head 1.2; access; symbols pkgsrc-2022Q2:1.1.0.18 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.16 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.14 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.12 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.10 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.8 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.6 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.4 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2022.06.28.16.33.25; author bouyer; state dead; branches; next 1.1; commitid lkljtNX5KSYPgPJD; 1.1 date 2020.07.16.09.57.17; author bouyer; state Exp; branches 1.1.2.1; next ; commitid hSaQAYyyo7nRXhgC; 1.1.2.1 date 2020.07.16.09.57.17; author bsiegert; state dead; branches; next 1.1.2.2; commitid 8vOqdXud3CR5tQlC; 1.1.2.2 date 2020.08.28.15.37.49; author bsiegert; state Exp; branches; next ; commitid 8vOqdXud3CR5tQlC; desc @@ 1.2 log @Remove xenkernel411 and xenkernel411, they're EOL upstream @ text @$NetBSD: patch-XSA317,v 1.1 2020/07/16 09:57:17 bouyer Exp $ From aeb46e92f915f19a61d5a8a1f4b696793f64e6fb Mon Sep 17 00:00:00 2001 From: Julien Grall Date: Thu, 19 Mar 2020 13:17:31 +0000 Subject: [PATCH] xen/common: event_channel: Don't ignore error in get_free_port() Currently, get_free_port() is assuming that the port has been allocated when evtchn_allocate_port() is not return -EBUSY. However, the function may return an error when: - We exhausted all the event channels. This can happen if the limit configured by the administrator for the guest ('max_event_channels' in xl cfg) is higher than the ABI used by the guest. For instance, if the guest is using 2L, the limit should not be higher than 4095. - We cannot allocate memory (e.g Xen has not more memory). Users of get_free_port() (such as EVTCHNOP_alloc_unbound) will validly assuming the port was valid and will next call evtchn_from_port(). This will result to a crash as the memory backing the event channel structure is not present. Fixes: 368ae9a05fe ("xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU") Signed-off-by: Julien Grall Reviewed-by: Jan Beulich --- xen/common/event_channel.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index e86e2bfab0..a8d182b584 100644 --- xen/common/event_channel.c.orig +++ xen/common/event_channel.c @@@@ -195,10 +195,10 @@@@ static int get_free_port(struct domain *d) { int rc = evtchn_allocate_port(d, port); - if ( rc == -EBUSY ) - continue; - - return port; + if ( rc == 0 ) + return port; + else if ( rc != -EBUSY ) + return rc; } return -ENOSPC; -- 2.17.1 @ 1.1 log @Add patches for Xen Security Advisories XSA317, XSA319, XSA320, XSA321 and XSA328 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: $ @ 1.1.2.1 log @file patch-XSA317 was added on branch pkgsrc-2020Q2 on 2020-08-28 15:37:49 +0000 @ text @d1 52 @ 1.1.2.2 log @Pullup ticket #6308 - requested by bouyer sysutils/xenkernel411: security fix Revisions pulled up: - sysutils/xenkernel411/Makefile 1.14 - sysutils/xenkernel411/distinfo 1.12 - sysutils/xenkernel411/patches/patch-XSA317 1.1 - sysutils/xenkernel411/patches/patch-XSA319 1.1 - sysutils/xenkernel411/patches/patch-XSA320 1.1 - sysutils/xenkernel411/patches/patch-XSA321 1.1 - sysutils/xenkernel411/patches/patch-XSA328 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Jul 16 09:57:17 UTC 2020 Modified Files: pkgsrc/sysutils/xenkernel411: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel411/patches: patch-XSA317 patch-XSA319 patch-XSA320 patch-XSA321 patch-XSA328 Log Message: Add patches for Xen Security Advisories XSA317, XSA319, XSA320, XSA321 and XSA328 Bump PKGREVISION @ text @a0 52 $NetBSD: patch-XSA317,v 1.1 2020/07/16 09:57:17 bouyer Exp $ From aeb46e92f915f19a61d5a8a1f4b696793f64e6fb Mon Sep 17 00:00:00 2001 From: Julien Grall Date: Thu, 19 Mar 2020 13:17:31 +0000 Subject: [PATCH] xen/common: event_channel: Don't ignore error in get_free_port() Currently, get_free_port() is assuming that the port has been allocated when evtchn_allocate_port() is not return -EBUSY. However, the function may return an error when: - We exhausted all the event channels. This can happen if the limit configured by the administrator for the guest ('max_event_channels' in xl cfg) is higher than the ABI used by the guest. For instance, if the guest is using 2L, the limit should not be higher than 4095. - We cannot allocate memory (e.g Xen has not more memory). Users of get_free_port() (such as EVTCHNOP_alloc_unbound) will validly assuming the port was valid and will next call evtchn_from_port(). This will result to a crash as the memory backing the event channel structure is not present. Fixes: 368ae9a05fe ("xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU") Signed-off-by: Julien Grall Reviewed-by: Jan Beulich --- xen/common/event_channel.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index e86e2bfab0..a8d182b584 100644 --- xen/common/event_channel.c.orig +++ xen/common/event_channel.c @@@@ -195,10 +195,10 @@@@ static int get_free_port(struct domain *d) { int rc = evtchn_allocate_port(d, port); - if ( rc == -EBUSY ) - continue; - - return port; + if ( rc == 0 ) + return port; + else if ( rc != -EBUSY ) + return rc; } return -ENOSPC; -- 2.17.1 @