head	1.2;
access;
symbols
	pkgsrc-2020Q2:1.1.0.22
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.18
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.20
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.16
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.14
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.12
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.10
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.8
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.6
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.4
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.2
	pkgsrc-2017Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2020.08.19.10.39.23;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DGAMglRf0Jde6FkC;

1.1
date	2017.12.15.14.00.44;	author bouyer;	state Exp;
branches;
next	;
commitid	vstkKXHtT1V3EZiA;


desc
@@


1.2
log
@Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.
@
text
@$NetBSD: patch-XSA250,v 1.1 2017/12/15 14:00:44 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: x86/shadow: fix ref-counting error handling

The old-Linux handling in shadow_set_l4e() mistakenly ORed together the
results of sh_get_ref() and sh_pin(). As the latter failing is not a
correctness problem, simply ignore its return value.

In sh_set_toplevel_shadow() a failing sh_get_ref() must not be
accompanied by installing the entry, despite the domain being crashed.

This is XSA-250.

Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Tim Deegan <tim@@xen.org>

--- xen/arch/x86/mm/shadow/multi.c.orig
+++ xen/arch/x86/mm/shadow/multi.c
@@@@ -923,7 +923,7 @@@@ static int shadow_set_l4e(struct domain
                           shadow_l4e_t new_sl4e,
                           mfn_t sl4mfn)
 {
-    int flags = 0, ok;
+    int flags = 0;
     shadow_l4e_t old_sl4e;
     paddr_t paddr;
     ASSERT(sl4e != NULL);
@@@@ -938,15 +938,16 @@@@ static int shadow_set_l4e(struct domain
     {
         /* About to install a new reference */
         mfn_t sl3mfn = shadow_l4e_get_mfn(new_sl4e);
-        ok = sh_get_ref(d, sl3mfn, paddr);
-        /* Are we pinning l3 shadows to handle wierd linux behaviour? */
-        if ( sh_type_is_pinnable(d, SH_type_l3_64_shadow) )
-            ok |= sh_pin(d, sl3mfn);
-        if ( !ok )
+
+        if ( !sh_get_ref(d, sl3mfn, paddr) )
         {
             domain_crash(d);
             return SHADOW_SET_ERROR;
         }
+
+        /* Are we pinning l3 shadows to handle weird Linux behaviour? */
+        if ( sh_type_is_pinnable(d, SH_type_l3_64_shadow) )
+            sh_pin(d, sl3mfn);
     }
 
     /* Write the new entry */
@@@@ -3965,14 +3966,15 @@@@ sh_set_toplevel_shadow(struct vcpu *v,
 
     /* Take a ref to this page: it will be released in sh_detach_old_tables()
      * or the next call to set_toplevel_shadow() */
-    if ( !sh_get_ref(d, smfn, 0) )
+    if ( sh_get_ref(d, smfn, 0) )
+        new_entry = pagetable_from_mfn(smfn);
+    else
     {
         SHADOW_ERROR("can't install %#lx as toplevel shadow\n", mfn_x(smfn));
         domain_crash(d);
+        new_entry = pagetable_null();
     }
 
-    new_entry = pagetable_from_mfn(smfn);
-
  install_new_entry:
     /* Done.  Install it */
     SHADOW_PRINTK("%u/%u [%u] gmfn %#"PRI_mfn" smfn %#"PRI_mfn"\n",
@


1.1
log
@Apply patches from upstream, fixing security issues XSA246 up to XSA251.
Also update patch-XSA240 from upstream, fixing issues in linear page table
handling introduced by the original XSA240 patch.
Bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@