Mail archive
alpine-devel

[alpine-devel] [PATCH] for-2.4-xen: add XSA-33 patch

From: Roger Pau Monne <roger.pau_at_citrix.com>
Date: Fri, 11 Jan 2013 18:06:24 +0100

---
 main/xen/APKBUILD        |    4 +++-
 main/xen/xsa33-4.1.patch |   21 +++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletions(-)
 create mode 100644 main/xen/xsa33-4.1.patch
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index e5eba08..3903347 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
_at_@ -3,7 +3,7 @@
 # Maintainer: William Pitcock <nenolod_at_dereferenced.org>
 pkgname=xen
 pkgver=4.1.4
-pkgrel=0
+pkgrel=1
 pkgdesc="Xen hypervisor"
 url="http://www.xen.org/"
 arch="x86 x86_64"
_at_@ -22,6 +22,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
 	define_fsimage_dir.patch
 	librt.patch
 	busybox-sed.patch
+	xsa33-4.1.patch
 
 	xenstored.initd
 	xenstored.confd
_at_@ -121,6 +122,7 @@ b973dc1ffcc6872e222b36f3b7b4836b  fix_bswap_blktap2.patch
 0bb8a435020a5a49b38b1a447fb69977  define_fsimage_dir.patch
 fa06495a175571f4aa3b6cb88937953e  librt.patch
 1bea3543ddc712330527b62fd9ff6520  busybox-sed.patch
+25ba4efc5eee29daa12855fbadce84f8  xsa33-4.1.patch
 6e5739dad7e2bd1b625e55ddc6c782b7  xenstored.initd
 b017ccdd5e1c27bbf1513e3569d4ff07  xenstored.confd
 ed262f15fb880badb53575539468646c  xenconsoled.initd
diff --git a/main/xen/xsa33-4.1.patch b/main/xen/xsa33-4.1.patch
new file mode 100644
index 0000000..d0bdeb4
--- /dev/null
+++ b/main/xen/xsa33-4.1.patch
_at_@ -0,0 +1,21 @@
+VT-d: fix interrupt remapping source validation for devices behind
+legacy bridges
+
+Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
+uses SVT_VERIFY_SID_SQ here instead.
+
+This is XSA-33 / CVE-2012-5634.
+
+Signed-off-by: Jan Beulich <jbeulich_at_suse.com>
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+_at_@ -499,7 +499,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+             else if ( pdev_type(bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
+-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
++                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
+         break;
-- 
1.7.7.5 (Apple Git-26)
---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Fri Jan 11 2013 - 18:06:24 UTC