diff options
author | Roger Pau Monné <royger@FreeBSD.org> | 2016-02-26 12:56:36 +0000 |
---|---|---|
committer | Roger Pau Monné <royger@FreeBSD.org> | 2016-02-26 12:56:36 +0000 |
commit | 286f646984730c036d47381df9ba9ba8f140b3a6 (patch) | |
tree | 738319946b170bf86adbbb8f0124d073e0b9f14d /emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch | |
parent | 755f7c8540eddfe4d4df848e8af5bf77b8edf01a (diff) | |
download | ports-286f646984730c036d47381df9ba9ba8f140b3a6.tar.gz ports-286f646984730c036d47381df9ba9ba8f140b3a6.zip |
xen: update port and apply security fixes
* Apply the following Xen security fixes (XSAs): 167, 168, 170.
* Update SeaBIOS version to 1.8.2, and apply build fix so it builds with
ELF toolchain objcopy [0].
* Perform the backport of two functional changes to the Xen kernel in order
to improve PVH Dom0 hardware support [1].
Security: CVE-2016-1570
Security: CVE-2016-1571
Security: CVE-2016-2271
Sponsored by: Citrix Systems R&D
Requested by: Gustau Pérez <gperez@entel.upc.edu> [1]
PR: 207170 [0]
Approved by: bapt
Differential revision: https://reviews.freebsd.org/D5420
Notes
Notes:
svn path=/head/; revision=409604
Diffstat (limited to 'emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch')
-rw-r--r-- | emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch b/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch new file mode 100644 index 000000000000..9ff23290678d --- /dev/null +++ b/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch @@ -0,0 +1,52 @@ +From 72d5acdc1d5b83107066e25054f9119e7771cf70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Wed, 20 May 2015 13:27:23 +0200 +Subject: [PATCH 2/2] x86/pvh: trap access to sensitive IO ports +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is needed so Xen can properly trap 4 byte accesses to 0xcf8 in order to +keep consistency with accesses to 0xcfc. + +The access to RTC ports also needs to be trapped in order to keep +consistency, this includes RTC_PORT(0) and RTC_PORT(1) (0x70 and 0x71 +respectively). + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +--- + xen/arch/x86/setup.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c +index cd333f9..2cc9185 100644 +--- a/xen/arch/x86/setup.c ++++ b/xen/arch/x86/setup.c +@@ -49,6 +49,7 @@ + #include <xen/cpu.h> + #include <asm/nmi.h> + #include <asm/alternative.h> ++#include <asm/mc146818rtc.h> + + /* opt_nosmp: If true, secondary processors are ignored. */ + static bool_t __initdata opt_nosmp; +@@ -1534,6 +1535,16 @@ void __hwdom_init setup_io_bitmap(struct domain *d) + rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000, + io_bitmap_cb, d); + BUG_ON(rc); ++ /* ++ * NB: we need to trap accesses to 0xcf8 in order to intercept ++ * 4 byte accesses, that need to be handled by Xen in order to ++ * keep consistency. ++ * Access to 1 byte RTC ports also needs to be trapped in order ++ * to keep consistency with PV. ++ */ ++ __set_bit(0xcf8, d->arch.hvm_domain.io_bitmap); ++ __set_bit(RTC_PORT(0), d->arch.hvm_domain.io_bitmap); ++ __set_bit(RTC_PORT(1), d->arch.hvm_domain.io_bitmap); + } + } + +-- +2.5.4 (Apple Git-61) + |