pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Upstream pygrub patches for grub2 support and fixes

Browse Source 
23686-pygrub-solaris.patch
  23697-pygrub-grub2.patch
  23944-pygrub-debug.patch
  23998-pygrub-GPT.patch
  23999-pygrub-grub2.patch
  24064-pygrub-HybridISO.patch
  24401-pygrub-scrolling.patch
  24402-pygrub-edit-fix.patch
  24460-pygrub-extlinux.patch
  24706-pygrub-extlinux.patch

- Revised version of security patch and an additional patch for
  bnc#764077
  x86_64-AMD-erratum-121.patch
  x86_64-allow-unsafe-adjust.patch

- bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on
  older AMD systems
  x86_64-AMD-erratum-121.patch
- Revised version of security patch for bnc#757537
  x86_64-sysret-canonical.patch

- bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation
  x86_64-sysret-canonical.patch
- bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF
  generation
  x86_64-trap-bounce-flags.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=190
This commit is contained in:
Charles Arnold 2012-06-12 16:47:07 +00:00 committed by Git OBS Bridge
parent 0e9e131edf
commit 81501c15a5
15 changed files with 736 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
23686-pygrub-solaris.patch Normal file
View File

@ -0,0 +1,43 @@
# HG changeset patch
# User tools/pygrub: fix solaris kernel sniff
# Date 1310663398 -3600
# Node ID 7c39a2c0d870f9a374f181b581bcf82a2a7ff364
# Parent 5239811f92e1ffb185a50172fdcf47372e71ba7e
tools/pygrub: fix solaris kernel sniff
Solaris 11 build 163+ removes '/platform/i86xpv/kernel/unix' and only the
64-bit PV kernel file '/platform/i86xpv/kernel/amd64/unix' exists.
This patch fixes the detection.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com>
Signed-off-by: Frank Che <frank.che@oracle.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 5239811f92e1 -r 7c39a2c0d870 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Thu Jul 14 15:49:49 2011 +0100
+++ b/tools/pygrub/src/pygrub Thu Jul 14 18:09:58 2011 +0100
@@ -594,7 +594,8 @@
# If nothing has been specified, look for a Solaris domU. If found, perform the
# necessary tweaks.
def sniff_solaris(fs, cfg):
- if not fs.file_exists("/platform/i86xpv/kernel/unix"):
+ if not fs.file_exists("/platform/i86xpv/kernel/unix") and \
+ not fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
return cfg
if not cfg["kernel"]:
@@ -602,9 +603,11 @@
fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
- else:
+ elif fs.file_exists("/platform/i86xpv/kernel/unix"):
cfg["kernel"] = "/platform/i86xpv/kernel/unix"
cfg["ramdisk"] = "/platform/i86pc/boot_archive"
+ else:
+ return cfg
# Unpleasant. Typically we'll have 'root=foo -k' or 'root=foo /kernel -k',
# and we need to maintain Xen properties (root= and ip=) and the kernel

36
23697-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,36 @@
# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1310749975 -3600
# Node ID 5e1032229546c2d5640dc05205303d91d78a92c3
# Parent c1d7fa123dae73708da7306c0ec611d6fa6a6140
pygrub: prefer Grub2 to Grub1
If a VM image has grub2 installed it is likely the one we need to be using.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r c1d7fa123dae -r 5e1032229546 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Fri Jul 15 18:09:49 2011 +0100
+++ b/tools/pygrub/src/pygrub Fri Jul 15 18:12:55 2011 +0100
@@ -385,14 +385,14 @@
# fallbacks
["/efi/boot/elilo.conf", "/elilo.conf",])
else:
- cfg_list = map(lambda x: (x,grub.GrubConf.GrubConfigFile),
- ["/boot/grub/menu.lst", "/boot/grub/grub.conf",
- "/grub/menu.lst", "/grub/grub.conf"]) + \
- map(lambda x: (x,grub.GrubConf.Grub2ConfigFile),
+ cfg_list = map(lambda x: (x,grub.GrubConf.Grub2ConfigFile),
["/boot/grub/grub.cfg", "/grub/grub.cfg"]) + \
map(lambda x: (x,grub.ExtLinuxConf.ExtLinuxConfigFile),
["/boot/isolinux/isolinux.cfg",
- "/boot/extlinux.conf"])
+ "/boot/extlinux.conf"]) + \
+ map(lambda x: (x,grub.GrubConf.GrubConfigFile),
+ ["/boot/grub/menu.lst", "/boot/grub/grub.conf",
+ "/grub/menu.lst", "/grub/grub.conf"])
if not fs:
# set the config file and parse it

72
23944-pygrub-debug.patch Normal file
View File

@ -0,0 +1,72 @@
# HG changeset patch
# User Guido Gunther <agx@sigxcpu.org>
# Date 1318330978 -3600
# Node ID 4b0907c6a08c348962bd976c2976257b412408be
# Parent 1185ae04b5aad429fd68d1872f404791df627965
pygrub: add debug flag
Debugging config file errors is tedious so help a bit by not silently
dropping parsing exceptions when --debug is given. Also intialize the
logging API at debug level in this case.
Signed-off-by: Guido Gunther <agx@sigxcpu.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 1185ae04b5aa -r 4b0907c6a08c tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Oct 11 10:46:28 2011 +0100
+++ b/tools/pygrub/src/pygrub Tue Oct 11 12:02:58 2011 +0100
@@ -13,7 +13,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
-import os, sys, string, struct, tempfile, re
+import os, sys, string, struct, tempfile, re, traceback
import copy
import logging
import platform
@@ -665,7 +665,7 @@
["quiet", "interactive", "not-really", "help",
"output=", "output-format=", "output-directory=",
"entry=", "kernel=",
- "ramdisk=", "args=", "isconfig"])
+ "ramdisk=", "args=", "isconfig", "debug"])
except getopt.GetoptError:
usage()
sys.exit(1)
@@ -679,6 +679,7 @@
entry = None
interactive = True
isconfig = False
+ debug = False
not_really = False
output_format = "sxp"
output_directory = "/var/run/xend/boot"
@@ -714,6 +715,8 @@
interactive = False
elif o in ("--isconfig",):
isconfig = True
+ elif o in ("--debug",):
+ debug = True
elif o in ("--output-format",):
if a not in ["sxp", "simple", "simple0"]:
print "unkonwn output format %s" % a
@@ -723,6 +726,9 @@
elif o in ("--output-directory",):
output_directory = a
+ if debug:
+ logging.basicConfig(level=logging.DEBUG)
+
if output is None or output == "-":
fd = sys.stdout.fileno()
else:
@@ -769,6 +775,8 @@
except:
# IOErrors raised by fsimage.open
# RuntimeErrors raised by run_grub if no menu.lst present
+ if debug:
+ traceback.print_exc()
fs = None
continue

53
23998-pygrub-GPT.patch Normal file
View File

@ -0,0 +1,53 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566554 -3600
# Node ID 85d7b207fabcd1cbda8f93e3937c5990f42a2cf9
# Parent f273bce1fc265b9f71879705639a0b14da03f6e1
pygrub: check all GPT partitions
On Fedora 16 the first GPT partition is a boot partition for grub2 with
the grub2 configuration in the second partition.
Check all GPT partitions for grub configuration, not just the first.
[ Also remove now-inaccurate comment. -iwj ]
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Tested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r f273bce1fc26 -r 85d7b207fabc tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Oct 25 17:04:41 2011 +0100
+++ b/tools/pygrub/src/pygrub Tue Oct 25 19:15:54 2011 +0100
@@ -77,10 +77,17 @@
def get_fs_offset_gpt(file):
fd = os.open(file, os.O_RDONLY)
- # assume the first partition is an EFI system partition.
- os.lseek(fd, SECTOR_SIZE * 2, 0)
+ os.lseek(fd, SECTOR_SIZE, 0)
buf = os.read(fd, 512)
- return struct.unpack("<Q", buf[32:40])[0] * SECTOR_SIZE
+ partcount = struct.unpack("<L", buf[80:84])[0]
+ partsize = struct.unpack("<L", buf[84:88])[0]
+ i = partcount
+ offsets = []
+ while i>0:
+ buf = os.read(fd, partsize)
+ offsets.append(struct.unpack("<Q", buf[32:40])[0] * SECTOR_SIZE)
+ i -= 1
+ return offsets
FDISK_PART_SOLARIS=0xbf
FDISK_PART_SOLARIS_OLD=0x82
@@ -114,7 +121,9 @@
continue # no solaris magic at that offset, ignore partition
if type == FDISK_PART_GPT:
- offset = get_fs_offset_gpt(file)
+ for offset in get_fs_offset_gpt(file):
+ part_offs.append(offset)
+ break
# Active partition has 0x80 as the first byte.
# If active, prepend to front of list, otherwise append to back.

26
23999-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,26 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566729 -3600
# Node ID 138f707fa598340749a70a79748b01dff850b8f2
# Parent 85d7b207fabcd1cbda8f93e3937c5990f42a2cf9
pygrub: look in /boot/grub2 (for eg Fedora 16)
Fedora 16 puts grub configuration files in /boot/grub2/grub.cfg so
pygrub should look there as well
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
diff -r 85d7b207fabc -r 138f707fa598 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Oct 25 19:15:54 2011 +0100
+++ b/tools/pygrub/src/pygrub Tue Oct 25 19:18:49 2011 +0100
@@ -395,7 +395,8 @@
["/efi/boot/elilo.conf", "/elilo.conf",])
else:
cfg_list = map(lambda x: (x,grub.GrubConf.Grub2ConfigFile),
- ["/boot/grub/grub.cfg", "/grub/grub.cfg"]) + \
+ ["/boot/grub/grub.cfg", "/grub/grub.cfg",
+ "/boot/grub2/grub.cfg", "/grub2/grub.cfg"]) + \
map(lambda x: (x,grub.ExtLinuxConf.ExtLinuxConfigFile),
["/boot/isolinux/isolinux.cfg",
"/boot/extlinux.conf"]) + \

72
24064-pygrub-HybridISO.patch Normal file
View File

@ -0,0 +1,72 @@
# HG changeset patch
# User Philipp Hahn <hahn@univention.de>
# Date 1320251337 0
# Node ID 2d741388060df5bd2545f38a25278fb9a7fbb127
# Parent 6868855b6651639f02004a7e313fe7aaba522821
pygrub: Add HybridISO support for PyGrub2
grub-mkrescue internally uses xorriso, which generates a so-called
"Hybrid ISO": The ISO images also contains a DOS partition table,
which allows the identical ISO file to be stored on an USB stick for
booting from it. This breaks PyGrub, since it (wrongly) detects only
the DOS partition table and uses the first partition instead of the
complete ISO file.
Add a check to detect HybridISO files and use offset 0 in addition to
partition table parsing.
Signed-off-by: Philipp Hahn <hahn@univention.de>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 6868855b6651 -r 2d741388060d tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Wed Nov 02 16:25:18 2011 +0000
+++ b/tools/pygrub/src/pygrub Wed Nov 02 16:28:57 2011 +0000
@@ -40,15 +40,20 @@
except _curses.error:
pass
-def is_disk_image(file):
+DISK_TYPE_RAW, DISK_TYPE_HYBRIDISO, DISK_TYPE_DOS = range(3)
+def identify_disk_image(file):
+ """Detect DOS partition table or HybridISO format."""
fd = os.open(file, os.O_RDONLY)
- buf = os.read(fd, 512)
+ buf = os.read(fd, 0x8006)
os.close(fd)
if len(buf) >= 512 and \
struct.unpack("H", buf[0x1fe: 0x200]) == (0xaa55,):
- return True
- return False
+ # HybridISO contains a DOS partition table for booting from USB devices, but really is an ISO image
+ if len(buf) >= 0x8006 and buf[0x8001:0x8006] == 'CD001':
+ return DISK_TYPE_HYBRIDISO
+ return DISK_TYPE_DOS
+ return DISK_TYPE_RAW
SECTOR_SIZE=512
DK_LABEL_LOC=1
@@ -94,12 +99,19 @@
FDISK_PART_GPT=0xee
def get_partition_offsets(file):
- if not is_disk_image(file):
+ image_type = identify_disk_image(file)
+ if image_type == DISK_TYPE_RAW:
# No MBR: assume whole disk filesystem, which is like a
# single partition starting at 0
return [0]
-
- part_offs = []
+ elif image_type == DISK_TYPE_HYBRIDISO:
+ # A HybridISO contains an ISO filesystem at 0 in addition
+ # to the DOS partition table
+ part_offs = [0]
+ elif image_type == DISK_TYPE_DOS:
+ part_offs = []
+ else:
+ raise ValueError('Unhandled image type returnd by identify_disk_image(): %d' % (image_type,))
fd = os.open(file, os.O_RDONLY)
buf = os.read(fd, 512)

87
24401-pygrub-scrolling.patch Normal file
View File

@ -0,0 +1,87 @@
# HG changeset patch
# User Miroslav Rezanina <mrezanin@redhat.com>
# Date 1323790700 0
# Node ID c04ec56f4a6d381bfacd31fbcaefdaa206a914f1
# Parent 63e5005d58ca5674e790ef627e7fb3c8c66c5374
pygrub: Allow scrolling of the list of entries
When user wants to change entry in grub2 menu in pygrub, there
may be crash of pygrub in case of editing item ('e' key).
Crash on editing is caused longer entry list in case of grub2. As entry
window is 10 lines high, it can hold only 8 entries (2 lines for border).
Adding line outside of windows high causes crash. Patch add handling
for longer lists and scrolling through them.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 63e5005d58ca -r c04ec56f4a6d tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Dec 13 15:31:12 2011 +0000
+++ b/tools/pygrub/src/pygrub Tue Dec 13 15:38:20 2011 +0000
@@ -221,6 +221,7 @@
class Grub:
+ ENTRY_WIN_LINES = 8
def __init__(self, file, fs = None):
self.screen = None
self.entry_win = None
@@ -238,7 +239,7 @@
except:
pass # Not important if we can't use colour
enable_cursor(False)
- self.entry_win = curses.newwin(10, 74, 2, 1)
+ self.entry_win = curses.newwin(Grub.ENTRY_WIN_LINES + 2, 74, 2, 1)
self.text_win = curses.newwin(10, 70, 12, 5)
curses.def_prog_mode()
@@ -287,12 +288,20 @@
self.text_win.noutrefresh()
curline = 0
+ pos = 0
img = copy.deepcopy(origimg)
while 1:
draw()
self.entry_win.erase()
- self.entry_win.box()
- for idx in range(0, len(img.lines)):
+
+ rs = 0
+ re = len(img.lines)
+ idp = 1
+ if re > Grub.ENTRY_WIN_LINES:
+ rs = curline - pos
+ re = rs + Grub.ENTRY_WIN_LINES
+
+ for idx in range(rs, re):
# current line should be highlighted
if idx == curline:
self.entry_win.attron(curses.A_REVERSE)
@@ -302,9 +311,11 @@
if len(l) > 70:
l = l[:69] + ">"
- self.entry_win.addstr(idx + 1, 2, l)
+ self.entry_win.addstr(idp, 2, l)
if idx == curline:
self.entry_win.attroff(curses.A_REVERSE)
+ idp += 1
+ self.entry_win.box()
self.entry_win.noutrefresh()
curses.doupdate()
@@ -313,8 +324,12 @@
break
elif c == curses.KEY_UP:
curline -= 1
+ if pos > 0:
+ pos -= 1
elif c == curses.KEY_DOWN:
curline += 1
+ if pos < Grub.ENTRY_WIN_LINES - 1:
+ pos += 1
elif c == ord('b'):
self.isdone = True
break

29
24402-pygrub-edit-fix.patch Normal file
View File

@ -0,0 +1,29 @@
# HG changeset patch
# User Miroslav Rezanina <mrezanin@redhat.com>
# Date 1323790768 0
# Node ID 983b551e44077ace454a397181c93533e0a534b5
# Parent c04ec56f4a6d381bfacd31fbcaefdaa206a914f1
pygrub: Fix "a" entry editing in grub2
When user wants to change entry in grub2 menu in pygrub, there's no
response in case of appending command line arguments ('a' key).
Append malfunction is caused by change of keyword used for kernel
record. Grub uses 'kernel' for line with linux kernel but grub2 uses
'linux' instead. This patch adds checking for both grub 1 and 2 keywords.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r c04ec56f4a6d -r 983b551e4407 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Dec 13 15:38:20 2011 +0000
+++ b/tools/pygrub/src/pygrub Tue Dec 13 15:39:28 2011 +0000
@@ -522,7 +522,7 @@
# find the kernel line, edit it and then boot
img = self.cf.images[self.selected_image]
for line in img.lines:
- if line.startswith("kernel"):
+ if line.startswith("kernel") or line.startswith("linux"):
l = self.edit_line(line)
if l is not None:
img.set_from_line(l, replace = True)

69
24460-pygrub-extlinux.patch Normal file
View File

@ -0,0 +1,69 @@
# HG changeset patch
# User Roger Pau Monne <roger.pau@entel.upc.edu>
# Date 1325592706 -3600
# Node ID ff0685e8419bc54b631f017c63a983362363c87a
# Parent caf9753d4cc100183eeda26d00c8c38f14215651
pygrub: fix extlinux parsing
pygrub was unable to parse extlinux config files correctly, exactly
the ones like:
LABEL grsec
KERNEL vmlinuz-3.0.10-grsec
APPEND initrd=initramfs-3.0.10-grsec
root=UUID=cfd4a7b4-8c40-4025-b877-8205f1c622ee
modules=sd-mod,usb-storage,ext4 xen quiet
This patch fixes it, adding a new case when parsing the "append" line,
that searches for the initrd image.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Campbell <ian.campbell.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
diff -r caf9753d4cc1 -r ff0685e8419b tools/pygrub/examples/alpine-linux-2.3.2.extlinux
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/pygrub/examples/alpine-linux-2.3.2.extlinux Tue Jan 03 13:11:46 2012 +0100
@@ -0,0 +1,11 @@
+DEFAULT menu.c32
+PROMPT 0
+MENU TITLE Alpine/Linux Boot Menu
+MENU HIDDEN
+MENU AUTOBOOT Alpine will be booted automatically in # seconds.
+TIMEOUT 30
+LABEL grsec
+ MENU DEFAULT
+ MENU LABEL Linux 3.0.10-grsec
+ KERNEL vmlinuz-3.0.10-grsec
+ APPEND initrd=initramfs-3.0.10-grsec root=UUID=a97ffe64-430f-4fd3-830e-4736d9a27af0 modules=sd-mod,usb-storage,ext4 quiet
diff -r caf9753d4cc1 -r ff0685e8419b tools/pygrub/src/ExtLinuxConf.py
--- a/tools/pygrub/src/ExtLinuxConf.py Thu Jan 05 17:13:33 2012 +0000
+++ b/tools/pygrub/src/ExtLinuxConf.py Tue Jan 03 13:11:46 2012 +0100
@@ -60,6 +60,13 @@
# Bypass regular self.commands handling
com = None
+ elif arg.find("initrd="):
+ # find initrd image in append line
+ args = arg.strip().split(" ")
+ for a in args:
+ if a.lower().startswith("initrd="):
+ setattr(self, "initrd", a.replace("initrd=", ""))
+ arg = arg.replace(a, "")
if com is not None and self.commands.has_key(com):
if self.commands[com] is not None:
@@ -86,10 +93,12 @@
self._args = args
def get_kernel(self):
return self._kernel
+ def set_args(self, val):
+ self._args = val
def get_args(self):
return self._args
kernel = property(get_kernel, set_kernel)
- args = property(get_args)
+ args = property(get_args, set_args)
def set_initrd(self, val):
self._initrd = (None,val)

29
24706-pygrub-extlinux.patch Normal file
View File

@ -0,0 +1,29 @@
# HG changeset patch
# User Roger Pau Monne <roger.pau@entel.upc.edu>
# Date 1328635287 0
# Node ID f84f34ec5fc7613d7a6dd53d18218656c11f0daa
# Parent 7a58296824c3bf7a15d563a7a140d20c369c96c8
pygrub: extlinux parsing correctness
The "in" operator should be used instead of the find method, since
we are only interested in knowing whether the line contains "initrd=",
but we don't care about it's position. Also fixes an error that
happens when initrd= it's at the start of the line, since find returns
0 and is evaluated as False.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 7a58296824c3 -r f84f34ec5fc7 tools/pygrub/src/ExtLinuxConf.py
--- a/tools/pygrub/src/ExtLinuxConf.py Tue Feb 07 17:18:10 2012 +0000
+++ b/tools/pygrub/src/ExtLinuxConf.py Tue Feb 07 17:21:27 2012 +0000
@@ -60,7 +60,7 @@
# Bypass regular self.commands handling
com = None
- elif arg.find("initrd="):
+ elif "initrd=" in arg:
# find initrd image in append line
args = arg.strip().split(" ")
for a in args:

38
x86_64-AMD-erratum-121.patch Normal file
View File

@ -0,0 +1,38 @@
References: CVE-2012-2934, bnc#764077
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -32,6 +32,9 @@
static char opt_famrev[14];
string_param("cpuid_mask_cpu", opt_famrev);
+static int opt_allow_unsafe;
+boolean_param("allow_unsafe", opt_allow_unsafe);
+
static inline void wrmsr_amd(unsigned int index, unsigned int lo,
unsigned int hi)
{
@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp
clear_bit(X86_FEATURE_MCE, c->x86_capability);
#ifdef __x86_64__
+ if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
+ panic("Xen will not boot on this CPU for security reasons.\n"
+ "Pass \"allow_unsafe\" if you're trusting all your"
+ " (PV) guest kernels.\n");
+
/* AMD CPUs do not support SYSENTER outside of legacy mode. */
clear_bit(X86_FEATURE_SEP, c->x86_capability);
--- a/xen/include/asm-x86/amd.h
+++ b/xen/include/asm-x86/amd.h
@@ -127,6 +127,9 @@
#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
+#define AMD_ERRATUM_121 \
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf))
+
#define AMD_ERRATUM_170 \
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf))

86
x86_64-allow-unsafe-adjust.patch Normal file
View File

@ -0,0 +1,86 @@
References: CVE-2012-2934, bnc#764077
Product management demanded that customer systems must continue to boot
irrespective of the presence of XSA-9. Rather than having our and
perhaps other distros carry non-trivial patches, allow for more fine
grained control (panic on boot, deny guest creation, or merely warn) by
means of a single line change.
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -32,8 +32,11 @@
static char opt_famrev[14];
string_param("cpuid_mask_cpu", opt_famrev);
-static int opt_allow_unsafe;
+#ifdef __x86_64__
+/* 1 = allow, 0 = don't allow guest creation, -1 = don't allow boot */
+int __read_mostly opt_allow_unsafe;
boolean_param("allow_unsafe", opt_allow_unsafe);
+#endif
static inline void wrmsr_amd(unsigned int index, unsigned int lo,
unsigned int hi)
@@ -623,10 +626,19 @@ static void __devinit init_amd(struct cp
clear_bit(X86_FEATURE_MCE, c->x86_capability);
#ifdef __x86_64__
- if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
+ if (!cpu_has_amd_erratum(c, AMD_ERRATUM_121))
+ opt_allow_unsafe = 1;
+ else if (opt_allow_unsafe < 0)
panic("Xen will not boot on this CPU for security reasons.\n"
"Pass \"allow_unsafe\" if you're trusting all your"
" (PV) guest kernels.\n");
+ else if (!opt_allow_unsafe && c == &boot_cpu_data)
+ printk(KERN_WARNING
+ "*** Xen will not allow creation of DomU-s on"
+ " this CPU for security reasons. ***\n"
+ KERN_WARNING
+ "*** Pass \"allow_unsafe\" if you're trusting"
+ " all your (PV) guest kernels. ***\n");
/* AMD CPUs do not support SYSENTER outside of legacy mode. */
clear_bit(X86_FEATURE_SEP, c->x86_capability);
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -52,6 +52,7 @@
#include <asm/traps.h>
#include <asm/nmi.h>
#include <asm/mce.h>
+#include <asm/amd.h>
#include <xen/numa.h>
#include <xen/iommu.h>
#ifdef CONFIG_COMPAT
@@ -474,6 +475,20 @@ int arch_domain_create(struct domain *d,
#else /* __x86_64__ */
+ if ( d->domain_id && !is_idle_domain(d) &&
+ cpu_has_amd_erratum(&boot_cpu_data, AMD_ERRATUM_121) )
+ {
+ if ( !opt_allow_unsafe )
+ {
+ printk(XENLOG_G_ERR "Xen does not allow DomU creation on this CPU"
+ " for security reasons.\n");
+ return -EPERM;
+ }
+ printk(XENLOG_G_WARNING
+ "Dom%d may compromise security on this CPU.\n",
+ d->domain_id);
+ }
+
BUILD_BUG_ON(PDPT_L2_ENTRIES * sizeof(*d->arch.mm_perdomain_pt_pages)
!= PAGE_SIZE);
pg = alloc_domheap_page(NULL, MEMF_node(domain_to_node(d)));
--- a/xen/include/asm-x86/amd.h
+++ b/xen/include/asm-x86/amd.h
@@ -151,6 +151,8 @@ struct cpuinfo_x86;
int cpu_has_amd_erratum(const struct cpuinfo_x86 *, int, ...);
#ifdef __x86_64__
+extern int opt_allow_unsafe;
+
void fam10h_check_enable_mmcfg(void);
void check_enable_amd_mmconf_dmi(void);
#endif

29
x86_64-sysret-canonical.patch Normal file
View File

@ -0,0 +1,29 @@
References: CVE-2012-0217, bnc#757537
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -40,6 +40,13 @@ restore_all_guest:
testw $TRAP_syscall,4(%rsp)
jz iret_exit_to_guest
+ /* Don't use SYSRET path if the return address is not canonical. */
+ movq 8(%rsp),%rcx
+ sarq $47,%rcx
+ incl %ecx
+ cmpl $1,%ecx
+ ja .Lforce_iret
+
addq $8,%rsp
popq %rcx # RIP
popq %r11 # CS
@@ -50,6 +57,10 @@ restore_all_guest:
sysretq
1: sysretl
+.Lforce_iret:
+ /* Mimic SYSRET behavior. */
+ movq 8(%rsp),%rcx # RIP
+ movq 24(%rsp),%r11 # RFLAGS
ALIGN
/* No special register assumptions. */
iret_exit_to_guest:

41
xen.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Mon Jun 11 10:32:42 MDT 2012 - carnold@novell.com
- Upstream pygrub patches for grub2 support and fixes
23686-pygrub-solaris.patch
23697-pygrub-grub2.patch
23944-pygrub-debug.patch
23998-pygrub-GPT.patch
23999-pygrub-grub2.patch
24064-pygrub-HybridISO.patch
24401-pygrub-scrolling.patch
24402-pygrub-edit-fix.patch
24460-pygrub-extlinux.patch
24706-pygrub-extlinux.patch
-------------------------------------------------------------------
Wed Jun 6 08:14:38 MDT 2012 - carnold@novell.com
- Revised version of security patch and an additional patch for
bnc#764077
x86_64-AMD-erratum-121.patch
x86_64-allow-unsafe-adjust.patch
-------------------------------------------------------------------
Wed Jun 6 10:21:03 CEST 2012 - ohering@suse.de
@ -11,6 +34,15 @@ Tue May 29 11:59:28 CEST 2012 - jsmeix@suse.de
because "ps2pdf xenapi.ps xenapi.pdf" failed only for
Ghostscript version 9.04 (now we have Ghostscript 9.05).
-------------------------------------------------------------------
Mon May 25 08:02:13 MDT 2012 - carnold@novell.com
- bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on
older AMD systems
x86_64-AMD-erratum-121.patch
- Revised version of security patch for bnc#757537
x86_64-sysret-canonical.patch
-------------------------------------------------------------------
Tue May 15 06:45:59 MDT 2012 - carnold@novell.com
@ -42,6 +74,15 @@ Tue Apr 24 08:22:16 MDT 2012 - carnold@novell.com
25196-x86-HAP-PAT-sr.patch
25200-x86_64-trap-bounce-flags.patch
-------------------------------------------------------------------
Thu Apr 19 07:33:00 MDT 2012 - carnold@novell.com
- bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation
x86_64-sysret-canonical.patch
- bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF
generation
x86_64-trap-bounce-flags.patch
-------------------------------------------------------------------
Tue Apr 3 08:33:36 MDT 2012 - carnold@novell.com

27
xen.spec
View File

@ -15,7 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: xen
ExclusiveArch: %ix86 x86_64
%define xvers 4.1
@ -225,6 +224,8 @@ Patch23615: 23615-x86_64-EFI-runtime.patch
Patch23616: 23616-x86_64-EFI-MPS.patch
Patch23643: 23643-xentrace_Allow_tracing_to_be_enabled_at_boot.patch
Patch23676: 23676-x86_64-image-map-bounds.patch
Patch23686: 23686-pygrub-solaris.patch
Patch23697: 23697-pygrub-grub2.patch
Patch23719: 23719-xentrace_update___trace_var_comment.patch
Patch23723: 23723-x86-CMOS-lock.patch
Patch23724: 23724-x86-smpboot-x2apic.patch
@ -260,6 +261,7 @@ Patch23908: 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch
Patch23925: 23925-x86-AMD-ARAT-Fam12.patch
Patch23933: 23933-pt-bus2bridge-update.patch
Patch23943: 23943-xenpaging_clear_page_content_after_evict.patch
Patch23944: 23944-pygrub-debug.patch
Patch23949: 23949-constify_vcpu_set_affinitys_second_parameter.patch
Patch23953: 23953-xenpaging_handle_evict_failures.patch
Patch23955: 23955-x86-pv-cpuid-xsave.patch
@ -268,6 +270,9 @@ Patch23978: 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch
Patch23979: 23979-xenpaging_document_p2m_mem_paging_functions.patch
Patch23980: 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch
Patch23993: 23993-x86-microcode-amd-fix-23871.patch
Patch23998: 23998-pygrub-GPT.patch
Patch23999: 23999-pygrub-grub2.patch
Patch24064: 24064-pygrub-HybridISO.patch
Patch24104: 24104-waitqueue_Double_size_of_x86_shadow_stack..patch
Patch24105: 24105-xenpaging_compare_domain_pointer_in_p2m_mem_paging_populate.patch
Patch24106: 24106-mem_event_check_capabilities_only_once.patch
@ -333,6 +338,8 @@ Patch24359: 24359-x86-domU-features.patch
Patch24360: 24360-x86-pv-domU-no-PCID.patch
Patch24389: 24389-amd-fam10-gart-tlb-walk-err.patch
Patch24391: 24391-x86-pcpu-version.patch
Patch24401: 24401-pygrub-scrolling.patch
Patch24402: 24402-pygrub-edit-fix.patch
Patch24411: 24411-x86-ucode-AMD-Fam15.patch
Patch24412: 24412-x86-AMD-errata-model-shift.patch
Patch24417: 24417-amd-erratum-573.patch
@ -342,6 +349,7 @@ Patch24448: 24448-x86-pt-irq-leak.patch
Patch24453: 24453-x86-vIRQ-IRR-TMR-race.patch
Patch24456: 24456-x86-emul-lea.patch
Patch24459: 24459-libxl-vifname.patch
Patch24460: 24460-pygrub-extlinux.patch
Patch24466: 24466-libxc_Only_retry_mapping_pages_when_ENOENT_is_returned.patch
Patch24478: 24478-libxl_add_feature_flag_to_xenstore_for_XS_RESET_WATCHES.patch
Patch24517: 24517-VT-d-fault-softirq.patch
@ -354,6 +362,7 @@ Patch24610: 24610-xenpaging_make_file_op_largefile_aware.patch
Patch24615: 24615-VESA-lfb-flush.patch
Patch24690: 24690-x86-PCI-SERR-no-deadlock.patch
Patch24701: 24701-gnttab-map-grant-ref-recovery.patch
Patch24706: 24706-pygrub-extlinux.patch
Patch24742: 24742-gnttab-misc.patch
Patch24780: 24780-x86-paging-use-clear_guest.patch
Patch24781: 24781-x86-vmce-mcg_ctl.patch
@ -518,6 +527,9 @@ Patch514: xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch
Patch650: disable_emulated_device.diff
Patch651: ioemu-disable-scsi.patch
Patch652: ioemu-disable-emulated-ide-if-pv.patch
Patch653: x86_64-sysret-canonical.patch
Patch654: x86_64-AMD-erratum-121.patch
Patch655: x86_64-allow-unsafe-adjust.patch
Patch700: hv_extid_compatibility.patch
Patch701: xen.no-default-runlevel-4.patch
# FATE 310510
@ -960,6 +972,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch23616 -p1
%patch23643 -p1
%patch23676 -p1
%patch23686 -p1
%patch23697 -p1
%patch23719 -p1
%patch23723 -p1
%patch23724 -p1
@ -995,6 +1009,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch23925 -p1
%patch23933 -p1
%patch23943 -p1
%patch23944 -p1
%patch23949 -p1
%patch23953 -p1
%patch23955 -p1
@ -1003,6 +1018,9 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch23979 -p1
%patch23980 -p1
%patch23993 -p1
%patch23998 -p1
%patch23999 -p1
%patch24064 -p1
%patch24104 -p1
%patch24105 -p1
%patch24106 -p1
@ -1068,6 +1086,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch24360 -p1
%patch24389 -p1
%patch24391 -p1
%patch24401 -p1
%patch24402 -p1
%patch24411 -p1
%patch24412 -p1
%patch24417 -p1
@ -1077,6 +1097,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch24453 -p1
%patch24456 -p1
%patch24459 -p1
%patch24460 -p1
%patch24466 -p1
%patch24478 -p1
%patch24517 -p1
@ -1089,6 +1110,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch24615 -p1
%patch24690 -p1
%patch24701 -p1
%patch24706 -p1
%patch24742 -p1
%patch24780 -p1
%patch24781 -p1
@ -1247,6 +1269,9 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch650 -p1
%patch651 -p1
%patch652 -p1
%patch653 -p1
%patch654 -p1
%patch655 -p1
%patch700 -p1
%patch701 -p1
# FATE 310510