# ChangeLog for app-emulation/xen
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.85 2011/09/29 14:21:09 tomka Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.86 2011/10/11 20:25:50 chainsaw Exp $
+
+*xen-3.4.2-r4 (11 Oct 2011)
+
+ 11 Oct 2011; Tony Vroon <chainsaw@gentoo.org> +xen-3.4.2-r4.ebuild,
+ +files/xen-3.4.2-CVE-2011-1583.patch,
+ +files/xen-3.4.2-fix-__addr_ok-limit.patch:
+ Patches by Ian "idella4" Delaney to address security bugs #385319 and
+ #386371.
29 Sep 2011; Thomas Kahle <tomka@gentoo.org> xen-3.4.2-r3.ebuild:
x86 stable per bug 379241
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
AUX xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
+AUX xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
AUX xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
+AUX xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
AUX xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
AUX xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
AUX xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
DIST xen-4.1.1.tar.gz 10355625 RMD160 4b3c0641b0f098889f627662aa6b8fea00c5b636 SHA1 f1b5ef4b663c339faf9c77fc895327cfbcc9776c SHA256 246289227507466b5da8b2d0da84a5b0e68a392527b16cde38898d0348890f5b
EBUILD xen-3.4.2-r1.ebuild 3058 RMD160 19a8baa3dbf87f4c5d4e5019f88ae4dc5ccc32e6 SHA1 aed8b48c47b8f713dbc17d67fa2d21c838f7f071 SHA256 719917cfbf0605d4951415d9f53c49262d92ba8e8921a3835aefcd549dd275bb
EBUILD xen-3.4.2-r3.ebuild 3068 RMD160 a7823f95b67e2f237a5395a0063525794bf21820 SHA1 b7ea3ce1c4df92ee1d87101fda58765cc580168f SHA256 df35d173a9fbcd041e8d33f7edc5478c9e3ed5f64a1f3b17caf746f5bd92252b
+EBUILD xen-3.4.2-r4.ebuild 3249 RMD160 c00e2aa265dc4c37f8e09854af296b150bd46fb8 SHA1 84b162ac12b34afe544d6dcc232016e97fa95d0a SHA256 fa50d0fc5c8e6adb09b6db324cedf22d50abf2be09111ac25af20e31fffe3948
EBUILD xen-4.1.1-r2.ebuild 3015 RMD160 2026eb17050ee40ae504b3f377b0e0895849d02a SHA1 2d505aa3cf488a79c3518d9d5bf4d70d6c84f9c7 SHA256 4ae066db6bbdd5ca3c377944b9b3c2abc94d2095c075cb20485908bc954fdf78
EBUILD xen-9999.ebuild 2929 RMD160 34b61aa566948357bed2bde59d06e38fdc21249c SHA1 5dfa8cebff2f2b9a10e40b888e151baf8afb804c SHA256 62f131e504a87ab2e05b1109325167ae9f6d9747ae90d89536d49734c7445f0e
-MISC ChangeLog 13823 RMD160 c00c5de5640dd8647d239fcf91a7d0fc5af221f6 SHA1 7a8036b12e92cb3dda2c667a560275485aaee75a SHA256 08aae3b2a4ff8c7cabee2cce2e90789a30ccfe279a54ee46bd9fa9815939e5cb
+MISC ChangeLog 14095 RMD160 ca58af04653c5017cb44648cd405ca940e5d1d37 SHA1 b64619008aac2f528a5ab268d26a4a8c686e22b4 SHA256 5a84a264a57918a9035c0255914539ccc67cfdf362e9e279eec375595c011cf0
MISC metadata.xml 581 RMD160 d22ffb491d9dad33425b97add683dd6b8b9139e1 SHA1 649f65e9fd2ab25e32394c555a24fc0f6b59c37f SHA256 1cf2cc4bb5b5278ac75e74910607518ddd2bd6454f18325319ce1ac102fab535
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
-
-iF4EAREIAAYFAk6EfuAACgkQodBTJSDyo65dcgD/fYfP/HNKV7TieMkgrLpNZmuj
-PojFPqGBLufQjoyxdrcA/i+QMNeTlx88eCXqNY4ekfD1mU+qLSqmUdHftRi4vzjB
-=7N/T
------END PGP SIGNATURE-----
--- /dev/null
+--- tools/libxc/xc_dom_bzimageloader.c 2009-11-10 23:12:56.000000000 +0800
++++ tools/libxc/xc_dom_bzimageloader.c 2011-10-09 20:10:08.972815311 +0800
+@@ -308,19 +308,19 @@
+
+ extern struct xc_dom_loader elf_loader;
+
+-static unsigned int payload_offset(struct setup_header *hdr)
++static int check_magic(struct xc_dom_image *dom, const void *magic, size_t len)
+ {
+- unsigned int off;
++ if (len > dom->kernel_size)
++ return 0;
++
++ return (memcmp(dom->kernel_blob, magic, len) == 0);
++ }
+
+- off = (hdr->setup_sects + 1) * 512;
+- off += hdr->payload_offset;
+- return off;
+-}
+-
+-static int xc_dom_probe_bzimage_kernel(struct xc_dom_image *dom)
++static int check_bzimage_kernel(struct xc_dom_image *dom, int verbose)
+ {
+ struct setup_header *hdr;
+- int ret;
++ uint64_t payload_offset, payload_length;
++ /* int ret; */
+
+ if ( dom->kernel_blob == NULL )
+ {
+@@ -352,20 +352,47 @@
+ return -EINVAL;
+ }
+
+- dom->kernel_blob = dom->kernel_blob + payload_offset(hdr);
+- dom->kernel_size = hdr->payload_length;
++ /* upcast to 64 bits to avoid overflow */
++ /* setup_sects is u8 and so cannot overflow */
++ payload_offset = (hdr->setup_sects + 1) * 512;
++ payload_offset += hdr->payload_offset;
++ payload_length = hdr->payload_length;
+
+- if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
+- {
++/* if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
++ {
+ ret = xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size);
+- if ( ret == -1 )
++ if ( ret == -1 ) */
++ if ( payload_offset >= dom->kernel_size )
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload offset overflow",
++ __FUNCTION__);
++ return -EINVAL;
++ }
++ if ( (payload_offset + payload_length) > dom->kernel_size )
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload length overflow",
++ __FUNCTION__);
++ }
++
++ dom->kernel_blob = dom->kernel_blob + payload_offset;
++ dom->kernel_size = payload_length;
++
++ if ( check_magic(dom, "\037\213", 2) )
++ {
++ if ( xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size) == -1 )
+ {
+- xc_dom_panic(XC_INVALID_KERNEL,
+- "%s: unable to gzip decompress kernel\n",
+- __FUNCTION__);
++ if ( verbose )
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unable to decompress kernel\$n",
++ __FUNCTION__);
+ return -EINVAL;
+ }
+ }
++ else
++ {
++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unknown compression format\n",
++ __FUNCTION__);
++ return -EINVAL;
++ }
+ else if ( memcmp(dom->kernel_blob, "\102\132\150", 3) == 0 )
+ {
+ ret = xc_try_bzip2_decode(dom, &dom->kernel_blob, &dom->kernel_size);
--- /dev/null
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+ Xen Security Advisory CVE-2011-2901 / XSA-4
+ revision no.2
+ Xen <= 3.3 DoS due to incorrect virtual address validation
+
+ISSUE DESCRIPTION
+=================
+
+The x86_64 __addr_ok() macro intends to ensure that the checked
+address is either in the positive half of the 48-bit virtual address
+space, or above the Xen-reserved area. However, the current shift
+count is off-by-one, allowing full access to the "negative half" too,
+via certain hypercalls which ignore virtual-address bits [63:48].
+Vulnerable hypercalls exist only in very old versions of the
+hypervisor.
+
+VULNERABLE SYSTEMS
+==================
+
+All systems running a Xen 3.3 or earlier hypervisor with 64-bit PV
+guests with untrusted administrators are vulnerable.
+
+IMPACT
+======
+
+A malicious guest administrator on a vulnerable system is able to
+crash the host.
+
+There are no known further exploits but these have not been ruled out.
+
+RESOLUTION
+==========
+
+The attached patch resolves the issue.
+
+Alternatively, users may choose to upgrade to a more recent hypervisor
+
+PATCHES
+=======
+
+The following patch resolves this issue.
+
+Filename: fix-__addr_ok-limit.patch
+SHA1: f18bde8d276110451c608a16f577865aa1226b4f
+SHA256: 2da5aac72e1ac4849c34d38374ae456795905fd9512eef94b48fc31383c21636
+
+This patch should apply cleanly, and fix the problem, for all affected
+versions of Xen.
+
+It is harmless when applied to later hypervisors and will be included
+in the Xen unstable branch in due course.
+
+VERSION HISTORY
+===============
+
+Analysis following version 1 of this advisory (sent out to the
+predisclosure list during the embargo period) indicates that the
+actual DoS vulnerability only exists in very old hypervisors, Xen 3.3
+and earlier, contrary to previous reports.
+
+This advisory is no longer embargoed.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP
+MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD
+7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4
+zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A
+JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT
+2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg=
+=09T8
+-----END PGP SIGNATURE-----
+
+Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok
+
+The x86_64 __addr_ok() macro intends to ensure that the checked
+address is either in the positive half of the 48-bit virtual address
+space, or above the Xen-reserved area. However, the current shift
+count is off-by-one, allowing full access to the "negative half"
+too. Guests may exploit this to gain access to off-limits ranges.
+
+This issue has been assigned CVE-2011-2901.
+
+Signed-off-by: Laszlo Ersek <lersek@...hat.com>
+Signed-off-by: Ian Campbell <ian.campbell@...rix.com>
+
+diff --git a/xen/include/asm-x86/x86_64/uaccess.h
+b/xen/include/asm-x86/x86_64/uaccess.h
+--- a/xen/include/asm-x86/x86_64/uaccess.h
++++ b/xen/include/asm-x86/x86_64/uaccess.h
+@@ -34,7 +34,7 @@
+ * non-canonical address (and thus fault) before ever reaching VIRT_START.
+ */
+ #define __addr_ok(addr) \
+- (((unsigned long)(addr) < (1UL<<48)) || \
++ (((unsigned long)(addr) < (1UL<<47)) || \
+ ((unsigned long)(addr) >= HYPERVISOR_VIRT_END))
+
+ #define access_ok(addr, size) \
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-3.4.2-r4.ebuild,v 1.1 2011/10/11 20:25:50 chainsaw Exp $
+
+EAPI=2
+
+inherit mount-boot flag-o-matic toolchain-funcs base
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug custom-cflags pae acm flask xsm"
+
+RDEPEND="|| ( sys-boot/grub
+ sys-boot/grub-static )
+ >=sys-kernel/xen-sources-2.6.18"
+PDEPEND="~app-emulation/xen-tools-${PV}"
+PATCHES=(
+ "${FILESDIR}/"${PN}-3.3.0-unexported-target-fix.patch
+ "${FILESDIR}/"${P}-dump_registers-watchdog-fix.patch
+ "${FILESDIR}/"${P}-no-DMA.patch
+ "${FILESDIR}/"${P}-werror-idiocy.patch
+ "${FILESDIR}/"${P}-fix-__addr_ok-limit.patch
+ "${FILESDIR}/"${P}-CVE-2011-1583.patch
+)
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+pkg_setup() {
+ if [ -x "${S}/.config/" ]; then
+ die "You will need to remove ${S}/.config by hand"
+ fi
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use x86 && use amd64; then
+ die "Confusion! Both x86 and amd64 are set in your use flags!"
+ elif use x86; then
+ export XEN_TARGET_ARCH="x86_32"
+ elif use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use xsm ; then
+ export "XSM_ENABLE=y"
+ use acm && export "ACM_SECURITY=y"
+ if use flask ; then
+ ! use acm && export "FLASK_ENABLE=y"
+ use acm && ewarn "Both acm and flask XSM specified, defaulting to acm."
+ fi
+ elif use acm || use flask ; then
+ ewarn "acm and flask require USE=xsm to be set, dropping use flags"
+ fi
+}
+
+src_prepare() {
+ base_src_prepare
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \;
+ fi
+}
+
+src_compile() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ fi
+
+ # Send raw LDFLAGS so that --as-needed works
+ emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" -C xen ${myopt} || die "compile failed"
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+ use pae && myopt="${myopt} pae=y"
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install || die "install failed"
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " http://www.gentoo.org/doc/en/xen-guide.xml"
+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+ if use pae; then
+ echo
+ ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+ fi
+}
projects / gentoo.git / commitdiff