head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.30
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.10
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.32
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.28
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.26
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.24
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.22
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.20
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.18
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.16
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.14
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.12
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.8
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.6
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.4
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.2
	pkgsrc-2016Q3-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.23;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2016.09.08.15.41.01;	author bouyer;	state Exp;
branches;
next	;
commitid	c9X7FynnoqZn5vlz;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-XSA-185,v 1.1 2016/09/08 15:41:01 bouyer Exp $

From 30aba4992b18245c436f16df7326a16c01a51570 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@@suse.com>
Date: Mon, 8 Aug 2016 10:58:12 +0100
Subject: x86/32on64: don't allow recursive page tables from L3

L3 entries are special in PAE mode, and hence can't reasonably be used
for setting up recursive (and hence linear) page table mappings. Since
abuse is possible when the guest in fact gets run on 4-level page
tables, this needs to be excluded explicitly.

This is XSA-185.

Reported-by: Jérémie Boutoille <jboutoille@@ext.quarkslab.com>
Reported-by: 栾尚聪(好风) <shangcong.lsc@@alibaba-inc.com>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>
---
 xen/arch/x86/mm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 109b8be..69b8b8d 100644
--- xen/arch/x86/mm.c.orig
+++ xen/arch/x86/mm.c
@@@@ -1122,7 +1122,9 @@@@ get_page_from_l3e(
 
     rc = get_page_and_type_from_pagenr(
         l3e_get_pfn(l3e), PGT_l2_page_table, d, partial, 1);
-    if ( unlikely(rc == -EINVAL) && get_l3_linear_pagetable(l3e, pfn, d) )
+    if ( unlikely(rc == -EINVAL) &&
+         !is_pv_32bit_domain(d) &&
+         get_l3_linear_pagetable(l3e, pfn, d) )
         rc = 0;
 
     return rc;
@


1.1
log
@Backport upstream patches for security issues:
XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests
XSA-187: x86 HVM: Overflow of sh_ctxt->seg_reg[]
bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@