for-2.4-xen: add XSA-33 patch

author: Roger Pau Monne <roger.pau@citrix.com> 2013-01-11 18:06:24 +0100
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-01-14 16:42:01 +0000
commit: 5b4cf2b15d5a62c8ce00284410a099239d6935d2 (patch)
tree: 72d3979aa3ed5bae9b387b71f830cf23c50c421d
parent: 3fe73e04397a3ed9c88e92deef2e0c09ed2a5f28 (diff)
download: alpine_aports-5b4cf2b15d5a62c8ce00284410a099239d6935d2.tar.bz2
alpine_aports-5b4cf2b15d5a62c8ce00284410a099239d6935d2.tar.xz
alpine_aports-5b4cf2b15d5a62c8ce00284410a099239d6935d2.zip
2 files changed, 24 insertions, 1 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index e5eba0809b..39033477e9 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: William Pitcock <nenolod@dereferenced.org>
 pkgname=xen
 pkgver=4.1.4
-pkgrel=0
+pkgrel=1
 pkgdesc="Xen hypervisor"
 url="http://www.xen.org/"
 arch="x86 x86_64"
@@ -22,6 +22,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
        define_fsimage_dir.patch
        librt.patch
        busybox-sed.patch
+        xsa33-4.1.patch
        xenstored.initd
        xenstored.confd
@@ -121,6 +122,7 @@ b973dc1ffcc6872e222b36f3b7b4836b  fix_bswap_blktap2.patch
 0bb8a435020a5a49b38b1a447fb69977  define_fsimage_dir.patch
 fa06495a175571f4aa3b6cb88937953e  librt.patch
 1bea3543ddc712330527b62fd9ff6520  busybox-sed.patch
+25ba4efc5eee29daa12855fbadce84f8  xsa33-4.1.patch
 6e5739dad7e2bd1b625e55ddc6c782b7  xenstored.initd
 b017ccdd5e1c27bbf1513e3569d4ff07  xenstored.confd
 ed262f15fb880badb53575539468646c  xenconsoled.initd
diff --git a/main/xen/xsa33-4.1.patch b/main/xen/xsa33-4.1.patch
new file mode 100644
index 0000000000..d0bdeb44ac
--- /dev/null
+++ b/main/xen/xsa33-4.1.patch
@@ -0,0 +1,21 @@
+VT-d: fix interrupt remapping source validation for devices behind
+legacy bridges
+Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
+uses SVT_VERIFY_SID_SQ here instead.
+This is XSA-33 / CVE-2012-5634.
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+--- a/xen/drivers/passthrough/vtd/intremap.c
+++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -499,7 +499,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+             else if ( pdev_type(bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
+-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
+         break;
author	Roger Pau Monne <roger.pau@citrix.com>	2013-01-11 18:06:24 +0100
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-01-14 16:42:01 +0000
commit	5b4cf2b15d5a62c8ce00284410a099239d6935d2 (patch)
tree	72d3979aa3ed5bae9b387b71f830cf23c50c421d
parent	3fe73e04397a3ed9c88e92deef2e0c09ed2a5f28 (diff)
download	alpine_aports-5b4cf2b15d5a62c8ce00284410a099239d6935d2.tar.bz2 alpine_aports-5b4cf2b15d5a62c8ce00284410a099239d6935d2.tar.xz alpine_aports-5b4cf2b15d5a62c8ce00284410a099239d6935d2.zip

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index e5eba0809b..39033477e9 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD
@@ -3,7 +3,7 @@
3	# Maintainer: William Pitcock <nenolod@dereferenced.org>	3	# Maintainer: William Pitcock <nenolod@dereferenced.org>
4	pkgname=xen	4	pkgname=xen
5	pkgver=4.1.4	5	pkgver=4.1.4
6	pkgrel=0	6	pkgrel=1
7	pkgdesc="Xen hypervisor"	7	pkgdesc="Xen hypervisor"
8	url="http://www.xen.org/"	8	url="http://www.xen.org/"
9	arch="x86 x86_64"	9	arch="x86 x86_64"
@@ -22,6 +22,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
22	define_fsimage_dir.patch	22	define_fsimage_dir.patch
23	librt.patch	23	librt.patch
24	busybox-sed.patch	24	busybox-sed.patch
		25	xsa33-4.1.patch
25		26
26	xenstored.initd	27	xenstored.initd
27	xenstored.confd	28	xenstored.confd
@@ -121,6 +122,7 @@ b973dc1ffcc6872e222b36f3b7b4836b fix_bswap_blktap2.patch
121	0bb8a435020a5a49b38b1a447fb69977 define_fsimage_dir.patch	122	0bb8a435020a5a49b38b1a447fb69977 define_fsimage_dir.patch
122	fa06495a175571f4aa3b6cb88937953e librt.patch	123	fa06495a175571f4aa3b6cb88937953e librt.patch
123	1bea3543ddc712330527b62fd9ff6520 busybox-sed.patch	124	1bea3543ddc712330527b62fd9ff6520 busybox-sed.patch
		125	25ba4efc5eee29daa12855fbadce84f8 xsa33-4.1.patch
124	6e5739dad7e2bd1b625e55ddc6c782b7 xenstored.initd	126	6e5739dad7e2bd1b625e55ddc6c782b7 xenstored.initd
125	b017ccdd5e1c27bbf1513e3569d4ff07 xenstored.confd	127	b017ccdd5e1c27bbf1513e3569d4ff07 xenstored.confd
126	ed262f15fb880badb53575539468646c xenconsoled.initd	128	ed262f15fb880badb53575539468646c xenconsoled.initd


diff --git a/main/xen/xsa33-4.1.patch b/main/xen/xsa33-4.1.patch new file mode 100644 index 0000000000..d0bdeb44ac --- /dev/null +++ b/main/xen/xsa33-4.1.patch
@@ -0,0 +1,21 @@
		1	VT-d: fix interrupt remapping source validation for devices behind
		2	legacy bridges
		3
		4	Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
		5	uses SVT_VERIFY_SID_SQ here instead.
		6
		7	This is XSA-33 / CVE-2012-5634.
		8
		9	Signed-off-by: Jan Beulich <jbeulich@suse.com>
		10
		11	--- a/xen/drivers/passthrough/vtd/intremap.c
		12	+++ b/xen/drivers/passthrough/vtd/intremap.c
		13	@@ -499,7 +499,7 @@ static void set_msi_source_id(struct pci_dev pdev, struct iremap_entry ire)
		14	set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
		15	(bus << 8) \| pdev->bus);
		16	else if ( pdev_type(bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
		17	- set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
		18	+ set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
		19	PCI_BDF2(bus, devfn));
		20	}
		21	break;