pool/xen
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1add73c8a5
xen/52496c11-x86-mm-shadow-Fix-initialization-of-PV-shadow-L4-tables.patch
Charles Arnold b244ce9e91 - domUloader can no longer be used with the xl toolstack to boot 
sles10. Patch pygrub to get the kernel and initrd from the image.
  pygrub-boot-legacy-sles.patch

- bnc#842515 - VUL-0: CVE-2013-4375: XSA-71: xen: qemu disk backend
  (qdisk) resource leak
  CVE-2013-4375-xsa71.patch
- Upstream patches from Jan
  52496bea-x86-properly-handle-hvm_copy_from_guest_-phys-virt-errors.patch (Replaces CVE-2013-4355-xsa63.patch)
  52496c11-x86-mm-shadow-Fix-initialization-of-PV-shadow-L4-tables.patch (Replaces CVE-2013-4356-xsa64.patch)
  52496c32-x86-properly-set-up-fbld-emulation-operand-address.patch (Replaces CVE-2013-4361-xsa66.patch)
  52497c6c-x86-don-t-blindly-create-L3-tables-for-the-direct-map.patch
  524e971b-x86-idle-Fix-get_cpu_idle_time-s-interaction-with-offline-pcpus.patch
  524e9762-x86-percpu-Force-INVALID_PERCPU_AREA-to-non-canonical.patch
  524e983e-Nested-VMX-check-VMX-capability-before-read-VMX-related-MSRs.patch
  524e98b1-Nested-VMX-fix-IA32_VMX_CR4_FIXED1-msr-emulation.patch
  524e9dc0-xsm-forbid-PV-guest-console-reads.patch
  5256a979-x86-check-segment-descriptor-read-result-in-64-bit-OUTS-emulation.patch
  5256be57-libxl-fix-vif-rate-parsing.patch
  5256be84-tools-ocaml-fix-erroneous-free-of-cpumap-in-stub_xc_vcpu_getaffinity.patch
  5256be92-libxl-fix-out-of-memory-error-handling-in-libxl_list_cpupool.patch
  5257a89a-x86-correct-LDT-checks.patch
  5257a8e7-x86-add-address-validity-check-to-guest_map_l1e.patch
  5257a944-x86-check-for-canonical-address-before-doing-page-walks.patch
  525b95f4-scheduler-adjust-internal-locking-interface.patch
  525b9617-sched-fix-race-between-sched_move_domain-and-vcpu_wake.patch
  525e69e8-credit-unpause-parked-vcpu-before-destroying-it.patch
  525faf5e-x86-print-relevant-tail-part-of-filename-for-warnings-and-crashes.patch

- bnc#840196 - L3: MTU size on Dom0 gets reset when booting DomU

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=276
2013-10-24 21:00:35 +00:00

57 lines
2.2 KiB
Diff
Raw Blame History

References: bnc#840593 CVE-2013-4356 XSA-64
# Commit f46befdd825c8a459c5eb21adb7d5b0dc6e30ad5
# Date 2013-09-30 14:18:25 +0200
# Author Tim Deegan <tim@xen.org>
# Committer Jan Beulich <jbeulich@suse.com>
x86/mm/shadow: Fix initialization of PV shadow L4 tables.
Shadowed PV L4 tables must have the same Xen mappings as their
unshadowed equivalent. This is done by copying the Xen entries
verbatim from the idle pagetable, and then using guest_l4_slot()
in the SHADOW_FOREACH_L4E() iterator to avoid touching those entries.
adc5afbf1c70ef55c260fb93e4b8ce5ccb918706 (x86: support up to 16Tb)
changed the definition of ROOT_PAGETABLE_XEN_SLOTS to extend right to
the top of the address space, which causes the shadow code to
copy Xen mappings into guest-kernel-address slots too.
In the common case, all those slots are zero in the idle pagetable,
and no harm is done. But if any slot above #271 is non-zero, Xen will
crash when that slot is later cleared (it attempts to drop
shadow-pagetable refcounts on its own L4 pagetables).
Fix by using the new ROOT_PAGETABLE_PV_XEN_SLOTS when appropriate.
Monitor pagetables need the full Xen mappings, so they keep using the
old name (with its new semantics).
This is CVE-2013-4356 / XSA-64.
Signed-off-by: Tim Deegan <tim@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -1433,15 +1433,19 @@ void sh_install_xen_entries_in_l4(struct
{
struct domain *d = v->domain;
shadow_l4e_t *sl4e;
+ unsigned int slots;
sl4e = sh_map_domain_page(sl4mfn);
ASSERT(sl4e != NULL);
ASSERT(sizeof (l4_pgentry_t) == sizeof (shadow_l4e_t));
-
+
/* Copy the common Xen mappings from the idle domain */
+ slots = (shadow_mode_external(d)
+ ? ROOT_PAGETABLE_XEN_SLOTS
+ : ROOT_PAGETABLE_PV_XEN_SLOTS);
memcpy(&sl4e[ROOT_PAGETABLE_FIRST_XEN_SLOT],
&idle_pg_table[ROOT_PAGETABLE_FIRST_XEN_SLOT],
- ROOT_PAGETABLE_XEN_SLOTS * sizeof(l4_pgentry_t));
+ slots * sizeof(l4_pgentry_t));
/* Install the per-domain mappings for this domain */
sl4e[shadow_l4_table_offset(PERDOMAIN_VIRT_START)] =
Reference in New Issue View Git Blame Copy Permalink