~alpine/devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[alpine-devel] [PATCH] xen: XSA-41 remaining patches

Roger Pau Monne <roger.pau@citrix.com>
Details
Message ID
<1358528820-9642-1-git-send-email-roger.pau@citrix.com>
Sender timestamp
1358528820
DKIM signature
missing
Download raw message
Patch: +111 -1
Some patches where not included in the original XSA, this are the
remaining ones (so far).

To be applied to edge and 2.5
---
 main/xen/APKBUILD     |    6 +++-
 main/xen/xsa41b.patch |   67 +++++++++++++++++++++++++++++++++++++++++++++++++
 main/xen/xsa41c.patch |   39 ++++++++++++++++++++++++++++
 3 files changed, 111 insertions(+), 1 deletions(-)
 create mode 100644 main/xen/xsa41b.patch
 create mode 100644 main/xen/xsa41c.patch

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 1aa0d1e..3c3a8a7 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
pkgver=4.2.1
pkgrel=3
pkgrel=4
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86 x86_64"
@@ -20,6 +20,8 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
	qemu-xen_paths.patch
	xsa33-4.2-unstable.patch
	xsa41.patch
	xsa41b.patch
	xsa41c.patch

	xenstored.initd
	xenstored.confd
@@ -137,6 +139,8 @@ md5sums="0d48cbe1767b82aba12517898d4e0408  xen-4.2.1.tar.gz
1ccde6b36a6f9542a16d998204dc9a22  qemu-xen_paths.patch
8aa341b27fac3f93a99113c72671c864  xsa33-4.2-unstable.patch
8ad8942000b8a4be4917599cad9209cf  xsa41.patch
ed7d0399c6ca6aeee479da5d8f807fe0  xsa41b.patch
2f3dd7bdc59d104370066d6582725575  xsa41c.patch
95d8af17bf844d41a015ff32aae51ba1  xenstored.initd
b017ccdd5e1c27bbf1513e3569d4ff07  xenstored.confd
ed262f15fb880badb53575539468646c  xenconsoled.initd
diff --git a/main/xen/xsa41b.patch b/main/xen/xsa41b.patch
new file mode 100644
index 0000000..b599c2a
--- /dev/null
+++ b/main/xen/xsa41b.patch
@@ -0,0 +1,67 @@
From 70454385eeee6f0b3f7a9eddca9f7340b5060824 Mon Sep 17 00:00:00 2001
From: Michael Contreras <michael@inetric.com>
Date: Thu, 17 Jan 2013 11:49:37 +0000
Subject: [PATCH] e1000: Discard oversized packets based on SBP|LPE

Discard packets longer than 16384 when !SBP to match the hardware behavior.

upstream-commit-id: 2c0331f4f7d241995452b99afaf0aab00493334a
security-tags: XSA-41, CVE-2012-6075
This is the second of two security fixes for XSA-41.

Signed-off-by: Michael Contreras <michael@inetric.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
diff --git a/tools/qemu-xen/hw/e1000.c b/tools/qemu-xen/hw/e1000.c
index 37d207e..a5e67a8 100644
--- a/tools/qemu-xen/hw/e1000.c
+++ b/tools/qemu-xen/hw/e1000.c
@@ -61,6 +61,8 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
 
 /* this is the size past which hardware will drop packets when setting LPE=0 */
 #define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+/* this is the size past which hardware will drop packets when setting LPE=1 */
+#define MAXIMUM_ETHERNET_LPE_SIZE 16384
 
 /*
  * HW models:
@@ -697,8 +699,9 @@ e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
     }
 
     /* Discard oversized packets if !LPE and !SBP. */
-    if (size > MAXIMUM_ETHERNET_VLAN_SIZE
-        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
+    if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
+        (size > MAXIMUM_ETHERNET_VLAN_SIZE
+        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
         return size;
     }
diff --git a/tools/qemu-xen-traditional/hw/e1000.c b/tools/qemu-xen-traditional/hw/e1000.c
index 37d207e..a5e67a8 100644
--- a/tools/qemu-xen-traditional/hw/e1000.c
+++ b/tools/qemu-xen-traditional/hw/e1000.c
@@ -61,6 +61,8 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
 
 /* this is the size past which hardware will drop packets when setting LPE=0 */
 #define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+/* this is the size past which hardware will drop packets when setting LPE=1 */
+#define MAXIMUM_ETHERNET_LPE_SIZE 16384
 
 /*
  * HW models:
@@ -697,8 +699,9 @@ e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
     }
 
     /* Discard oversized packets if !LPE and !SBP. */
-    if (size > MAXIMUM_ETHERNET_VLAN_SIZE
-        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
+    if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
+        (size > MAXIMUM_ETHERNET_VLAN_SIZE
+        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
         return size;
     }
-- 
1.7.2.5

diff --git a/main/xen/xsa41c.patch b/main/xen/xsa41c.patch
new file mode 100644
index 0000000..d346937
--- /dev/null
+++ b/main/xen/xsa41c.patch
@@ -0,0 +1,39 @@
From 2a1354d655d816feaad7dbdb8364f40a208439c1 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Thu, 17 Jan 2013 15:52:16 +0000
Subject: [PATCH] e1000: fix compile warning introduced by security fix, and debugging

e33f918c19e393900b95a2bb6b10668dfe96a8f2, the fix for XSA-41,
and its cherry picks in 4.2 and 4.1 introduced this compiler warning:
  hw/e1000.c:641: warning: 'return' with a value, in function returning void

In upstream qemu (where this change came from), e1000_receive returns
a value used by queueing machinery to decide whether to try
resubmitting the packet later.  Returning "size" means that the packet
has been dealt with and should not be retried.

In this old branch (aka qemu-xen-traditional), this machinery is
absent and e1000_receive returns void.  Fix the return statement.

Also add a debugging statement along the lines of the others in this
function.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
diff --git a/tools/qemu-xen-traditional/hw/e1000.c b/tools/qemu-xen-traditional/hw/e1000.c
index 67d2651..c75bc5e 100644
--- a/tools/qemu-xen-traditional/hw/e1000.c
+++ b/tools/qemu-xen-traditional/hw/e1000.c
@@ -638,7 +638,8 @@ e1000_receive(void *opaque, const uint8_t *buf, int size)
         (size > MAXIMUM_ETHERNET_VLAN_SIZE
         && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
-        return size;
+        DBGOUT(RX, "packet too large for applicable LPE/VLAN size\n");
+        return;
     }
 
     if (!receive_filter(s, buf, size))
-- 
1.7.2.5

-- 
1.7.7.5 (Apple Git-26)



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20130118185600.4ea48671@ncopa-laptop.res.nor.wtbts.net>
In-Reply-To
<1358528820-9642-1-git-send-email-roger.pau@citrix.com> (view parent)
Sender timestamp
1358531760
DKIM signature
missing
Download raw message
On Fri, 18 Jan 2013 18:07:00 +0100
Roger Pau Monne <roger.pau@citrix.com> wrote:

> Some patches where not included in the original XSA, this are the
> remaining ones (so far).
> 
> To be applied to edge and 2.5

applied. thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)