Apply XSA 121, 122

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

diff --git a/SOURCES/xen-queue.am b/SOURCES/xen-queue.am
index 4605c1358f099e5a698e419b37009be8a33f91c1..06c48c54236a85bb3f6d76593bc35a2c38d6250c 100644 (file)
--- a/SOURCES/xen-queue.am
+++ b/SOURCES/xen-queue.am
@@ -2080,7 +2080,7 @@ index 647723d..2fac35d 100644
 1.9.1
 
 
-From 83f91ed9c0a5b054e6e96bf6e3816c25027f5aab Mon Sep 17 00:00:00 2001
+From 4f62968e95cd5ecf9b3bd3636ac7169db4d6f716 Mon Sep 17 00:00:00 2001
 From: George Dunlap <george.dunlap@eu.citrix.com>
 Date: Wed, 7 Jan 2015 15:42:07 +0000
 Subject: [PATCH] x86/HVM: prevent use-after-free when destroying a domain
@@ -2128,7 +2128,131 @@ index 3289604..eb7e498 100644
 1.9.1
 
 
-From 550e26ae99b7e6c5520ea3395207ca05251b37fa Mon Sep 17 00:00:00 2001
+From 791bbcd729d51ca87da917eb21033a5122046bec Mon Sep 17 00:00:00 2001
+From: George Dunlap <george.dunlap@eu.citrix.com>
+Date: Thu, 5 Mar 2015 12:01:29 +0000
+Subject: [PATCH] x86/HVM: return all ones on wrong-sized reads of system
+ device I/O ports
+
+So far the value presented to the guest remained uninitialized.
+
+This is XSA-121.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+---
+ xen/arch/x86/hvm/i8254.c   | 1 +
+ xen/arch/x86/hvm/pmtimer.c | 1 +
+ xen/arch/x86/hvm/rtc.c     | 3 ++-
+ xen/arch/x86/hvm/vpic.c    | 1 +
+ 4 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/xen/arch/x86/hvm/i8254.c b/xen/arch/x86/hvm/i8254.c
+index f7493b8..e92424e 100644
+--- a/xen/arch/x86/hvm/i8254.c
++++ b/xen/arch/x86/hvm/i8254.c
+@@ -477,6 +477,7 @@ static int handle_pit_io(
+     if ( bytes != 1 )
+     {
+         gdprintk(XENLOG_WARNING, "PIT bad access\n");
++        *val = ~0;
+         return X86EMUL_OKAY;
+     }
+ 
+diff --git a/xen/arch/x86/hvm/pmtimer.c b/xen/arch/x86/hvm/pmtimer.c
+index 01ae31d..6ad2797 100644
+--- a/xen/arch/x86/hvm/pmtimer.c
++++ b/xen/arch/x86/hvm/pmtimer.c
+@@ -213,6 +213,7 @@ static int handle_pmt_io(
+     if ( bytes != 4 )
+     {
+         gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n");
++        *val = ~0;
+         return X86EMUL_OKAY;
+     }
+     
+diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c
+index 639b4c5..30270cb 100644
+--- a/xen/arch/x86/hvm/rtc.c
++++ b/xen/arch/x86/hvm/rtc.c
+@@ -696,7 +696,8 @@ static int handle_rtc_io(
+ 
+     if ( bytes != 1 )
+     {
+-        gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n");
++        gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n");
++        *val = ~0;
+         return X86EMUL_OKAY;
+     }
+     
+diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c
+index fea3f68..6e4d422 100644
+--- a/xen/arch/x86/hvm/vpic.c
++++ b/xen/arch/x86/hvm/vpic.c
+@@ -324,6 +324,7 @@ static int vpic_intercept_pic_io(
+     if ( bytes != 1 )
+     {
+         gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes);
++        *val = ~0;
+         return X86EMUL_OKAY;
+     }
+ 
+-- 
+1.9.1
+
+
+From 14ed25021173d3b65527113d279151da342c3ed8 Mon Sep 17 00:00:00 2001
+From: George Dunlap <george.dunlap@eu.citrix.com>
+Date: Thu, 5 Mar 2015 12:01:34 +0000
+Subject: [PATCH] pre-fill structures for certain HYPERVISOR_xen_version
+ sub-ops
+
+... avoiding to pass hypervisor stack contents back to the caller
+through space unused by the respective strings.
+
+This is XSA-122.
+
+Acked-by: Jan Beulich <jbeulich@suse.com>
+---
+ xen/common/kernel.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xen/common/kernel.c b/xen/common/kernel.c
+index b371f8f..0e34e59 100644
+--- a/xen/common/kernel.c
++++ b/xen/common/kernel.c
+@@ -233,6 +233,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
+     case XENVER_extraversion:
+     {
+         xen_extraversion_t extraversion;
++
++        memset(extraversion, 0, sizeof(extraversion));
+         safe_strcpy(extraversion, xen_extra_version());
+         if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) )
+             return -EFAULT;
+@@ -242,6 +244,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
+     case XENVER_compile_info:
+     {
+         struct xen_compile_info info;
++
++        memset(&info, 0, sizeof(info));
+         safe_strcpy(info.compiler,       xen_compiler());
+         safe_strcpy(info.compile_by,     xen_compile_by());
+         safe_strcpy(info.compile_domain, xen_compile_domain());
+@@ -277,6 +281,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
+     case XENVER_changeset:
+     {
+         xen_changeset_info_t chgset;
++
++        memset(chgset, 0, sizeof(chgset));
+         safe_strcpy(chgset, xen_changeset());
+         if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) )
+             return -EFAULT;
+-- 
+1.9.1
+
+
+From 4d0627b18a481d53a7f35164c71c9744d5b37e73 Mon Sep 17 00:00:00 2001
 From: Wen Congyang <wency@cn.fujitsu.com>
 Date: Thu, 11 Dec 2014 16:21:21 +0000
 Subject: [PATCH] tools: libxl: pass correct file to qemu if we use blktap2
@@ -2186,7 +2310,7 @@ index f6f7bbd..65104d5 100644
 1.9.1
 
 
-From 5a8801b5c776aea8eaa4ba59e916012716714248 Mon Sep 17 00:00:00 2001
+From 6cb41c384de754be37fdd664a952dd9438607116 Mon Sep 17 00:00:00 2001
 From: George Dunlap <george.dunlap@eu.citrix.com>
 Date: Thu, 11 Dec 2014 16:23:09 +0000
 Subject: [PATCH] it: George Dunlap <george.dunlap@eu.citrix.com>
@@ -2257,7 +2381,7 @@ index 65104d5..aef7fb8 100644
 1.9.1
 
 
-From 9c9845d98985ab80d7c3d55b6f3023f72312ad3e Mon Sep 17 00:00:00 2001
+From 006e17057c4de3dc9b11673b159d6ad5c73722ed Mon Sep 17 00:00:00 2001
 From: Don Koch <dkoch@verizon.com>
 Date: Thu, 11 Dec 2014 17:02:21 +0000
 Subject: [PATCH] x86/HVM: sanity check xsave area when migrating or restoring
@@ -2352,7 +2476,7 @@ index eb7e498..18c1c26 100644
 1.9.1
 
 
-From 8e31bbfd10d2c9f067a4e14ce59bf17ad879a450 Mon Sep 17 00:00:00 2001
+From 03c5d6f11df1f3389387a52918c305a930387aa6 Mon Sep 17 00:00:00 2001
 From: Juergen Gross <jgross@suse.com>
 Date: Thu, 11 Dec 2014 17:02:33 +0000
 Subject: [PATCH] adjust number of domains in cpupools when destroying domain
@@ -2483,7 +2607,7 @@ index 4418883..996a08a 100644
 1.9.1
 
 
-From 375965a163fc2a24c4a45fa3c2747a59a6660eb8 Mon Sep 17 00:00:00 2001
+From ac4c1bdec8423c2d81ddc8f12075858c491e23ee Mon Sep 17 00:00:00 2001
 From: George Dunlap <george.dunlap@eu.citrix.com>
 Date: Mon, 15 Dec 2014 15:56:14 +0000
 Subject: [PATCH] Revert "libxl: prefer qdisk over blktap when choosing disk
@@ -2520,7 +2644,7 @@ index 29ed547..0f9fe2d 100644
 1.9.1
 
 
-From 51ecd6dd0a6dad5a92c0b771b808305ca4da6e8c Mon Sep 17 00:00:00 2001
+From abe3115a6be270f04b948020f5bc173180b8c04a Mon Sep 17 00:00:00 2001
 From: George Dunlap <george.dunlap@eu.citrix.com>
 Date: Wed, 15 Oct 2014 15:36:23 +0100
 Subject: [PATCH] xen-centos-disable-CFLAGS-for-qemu.patch
@@ -2545,7 +2669,7 @@ index 6610a8d..86d8a58 100644
 1.9.1
 
 
-From 9c1ed8dcdeb5b4d9f6a2bc5075217050c7480b2b Mon Sep 17 00:00:00 2001
+From 11c213a71b2d55db04653c10863c50cb695648d7 Mon Sep 17 00:00:00 2001
 From: George Dunlap <george.dunlap@eu.citrix.com>
 Date: Wed, 15 Oct 2014 15:36:23 +0100
 Subject: [PATCH] Adapt libxl to use blktap 2.5 v0.9.2

diff --git a/SPECS/xen.spec b/SPECS/xen.spec
index 2504382895edb88175fd5bad69b9a3f587724220..b4326f974d009f04039e1583309e1fc7ac63da65 100644 (file)
--- a/SPECS/xen.spec
+++ b/SPECS/xen.spec
@@ -19,7 +19,7 @@
 Summary: Xen is a virtual machine monitor
 Name:    xen
 Version: 4.4.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 Group:   Development/Libraries
 License: GPLv2+ and LGPLv2+ and BSD
 URL:     http://xen.org/
@@ -739,6 +739,9 @@ rm -rf %{buildroot}
 %endif
 
 %changelog
+* Thu Mar  5 2015 George Dunlap <george.dunlap@eu.citrix.com> - 4.4.1-6.el6.centos
+ - Import xsa-121, xsa-122
+
 * Wed Jan  7 2015 George Dunlap <george.dunlap@eu.citrix.com> - 4.4.1-5.el6.centos
  - Import xsa-116