X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-qk0-f195.google.com (mail-qk0-f195.google.com [209.85.220.195]) by lists.alpinelinux.org (Postfix) with ESMTP id 5ECDF5C4D09 for ; Fri, 29 Sep 2017 14:41:55 +0000 (GMT) Received: by mail-qk0-f195.google.com with SMTP id q8so880727qkl.5 for ; Fri, 29 Sep 2017 07:41:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=f3DRX3Qxvt9xIdycXHFQ6UI66O0hJIRq4eh3lWin5c4=; b=DIAcYqlVybHprDGxRgRLtFiFT5LiJGfQxALSnhkn50mTIg16jjZzmm4huFscDcH9Yb 6ctrWkraWgaqozo+B4/U5E5VJv96raOPR88rF7jHA4lwX5IAOz5Ih9jQBj/0vNVAa7Rh q8Xq3UhHBM/hwfwWhm07RLAGO75MbN5VUOBeaWGTGYqW+AZGmC1+X3nuobt039tIyZ47 hB4+HMFXvvbADtWJ5EdwfdZm8TeEXXTye/TCbcv1cJyPzPVWpm7gt8S/5wfcxEeosulU An/Ge3Zl/zcKxYcZJHRVNJS5fWvnq+wZ9me6mPbg6R4IFAyeCWDmDYWW2uL4bEjm7tbd Gmqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=f3DRX3Qxvt9xIdycXHFQ6UI66O0hJIRq4eh3lWin5c4=; b=Is9LM7cODBjVLHNUCJGyNMv3yHgK4O8Pn6lDDEc9xdlIezV4yjD0irOAK88EtdjXHC L35TQb8zyKGZfWyzB8+pd1vEw0am2281rLjpruC6YRTNCFdumWOvf6L8dOi9/pMEfbWi ZH/2URvcHKGF0PMpXAWlrjrTfChXPDEY4b+4loQgDsK+iUj66uSwKX0zcLnHsJVqn22M GMXiDU1aDUdocNJxsST4e+jdlConoTIk2GCyGHMFJ2oq1tNSk227Tw19FV4DgzzUYwKg ueCqaZLxc5K+pqUA90Xy7nt5cJvSKdu9/jo3yN8vkVKLxXJTh2iWEYa7Ib11wpY+5qkh GRGQ== X-Gm-Message-State: AMCzsaUR7XwAC3Q1sGQDizlkwg0aqQ/r+SH7jqS/CPHTKb9zetfCcgyl 851AELROsOTjjaAgribUKUb77A== X-Google-Smtp-Source: AOwi7QAnCzIjWgEvxyDNiqDBT5r6TQ+pqfUyF8OPK/Z3at8ftBgrSJnJS19AZAPMPdIGwPvw0+Mvdw== X-Received: by 10.55.146.198 with SMTP id u189mr3387856qkd.317.1506696114490; Fri, 29 Sep 2017 07:41:54 -0700 (PDT) Received: from localhost.localdomain (c-71-60-35-21.hsd1.pa.comcast.net. [71.60.35.21]) by smtp.googlemail.com with ESMTPSA id a125sm2690335qkg.13.2017.09.29.07.41.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Sep 2017 07:41:53 -0700 (PDT) From: Daniel Sabogal To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] main/xen: security fix for xsa245 Date: Fri, 29 Sep 2017 10:42:56 -0400 Message-Id: <20170929144256.17252-1-dsabogalcc@gmail.com> X-Mailer: git-send-email 2.14.2 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- main/xen/APKBUILD | 8 +++++- main/xen/xsa245-1.patch | 48 ++++++++++++++++++++++++++++++++ main/xen/xsa245-2.patch | 73 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 main/xen/xsa245-1.patch create mode 100644 main/xen/xsa245-2.patch diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index b71c2085aa..3b905f038e 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: William Pitcock pkgname=xen pkgver=4.9.0 -pkgrel=4 +pkgrel=5 pkgdesc="Xen hypervisor" url="http://www.xen.org/" arch="x86_64 armhf aarch64" @@ -85,6 +85,8 @@ options="!strip" # - CVE-2017-14318 XSA-232 # - CVE-2017-14317 XSA-233 # - CVE-2017-14319 XSA-234 +# 4.9.0-r5: +# - XSA-245 case "$CARCH" in x86*) @@ -142,6 +144,8 @@ source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgv xsa233.patch xsa234-4.9.patch xsa235-4.9.patch + xsa245-1.patch + xsa245-2.patch qemu-coroutine-gthread.patch qemu-xen_paths.patch @@ -404,6 +408,8 @@ fb742225a4f3dbf2a574c4a6e3ef61a5da0c91aaeed77a2247023bdefcd4e0b6c08f1c9ffb42eaac a322ac6c5ac2f858a59096108032fd42974eaaeeebd8f4966119149665f32bed281e333e743136e79add2e6f3844d88b6a3e4d5a685c2808702fd3a9e6396cd4 xsa233.patch cafeef137cd82cefc3e974b42b974c6562e822c9b359efb654ac374e663d9fc123be210eec17b278f40eabb77c93d3bf0ff03e445607159ad0712808a609a906 xsa234-4.9.patch 8bab6e59577b51f0c6b8a547c9a37a257bd0460e7219512e899d25f80a74084745d2a4c54e55ad12526663d40f218cb8f833b71350220d36e3750d002ff43d29 xsa235-4.9.patch +b19197934e8685fc2af73f404b5c8cbed66d9241e5ff902d1a77fdc227e001a13b775a53d6e303d5f27419f5590561c84ec69409152d9773a5e6050c16e92f1b xsa245-1.patch +75369673232b2107b59dc0242d6fc224c016b9dcbf3299eab90a1d7c365d617fbc91f7b25075b394fee92782db37ce83c416387fa5ad4c4fcd51d0775a8a754f xsa245-2.patch c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562 qemu-coroutine-gthread.patch 1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2446729adfdb321e01468e377793f6563a67d68b8b0f7ffe3 hotplug-vif-vtrill.patch diff --git a/main/xen/xsa245-1.patch b/main/xen/xsa245-1.patch new file mode 100644 index 0000000000..2047686903 --- /dev/null +++ b/main/xen/xsa245-1.patch @@ -0,0 +1,48 @@ +From a48d47febc1340f27d6c716545692641a09b414c Mon Sep 17 00:00:00 2001 +From: Julien Grall +Date: Thu, 21 Sep 2017 14:13:08 +0100 +Subject: [PATCH 1/2] xen/page_alloc: Cover memory unreserved after boot in + first_valid_mfn + +On Arm, some regions (e.g Initramfs, Dom0 Kernel...) are marked as +reserved until the hardware domain is built and they are copied into its +memory. Therefore, they will not be added in the boot allocator via +init_boot_pages. + +Instead, init_xenheap_pages will be called once the region are not used +anymore. + +Update first_valid_mfn in both init_heap_pages and init_boot_pages +(already exist) to cover all the cases. + +Signed-off-by: Julien Grall +[Adjust comment, added locking around first_valid_mfn update] +Signed-off-by: Boris Ostrovsky +--- + xen/common/page_alloc.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c +index 0b9f6cc6df..fbe5a8af39 100644 +--- a/xen/common/page_alloc.c ++++ b/xen/common/page_alloc.c +@@ -1700,6 +1700,16 @@ static void init_heap_pages( + { + unsigned long i; + ++ /* ++ * Some pages may not go through the boot allocator (e.g reserved ++ * memory at boot but released just after --- kernel, initramfs, ++ * etc.). ++ * Update first_valid_mfn to ensure those regions are covered. ++ */ ++ spin_lock(&heap_lock); ++ first_valid_mfn = min_t(unsigned long, page_to_mfn(pg), first_valid_mfn); ++ spin_unlock(&heap_lock); ++ + for ( i = 0; i < nr_pages; i++ ) + { + unsigned int nid = phys_to_nid(page_to_maddr(pg+i)); +-- +2.11.0 + diff --git a/main/xen/xsa245-2.patch b/main/xen/xsa245-2.patch new file mode 100644 index 0000000000..cd4d2709be --- /dev/null +++ b/main/xen/xsa245-2.patch @@ -0,0 +1,73 @@ +From cbfcf039d0e0b6f4c4cb3de612f7bf788a0c47cd Mon Sep 17 00:00:00 2001 +From: Julien Grall +Date: Mon, 18 Sep 2017 14:24:08 +0100 +Subject: [PATCH 2/2] xen/arm: Correctly report the memory region in the dummy + NUMA helpers + +NUMA is currently not supported on Arm. Because common code is +NUMA-aware, dummy helpers are instead provided to expose a single node. + +Those helpers are for instance used to know the region to scrub. + +However the memory region is not reported correctly. Indeed, the +frametable may not be at the beginning of the memory and there might be +multiple memory banks. This will lead to not scrub some part of the +memory. + +The memory information can be found using: + * first_valid_mfn as the start of the memory + * max_page - first_valid_mfn as the spanned pages + +Note that first_valid_mfn is now been exported. The prototype has been +added in asm-arm/numa.h and not in a common header because I would +expect the variable to become static once NUMA is fully supported on +Arm. + +Signed-off-by: Julien Grall +--- + xen/common/page_alloc.c | 6 +++++- + xen/include/asm-arm/numa.h | 10 ++++++++-- + 2 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c +index fbe5a8af39..472c6fe329 100644 +--- a/xen/common/page_alloc.c ++++ b/xen/common/page_alloc.c +@@ -192,7 +192,11 @@ PAGE_LIST_HEAD(page_broken_list); + * BOOT-TIME ALLOCATOR + */ + +-static unsigned long __initdata first_valid_mfn = ~0UL; ++/* ++ * first_valid_mfn is exported because it is use in ARM specific NUMA ++ * helpers. See comment in asm-arm/numa.h. ++ */ ++unsigned long first_valid_mfn = ~0UL; + + static struct bootmem_region { + unsigned long s, e; /* MFNs @s through @e-1 inclusive are free */ +diff --git a/xen/include/asm-arm/numa.h b/xen/include/asm-arm/numa.h +index a2c1a3476d..3e7384da9e 100644 +--- a/xen/include/asm-arm/numa.h ++++ b/xen/include/asm-arm/numa.h +@@ -12,9 +12,15 @@ static inline __attribute__((pure)) nodeid_t phys_to_nid(paddr_t addr) + return 0; + } + ++/* ++ * TODO: make first_valid_mfn static when NUMA is supported on Arm, this ++ * is required because the dummy helpers is using it. ++ */ ++extern unsigned long first_valid_mfn; ++ + /* XXX: implement NUMA support */ +-#define node_spanned_pages(nid) (total_pages) +-#define node_start_pfn(nid) (pdx_to_pfn(frametable_base_pdx)) ++#define node_spanned_pages(nid) (max_page - first_valid_mfn) ++#define node_start_pfn(nid) (first_valid_mfn) + #define __node_distance(a, b) (20) + + static inline unsigned int arch_get_dma_bitsize(void) +-- +2.11.0 + -- 2.14.2 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---