diff options
| author |   Tom Wijsman <tomwij@gentoo.org> | 2014-01-01 11:47:21 +0000 |
|---|---|---|
| committer | Tom Wijsman <tomwij@gentoo.org> | 2014-01-01 11:47:21 +0000 |
| commit | 08250fe88b3668295b262399fd687711aa57d6a7 (patch) | |
| tree | 1a34e46cf447e1e38789c985b42e7e2b1b298d5c /app-emulation/xen-pvgrub | |
| parent | Version bump. Use system's qtsingleapplication. Bug #496638 (diff) | |
| download | gentoo-2-08250fe88b3668295b262399fd687711aa57d6a7.tar.gz gentoo-2-08250fe88b3668295b262399fd687711aa57d6a7.tar.bz2 gentoo-2-08250fe88b3668295b262399fd687711aa57d6a7.zip | |
[QA] Remove unused files. Added quotes to unquoted DISTDIR variables.
(Portage version: HEAD/cvs/Linux x86_64, signed Manifest commit with key 6D34E57D)
Diffstat (limited to 'app-emulation/xen-pvgrub')
9 files changed, 20 insertions, 1052 deletions
diff --git a/app-emulation/xen-pvgrub/ChangeLog b/app-emulation/xen-pvgrub/ChangeLog index abf29fb504a4..48d6d34e3a97 100644 --- a/app-emulation/xen-pvgrub/ChangeLog +++ b/app-emulation/xen-pvgrub/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-emulation/xen-pvgrub -# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.44 2013/12/10 13:35:02 ago Exp $ +# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.45 2014/01/01 11:47:20 tomwij Exp $ + + 01 Jan 2014; Tom Wijsman <TomWij@gentoo.org> + -files/xen-4-CVE-2013-0215-XSA-38.patch, + -files/xen-4-CVE-2013-1919-XSA-46.patch, + -files/xen-4-CVE-2013-1952-XSA_49.patch, + -files/xen-4.2-CVE-2013-6-XSA-55.patch, + -files/xen-4.2-CVE-2013-7-XSA-55.patch, xen-pvgrub-4.2.2-r1.ebuild, + xen-pvgrub-4.3.0.ebuild, xen-pvgrub-4.3.1.ebuild: + [QA] Remove unused files. Added quotes to unquoted DISTDIR variables. 10 Dec 2013; Agostino Sarubbo <ago@gentoo.org> xen-pvgrub-4.3.1.ebuild: Stable for x86, wrt bug #486354 diff --git a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-0215-XSA-38.patch b/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-0215-XSA-38.patch deleted file mode 100644 index f4a5dc0881e8..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-0215-XSA-38.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff --git a/tools/ocaml/libs/xb/partial.ml b/tools/ocaml/libs/xb/partial.ml -index 3558889..d4d1c7b 100644 ---- a/tools/ocaml/libs/xb/partial.ml -+++ b/tools/ocaml/libs/xb/partial.ml -@@ -27,8 +27,15 @@ external header_size: unit -> int = "stub_header_size" - external header_of_string_internal: string -> int * int * int * int - = "stub_header_of_string" - -+let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *) -+ - let of_string s = - let tid, rid, opint, dlen = header_of_string_internal s in -+ (* A packet which is bigger than xenstore_payload_max is illegal. -+ This will leave the guest connection is a bad state and will -+ be hard to recover from without restarting the connection -+ (ie rebooting the guest) *) -+ let dlen = min xenstore_payload_max dlen in - { - tid = tid; - rid = rid; -@@ -38,6 +45,7 @@ let of_string s = - } - - let append pkt s sz = -+ if pkt.len > 4096 then failwith "Buffer.add: cannot grow buffer"; - Buffer.add_string pkt.buf (String.sub s 0 sz) - - let to_complete pkt = -diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c -index 00414c5..4888ac5 100644 ---- a/tools/ocaml/libs/xb/xs_ring_stubs.c -+++ b/tools/ocaml/libs/xb/xs_ring_stubs.c -@@ -39,21 +39,23 @@ static int xs_ring_read(struct mmap_interface *interface, - char *buffer, int len) - { - struct xenstore_domain_interface *intf = interface->addr; -- XENSTORE_RING_IDX cons, prod; -+ XENSTORE_RING_IDX cons, prod; /* offsets only */ - int to_read; - -- cons = intf->req_cons; -- prod = intf->req_prod; -+ cons = *(volatile uint32*)&intf->req_cons; -+ prod = *(volatile uint32*)&intf->req_prod; - xen_mb(); -+ cons = MASK_XENSTORE_IDX(cons); -+ prod = MASK_XENSTORE_IDX(prod); - if (prod == cons) - return 0; -- if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons)) -+ if (prod > cons) - to_read = prod - cons; - else -- to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons); -+ to_read = XENSTORE_RING_SIZE - cons; - if (to_read < len) - len = to_read; -- memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len); -+ memcpy(buffer, intf->req + cons, len); - xen_mb(); - intf->req_cons += len; - return len; -@@ -66,8 +68,8 @@ static int xs_ring_write(struct mmap_interface *interface, - XENSTORE_RING_IDX cons, prod; - int can_write; - -- cons = intf->rsp_cons; -- prod = intf->rsp_prod; -+ cons = *(volatile uint32*)&intf->rsp_cons; -+ prod = *(volatile uint32*)&intf->rsp_prod; - xen_mb(); - if ( (prod - cons) >= XENSTORE_RING_SIZE ) - return 0; diff --git a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1919-XSA-46.patch b/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1919-XSA-46.patch deleted file mode 100644 index 9448ea9c6748..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1919-XSA-46.patch +++ /dev/null @@ -1,293 +0,0 @@ -x86: fix various issues with handling guest IRQs - -- properly revoke IRQ access in map_domain_pirq() error path -- don't permit replacing an in use IRQ -- don't accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI -- track IRQ access permission in host IRQ terms, not guest IRQ ones - (and with that, also disallow Dom0 access to IRQ0) - -This is CVE-2013-1919 / XSA-46. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> - ---- a/tools/libxl/libxl_create.c -+++ b/tools/libxl/libxl_create.c -@@ -968,14 +968,16 @@ static void domcreate_launch_dm(libxl__e - } - - for (i = 0; i < d_config->b_info.num_irqs; i++) { -- uint32_t irq = d_config->b_info.irqs[i]; -+ int irq = d_config->b_info.irqs[i]; - -- LOG(DEBUG, "dom%d irq %"PRIx32, domid, irq); -+ LOG(DEBUG, "dom%d irq %d", domid, irq); - -- ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1); -+ ret = irq >= 0 ? xc_physdev_map_pirq(CTX->xch, domid, irq, &irq) -+ : -EOVERFLOW; -+ if (!ret) -+ ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1); - if ( ret<0 ){ -- LOGE(ERROR, -- "failed give dom%d access to irq %"PRId32, domid, irq); -+ LOGE(ERROR, "failed give dom%d access to irq %d", domid, irq); - ret = ERROR_FAIL; - } - } ---- a/tools/python/xen/xend/server/irqif.py -+++ b/tools/python/xen/xend/server/irqif.py -@@ -73,6 +73,12 @@ class IRQController(DevController): - - pirq = get_param('irq') - -+ rc = xc.physdev_map_pirq(domid = self.getDomid(), -+ index = pirq, -+ pirq = pirq) -+ if rc < 0: -+ raise VmError('irq: Failed to map irq %x' % (pirq)) -+ - rc = xc.domain_irq_permission(domid = self.getDomid(), - pirq = pirq, - allow_access = True) -@@ -81,12 +87,6 @@ class IRQController(DevController): - #todo non-fatal - raise VmError( - 'irq: Failed to configure irq: %d' % (pirq)) -- rc = xc.physdev_map_pirq(domid = self.getDomid(), -- index = pirq, -- pirq = pirq) -- if rc < 0: -- raise VmError( -- 'irq: Failed to map irq %x' % (pirq)) - back = dict([(k, config[k]) for k in self.valid_cfg if k in config]) - return (self.allocateDeviceID(), back, {}) - ---- a/xen/arch/x86/domain_build.c -+++ b/xen/arch/x86/domain_build.c -@@ -1219,7 +1219,7 @@ int __init construct_dom0( - /* DOM0 is permitted full I/O capabilities. */ - rc |= ioports_permit_access(dom0, 0, 0xFFFF); - rc |= iomem_permit_access(dom0, 0UL, ~0UL); -- rc |= irqs_permit_access(dom0, 0, d->nr_pirqs - 1); -+ rc |= irqs_permit_access(dom0, 1, nr_irqs_gsi - 1); - - /* - * Modify I/O port access permissions. ---- a/xen/arch/x86/domctl.c -+++ b/xen/arch/x86/domctl.c -@@ -772,9 +772,13 @@ long arch_do_domctl( - goto bind_out; - - ret = -EPERM; -- if ( !IS_PRIV(current->domain) && -- !irq_access_permitted(current->domain, bind->machine_irq) ) -- goto bind_out; -+ if ( !IS_PRIV(current->domain) ) -+ { -+ int irq = domain_pirq_to_irq(d, bind->machine_irq); -+ -+ if ( irq <= 0 || !irq_access_permitted(current->domain, irq) ) -+ goto bind_out; -+ } - - ret = -ESRCH; - if ( iommu_enabled ) -@@ -803,9 +807,13 @@ long arch_do_domctl( - bind = &(domctl->u.bind_pt_irq); - - ret = -EPERM; -- if ( !IS_PRIV(current->domain) && -- !irq_access_permitted(current->domain, bind->machine_irq) ) -- goto unbind_out; -+ if ( !IS_PRIV(current->domain) ) -+ { -+ int irq = domain_pirq_to_irq(d, bind->machine_irq); -+ -+ if ( irq <= 0 || !irq_access_permitted(current->domain, irq) ) -+ goto unbind_out; -+ } - - if ( iommu_enabled ) - { ---- a/xen/arch/x86/irq.c -+++ b/xen/arch/x86/irq.c -@@ -184,6 +184,14 @@ int create_irq(int node) - desc->arch.used = IRQ_UNUSED; - irq = ret; - } -+ else if ( dom0 ) -+ { -+ ret = irq_permit_access(dom0, irq); -+ if ( ret ) -+ printk(XENLOG_G_ERR -+ "Could not grant Dom0 access to IRQ%d (error %d)\n", -+ irq, ret); -+ } - - return irq; - } -@@ -280,6 +288,17 @@ void clear_irq_vector(int irq) - void destroy_irq(unsigned int irq) - { - BUG_ON(!MSI_IRQ(irq)); -+ -+ if ( dom0 ) -+ { -+ int err = irq_deny_access(dom0, irq); -+ -+ if ( err ) -+ printk(XENLOG_G_ERR -+ "Could not revoke Dom0 access to IRQ%u (error %d)\n", -+ irq, err); -+ } -+ - dynamic_irq_cleanup(irq); - clear_irq_vector(irq); - } -@@ -1858,7 +1877,7 @@ int map_domain_pirq( - - if ( !IS_PRIV(current->domain) && - !(IS_PRIV_FOR(current->domain, d) && -- irq_access_permitted(current->domain, pirq))) -+ irq_access_permitted(current->domain, irq))) - return -EPERM; - - if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs ) -@@ -1887,17 +1906,18 @@ int map_domain_pirq( - return ret; - } - -- ret = irq_permit_access(d, pirq); -+ ret = irq_permit_access(d, irq); - if ( ret ) - { -- dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d\n", -- d->domain_id, pirq); -+ printk(XENLOG_G_ERR -+ "dom%d: could not permit access to IRQ%d (pirq %d)\n", -+ d->domain_id, irq, pirq); - return ret; - } - - ret = prepare_domain_irq_pirq(d, irq, pirq, &info); - if ( ret ) -- return ret; -+ goto revoke; - - desc = irq_to_desc(irq); - -@@ -1921,8 +1941,14 @@ int map_domain_pirq( - spin_lock_irqsave(&desc->lock, flags); - - if ( desc->handler != &no_irq_type ) -+ { -+ spin_unlock_irqrestore(&desc->lock, flags); - dprintk(XENLOG_G_ERR, "dom%d: irq %d in use\n", - d->domain_id, irq); -+ pci_disable_msi(msi_desc); -+ ret = -EBUSY; -+ goto done; -+ } - setup_msi_handler(desc, msi_desc); - - if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV -@@ -1951,7 +1977,14 @@ int map_domain_pirq( - - done: - if ( ret ) -+ { - cleanup_domain_irq_pirq(d, irq, info); -+ revoke: -+ if ( irq_deny_access(d, irq) ) -+ printk(XENLOG_G_ERR -+ "dom%d: could not revoke access to IRQ%d (pirq %d)\n", -+ d->domain_id, irq, pirq); -+ } - return ret; - } - -@@ -2017,10 +2050,11 @@ int unmap_domain_pirq(struct domain *d, - if ( !forced_unbind ) - cleanup_domain_irq_pirq(d, irq, info); - -- ret = irq_deny_access(d, pirq); -+ ret = irq_deny_access(d, irq); - if ( ret ) -- dprintk(XENLOG_G_ERR, "dom%d: could not deny access to irq %d\n", -- d->domain_id, pirq); -+ printk(XENLOG_G_ERR -+ "dom%d: could not deny access to IRQ%d (pirq %d)\n", -+ d->domain_id, irq, pirq); - - done: - return ret; ---- a/xen/arch/x86/physdev.c -+++ b/xen/arch/x86/physdev.c -@@ -147,7 +147,7 @@ int physdev_map_pirq(domid_t domid, int - if ( irq == -1 ) - irq = create_irq(NUMA_NO_NODE); - -- if ( irq < 0 || irq >= nr_irqs ) -+ if ( irq < nr_irqs_gsi || irq >= nr_irqs ) - { - dprintk(XENLOG_G_ERR, "dom%d: can't create irq for msi!\n", - d->domain_id); ---- a/xen/common/domctl.c -+++ b/xen/common/domctl.c -@@ -25,6 +25,7 @@ - #include <xen/paging.h> - #include <xen/hypercall.h> - #include <asm/current.h> -+#include <asm/irq.h> - #include <asm/page.h> - #include <public/domctl.h> - #include <xsm/xsm.h> -@@ -897,9 +898,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc - else if ( xsm_irq_permission(d, pirq, allow) ) - ret = -EPERM; - else if ( allow ) -- ret = irq_permit_access(d, pirq); -+ ret = pirq_permit_access(d, pirq); - else -- ret = irq_deny_access(d, pirq); -+ ret = pirq_deny_access(d, pirq); - - rcu_unlock_domain(d); - } ---- a/xen/common/event_channel.c -+++ b/xen/common/event_channel.c -@@ -369,7 +369,7 @@ static long evtchn_bind_pirq(evtchn_bind - if ( (pirq < 0) || (pirq >= d->nr_pirqs) ) - return -EINVAL; - -- if ( !is_hvm_domain(d) && !irq_access_permitted(d, pirq) ) -+ if ( !is_hvm_domain(d) && !pirq_access_permitted(d, pirq) ) - return -EPERM; - - spin_lock(&d->event_lock); ---- a/xen/include/xen/iocap.h -+++ b/xen/include/xen/iocap.h -@@ -28,4 +28,22 @@ - #define irq_access_permitted(d, i) \ - rangeset_contains_singleton((d)->irq_caps, i) - -+#define pirq_permit_access(d, i) ({ \ -+ struct domain *d__ = (d); \ -+ int i__ = domain_pirq_to_irq(d__, i); \ -+ i__ > 0 ? rangeset_add_singleton(d__->irq_caps, i__)\ -+ : -EINVAL; \ -+}) -+#define pirq_deny_access(d, i) ({ \ -+ struct domain *d__ = (d); \ -+ int i__ = domain_pirq_to_irq(d__, i); \ -+ i__ > 0 ? rangeset_remove_singleton(d__->irq_caps, i__)\ -+ : -EINVAL; \ -+}) -+#define pirq_access_permitted(d, i) ({ \ -+ struct domain *d__ = (d); \ -+ rangeset_contains_singleton(d__->irq_caps, \ -+ domain_pirq_to_irq(d__, i));\ -+}) -+ - #endif /* __XEN_IOCAP_H__ */ diff --git a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1952-XSA_49.patch b/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1952-XSA_49.patch deleted file mode 100644 index 4543f21bc460..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4-CVE-2013-1952-XSA_49.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -ur xen-4.2.1.orig/xen/drivers/passthrough/vtd/intremap.c xen-4.2.1/xen/drivers/passthrough/vtd/intremap.c ---- xen/drivers/passthrough/vtd/intremap.c 2012-12-17 23:01:55.000000000 +0800 -+++ xen/drivers/passthrough/vtd/intremap.c 2013-05-15 23:09:06.704546506 +0800 -@@ -440,16 +440,17 @@ - type = pdev_type(seg, bus, devfn); - switch ( type ) - { -+ case DEV_TYPE_PCIe_ENDPOINT: - case DEV_TYPE_PCIe_BRIDGE: - case DEV_TYPE_PCIe2PCI_BRIDGE: -- case DEV_TYPE_LEGACY_PCI_BRIDGE: -- break; - -- case DEV_TYPE_PCIe_ENDPOINT: - set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn)); - break; - - case DEV_TYPE_PCI: -+ case DEV_TYPE_LEGACY_PCI_BRIDGE: -+ /* case DEV_TYPE_PCI2PCIe_BRIDGE: */ -+ - ret = find_upstream_bridge(seg, &bus, &devfn, &secbus); - if ( ret == 0 ) /* integrated PCI device */ - { -@@ -461,10 +462,15 @@ - if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) - set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, - (bus << 8) | pdev->bus); -- else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) -+ else - set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, - PCI_BDF2(bus, devfn)); - } -+ else -+ dprintk(XENLOG_WARNING VTDPREFIX, -+ "d%d: no upstream bridge for %04x:%02x:%02x.%u\n", -+ pdev->domain->domain_id, -+ seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); - break; - - default: diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-6-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-6-XSA-55.patch deleted file mode 100644 index 67990a2435c3..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-6-XSA-55.patch +++ /dev/null @@ -1,252 +0,0 @@ -From 3fb6ccf2faccaf5e22e33a3155ccc72d732896d8 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:18 +0100 -Subject: [PATCH 14/23] libelf: use C99 bool for booleans - -We want to remove uses of "int" because signed integers have -undesirable undefined behaviours on overflow. Malicious compilers can -turn apparently-correct code into code with security vulnerabilities -etc. - -In this patch we change all the booleans in libelf to C99 bool, -from <stdbool.h>. - -For the one visible libelf boolean in libxc's public interface we -retain the use of int to avoid changing the ABI; libxc converts it to -a bool for consumption by libelf. - -It is OK to change all values only ever used as booleans to _Bool -(bool) because conversion from any scalar type to a _Bool works the -same as the boolean test in if() or ?: and is always defined (C99 -6.3.1.2). But we do need to check that all these variables really are -only ever used that way. (It is theoretically possible that the old -code truncated some 64-bit values to 32-bit ints which might become -zero depending on the value, which would mean a behavioural change in -this patch, but it seems implausible that treating 0x????????00000000 -as false could have been intended.) - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: George Dunlap <george.dunlap@eu.citrix.com> ---- - tools/libxc/xc_dom_elfloader.c | 8 ++++---- - xen/common/libelf/libelf-dominfo.c | 2 +- - xen/common/libelf/libelf-loader.c | 4 ++-- - xen/common/libelf/libelf-private.h | 2 +- - xen/common/libelf/libelf-tools.c | 10 +++++----- - xen/include/xen/libelf.h | 18 ++++++++++-------- - 6 files changed, 23 insertions(+), 21 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 4fb4da2..9ba64ae 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -34,7 +34,7 @@ - /* ------------------------------------------------------------------------ */ - - static void log_callback(struct elf_binary *elf, void *caller_data, -- int iserr, const char *fmt, va_list al) { -+ bool iserr, const char *fmt, va_list al) { - xc_interface *xch = caller_data; - - xc_reportv(xch, -@@ -46,7 +46,7 @@ static void log_callback(struct elf_binary *elf, void *caller_data, - - void xc_elf_set_logfile(xc_interface *xch, struct elf_binary *elf, - int verbose) { -- elf_set_log(elf, log_callback, xch, verbose); -+ elf_set_log(elf, log_callback, xch, verbose /* convert to bool */); - } - - /* ------------------------------------------------------------------------ */ -@@ -84,7 +84,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom, - /* ------------------------------------------------------------------------ */ - /* parse elf binary */ - --static int check_elf_kernel(struct xc_dom_image *dom, int verbose) -+static int check_elf_kernel(struct xc_dom_image *dom, bool verbose) - { - if ( dom->kernel_blob == NULL ) - { -@@ -112,7 +112,7 @@ static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom) - } - - static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, -- struct elf_binary *elf, int load) -+ struct elf_binary *elf, bool load) - { - struct elf_binary syms; - ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2; -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 98c80dc..12b6c2a 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -101,7 +101,7 @@ int elf_xen_parse_note(struct elf_binary *elf, - /* *INDENT-OFF* */ - static const struct { - char *name; -- int str; -+ bool str; - } note_desc[] = { - [XEN_ELFNOTE_ENTRY] = { "ENTRY", 0}, - [XEN_ELFNOTE_HYPERCALL_PAGE] = { "HYPERCALL_PAGE", 0}, -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index f8be635..0dccd4d 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -92,7 +92,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size) - } - - #ifndef __XEN__ --void elf_call_log_callback(struct elf_binary *elf, int iserr, -+void elf_call_log_callback(struct elf_binary *elf, bool iserr, - const char *fmt,...) { - va_list al; - -@@ -107,7 +107,7 @@ void elf_call_log_callback(struct elf_binary *elf, int iserr, - } - - void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, -- void *log_caller_data, int verbose) -+ void *log_caller_data, bool verbose) - { - elf->log_callback = log_callback; - elf->log_caller_data = log_caller_data; -diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h -index 280dfd1..277be04 100644 ---- a/xen/common/libelf/libelf-private.h -+++ b/xen/common/libelf/libelf-private.h -@@ -77,7 +77,7 @@ - #define elf_err(elf, fmt, args ... ) \ - elf_call_log_callback(elf, 1, fmt , ## args ); - --void elf_call_log_callback(struct elf_binary*, int iserr, const char *fmt,...); -+void elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt,...); - - #define safe_strcpy(d,s) \ - do { strncpy((d),(s),sizeof((d))-1); \ -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 744027e..fa58f76 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -31,7 +31,7 @@ const char *elf_check_broken(const struct elf_binary *elf) - return elf->broken; - } - --static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, -+static bool elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, - const void *region, uint64_t regionsize) - /* - * Returns true if the putative memory area [ptrval,ptrval+size> -@@ -53,7 +53,7 @@ static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, - return 1; - } - --int elf_access_ok(struct elf_binary * elf, -+bool elf_access_ok(struct elf_binary * elf, - uint64_t ptrval, size_t size) - { - if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) ) -@@ -92,7 +92,7 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base, - uint64_t moreoffset, size_t size) - { - elf_ptrval ptrval = base + moreoffset; -- int need_swap = elf_swap(elf); -+ bool need_swap = elf_swap(elf); - const uint8_t *u8; - const uint16_t *u16; - const uint32_t *u32; -@@ -332,7 +332,7 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL( - - /* ------------------------------------------------------------------------ */ - --int elf_is_elfbinary(const void *image_start, size_t image_size) -+bool elf_is_elfbinary(const void *image_start, size_t image_size) - { - const Elf32_Ehdr *ehdr = image_start; - -@@ -342,7 +342,7 @@ int elf_is_elfbinary(const void *image_start, size_t image_size) - return IS_ELF(*ehdr); - } - --int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) -+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { - uint64_t p_type = elf_uval(elf, phdr, p_type); - uint64_t p_flags = elf_uval(elf, phdr, p_flags); -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index ac93858..951430f 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -29,6 +29,8 @@ - #error define architectural endianness - #endif - -+#include <stdbool.h> -+ - #undef ELFSIZE - #include "elfstructs.h" - #ifdef __XEN__ -@@ -42,7 +44,7 @@ - - struct elf_binary; - typedef void elf_log_callback(struct elf_binary*, void *caller_data, -- int iserr, const char *fmt, va_list al); -+ bool iserr, const char *fmt, va_list al); - - #endif - -@@ -237,7 +239,7 @@ struct elf_binary { - elf_log_callback *log_callback; - void *log_caller_data; - #endif -- int verbose; -+ bool verbose; - const char *broken; - }; - -@@ -301,8 +303,8 @@ void elf_memset_safe(struct elf_binary*, elf_ptrval dst, int c, size_t); - * outside permitted areas. - */ - --int elf_access_ok(struct elf_binary * elf, -- uint64_t ptrval, size_t size); -+bool elf_access_ok(struct elf_binary * elf, -+ uint64_t ptrval, size_t size); - - #define elf_store_val(elf, type, ptr, val) \ - ({ \ -@@ -351,9 +353,9 @@ uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), - ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - - /* (Only) checks that the image has the right magic number. */ --int elf_is_elfbinary(const void *image_start, size_t image_size); -+bool elf_is_elfbinary(const void *image_start, size_t image_size); - --int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); -+bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - - /* ------------------------------------------------------------------------ */ - /* xc_libelf_loader.c */ -@@ -367,7 +369,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size); - void elf_set_verbose(struct elf_binary *elf); - #else - void elf_set_log(struct elf_binary *elf, elf_log_callback*, -- void *log_caller_pointer, int verbose); -+ void *log_caller_pointer, bool verbose); - #endif - - void elf_parse_binary(struct elf_binary *elf); -@@ -419,7 +421,7 @@ struct elf_dom_parms { - char xen_ver[16]; - char loader[16]; - int pae; -- int bsd_symtab; -+ bool bsd_symtab; - uint64_t virt_base; - uint64_t virt_entry; - uint64_t virt_hypercall; --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-7-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-7-XSA-55.patch deleted file mode 100644 index 61076204fa30..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-7-XSA-55.patch +++ /dev/null @@ -1,382 +0,0 @@ -From 77c0829fa751f052f7b8ec08287aef6e7ba97bc5 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:19 +0100 -Subject: [PATCH 19/23] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range - -The return values from xc_dom_*_to_ptr and xc_map_foreign_range are -sometimes dereferenced, or subjected to pointer arithmetic, without -checking whether the relevant function failed and returned NULL. - -Add an appropriate error check at every call site. - -Changes in the 4.2 backport of this series: -* Fix tools/libxc/xc_dom_x86.c:setup_pgtables_x86_32. -* Fix tools/libxc/xc_dom_ia64.c:start_info_ia64. -* Fix tools/libxc/ia64/xc_ia64_dom_fwloader.c:xc_dom_load_fw_kernel. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/ia64/xc_ia64_dom_fwloader.c | 2 + - tools/libxc/xc_dom_binloader.c | 6 +++ - tools/libxc/xc_dom_core.c | 6 +++ - tools/libxc/xc_dom_elfloader.c | 13 +++++++ - tools/libxc/xc_dom_ia64.c | 6 +++ - tools/libxc/xc_dom_x86.c | 55 +++++++++++++++++++++++++++++++ - tools/libxc/xc_domain_restore.c | 27 +++++++++++++++ - tools/libxc/xc_offline_page.c | 5 +++ - 8 files changed, 120 insertions(+), 0 deletions(-) - -diff --git a/tools/libxc/ia64/xc_ia64_dom_fwloader.c b/tools/libxc/ia64/xc_ia64_dom_fwloader.c -index cdf3333..dbd3349 100644 ---- a/tools/libxc/ia64/xc_ia64_dom_fwloader.c -+++ b/tools/libxc/ia64/xc_ia64_dom_fwloader.c -@@ -60,6 +60,8 @@ static int xc_dom_load_fw_kernel(struct xc_dom_image *dom) - unsigned long i; - - dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart); -+ if ( dest == NULL ) -+ return -1; - memcpy(dest, dom->kernel_blob, FW_SIZE); - - /* Synchronize cache. */ -diff --git a/tools/libxc/xc_dom_binloader.c b/tools/libxc/xc_dom_binloader.c -index 8596a28..553b366 100644 ---- a/tools/libxc/xc_dom_binloader.c -+++ b/tools/libxc/xc_dom_binloader.c -@@ -277,6 +277,12 @@ static int xc_dom_load_bin_kernel(struct xc_dom_image *dom) - DOMPRINTF(" bss_size: 0x%" PRIx32 "", bss_size); - - dest = xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart, &dest_size); -+ if ( dest == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom, dom->kernel_seg.vstart)" -+ " => NULL", __FUNCTION__); -+ return -EINVAL; -+ } - - if ( dest_size < text_size || - dest_size - text_size < bss_size ) -diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c -index 8913e41..a54ddae 100644 ---- a/tools/libxc/xc_dom_core.c -+++ b/tools/libxc/xc_dom_core.c -@@ -868,6 +868,12 @@ int xc_dom_build_image(struct xc_dom_image *dom) - ramdisklen) != 0 ) - goto err; - ramdiskmap = xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg); -+ if ( ramdiskmap == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_seg_to_ptr(dom, &dom->ramdisk_seg) => NULL", -+ __FUNCTION__); -+ goto err; -+ } - if ( unziplen ) - { - if ( xc_dom_do_gunzip(dom->xch, -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 9fc4b94..61b5798 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -139,6 +139,12 @@ static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - return 0; - size = dom->kernel_seg.vend - dom->bsd_symtab_start; - hdr_ptr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size); -+ if ( hdr_ptr == NULL ) -+ { -+ DOMPRINTF("%s/load: xc_dom_vaddr_to_ptr(dom,dom->bsd_symtab_start" -+ " => NULL", __FUNCTION__); -+ return -1; -+ } - elf->caller_xdest_base = hdr_ptr; - elf->caller_xdest_size = allow_size; - hdr = ELF_REALPTR2PTRVAL(hdr_ptr); -@@ -384,7 +390,14 @@ static elf_errorstatus xc_dom_load_elf_kernel(struct xc_dom_image *dom) - xen_pfn_t pages; - - elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages); -+ if ( elf->dest_base == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_vaddr_to_ptr(dom,dom->kernel_seg)" -+ " => NULL", __FUNCTION__); -+ return -1; -+ } - elf->dest_size = pages * XC_DOM_PAGE_SIZE(dom); -+ - rc = elf_load_binary(elf); - if ( rc < 0 ) - { -diff --git a/tools/libxc/xc_dom_ia64.c b/tools/libxc/xc_dom_ia64.c -index dcd1523..7c0eff1 100644 ---- a/tools/libxc/xc_dom_ia64.c -+++ b/tools/libxc/xc_dom_ia64.c -@@ -60,6 +60,12 @@ int start_info_ia64(struct xc_dom_image *dom) - - DOMPRINTF_CALLED(dom->xch); - -+ if ( start_info == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__); -+ return -1; /* our caller throws away our return value :-/ */ -+ } -+ - memset(start_info, 0, sizeof(*start_info)); - sprintf(start_info->magic, dom->guest_type); - start_info->flags = dom->flags; -diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c -index 0cf1687..75d6b83 100644 ---- a/tools/libxc/xc_dom_x86.c -+++ b/tools/libxc/xc_dom_x86.c -@@ -144,6 +144,9 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom) - xen_vaddr_t addr; - xen_pfn_t pgpfn; - -+ if ( l2tab == NULL ) -+ goto pfn_error; -+ - for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end; - addr += PAGE_SIZE_X86 ) - { -@@ -151,6 +154,8 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom) - { - /* get L1 tab, make L2 entry */ - l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1); -+ if ( l1tab == NULL ) -+ goto pfn_error; - l2off = l2_table_offset_i386(addr); - l2tab[l2off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT; -@@ -169,6 +174,11 @@ static int setup_pgtables_x86_32(struct xc_dom_image *dom) - l1tab = NULL; - } - return 0; -+ -+pfn_error: -+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR, -+ "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__); -+ return -EINVAL; - } - - /* -@@ -219,6 +229,12 @@ static xen_pfn_t move_l3_below_4G(struct xc_dom_image *dom, - goto out; - - l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1); -+ if ( l3tab == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr(dom, l3pfn, 1) => NULL", -+ __FUNCTION__); -+ return l3mfn; /* our one call site will call xc_dom_panic and fail */ -+ } - memset(l3tab, 0, XC_DOM_PAGE_SIZE(dom)); - - DOMPRINTF("%s: successfully relocated L3 below 4G. " -@@ -262,6 +278,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - } - - l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1); -+ if ( l3tab == NULL ) -+ goto pfn_error; - - for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end; - addr += PAGE_SIZE_X86 ) -@@ -270,6 +288,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - { - /* get L2 tab, make L3 entry */ - l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1); -+ if ( l2tab == NULL ) -+ goto pfn_error; - l3off = l3_table_offset_pae(addr); - l3tab[l3off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT; -@@ -280,6 +300,8 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - { - /* get L1 tab, make L2 entry */ - l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1); -+ if ( l1tab == NULL ) -+ goto pfn_error; - l2off = l2_table_offset_pae(addr); - l2tab[l2off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT; -@@ -306,6 +328,11 @@ static int setup_pgtables_x86_32_pae(struct xc_dom_image *dom) - l3tab[3] = pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT; - } - return 0; -+ -+pfn_error: -+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR, -+ "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__); -+ return -EINVAL; - } - - #undef L1_PROT -@@ -344,6 +371,9 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - uint64_t addr; - xen_pfn_t pgpfn; - -+ if ( l4tab == NULL ) -+ goto pfn_error; -+ - for ( addr = dom->parms.virt_base; addr < dom->virt_pgtab_end; - addr += PAGE_SIZE_X86 ) - { -@@ -351,6 +381,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - { - /* get L3 tab, make L4 entry */ - l3tab = xc_dom_pfn_to_ptr(dom, l3pfn, 1); -+ if ( l3tab == NULL ) -+ goto pfn_error; - l4off = l4_table_offset_x86_64(addr); - l4tab[l4off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l3pfn)) | L4_PROT; -@@ -361,6 +393,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - { - /* get L2 tab, make L3 entry */ - l2tab = xc_dom_pfn_to_ptr(dom, l2pfn, 1); -+ if ( l2tab == NULL ) -+ goto pfn_error; - l3off = l3_table_offset_x86_64(addr); - l3tab[l3off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l2pfn)) | L3_PROT; -@@ -373,6 +407,8 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - { - /* get L1 tab, make L2 entry */ - l1tab = xc_dom_pfn_to_ptr(dom, l1pfn, 1); -+ if ( l1tab == NULL ) -+ goto pfn_error; - l2off = l2_table_offset_x86_64(addr); - l2tab[l2off] = - pfn_to_paddr(xc_dom_p2m_guest(dom, l1pfn)) | L2_PROT; -@@ -393,6 +429,11 @@ static int setup_pgtables_x86_64(struct xc_dom_image *dom) - l1tab = NULL; - } - return 0; -+ -+pfn_error: -+ xc_dom_panic(dom->xch, XC_INTERNAL_ERROR, -+ "%s: xc_dom_pfn_to_ptr failed", __FUNCTION__); -+ return -EINVAL; - } - - #undef L1_PROT -@@ -410,6 +451,8 @@ static int alloc_magic_pages(struct xc_dom_image *dom) - if ( xc_dom_alloc_segment(dom, &dom->p2m_seg, "phys2mach", 0, p2m_size) ) - return -1; - dom->p2m_guest = xc_dom_seg_to_ptr(dom, &dom->p2m_seg); -+ if ( dom->p2m_guest == NULL ) -+ return -1; - - /* allocate special pages */ - dom->start_info_pfn = xc_dom_alloc_page(dom, "start info"); -@@ -434,6 +477,12 @@ static int start_info_x86_32(struct xc_dom_image *dom) - - DOMPRINTF_CALLED(dom->xch); - -+ if ( start_info == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__); -+ return -1; /* our caller throws away our return value :-/ */ -+ } -+ - memset(start_info, 0, sizeof(*start_info)); - strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic)); - start_info->magic[sizeof(start_info->magic) - 1] = '\0'; -@@ -474,6 +523,12 @@ static int start_info_x86_64(struct xc_dom_image *dom) - - DOMPRINTF_CALLED(dom->xch); - -+ if ( start_info == NULL ) -+ { -+ DOMPRINTF("%s: xc_dom_pfn_to_ptr failed on start_info", __FUNCTION__); -+ return -1; /* our caller throws away our return value :-/ */ -+ } -+ - memset(start_info, 0, sizeof(*start_info)); - strncpy(start_info->magic, dom->guest_type, sizeof(start_info->magic)); - start_info->magic[sizeof(start_info->magic) - 1] = '\0'; -diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c -index b4c0b10..3994f8f 100644 ---- a/tools/libxc/xc_domain_restore.c -+++ b/tools/libxc/xc_domain_restore.c -@@ -1556,6 +1556,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - mfn = ctx->p2m[pfn]; - buf = xc_map_foreign_range(xch, dom, PAGE_SIZE, - PROT_READ | PROT_WRITE, mfn); -+ if ( buf == NULL ) -+ { -+ ERROR("xc_map_foreign_range for generation id" -+ " buffer failed"); -+ goto out; -+ } - - generationid = *(unsigned long long *)(buf + offset); - *(unsigned long long *)(buf + offset) = generationid + 1; -@@ -1713,6 +1719,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - l3tab = (uint64_t *) - xc_map_foreign_range(xch, dom, PAGE_SIZE, - PROT_READ, ctx->p2m[i]); -+ if ( l3tab == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for l3tab)"); -+ goto out; -+ } - - for ( j = 0; j < 4; j++ ) - l3ptes[j] = l3tab[j]; -@@ -1739,6 +1750,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - l3tab = (uint64_t *) - xc_map_foreign_range(xch, dom, PAGE_SIZE, - PROT_READ | PROT_WRITE, ctx->p2m[i]); -+ if ( l3tab == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for l3tab, 2nd)"); -+ goto out; -+ } - - for ( j = 0; j < 4; j++ ) - l3tab[j] = l3ptes[j]; -@@ -1909,6 +1925,12 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - SET_FIELD(ctxt, user_regs.edx, mfn); - start_info = xc_map_foreign_range( - xch, dom, PAGE_SIZE, PROT_READ | PROT_WRITE, mfn); -+ if ( start_info == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for start_info)"); -+ goto out; -+ } -+ - SET_FIELD(start_info, nr_pages, dinfo->p2m_size); - SET_FIELD(start_info, shared_info, shared_info_frame<<PAGE_SHIFT); - SET_FIELD(start_info, flags, 0); -@@ -2056,6 +2078,11 @@ int xc_domain_restore(xc_interface *xch, int io_fd, uint32_t dom, - /* Restore contents of shared-info page. No checking needed. */ - new_shared_info = xc_map_foreign_range( - xch, dom, PAGE_SIZE, PROT_WRITE, shared_info_frame); -+ if ( new_shared_info == NULL ) -+ { -+ PERROR("xc_map_foreign_range failed (for new_shared_info)"); -+ goto out; -+ } - - /* restore saved vcpu_info and arch specific info */ - MEMCPY_FIELD(new_shared_info, old_shared_info, vcpu_info); -diff --git a/tools/libxc/xc_offline_page.c b/tools/libxc/xc_offline_page.c -index 089a361..36b9812 100644 ---- a/tools/libxc/xc_offline_page.c -+++ b/tools/libxc/xc_offline_page.c -@@ -714,6 +714,11 @@ int xc_exchange_page(xc_interface *xch, int domid, xen_pfn_t mfn) - - new_p = xc_map_foreign_range(xch, domid, PAGE_SIZE, - PROT_READ|PROT_WRITE, new_mfn); -+ if ( new_p == NULL ) -+ { -+ ERROR("failed to map new_p for copy, guest may be broken?"); -+ goto failed; -+ } - memcpy(new_p, backup, PAGE_SIZE); - munmap(new_p, PAGE_SIZE); - mops.arg1.mfn = new_mfn; --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild index cbe6aa74584f..61ebab624565 100644 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild +++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.8 2013/09/26 10:13:20 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.9 2014/01/01 11:47:20 tomwij Exp $ EAPI=4 PYTHON_DEPEND="2:2.6" @@ -110,7 +110,7 @@ src_prepare() { "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch #Substitute for internal downloading. pciutils copied only due to the only .bz2 - cp $DISTDIR/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" + cp "${DISTDIR}"/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" retar-externals || die "re-tar procedure failed" } diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.3.0.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.3.0.ebuild index 6559e64d3a10..e9e8f6e9c2e7 100644 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.3.0.ebuild +++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.3.0.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.3.0.ebuild,v 1.3 2013/08/23 13:14:52 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.3.0.ebuild,v 1.4 2014/01/01 11:47:20 tomwij Exp $ EAPI=4 PYTHON_DEPEND="2:2.7" @@ -94,7 +94,7 @@ src_prepare() { "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch #Substitute for internal downloading. pciutils copied only due to the only .bz2 - cp $DISTDIR/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" + cp "${DISTDIR}"/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" retar-externals || die "re-tar procedure failed" } diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild index e947ce10b298..0166a0b339b9 100644 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild +++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild,v 1.3 2013/12/10 13:35:02 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.3.1.ebuild,v 1.4 2014/01/01 11:47:20 tomwij Exp $ EAPI=4 PYTHON_DEPEND="2:2.7" @@ -93,7 +93,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN/-pvgrub/}-4-CVE-2012-6075-XSA-41.patch #Substitute for internal downloading. pciutils copied only due to the only .bz2 - cp $DISTDIR/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" + cp "${DISTDIR}"/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" retar-externals || die "re-tar procedure failed" } |