head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.28
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.8
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.30
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.26
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.24
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.22
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.20
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.18
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.16
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.14
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.12
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.10
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.6
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.4
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.2
	pkgsrc-2016Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.23;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2016.12.20.10.22.28;	author bouyer;	state Exp;
branches;
next	;
commitid	TxndvKOzkEv91Iyz;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-XSA-200,v 1.1 2016/12/20 10:22:28 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: x86emul: CMPXCHG8B ignores operand size prefix

Otherwise besides mis-handling the instruction, the comparison failure
case would result in uninitialized stack data being handed back to the
guest in rDX:rAX (32 bits leaked for 32-bit guests, 96 bits for 64-bit
ones).

This is XSA-200.

Signed-off-by: Jan Beulich <jbeulich@@suse.com>

--- tools/tests/x86_emulator/test_x86_emulator.c.orig
+++ tools/tests/x86_emulator/test_x86_emulator.c
@@@@ -429,6 +429,24 @@@@ int main(int argc, char **argv)
         goto fail;
     printf("okay\n");
 
+    printf("%-40s", "Testing cmpxchg8b (%edi) [opsize]...");
+    instr[0] = 0x66; instr[1] = 0x0f; instr[2] = 0xc7; instr[3] = 0x0f;
+    res[0]      = 0x12345678;
+    res[1]      = 0x87654321;
+    regs.eflags = 0x200;
+    regs.eip    = (unsigned long)&instr[0];
+    regs.edi    = (unsigned long)res;
+    rc = x86_emulate(&ctxt, &emulops);
+    if ( (rc != X86EMUL_OKAY) ||
+         (res[0] != 0x12345678) ||
+         (res[1] != 0x87654321) ||
+         (regs.eax != 0x12345678) ||
+         (regs.edx != 0x87654321) ||
+         ((regs.eflags&0x240) != 0x200) ||
+         (regs.eip != (unsigned long)&instr[4]) )
+        goto fail;
+    printf("okay\n");
+
     printf("%-40s", "Testing movsxbd (%%eax),%%ecx...");
     instr[0] = 0x0f; instr[1] = 0xbe; instr[2] = 0x08;
     regs.eflags = 0x200;
--- xen/arch/x86/x86_emulate/x86_emulate.c.orig
+++ xen/arch/x86/x86_emulate/x86_emulate.c
@@@@ -4494,9 +4498,11 @@@@
 
         generate_exception_if((modrm_reg & 7) != 1, EXC_UD, -1);
         generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
-        if ( op_bytes == 8 )
+        if ( op_bytes == 8 ) {
             vcpu_must_have_cx16();
-        op_bytes *= 2;
+	    op_bytes = 16;
+	} else
+            op_bytes = 8;
 
         /* Get actual old value. */
         for ( i = 0; i < (op_bytes/sizeof(long)); i++ )
@


1.1
log
@Apply upstream patch for XSA-199, XSA-200 and XSA-204.
Bump PKGREVISIONs
@
text
@d1 1
a1 1
$NetBSD: patch-XSA-195,v 1.1 2016/11/22 20:57:10 bouyer Exp $
@