head 1.2; access; symbols pkgsrc-2020Q2:1.1.0.36 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.16 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.38 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.34 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.32 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.30 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.28 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.26 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.24 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.22 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.20 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.18 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.14 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.12 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.10 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.8 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.6 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.4 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2020.08.19.10.39.23; author bouyer; state dead; branches; next 1.1; commitid DGAMglRf0Jde6FkC; 1.1 date 2016.01.07.17.53.58; author bouyer; state Exp; branches 1.1.2.1; next ; commitid sPBfKcCmelWSG1Qy; 1.1.2.1 date 2016.01.07.17.53.58; author bsiegert; state dead; branches; next 1.1.2.2; commitid DY7ZTsM4su8PtyQy; 1.1.2.2 date 2016.01.11.20.37.17; author bsiegert; state Exp; branches; next ; commitid DY7ZTsM4su8PtyQy; desc @@ 1.2 log @Remove xenkernel and xentools packages older than 4.11. They're not maintained anymore upstream, and don't build on supported NetBSD releases. @ text @$NetBSD: patch-CVE-2015-5307,v 1.1 2016/01/07 17:53:58 bouyer Exp $ Patch for CVE-2015-5307 and CVE-2015-8104 aka XSA-156, based on http://xenbits.xenproject.org/xsa/xsa156-4.3.patch --- xen/arch/x86/hvm/svm/svm.c.orig 2014-09-02 08:22:57.000000000 +0200 +++ xen/arch/x86/hvm/svm/svm.c 2016-01-07 14:30:34.000000000 +0100 @@@@ -942,10 +942,11 @@@@ unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) ) { uint32_t intercepts = vmcb_get_exception_intercepts(vmcb); - uint32_t mask = (1U << TRAP_debug) | (1U << TRAP_int3); + v->arch.hvm_vcpu.debug_state_latch = debug_state; vmcb_set_exception_intercepts( - vmcb, debug_state ? (intercepts | mask) : (intercepts & ~mask)); + vmcb, debug_state ? (intercepts | (1U << TRAP_int3)) + : (intercepts & ~(1U << TRAP_int3))); } if ( v->arch.hvm_svm.launch_core != smp_processor_id() ) @@@@ -2232,8 +2233,9 @@@@ case VMEXIT_EXCEPTION_DB: if ( !v->domain->debugger_attached ) - goto exit_and_crash; - domain_pause_for_debugger(); + hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE); + else + domain_pause_for_debugger(); break; case VMEXIT_EXCEPTION_BP: @@@@ -2281,6 +2283,11 @@@@ break; } + case VMEXIT_EXCEPTION_AC: + HVMTRACE_1D(TRAP, TRAP_alignment_check); + hvm_inject_hw_exception(TRAP_alignment_check, vmcb->exitinfo1); + break; + case VMEXIT_EXCEPTION_UD: svm_vmexit_ud_intercept(regs); break; --- xen/arch/x86/hvm/vmx/vmx.c.orig +++ xen/arch/x86/hvm/vmx/vmx.c @@@@ -1122,18 +1122,12 @@@@ static void vmx_update_host_cr3(struct v void vmx_update_debug_state(struct vcpu *v) { - unsigned long mask; - ASSERT(v == current); - mask = 1u << TRAP_int3; - if ( !cpu_has_monitor_trap_flag ) - mask |= 1u << TRAP_debug; - if ( v->arch.hvm_vcpu.debug_state_latch ) - v->arch.hvm_vmx.exception_bitmap |= mask; + v->arch.hvm_vmx.exception_bitmap |= 1U << TRAP_int3; else - v->arch.hvm_vmx.exception_bitmap &= ~mask; + v->arch.hvm_vmx.exception_bitmap &= ~(1U << TRAP_int3); vmx_update_exception_bitmap(v); } @@@@ -2616,9 +2610,10 @@@@ void vmx_vmexit_handler(struct cpu_user_ exit_qualification = __vmread(EXIT_QUALIFICATION); HVMTRACE_1D(TRAP_DEBUG, exit_qualification); write_debugreg(6, exit_qualification | 0xffff0ff0); - if ( !v->domain->debugger_attached || cpu_has_monitor_trap_flag ) - goto exit_and_crash; - domain_pause_for_debugger(); + if ( !v->domain->debugger_attached ) + hvm_inject_hw_exception(vector, HVM_DELIVER_NO_ERROR_CODE); + else + domain_pause_for_debugger(); break; case TRAP_int3: { @@@@ -2679,6 +2674,11 @@@@ void vmx_vmexit_handler(struct cpu_user_ hvm_inject_page_fault(regs->error_code, exit_qualification); break; + case TRAP_alignment_check: + HVMTRACE_1D(TRAP, vector); + hvm_inject_hw_exception(vector, + __vmread(VM_EXIT_INTR_ERROR_CODE)); + break; case TRAP_nmi: if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) != (X86_EVENTTYPE_NMI << 8) ) --- xen/include/asm-x86/hvm/hvm.h.orig +++ xen/include/asm-x86/hvm/hvm.h @@@@ -389,7 +389,10 @@@@ static inline bool_t hvm_vcpu_has_smep(v }) /* These exceptions must always be intercepted. */ -#define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op)) +#define HVM_TRAP_MASK ((1U << TRAP_debug) | \ + (1U << TRAP_invalid_op) | \ + (1U << TRAP_alignment_check) | \ + (1U << TRAP_machine_check)) /* * x86 event types. This enumeration is valid for: @ 1.1 log @pply patches from Xen repository, fixing: CVE-2015-5307 and CVE-2015-8104 aka XSA-156 CVE-2015-8339 and CVE-2015-8340 aka XSA-159 CVE-2015-8555 aka XSA-165 XSA-166 CVE-2015-8550 aka XSA-155 CVE-2015-8554 aka XSA-164 Bump pkgrevision @ text @d1 1 a1 1 $NetBSD: patch-CVE-2015-7971,v 1.1 2015/10/29 20:29:56 bouyer Exp $ @ 1.1.2.1 log @file patch-CVE-2015-5307 was added on branch pkgsrc-2015Q4 on 2016-01-11 20:37:17 +0000 @ text @d1 108 @ 1.1.2.2 log @Pullup ticket #4886 - requested by bouyer sysutils/xenkernel42: security fix sysutils/xentools42: security fix Revisions pulled up: - sysutils/xenkernel42/Makefile 1.20 - sysutils/xenkernel42/distinfo 1.19 - sysutils/xenkernel42/patches/patch-CVE-2015-5307 1.1 - sysutils/xenkernel42/patches/patch-CVE-2015-8339 1.1 - sysutils/xenkernel42/patches/patch-CVE-2015-8555 1.1 - sysutils/xenkernel42/patches/patch-XSA-166 1.1 - sysutils/xentools42/Makefile 1.41 - sysutils/xentools42/distinfo 1.22 - sysutils/xentools42/patches/patch-CVE-2015-8550 1.1 - sysutils/xentools42/patches/patch-CVE-2015-8554 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Jan 7 17:53:59 UTC 2016 Modified Files: pkgsrc/sysutils/xenkernel42: Makefile distinfo pkgsrc/sysutils/xentools42: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-5307 patch-CVE-2015-8339 patch-CVE-2015-8555 patch-XSA-166 pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-8550 patch-CVE-2015-8554 Log Message: pply patches from Xen repository, fixing: CVE-2015-5307 and CVE-2015-8104 aka XSA-156 CVE-2015-8339 and CVE-2015-8340 aka XSA-159 CVE-2015-8555 aka XSA-165 XSA-166 CVE-2015-8550 aka XSA-155 CVE-2015-8554 aka XSA-164 Bump pkgrevision @ text @a0 108 $NetBSD$ Patch for CVE-2015-5307 and CVE-2015-8104 aka XSA-156, based on http://xenbits.xenproject.org/xsa/xsa156-4.3.patch --- xen/arch/x86/hvm/svm/svm.c.orig 2014-09-02 08:22:57.000000000 +0200 +++ xen/arch/x86/hvm/svm/svm.c 2016-01-07 14:30:34.000000000 +0100 @@@@ -942,10 +942,11 @@@@ unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) ) { uint32_t intercepts = vmcb_get_exception_intercepts(vmcb); - uint32_t mask = (1U << TRAP_debug) | (1U << TRAP_int3); + v->arch.hvm_vcpu.debug_state_latch = debug_state; vmcb_set_exception_intercepts( - vmcb, debug_state ? (intercepts | mask) : (intercepts & ~mask)); + vmcb, debug_state ? (intercepts | (1U << TRAP_int3)) + : (intercepts & ~(1U << TRAP_int3))); } if ( v->arch.hvm_svm.launch_core != smp_processor_id() ) @@@@ -2232,8 +2233,9 @@@@ case VMEXIT_EXCEPTION_DB: if ( !v->domain->debugger_attached ) - goto exit_and_crash; - domain_pause_for_debugger(); + hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE); + else + domain_pause_for_debugger(); break; case VMEXIT_EXCEPTION_BP: @@@@ -2281,6 +2283,11 @@@@ break; } + case VMEXIT_EXCEPTION_AC: + HVMTRACE_1D(TRAP, TRAP_alignment_check); + hvm_inject_hw_exception(TRAP_alignment_check, vmcb->exitinfo1); + break; + case VMEXIT_EXCEPTION_UD: svm_vmexit_ud_intercept(regs); break; --- xen/arch/x86/hvm/vmx/vmx.c.orig +++ xen/arch/x86/hvm/vmx/vmx.c @@@@ -1122,18 +1122,12 @@@@ static void vmx_update_host_cr3(struct v void vmx_update_debug_state(struct vcpu *v) { - unsigned long mask; - ASSERT(v == current); - mask = 1u << TRAP_int3; - if ( !cpu_has_monitor_trap_flag ) - mask |= 1u << TRAP_debug; - if ( v->arch.hvm_vcpu.debug_state_latch ) - v->arch.hvm_vmx.exception_bitmap |= mask; + v->arch.hvm_vmx.exception_bitmap |= 1U << TRAP_int3; else - v->arch.hvm_vmx.exception_bitmap &= ~mask; + v->arch.hvm_vmx.exception_bitmap &= ~(1U << TRAP_int3); vmx_update_exception_bitmap(v); } @@@@ -2616,9 +2610,10 @@@@ void vmx_vmexit_handler(struct cpu_user_ exit_qualification = __vmread(EXIT_QUALIFICATION); HVMTRACE_1D(TRAP_DEBUG, exit_qualification); write_debugreg(6, exit_qualification | 0xffff0ff0); - if ( !v->domain->debugger_attached || cpu_has_monitor_trap_flag ) - goto exit_and_crash; - domain_pause_for_debugger(); + if ( !v->domain->debugger_attached ) + hvm_inject_hw_exception(vector, HVM_DELIVER_NO_ERROR_CODE); + else + domain_pause_for_debugger(); break; case TRAP_int3: { @@@@ -2679,6 +2674,11 @@@@ void vmx_vmexit_handler(struct cpu_user_ hvm_inject_page_fault(regs->error_code, exit_qualification); break; + case TRAP_alignment_check: + HVMTRACE_1D(TRAP, vector); + hvm_inject_hw_exception(vector, + __vmread(VM_EXIT_INTR_ERROR_CODE)); + break; case TRAP_nmi: if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) != (X86_EVENTTYPE_NMI << 8) ) --- xen/include/asm-x86/hvm/hvm.h.orig +++ xen/include/asm-x86/hvm/hvm.h @@@@ -389,7 +389,10 @@@@ static inline bool_t hvm_vcpu_has_smep(v }) /* These exceptions must always be intercepted. */ -#define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op)) +#define HVM_TRAP_MASK ((1U << TRAP_debug) | \ + (1U << TRAP_invalid_op) | \ + (1U << TRAP_alignment_check) | \ + (1U << TRAP_machine_check)) /* * x86 event types. This enumeration is valid for: @