diff --git a/localgcc490fix.patch b/localgcc490fix.patch new file mode 100644 index 0000000..e34f4d7 --- /dev/null +++ b/localgcc490fix.patch @@ -0,0 +1,29 @@ +--- xen-4.4.0/Config.mk.orig 2014-04-29 20:54:43.117010822 +0100 ++++ xen-4.4.0/Config.mk 2014-04-29 20:58:23.100055325 +0100 +@@ -188,6 +188,8 @@ + CFLAGS += -std=gnu99 + + CFLAGS += -Wall -Wstrict-prototypes ++# add temporary build flags to identify build issues using gcc 4.9.0 ++CFLAGS += -Wno-error=maybe-uninitialized + + # Clang complains about macros that expand to 'if ( ( foo == bar ) ) ...' + # and is over-zealous with the printf format lint +--- xen-4.4.0/tools/blktap2/drivers/block-qcow.c.orig 2014-03-10 10:43:57.000000000 +0000 ++++ xen-4.4.0/tools/blktap2/drivers/block-qcow.c 2014-04-30 21:10:26.270699187 +0100 +@@ -427,6 +427,7 @@ + + if (posix_memalign((void **)&tmp_ptr, 4096, 4096) != 0) { + DPRINTF("ERROR allocating memory for L1 table\n"); ++ return -1; + } + memcpy(tmp_ptr, l1_ptr, 4096); + +@@ -600,6 +601,7 @@ + + if (posix_memalign((void **)&tmp_ptr2, 4096, 4096) != 0) { + DPRINTF("ERROR allocating memory for L1 table\n"); ++ return -1; + } + memcpy(tmp_ptr2, l2_ptr, 4096); + lseek(s->fd, l2_offset + (l2_sector << 12), SEEK_SET); diff --git a/xen.spec b/xen.spec index 73185d2..d4db6e3 100644 --- a/xen.spec +++ b/xen.spec @@ -48,7 +48,7 @@ Summary: Xen is a virtual machine monitor Name: xen Version: 4.4.0 -Release: 2%{?dist} +Release: 3%{?dist} Group: Development/Libraries License: GPLv2+ and LGPLv2+ and BSD URL: http://xen.org/ @@ -97,7 +97,9 @@ Patch20: xen.xsm.enable.patch Patch21: xen.64.bit.hyp.on.ix86.patch Patch22: xen.console.fix.patch Patch23: xsa89.patch +Patch24: xsa92.patch +Patch99: localgcc490fix.patch Patch100: xen-configure-xend.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -277,7 +279,9 @@ manage Xen virtual machines. %endif %patch22 -p1 %patch23 -p1 +%patch24 -p1 +%patch99 -p1 %patch100 -p1 # stubdom sources @@ -834,6 +838,11 @@ rm -rf %{buildroot} %endif %changelog +* Wed Apr 30 2014 Michael Young - 4.4.0-3 +- HVMOP_set_mem_type allows invalid P2M entries to be created [XSA-92] +- change -Wmaybe-uninitialized errors into warnings for gcc 4.9.0 +- fix a couple of -Wmaybe-uninitialized cases + * Wed Mar 26 2014 Michael Young - 4.4.0-2 - HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) diff --git a/xsa92.patch b/xsa92.patch new file mode 100644 index 0000000..60ef934 --- /dev/null +++ b/xsa92.patch @@ -0,0 +1,36 @@ +x86/HVM: restrict HVMOP_set_mem_type + +Permitting arbitrary type changes here has the potential of creating +present P2M (and hence EPT/NPT/IOMMU) entries pointing to an invalid +MFN (INVALID_MFN truncated to the respective hardware structure field's +width). This would become a problem the latest when something real sat +at the end of the physical address space; I'm suspecting though that +other things might break with such bogus entries. + +Along with that drop a bogus (and otherwise becoming stale) log +message. + +Afaict the similar operation in p2m_set_mem_access() is safe. + +This is XSA-92. + +Signed-off-by: Jan Beulich +Reviewed-by: Tim Deegan + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -4541,12 +4541,10 @@ long do_hvm_op(unsigned long op, XEN_GUE + rc = -EINVAL; + goto param_fail4; + } +- if ( p2m_is_grant(t) ) ++ if ( !p2m_is_ram(t) && ++ (!p2m_is_hole(t) || a.hvmmem_type != HVMMEM_mmio_dm) ) + { + put_gfn(d, pfn); +- gdprintk(XENLOG_WARNING, +- "type for pfn %#lx changed to grant while " +- "we were working?\n", pfn); + goto param_fail4; + } + else