7 +1511,8 @@@@ int deassign_device(struct domain *d, u1
         return -ENODEV;
 
     /* De-assignment from dom_io should de-quarantine the device */
-    target = (pdev->quarantine && pdev->domain != dom_io) ?
+    target = ((pdev->quarantine || iommu_quarantine) &&
+              pdev->domain != dom_io) ?
         dom_io : hardware_domain;
 
     while ( pdev->phantom_stride )
--- xen/include/xen/iommu.h.orig
+++ xen/include/xen/iommu.h
@@@@ -29,7 +29,7 @@@@
 #include <asm/iommu.h>
 
 extern bool_t iommu_enable, iommu_enabled;
-extern bool_t force_iommu, iommu_verbose;
+extern bool force_iommu, iommu_quarantine, iommu_verbose;
 extern bool_t iommu_workaround_bios_bug, iommu_igfx, iommu_passthrough;
 extern bool_t iommu_snoop, iommu_qinval, iommu_intremap, iommu_intpost;
 extern bool_t iommu_hap_pt_share;
@


1.1.2.3
log
@Pullup ticket #6104 - requested by bouyer
sysutils/xenkernel411, sysutils/xentools411: security fix

Revisions pulled up:
- sysutils/xenkernel411/Makefile                                1.12
- sysutils/xenkernel411/distinfo                                1.9
- sysutils/xenkernel411/patches/patch-XSA298                    deleted
- sysutils/xenkernel411/patches/patch-XSA299                    deleted
- sysutils/xenkernel411/patches/patch-XSA302                    deleted
- sysutils/xenkernel411/patches/patch-XSA304                    deleted
- sysutils/xenkernel411/patches/patch-XSA305                    deleted
- sysutils/xenkernel411/patches/patch-XSA306                    deleted
- sysutils/xenkernel411/patches/patch-XSA307                    1.1
- sysutils/xenkernel411/patches/patch-XSA308                    1.1
- sysutils/xenkernel411/patches/patch-XSA309                    1.1
- sysutils/xenkernel411/patches/patch-XSA310                    1.1
- sysutils/xenkernel411/patches/patch-XSA311                    1.1
- sysutils/xentools411/Makefile                                 1.12
- sysutils/xentools411/distinfo                                 1.8

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Dec 13 13:44:21 UTC 2019

   Modified Files:
   	pkgsrc/sysutils/xenkernel411: Makefile distinfo
   	pkgsrc/sysutils/xentools411: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel411/patches: patch-XSA307 patch-XSA308
   	    patch-XSA309 patch-XSA310 patch-XSA311
   Removed Files:
   	pkgsrc/sysutils/xenkernel411/patches: patch-XSA298 patch-XSA299
   	    patch-XSA302 patch-XSA304 patch-XSA305 patch-XSA306

   Log Message:
   Update xenkernel411 to 4.11.3nb1, and xentools411 to 4.11.3
   (PKGREVISION not reset on xenkernel411 on purpose, to enphasis that it's
   not a stock Xen 4.11.3 kernel).
   Changes since 4.11.2:
   - includes all security patches up to XSA306
   - other minor bug fixes, hardware support and performances improvements

   In addition, xenkernel411 includes all security patches released since 4.11.3,
   up to XSA311
@
text
@d1 1
a1 1
$NetBSD: patch-XSA306,v 1.1.2.2 2019/12/07 19:10:08 bsiegert Exp $
@