head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.4
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2020.08.24.10.35.35;	author bouyer;	state dead;
branches;
next	1.1;
commitid	MGsqrLPx72UHUilC;

1.1
date	2020.04.15.15.37.19;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;
commitid	lAP1ZtvVXxSONu4C;

1.1.2.1
date	2020.04.15.15.37.19;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	rED8p7xMUDKaJJ4C;

1.1.2.2
date	2020.04.17.12.34.14;	author bsiegert;	state Exp;
branches;
next	;
commitid	rED8p7xMUDKaJJ4C;


desc
@@


1.2
log
@Update to 4.11.4nb1
Keep PKGREVISION at 1 to reflect that it's not a stock Xen 4.11.4 kernel,
we have additinnal security fixes (all relevant patches from upstream to
date).
Changes: mosly bug fixes and improvements; better support for newer AMD CPUs.
full changelog at https://xenproject.org/downloads/xen-project-archives/xen-proj
ect-4-11-series/xen-project-4-11-4/
@
text
@$NetBSD: patch-XSA318,v 1.1 2020/04/15 15:37:19 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: gnttab: fix GNTTABOP_copy continuation handling

The XSA-226 fix was flawed - the backwards transformation on rc was done
too early, causing a continuation to not get invoked when the need for
preemption was determined at the very first iteration of the request.
This in particular means that all of the status fields of the individual
operations would be left untouched, i.e. set to whatever the caller may
or may not have initialized them to.

This is part of XSA-318.

Reported-by: Pawel Wieczorkiewicz <wipawel@@amazon.de>
Tested-by: Pawel Wieczorkiewicz <wipawel@@amazon.de>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Juergen Gross <jgross@@suse.com>

--- xen/common/grant_table.c.orig
+++ xen/common/grant_table.c
@@@@ -3576,8 +3576,7 @@@@ do_grant_table_op(
         rc = gnttab_copy(copy, count);
         if ( rc > 0 )
         {
-            rc = count - rc;
-            guest_handle_add_offset(copy, rc);
+            guest_handle_add_offset(copy, count - rc);
             uop = guest_handle_cast(copy, void);
         }
         break;
@@@@ -3644,6 +3643,9 @@@@ do_grant_table_op(
   out:
     if ( rc > 0 || opaque_out != 0 )
     {
+        /* Adjust rc, see gnttab_copy() for why this is needed. */
+        if ( cmd == GNTTABOP_copy )
+            rc = count - rc;
         ASSERT(rc < count);
         ASSERT((opaque_out & GNTTABOP_CMD_MASK) == 0);
         rc = hypercall_create_continuation(__HYPERVISOR_grant_table_op, "ihi",
@


1.1
log
@Apply upstream patches for security issues XSA313 and XSA318.
Bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.2.1
log
@file patch-XSA318 was added on branch pkgsrc-2020Q1 on 2020-04-17 12:34:14 +0000
@
text
@d1 41
@


1.1.2.2
log
@Pullup ticket #6160 - requested by bouyer
sysutils/xenkernel411: security fix

Revisions pulled up:
- sysutils/xenkernel411/Makefile                                1.13
- sysutils/xenkernel411/distinfo                                1.10-1.11
- sysutils/xenkernel411/patches/patch-XSA313                    1.1
- sysutils/xenkernel411/patches/patch-XSA316                    1.1
- sysutils/xenkernel411/patches/patch-XSA318                    1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Apr 15 15:37:20 UTC 2020

   Modified Files:
   	pkgsrc/sysutils/xenkernel411: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel411/patches: patch-XSA313 patch-XSA318

   Log Message:
   Apply upstream patches for security issues XSA313 and XSA318.
   Bump PKGREVISION

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Apr 15 15:45:05 UTC 2020

   Modified Files:
   	pkgsrc/sysutils/xenkernel411: distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel411/patches: patch-XSA316

   Log Message:
   Also apply patch for XSA316. ride previous PKGREVISION bump
@
text
@a0 41
$NetBSD: patch-XSA318,v 1.1 2020/04/15 15:37:19 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: gnttab: fix GNTTABOP_copy continuation handling

The XSA-226 fix was flawed - the backwards transformation on rc was done
too early, causing a continuation to not get invoked when the need for
preemption was determined at the very first iteration of the request.
This in particular means that all of the status fields of the individual
operations would be left untouched, i.e. set to whatever the caller may
or may not have initialized them to.

This is part of XSA-318.

Reported-by: Pawel Wieczorkiewicz <wipawel@@amazon.de>
Tested-by: Pawel Wieczorkiewicz <wipawel@@amazon.de>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Juergen Gross <jgross@@suse.com>

--- xen/common/grant_table.c.orig
+++ xen/common/grant_table.c
@@@@ -3576,8 +3576,7 @@@@ do_grant_table_op(
         rc = gnttab_copy(copy, count);
         if ( rc > 0 )
         {
-            rc = count - rc;
-            guest_handle_add_offset(copy, rc);
+            guest_handle_add_offset(copy, count - rc);
             uop = guest_handle_cast(copy, void);
         }
         break;
@@@@ -3644,6 +3643,9 @@@@ do_grant_table_op(
   out:
     if ( rc > 0 || opaque_out != 0 )
     {
+        /* Adjust rc, see gnttab_copy() for why this is needed. */
+        if ( cmd == GNTTABOP_copy )
+            rc = count - rc;
         ASSERT(rc < count);
         ASSERT((opaque_out & GNTTABOP_CMD_MASK) == 0);
         rc = hypercall_create_continuation(__HYPERVISOR_grant_table_op, "ihi",
@