From owner-svn-ports-branches@freebsd.org Thu Dec 22 09:52:27 2016 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31030C8CD3E; Thu, 22 Dec 2016 09:52:27 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 060B8849; Thu, 22 Dec 2016 09:52:26 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uBM9qQki067663; Thu, 22 Dec 2016 09:52:26 GMT (envelope-from royger@FreeBSD.org) Received: (from royger@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uBM9qQAt067661; Thu, 22 Dec 2016 09:52:26 GMT (envelope-from royger@FreeBSD.org) Message-Id: <201612220952.uBM9qQAt067661@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: royger set sender to royger@FreeBSD.org using -f From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= Date: Thu, 22 Dec 2016 09:52:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r429150 - in branches/2016Q4/emulators/xen-kernel: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 09:52:27 -0000 Author: royger (src committer) Date: Thu Dec 22 09:52:25 2016 New Revision: 429150 URL: https://svnweb.freebsd.org/changeset/ports/429150 Log: MFH: r429074 xen: apply XSA-202 Sponsored by: Citrix Systems R&D Approved by: ports-secteam (junovitch) Added: branches/2016Q4/emulators/xen-kernel/files/xsa202.patch - copied unchanged from r429074, head/emulators/xen-kernel/files/xsa202.patch Modified: branches/2016Q4/emulators/xen-kernel/Makefile Directory Properties: branches/2016Q4/ (props changed) Modified: branches/2016Q4/emulators/xen-kernel/Makefile ============================================================================== --- branches/2016Q4/emulators/xen-kernel/Makefile Thu Dec 22 09:01:01 2016 (r429149) +++ branches/2016Q4/emulators/xen-kernel/Makefile Thu Dec 22 09:52:25 2016 (r429150) @@ -3,7 +3,7 @@ PORTNAME= xen PKGNAMESUFFIX= -kernel PORTVERSION= 4.7.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= emulators MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/ @@ -46,7 +46,8 @@ EXTRA_PATCHES= ${FILESDIR}/0001-xen-logd ${FILESDIR}/xsa194.patch \ ${FILESDIR}/xsa195.patch \ ${FILESDIR}/xsa200-4.7.patch \ - ${FILESDIR}/xsa204-4.7.patch + ${FILESDIR}/xsa204-4.7.patch \ + ${FILESDIR}/xsa202.patch .include Copied: branches/2016Q4/emulators/xen-kernel/files/xsa202.patch (from r429074, head/emulators/xen-kernel/files/xsa202.patch) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q4/emulators/xen-kernel/files/xsa202.patch Thu Dec 22 09:52:25 2016 (r429150, copy of r429074, head/emulators/xen-kernel/files/xsa202.patch) @@ -0,0 +1,75 @@ +From: Jan Beulich +Subject: x86: force EFLAGS.IF on when exiting to PV guests + +Guest kernels modifying instructions in the process of being emulated +for another of their vCPU-s may effect EFLAGS.IF to be cleared upon +next exiting to guest context, by converting the being emulated +instruction to CLI (at the right point in time). Prevent any such bad +effects by always forcing EFLAGS.IF on. And to cover hypothetical other +similar issues, also force EFLAGS.{IOPL,NT,VM} to zero. + +This is XSA-202. + +Signed-off-by: Jan Beulich +Reviewed-by: Andrew Cooper +--- + +--- a/xen/arch/x86/x86_64/compat/entry.S ++++ b/xen/arch/x86/x86_64/compat/entry.S +@@ -109,6 +109,8 @@ compat_process_trap: + /* %rbx: struct vcpu, interrupts disabled */ + ENTRY(compat_restore_all_guest) + ASSERT_INTERRUPTS_DISABLED ++ mov $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11d ++ and UREGS_eflags(%rsp),%r11d + .Lcr4_orig: + .skip .Lcr4_alt_end - .Lcr4_alt, 0x90 + .Lcr4_orig_end: +@@ -144,6 +146,8 @@ ENTRY(compat_restore_all_guest) + (.Lcr4_orig_end - .Lcr4_orig), \ + (.Lcr4_alt_end - .Lcr4_alt) + .popsection ++ or $X86_EFLAGS_IF,%r11 ++ mov %r11d,UREGS_eflags(%rsp) + RESTORE_ALL adj=8 compat=1 + .Lft0: iretq + _ASM_PRE_EXTABLE(.Lft0, handle_exception) +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -40,28 +40,29 @@ restore_all_guest: + testw $TRAP_syscall,4(%rsp) + jz iret_exit_to_guest + ++ movq 24(%rsp),%r11 # RFLAGS ++ andq $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11 ++ orq $X86_EFLAGS_IF,%r11 ++ + /* Don't use SYSRET path if the return address is not canonical. */ + movq 8(%rsp),%rcx + sarq $47,%rcx + incl %ecx + cmpl $1,%ecx +- ja .Lforce_iret ++ movq 8(%rsp),%rcx # RIP ++ ja iret_exit_to_guest + + cmpw $FLAT_USER_CS32,16(%rsp)# CS +- movq 8(%rsp),%rcx # RIP +- movq 24(%rsp),%r11 # RFLAGS + movq 32(%rsp),%rsp # RSP + je 1f + sysretq + 1: sysretl + +-.Lforce_iret: +- /* Mimic SYSRET behavior. */ +- movq 8(%rsp),%rcx # RIP +- movq 24(%rsp),%r11 # RFLAGS + ALIGN + /* No special register assumptions. */ + iret_exit_to_guest: ++ andl $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),24(%rsp) ++ orl $X86_EFLAGS_IF,24(%rsp) + addq $8,%rsp + .Lft0: iretq + _ASM_PRE_EXTABLE(.Lft0, handle_exception)