~alpine/devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-devel] [PATCH] xen: add XSA-33 patch

Roger Pau Monne <roger.pau@citrix.com>
Details
Message ID
<1357926515-35787-1-git-send-email-roger.pau@citrix.com>
Sender timestamp
1357926515
DKIM signature
missing
Download raw message
Patch: +24 -1
---
 main/xen/APKBUILD                 |    4 +++-
 main/xen/xsa33-4.2-unstable.patch |   21 +++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletions(-)
 create mode 100644 main/xen/xsa33-4.2-unstable.patch

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index c57933e..681a9d4 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.2.1
pkgrel=1
pkgrel=2
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86 x86_64"
@@ -18,6 +18,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
	qemu_uclibc_configure.patch
	librt.patch
	qemu-xen_paths.patch
	xsa33-4.2-unstable.patch

	xenstored.initd
	xenstored.confd
@@ -133,6 +134,7 @@ md5sums="0d48cbe1767b82aba12517898d4e0408  xen-4.2.1.tar.gz
506e7ab6f9482dc95f230978d340bcd9  qemu_uclibc_configure.patch
2dc5ddf47c53ea168729975046c3c1f9  librt.patch
1ccde6b36a6f9542a16d998204dc9a22  qemu-xen_paths.patch
8aa341b27fac3f93a99113c72671c864  xsa33-4.2-unstable.patch
95d8af17bf844d41a015ff32aae51ba1  xenstored.initd
b017ccdd5e1c27bbf1513e3569d4ff07  xenstored.confd
ed262f15fb880badb53575539468646c  xenconsoled.initd
diff --git a/main/xen/xsa33-4.2-unstable.patch b/main/xen/xsa33-4.2-unstable.patch
new file mode 100644
index 0000000..369d65b
--- /dev/null
+++ b/main/xen/xsa33-4.2-unstable.patch
@@ -0,0 +1,21 @@
VT-d: fix interrupt remapping source validation for devices behind
legacy bridges

Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
uses SVT_VERIFY_SID_SQ here instead.

This is XSA-33 / CVE-2012-5634.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/passthrough/vtd/intremap.c
+++ b/xen/drivers/passthrough/vtd/intremap.c
@@ -466,7 +466,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
                             (bus << 8) | pdev->bus);
             else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
                             PCI_BDF2(bus, devfn));
         }
         break;
-- 
1.7.7.5 (Apple Git-26)



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)