From 81501c15a516da216c92b0cd2f6bc1755e165ad2153e5e5e8a4e0130e346f400 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Tue, 12 Jun 2012 16:47:07 +0000 Subject: [PATCH] - Upstream pygrub patches for grub2 support and fixes 23686-pygrub-solaris.patch 23697-pygrub-grub2.patch 23944-pygrub-debug.patch 23998-pygrub-GPT.patch 23999-pygrub-grub2.patch 24064-pygrub-HybridISO.patch 24401-pygrub-scrolling.patch 24402-pygrub-edit-fix.patch 24460-pygrub-extlinux.patch 24706-pygrub-extlinux.patch - Revised version of security patch and an additional patch for bnc#764077 x86_64-AMD-erratum-121.patch x86_64-allow-unsafe-adjust.patch - bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on older AMD systems x86_64-AMD-erratum-121.patch - Revised version of security patch for bnc#757537 x86_64-sysret-canonical.patch - bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation x86_64-sysret-canonical.patch - bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF generation x86_64-trap-bounce-flags.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=190 --- 23686-pygrub-solaris.patch | 43 ++++++++++++++++ 23697-pygrub-grub2.patch | 36 +++++++++++++ 23944-pygrub-debug.patch | 72 ++++++++++++++++++++++++++ 23998-pygrub-GPT.patch | 53 +++++++++++++++++++ 23999-pygrub-grub2.patch | 26 ++++++++++ 24064-pygrub-HybridISO.patch | 72 ++++++++++++++++++++++++++ 24401-pygrub-scrolling.patch | 87 ++++++++++++++++++++++++++++++++ 24402-pygrub-edit-fix.patch | 29 +++++++++++ 24460-pygrub-extlinux.patch | 69 +++++++++++++++++++++++++ 24706-pygrub-extlinux.patch | 29 +++++++++++ x86_64-AMD-erratum-121.patch | 38 ++++++++++++++ x86_64-allow-unsafe-adjust.patch | 86 +++++++++++++++++++++++++++++++ x86_64-sysret-canonical.patch | 29 +++++++++++ xen.changes | 41 +++++++++++++++ xen.spec | 27 +++++++++- 15 files changed, 736 insertions(+), 1 deletion(-) create mode 100644 23686-pygrub-solaris.patch create mode 100644 23697-pygrub-grub2.patch create mode 100644 23944-pygrub-debug.patch create mode 100644 23998-pygrub-GPT.patch create mode 100644 23999-pygrub-grub2.patch create mode 100644 24064-pygrub-HybridISO.patch create mode 100644 24401-pygrub-scrolling.patch create mode 100644 24402-pygrub-edit-fix.patch create mode 100644 24460-pygrub-extlinux.patch create mode 100644 24706-pygrub-extlinux.patch create mode 100644 x86_64-AMD-erratum-121.patch create mode 100644 x86_64-allow-unsafe-adjust.patch create mode 100644 x86_64-sysret-canonical.patch diff --git a/23686-pygrub-solaris.patch b/23686-pygrub-solaris.patch new file mode 100644 index 0000000..68cd836 --- /dev/null +++ b/23686-pygrub-solaris.patch @@ -0,0 +1,43 @@ +# HG changeset patch +# User tools/pygrub: fix solaris kernel sniff +# Date 1310663398 -3600 +# Node ID 7c39a2c0d870f9a374f181b581bcf82a2a7ff364 +# Parent 5239811f92e1ffb185a50172fdcf47372e71ba7e +tools/pygrub: fix solaris kernel sniff + +Solaris 11 build 163+ removes '/platform/i86xpv/kernel/unix' and only the +64-bit PV kernel file '/platform/i86xpv/kernel/amd64/unix' exists. + +This patch fixes the detection. + +Signed-off-by: Zhigang Wang +Signed-off-by: Kurt Hackel +Signed-off-by: Frank Che +Committed-by: Ian Jackson + +diff -r 5239811f92e1 -r 7c39a2c0d870 tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Thu Jul 14 15:49:49 2011 +0100 ++++ b/tools/pygrub/src/pygrub Thu Jul 14 18:09:58 2011 +0100 +@@ -594,7 +594,8 @@ + # If nothing has been specified, look for a Solaris domU. If found, perform the + # necessary tweaks. + def sniff_solaris(fs, cfg): +- if not fs.file_exists("/platform/i86xpv/kernel/unix"): ++ if not fs.file_exists("/platform/i86xpv/kernel/unix") and \ ++ not fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): + return cfg + + if not cfg["kernel"]: +@@ -602,9 +603,11 @@ + fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): + cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix" + cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive" +- else: ++ elif fs.file_exists("/platform/i86xpv/kernel/unix"): + cfg["kernel"] = "/platform/i86xpv/kernel/unix" + cfg["ramdisk"] = "/platform/i86pc/boot_archive" ++ else: ++ return cfg + + # Unpleasant. Typically we'll have 'root=foo -k' or 'root=foo /kernel -k', + # and we need to maintain Xen properties (root= and ip=) and the kernel diff --git a/23697-pygrub-grub2.patch b/23697-pygrub-grub2.patch new file mode 100644 index 0000000..741df98 --- /dev/null +++ b/23697-pygrub-grub2.patch @@ -0,0 +1,36 @@ +# HG changeset patch +# User Ian Campbell +# Date 1310749975 -3600 +# Node ID 5e1032229546c2d5640dc05205303d91d78a92c3 +# Parent c1d7fa123dae73708da7306c0ec611d6fa6a6140 +pygrub: prefer Grub2 to Grub1 + +If a VM image has grub2 installed it is likely the one we need to be using. + +Signed-off-by: Ian Campbell +Acked-by: Ian Jackson +Committed-by: Ian Jackson + +diff -r c1d7fa123dae -r 5e1032229546 tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Fri Jul 15 18:09:49 2011 +0100 ++++ b/tools/pygrub/src/pygrub Fri Jul 15 18:12:55 2011 +0100 +@@ -385,14 +385,14 @@ + # fallbacks + ["/efi/boot/elilo.conf", "/elilo.conf",]) + else: +- cfg_list = map(lambda x: (x,grub.GrubConf.GrubConfigFile), +- ["/boot/grub/menu.lst", "/boot/grub/grub.conf", +- "/grub/menu.lst", "/grub/grub.conf"]) + \ +- map(lambda x: (x,grub.GrubConf.Grub2ConfigFile), ++ cfg_list = map(lambda x: (x,grub.GrubConf.Grub2ConfigFile), + ["/boot/grub/grub.cfg", "/grub/grub.cfg"]) + \ + map(lambda x: (x,grub.ExtLinuxConf.ExtLinuxConfigFile), + ["/boot/isolinux/isolinux.cfg", +- "/boot/extlinux.conf"]) ++ "/boot/extlinux.conf"]) + \ ++ map(lambda x: (x,grub.GrubConf.GrubConfigFile), ++ ["/boot/grub/menu.lst", "/boot/grub/grub.conf", ++ "/grub/menu.lst", "/grub/grub.conf"]) + + if not fs: + # set the config file and parse it diff --git a/23944-pygrub-debug.patch b/23944-pygrub-debug.patch new file mode 100644 index 0000000..f709410 --- /dev/null +++ b/23944-pygrub-debug.patch @@ -0,0 +1,72 @@ +# HG changeset patch +# User Guido Gunther +# Date 1318330978 -3600 +# Node ID 4b0907c6a08c348962bd976c2976257b412408be +# Parent 1185ae04b5aad429fd68d1872f404791df627965 +pygrub: add debug flag + +Debugging config file errors is tedious so help a bit by not silently +dropping parsing exceptions when --debug is given. Also intialize the +logging API at debug level in this case. + +Signed-off-by: Guido Gunther +Acked-by: Ian Campbell +Committed-by: Ian Jackson + +diff -r 1185ae04b5aa -r 4b0907c6a08c tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Tue Oct 11 10:46:28 2011 +0100 ++++ b/tools/pygrub/src/pygrub Tue Oct 11 12:02:58 2011 +0100 +@@ -13,7 +13,7 @@ + # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + # + +-import os, sys, string, struct, tempfile, re ++import os, sys, string, struct, tempfile, re, traceback + import copy + import logging + import platform +@@ -665,7 +665,7 @@ + ["quiet", "interactive", "not-really", "help", + "output=", "output-format=", "output-directory=", + "entry=", "kernel=", +- "ramdisk=", "args=", "isconfig"]) ++ "ramdisk=", "args=", "isconfig", "debug"]) + except getopt.GetoptError: + usage() + sys.exit(1) +@@ -679,6 +679,7 @@ + entry = None + interactive = True + isconfig = False ++ debug = False + not_really = False + output_format = "sxp" + output_directory = "/var/run/xend/boot" +@@ -714,6 +715,8 @@ + interactive = False + elif o in ("--isconfig",): + isconfig = True ++ elif o in ("--debug",): ++ debug = True + elif o in ("--output-format",): + if a not in ["sxp", "simple", "simple0"]: + print "unkonwn output format %s" % a +@@ -723,6 +726,9 @@ + elif o in ("--output-directory",): + output_directory = a + ++ if debug: ++ logging.basicConfig(level=logging.DEBUG) ++ + if output is None or output == "-": + fd = sys.stdout.fileno() + else: +@@ -769,6 +775,8 @@ + except: + # IOErrors raised by fsimage.open + # RuntimeErrors raised by run_grub if no menu.lst present ++ if debug: ++ traceback.print_exc() + fs = None + continue + diff --git a/23998-pygrub-GPT.patch b/23998-pygrub-GPT.patch new file mode 100644 index 0000000..4c2dd81 --- /dev/null +++ b/23998-pygrub-GPT.patch @@ -0,0 +1,53 @@ +# HG changeset patch +# User Michael Young +# Date 1319566554 -3600 +# Node ID 85d7b207fabcd1cbda8f93e3937c5990f42a2cf9 +# Parent f273bce1fc265b9f71879705639a0b14da03f6e1 +pygrub: check all GPT partitions + +On Fedora 16 the first GPT partition is a boot partition for grub2 with +the grub2 configuration in the second partition. +Check all GPT partitions for grub configuration, not just the first. + +[ Also remove now-inaccurate comment. -iwj ] + +Signed-off-by: Michael Young +Tested-by: Paolo Bonzini +Signed-off-by: Ian Jackson +Committed-by: Ian Jackson + +diff -r f273bce1fc26 -r 85d7b207fabc tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Tue Oct 25 17:04:41 2011 +0100 ++++ b/tools/pygrub/src/pygrub Tue Oct 25 19:15:54 2011 +0100 +@@ -77,10 +77,17 @@ + + def get_fs_offset_gpt(file): + fd = os.open(file, os.O_RDONLY) +- # assume the first partition is an EFI system partition. +- os.lseek(fd, SECTOR_SIZE * 2, 0) ++ os.lseek(fd, SECTOR_SIZE, 0) + buf = os.read(fd, 512) +- return struct.unpack("0: ++ buf = os.read(fd, partsize) ++ offsets.append(struct.unpack(" +# Date 1319566729 -3600 +# Node ID 138f707fa598340749a70a79748b01dff850b8f2 +# Parent 85d7b207fabcd1cbda8f93e3937c5990f42a2cf9 +pygrub: look in /boot/grub2 (for eg Fedora 16) + +Fedora 16 puts grub configuration files in /boot/grub2/grub.cfg so +pygrub should look there as well + +Signed-off-by: Michael Young +Acked-by: Ian Campbell + +diff -r 85d7b207fabc -r 138f707fa598 tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Tue Oct 25 19:15:54 2011 +0100 ++++ b/tools/pygrub/src/pygrub Tue Oct 25 19:18:49 2011 +0100 +@@ -395,7 +395,8 @@ + ["/efi/boot/elilo.conf", "/elilo.conf",]) + else: + cfg_list = map(lambda x: (x,grub.GrubConf.Grub2ConfigFile), +- ["/boot/grub/grub.cfg", "/grub/grub.cfg"]) + \ ++ ["/boot/grub/grub.cfg", "/grub/grub.cfg", ++ "/boot/grub2/grub.cfg", "/grub2/grub.cfg"]) + \ + map(lambda x: (x,grub.ExtLinuxConf.ExtLinuxConfigFile), + ["/boot/isolinux/isolinux.cfg", + "/boot/extlinux.conf"]) + \ diff --git a/24064-pygrub-HybridISO.patch b/24064-pygrub-HybridISO.patch new file mode 100644 index 0000000..90ccaf5 --- /dev/null +++ b/24064-pygrub-HybridISO.patch @@ -0,0 +1,72 @@ +# HG changeset patch +# User Philipp Hahn +# Date 1320251337 0 +# Node ID 2d741388060df5bd2545f38a25278fb9a7fbb127 +# Parent 6868855b6651639f02004a7e313fe7aaba522821 +pygrub: Add HybridISO support for PyGrub2 + +grub-mkrescue internally uses xorriso, which generates a so-called +"Hybrid ISO": The ISO images also contains a DOS partition table, +which allows the identical ISO file to be stored on an USB stick for +booting from it. This breaks PyGrub, since it (wrongly) detects only +the DOS partition table and uses the first partition instead of the +complete ISO file. + +Add a check to detect HybridISO files and use offset 0 in addition to +partition table parsing. + +Signed-off-by: Philipp Hahn +Acked-by: Ian Campbell +Committed-by: Ian Jackson + +diff -r 6868855b6651 -r 2d741388060d tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Wed Nov 02 16:25:18 2011 +0000 ++++ b/tools/pygrub/src/pygrub Wed Nov 02 16:28:57 2011 +0000 +@@ -40,15 +40,20 @@ + except _curses.error: + pass + +-def is_disk_image(file): ++DISK_TYPE_RAW, DISK_TYPE_HYBRIDISO, DISK_TYPE_DOS = range(3) ++def identify_disk_image(file): ++ """Detect DOS partition table or HybridISO format.""" + fd = os.open(file, os.O_RDONLY) +- buf = os.read(fd, 512) ++ buf = os.read(fd, 0x8006) + os.close(fd) + + if len(buf) >= 512 and \ + struct.unpack("H", buf[0x1fe: 0x200]) == (0xaa55,): +- return True +- return False ++ # HybridISO contains a DOS partition table for booting from USB devices, but really is an ISO image ++ if len(buf) >= 0x8006 and buf[0x8001:0x8006] == 'CD001': ++ return DISK_TYPE_HYBRIDISO ++ return DISK_TYPE_DOS ++ return DISK_TYPE_RAW + + SECTOR_SIZE=512 + DK_LABEL_LOC=1 +@@ -94,12 +99,19 @@ + FDISK_PART_GPT=0xee + + def get_partition_offsets(file): +- if not is_disk_image(file): ++ image_type = identify_disk_image(file) ++ if image_type == DISK_TYPE_RAW: + # No MBR: assume whole disk filesystem, which is like a + # single partition starting at 0 + return [0] +- +- part_offs = [] ++ elif image_type == DISK_TYPE_HYBRIDISO: ++ # A HybridISO contains an ISO filesystem at 0 in addition ++ # to the DOS partition table ++ part_offs = [0] ++ elif image_type == DISK_TYPE_DOS: ++ part_offs = [] ++ else: ++ raise ValueError('Unhandled image type returnd by identify_disk_image(): %d' % (image_type,)) + + fd = os.open(file, os.O_RDONLY) + buf = os.read(fd, 512) diff --git a/24401-pygrub-scrolling.patch b/24401-pygrub-scrolling.patch new file mode 100644 index 0000000..f391a22 --- /dev/null +++ b/24401-pygrub-scrolling.patch @@ -0,0 +1,87 @@ +# HG changeset patch +# User Miroslav Rezanina +# Date 1323790700 0 +# Node ID c04ec56f4a6d381bfacd31fbcaefdaa206a914f1 +# Parent 63e5005d58ca5674e790ef627e7fb3c8c66c5374 +pygrub: Allow scrolling of the list of entries + +When user wants to change entry in grub2 menu in pygrub, there +may be crash of pygrub in case of editing item ('e' key). + +Crash on editing is caused longer entry list in case of grub2. As entry +window is 10 lines high, it can hold only 8 entries (2 lines for border). +Adding line outside of windows high causes crash. Patch add handling +for longer lists and scrolling through them. + +Signed-off-by: Miroslav Rezanina +Committed-by: Ian Jackson + +diff -r 63e5005d58ca -r c04ec56f4a6d tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Tue Dec 13 15:31:12 2011 +0000 ++++ b/tools/pygrub/src/pygrub Tue Dec 13 15:38:20 2011 +0000 +@@ -221,6 +221,7 @@ + + + class Grub: ++ ENTRY_WIN_LINES = 8 + def __init__(self, file, fs = None): + self.screen = None + self.entry_win = None +@@ -238,7 +239,7 @@ + except: + pass # Not important if we can't use colour + enable_cursor(False) +- self.entry_win = curses.newwin(10, 74, 2, 1) ++ self.entry_win = curses.newwin(Grub.ENTRY_WIN_LINES + 2, 74, 2, 1) + self.text_win = curses.newwin(10, 70, 12, 5) + curses.def_prog_mode() + +@@ -287,12 +288,20 @@ + self.text_win.noutrefresh() + + curline = 0 ++ pos = 0 + img = copy.deepcopy(origimg) + while 1: + draw() + self.entry_win.erase() +- self.entry_win.box() +- for idx in range(0, len(img.lines)): ++ ++ rs = 0 ++ re = len(img.lines) ++ idp = 1 ++ if re > Grub.ENTRY_WIN_LINES: ++ rs = curline - pos ++ re = rs + Grub.ENTRY_WIN_LINES ++ ++ for idx in range(rs, re): + # current line should be highlighted + if idx == curline: + self.entry_win.attron(curses.A_REVERSE) +@@ -302,9 +311,11 @@ + if len(l) > 70: + l = l[:69] + ">" + +- self.entry_win.addstr(idx + 1, 2, l) ++ self.entry_win.addstr(idp, 2, l) + if idx == curline: + self.entry_win.attroff(curses.A_REVERSE) ++ idp += 1 ++ self.entry_win.box() + self.entry_win.noutrefresh() + curses.doupdate() + +@@ -313,8 +324,12 @@ + break + elif c == curses.KEY_UP: + curline -= 1 ++ if pos > 0: ++ pos -= 1 + elif c == curses.KEY_DOWN: + curline += 1 ++ if pos < Grub.ENTRY_WIN_LINES - 1: ++ pos += 1 + elif c == ord('b'): + self.isdone = True + break diff --git a/24402-pygrub-edit-fix.patch b/24402-pygrub-edit-fix.patch new file mode 100644 index 0000000..890d25b --- /dev/null +++ b/24402-pygrub-edit-fix.patch @@ -0,0 +1,29 @@ +# HG changeset patch +# User Miroslav Rezanina +# Date 1323790768 0 +# Node ID 983b551e44077ace454a397181c93533e0a534b5 +# Parent c04ec56f4a6d381bfacd31fbcaefdaa206a914f1 +pygrub: Fix "a" entry editing in grub2 + +When user wants to change entry in grub2 menu in pygrub, there's no +response in case of appending command line arguments ('a' key). + +Append malfunction is caused by change of keyword used for kernel +record. Grub uses 'kernel' for line with linux kernel but grub2 uses +'linux' instead. This patch adds checking for both grub 1 and 2 keywords. + +Signed-off-by: Miroslav Rezanina +Committed-by: Ian Jackson + +diff -r c04ec56f4a6d -r 983b551e4407 tools/pygrub/src/pygrub +--- a/tools/pygrub/src/pygrub Tue Dec 13 15:38:20 2011 +0000 ++++ b/tools/pygrub/src/pygrub Tue Dec 13 15:39:28 2011 +0000 +@@ -522,7 +522,7 @@ + # find the kernel line, edit it and then boot + img = self.cf.images[self.selected_image] + for line in img.lines: +- if line.startswith("kernel"): ++ if line.startswith("kernel") or line.startswith("linux"): + l = self.edit_line(line) + if l is not None: + img.set_from_line(l, replace = True) diff --git a/24460-pygrub-extlinux.patch b/24460-pygrub-extlinux.patch new file mode 100644 index 0000000..2f85426 --- /dev/null +++ b/24460-pygrub-extlinux.patch @@ -0,0 +1,69 @@ +# HG changeset patch +# User Roger Pau Monne +# Date 1325592706 -3600 +# Node ID ff0685e8419bc54b631f017c63a983362363c87a +# Parent caf9753d4cc100183eeda26d00c8c38f14215651 +pygrub: fix extlinux parsing + +pygrub was unable to parse extlinux config files correctly, exactly +the ones like: + +LABEL grsec + KERNEL vmlinuz-3.0.10-grsec + APPEND initrd=initramfs-3.0.10-grsec +root=UUID=cfd4a7b4-8c40-4025-b877-8205f1c622ee +modules=sd-mod,usb-storage,ext4 xen quiet + +This patch fixes it, adding a new case when parsing the "append" line, +that searches for the initrd image. + +Signed-off-by: Roger Pau Monne +Acked-by: Ian Campbell +Committed-by: Ian Jackson + +diff -r caf9753d4cc1 -r ff0685e8419b tools/pygrub/examples/alpine-linux-2.3.2.extlinux +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/tools/pygrub/examples/alpine-linux-2.3.2.extlinux Tue Jan 03 13:11:46 2012 +0100 +@@ -0,0 +1,11 @@ ++DEFAULT menu.c32 ++PROMPT 0 ++MENU TITLE Alpine/Linux Boot Menu ++MENU HIDDEN ++MENU AUTOBOOT Alpine will be booted automatically in # seconds. ++TIMEOUT 30 ++LABEL grsec ++ MENU DEFAULT ++ MENU LABEL Linux 3.0.10-grsec ++ KERNEL vmlinuz-3.0.10-grsec ++ APPEND initrd=initramfs-3.0.10-grsec root=UUID=a97ffe64-430f-4fd3-830e-4736d9a27af0 modules=sd-mod,usb-storage,ext4 quiet +diff -r caf9753d4cc1 -r ff0685e8419b tools/pygrub/src/ExtLinuxConf.py +--- a/tools/pygrub/src/ExtLinuxConf.py Thu Jan 05 17:13:33 2012 +0000 ++++ b/tools/pygrub/src/ExtLinuxConf.py Tue Jan 03 13:11:46 2012 +0100 +@@ -60,6 +60,13 @@ + + # Bypass regular self.commands handling + com = None ++ elif arg.find("initrd="): ++ # find initrd image in append line ++ args = arg.strip().split(" ") ++ for a in args: ++ if a.lower().startswith("initrd="): ++ setattr(self, "initrd", a.replace("initrd=", "")) ++ arg = arg.replace(a, "") + + if com is not None and self.commands.has_key(com): + if self.commands[com] is not None: +@@ -86,10 +93,12 @@ + self._args = args + def get_kernel(self): + return self._kernel ++ def set_args(self, val): ++ self._args = val + def get_args(self): + return self._args + kernel = property(get_kernel, set_kernel) +- args = property(get_args) ++ args = property(get_args, set_args) + + def set_initrd(self, val): + self._initrd = (None,val) diff --git a/24706-pygrub-extlinux.patch b/24706-pygrub-extlinux.patch new file mode 100644 index 0000000..c601c73 --- /dev/null +++ b/24706-pygrub-extlinux.patch @@ -0,0 +1,29 @@ +# HG changeset patch +# User Roger Pau Monne +# Date 1328635287 0 +# Node ID f84f34ec5fc7613d7a6dd53d18218656c11f0daa +# Parent 7a58296824c3bf7a15d563a7a140d20c369c96c8 +pygrub: extlinux parsing correctness + +The "in" operator should be used instead of the find method, since +we are only interested in knowing whether the line contains "initrd=", +but we don't care about it's position. Also fixes an error that +happens when initrd= it's at the start of the line, since find returns +0 and is evaluated as False. + +Signed-off-by: Roger Pau Monne +Acked-by: Ian Jackson +Committed-by: Ian Jackson + +diff -r 7a58296824c3 -r f84f34ec5fc7 tools/pygrub/src/ExtLinuxConf.py +--- a/tools/pygrub/src/ExtLinuxConf.py Tue Feb 07 17:18:10 2012 +0000 ++++ b/tools/pygrub/src/ExtLinuxConf.py Tue Feb 07 17:21:27 2012 +0000 +@@ -60,7 +60,7 @@ + + # Bypass regular self.commands handling + com = None +- elif arg.find("initrd="): ++ elif "initrd=" in arg: + # find initrd image in append line + args = arg.strip().split(" ") + for a in args: diff --git a/x86_64-AMD-erratum-121.patch b/x86_64-AMD-erratum-121.patch new file mode 100644 index 0000000..367409b --- /dev/null +++ b/x86_64-AMD-erratum-121.patch @@ -0,0 +1,38 @@ +References: CVE-2012-2934, bnc#764077 + +--- a/xen/arch/x86/cpu/amd.c ++++ b/xen/arch/x86/cpu/amd.c +@@ -32,6 +32,9 @@ + static char opt_famrev[14]; + string_param("cpuid_mask_cpu", opt_famrev); + ++static int opt_allow_unsafe; ++boolean_param("allow_unsafe", opt_allow_unsafe); ++ + static inline void wrmsr_amd(unsigned int index, unsigned int lo, + unsigned int hi) + { +@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp + clear_bit(X86_FEATURE_MCE, c->x86_capability); + + #ifdef __x86_64__ ++ if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe) ++ panic("Xen will not boot on this CPU for security reasons.\n" ++ "Pass \"allow_unsafe\" if you're trusting all your" ++ " (PV) guest kernels.\n"); ++ + /* AMD CPUs do not support SYSENTER outside of legacy mode. */ + clear_bit(X86_FEATURE_SEP, c->x86_capability); + +--- a/xen/include/asm-x86/amd.h ++++ b/xen/include/asm-x86/amd.h +@@ -127,6 +127,9 @@ + #define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff) + #define AMD_MODEL_RANGE_END(range) ((range) & 0xfff) + ++#define AMD_ERRATUM_121 \ ++ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf)) ++ + #define AMD_ERRATUM_170 \ + AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf)) + diff --git a/x86_64-allow-unsafe-adjust.patch b/x86_64-allow-unsafe-adjust.patch new file mode 100644 index 0000000..06b4162 --- /dev/null +++ b/x86_64-allow-unsafe-adjust.patch @@ -0,0 +1,86 @@ +References: CVE-2012-2934, bnc#764077 + +Product management demanded that customer systems must continue to boot +irrespective of the presence of XSA-9. Rather than having our and +perhaps other distros carry non-trivial patches, allow for more fine +grained control (panic on boot, deny guest creation, or merely warn) by +means of a single line change. + +--- a/xen/arch/x86/cpu/amd.c ++++ b/xen/arch/x86/cpu/amd.c +@@ -32,8 +32,11 @@ + static char opt_famrev[14]; + string_param("cpuid_mask_cpu", opt_famrev); + +-static int opt_allow_unsafe; ++#ifdef __x86_64__ ++/* 1 = allow, 0 = don't allow guest creation, -1 = don't allow boot */ ++int __read_mostly opt_allow_unsafe; + boolean_param("allow_unsafe", opt_allow_unsafe); ++#endif + + static inline void wrmsr_amd(unsigned int index, unsigned int lo, + unsigned int hi) +@@ -623,10 +626,19 @@ static void __devinit init_amd(struct cp + clear_bit(X86_FEATURE_MCE, c->x86_capability); + + #ifdef __x86_64__ +- if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe) ++ if (!cpu_has_amd_erratum(c, AMD_ERRATUM_121)) ++ opt_allow_unsafe = 1; ++ else if (opt_allow_unsafe < 0) + panic("Xen will not boot on this CPU for security reasons.\n" + "Pass \"allow_unsafe\" if you're trusting all your" + " (PV) guest kernels.\n"); ++ else if (!opt_allow_unsafe && c == &boot_cpu_data) ++ printk(KERN_WARNING ++ "*** Xen will not allow creation of DomU-s on" ++ " this CPU for security reasons. ***\n" ++ KERN_WARNING ++ "*** Pass \"allow_unsafe\" if you're trusting" ++ " all your (PV) guest kernels. ***\n"); + + /* AMD CPUs do not support SYSENTER outside of legacy mode. */ + clear_bit(X86_FEATURE_SEP, c->x86_capability); +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -52,6 +52,7 @@ + #include + #include + #include ++#include + #include + #include + #ifdef CONFIG_COMPAT +@@ -474,6 +475,20 @@ int arch_domain_create(struct domain *d, + + #else /* __x86_64__ */ + ++ if ( d->domain_id && !is_idle_domain(d) && ++ cpu_has_amd_erratum(&boot_cpu_data, AMD_ERRATUM_121) ) ++ { ++ if ( !opt_allow_unsafe ) ++ { ++ printk(XENLOG_G_ERR "Xen does not allow DomU creation on this CPU" ++ " for security reasons.\n"); ++ return -EPERM; ++ } ++ printk(XENLOG_G_WARNING ++ "Dom%d may compromise security on this CPU.\n", ++ d->domain_id); ++ } ++ + BUILD_BUG_ON(PDPT_L2_ENTRIES * sizeof(*d->arch.mm_perdomain_pt_pages) + != PAGE_SIZE); + pg = alloc_domheap_page(NULL, MEMF_node(domain_to_node(d))); +--- a/xen/include/asm-x86/amd.h ++++ b/xen/include/asm-x86/amd.h +@@ -151,6 +151,8 @@ struct cpuinfo_x86; + int cpu_has_amd_erratum(const struct cpuinfo_x86 *, int, ...); + + #ifdef __x86_64__ ++extern int opt_allow_unsafe; ++ + void fam10h_check_enable_mmcfg(void); + void check_enable_amd_mmconf_dmi(void); + #endif diff --git a/x86_64-sysret-canonical.patch b/x86_64-sysret-canonical.patch new file mode 100644 index 0000000..57919b1 --- /dev/null +++ b/x86_64-sysret-canonical.patch @@ -0,0 +1,29 @@ +References: CVE-2012-0217, bnc#757537 + +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -40,6 +40,13 @@ restore_all_guest: + testw $TRAP_syscall,4(%rsp) + jz iret_exit_to_guest + ++ /* Don't use SYSRET path if the return address is not canonical. */ ++ movq 8(%rsp),%rcx ++ sarq $47,%rcx ++ incl %ecx ++ cmpl $1,%ecx ++ ja .Lforce_iret ++ + addq $8,%rsp + popq %rcx # RIP + popq %r11 # CS +@@ -50,6 +57,10 @@ restore_all_guest: + sysretq + 1: sysretl + ++.Lforce_iret: ++ /* Mimic SYSRET behavior. */ ++ movq 8(%rsp),%rcx # RIP ++ movq 24(%rsp),%r11 # RFLAGS + ALIGN + /* No special register assumptions. */ + iret_exit_to_guest: diff --git a/xen.changes b/xen.changes index 3a73406..ead092b 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Mon Jun 11 10:32:42 MDT 2012 - carnold@novell.com + +- Upstream pygrub patches for grub2 support and fixes + 23686-pygrub-solaris.patch + 23697-pygrub-grub2.patch + 23944-pygrub-debug.patch + 23998-pygrub-GPT.patch + 23999-pygrub-grub2.patch + 24064-pygrub-HybridISO.patch + 24401-pygrub-scrolling.patch + 24402-pygrub-edit-fix.patch + 24460-pygrub-extlinux.patch + 24706-pygrub-extlinux.patch + +------------------------------------------------------------------- +Wed Jun 6 08:14:38 MDT 2012 - carnold@novell.com + +- Revised version of security patch and an additional patch for + bnc#764077 + x86_64-AMD-erratum-121.patch + x86_64-allow-unsafe-adjust.patch + ------------------------------------------------------------------- Wed Jun 6 10:21:03 CEST 2012 - ohering@suse.de @@ -11,6 +34,15 @@ Tue May 29 11:59:28 CEST 2012 - jsmeix@suse.de because "ps2pdf xenapi.ps xenapi.pdf" failed only for Ghostscript version 9.04 (now we have Ghostscript 9.05). +------------------------------------------------------------------- +Mon May 25 08:02:13 MDT 2012 - carnold@novell.com + +- bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on + older AMD systems + x86_64-AMD-erratum-121.patch +- Revised version of security patch for bnc#757537 + x86_64-sysret-canonical.patch + ------------------------------------------------------------------- Tue May 15 06:45:59 MDT 2012 - carnold@novell.com @@ -42,6 +74,15 @@ Tue Apr 24 08:22:16 MDT 2012 - carnold@novell.com 25196-x86-HAP-PAT-sr.patch 25200-x86_64-trap-bounce-flags.patch +------------------------------------------------------------------- +Thu Apr 19 07:33:00 MDT 2012 - carnold@novell.com + +- bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation + x86_64-sysret-canonical.patch +- bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF + generation + x86_64-trap-bounce-flags.patch + ------------------------------------------------------------------- Tue Apr 3 08:33:36 MDT 2012 - carnold@novell.com diff --git a/xen.spec b/xen.spec index 29e808f..b351f3d 100644 --- a/xen.spec +++ b/xen.spec @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.1 @@ -225,6 +224,8 @@ Patch23615: 23615-x86_64-EFI-runtime.patch Patch23616: 23616-x86_64-EFI-MPS.patch Patch23643: 23643-xentrace_Allow_tracing_to_be_enabled_at_boot.patch Patch23676: 23676-x86_64-image-map-bounds.patch +Patch23686: 23686-pygrub-solaris.patch +Patch23697: 23697-pygrub-grub2.patch Patch23719: 23719-xentrace_update___trace_var_comment.patch Patch23723: 23723-x86-CMOS-lock.patch Patch23724: 23724-x86-smpboot-x2apic.patch @@ -260,6 +261,7 @@ Patch23908: 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch Patch23925: 23925-x86-AMD-ARAT-Fam12.patch Patch23933: 23933-pt-bus2bridge-update.patch Patch23943: 23943-xenpaging_clear_page_content_after_evict.patch +Patch23944: 23944-pygrub-debug.patch Patch23949: 23949-constify_vcpu_set_affinitys_second_parameter.patch Patch23953: 23953-xenpaging_handle_evict_failures.patch Patch23955: 23955-x86-pv-cpuid-xsave.patch @@ -268,6 +270,9 @@ Patch23978: 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch Patch23979: 23979-xenpaging_document_p2m_mem_paging_functions.patch Patch23980: 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch Patch23993: 23993-x86-microcode-amd-fix-23871.patch +Patch23998: 23998-pygrub-GPT.patch +Patch23999: 23999-pygrub-grub2.patch +Patch24064: 24064-pygrub-HybridISO.patch Patch24104: 24104-waitqueue_Double_size_of_x86_shadow_stack..patch Patch24105: 24105-xenpaging_compare_domain_pointer_in_p2m_mem_paging_populate.patch Patch24106: 24106-mem_event_check_capabilities_only_once.patch @@ -333,6 +338,8 @@ Patch24359: 24359-x86-domU-features.patch Patch24360: 24360-x86-pv-domU-no-PCID.patch Patch24389: 24389-amd-fam10-gart-tlb-walk-err.patch Patch24391: 24391-x86-pcpu-version.patch +Patch24401: 24401-pygrub-scrolling.patch +Patch24402: 24402-pygrub-edit-fix.patch Patch24411: 24411-x86-ucode-AMD-Fam15.patch Patch24412: 24412-x86-AMD-errata-model-shift.patch Patch24417: 24417-amd-erratum-573.patch @@ -342,6 +349,7 @@ Patch24448: 24448-x86-pt-irq-leak.patch Patch24453: 24453-x86-vIRQ-IRR-TMR-race.patch Patch24456: 24456-x86-emul-lea.patch Patch24459: 24459-libxl-vifname.patch +Patch24460: 24460-pygrub-extlinux.patch Patch24466: 24466-libxc_Only_retry_mapping_pages_when_ENOENT_is_returned.patch Patch24478: 24478-libxl_add_feature_flag_to_xenstore_for_XS_RESET_WATCHES.patch Patch24517: 24517-VT-d-fault-softirq.patch @@ -354,6 +362,7 @@ Patch24610: 24610-xenpaging_make_file_op_largefile_aware.patch Patch24615: 24615-VESA-lfb-flush.patch Patch24690: 24690-x86-PCI-SERR-no-deadlock.patch Patch24701: 24701-gnttab-map-grant-ref-recovery.patch +Patch24706: 24706-pygrub-extlinux.patch Patch24742: 24742-gnttab-misc.patch Patch24780: 24780-x86-paging-use-clear_guest.patch Patch24781: 24781-x86-vmce-mcg_ctl.patch @@ -518,6 +527,9 @@ Patch514: xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch Patch650: disable_emulated_device.diff Patch651: ioemu-disable-scsi.patch Patch652: ioemu-disable-emulated-ide-if-pv.patch +Patch653: x86_64-sysret-canonical.patch +Patch654: x86_64-AMD-erratum-121.patch +Patch655: x86_64-allow-unsafe-adjust.patch Patch700: hv_extid_compatibility.patch Patch701: xen.no-default-runlevel-4.patch # FATE 310510 @@ -960,6 +972,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch23616 -p1 %patch23643 -p1 %patch23676 -p1 +%patch23686 -p1 +%patch23697 -p1 %patch23719 -p1 %patch23723 -p1 %patch23724 -p1 @@ -995,6 +1009,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch23925 -p1 %patch23933 -p1 %patch23943 -p1 +%patch23944 -p1 %patch23949 -p1 %patch23953 -p1 %patch23955 -p1 @@ -1003,6 +1018,9 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch23979 -p1 %patch23980 -p1 %patch23993 -p1 +%patch23998 -p1 +%patch23999 -p1 +%patch24064 -p1 %patch24104 -p1 %patch24105 -p1 %patch24106 -p1 @@ -1068,6 +1086,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch24360 -p1 %patch24389 -p1 %patch24391 -p1 +%patch24401 -p1 +%patch24402 -p1 %patch24411 -p1 %patch24412 -p1 %patch24417 -p1 @@ -1077,6 +1097,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch24453 -p1 %patch24456 -p1 %patch24459 -p1 +%patch24460 -p1 %patch24466 -p1 %patch24478 -p1 %patch24517 -p1 @@ -1089,6 +1110,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch24615 -p1 %patch24690 -p1 %patch24701 -p1 +%patch24706 -p1 %patch24742 -p1 %patch24780 -p1 %patch24781 -p1 @@ -1247,6 +1269,9 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch650 -p1 %patch651 -p1 %patch652 -p1 +%patch653 -p1 +%patch654 -p1 +%patch655 -p1 %patch700 -p1 %patch701 -p1 # FATE 310510