From xen-announce-bounces@lists.xen.org Tue Feb 05 13:17:33 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:17:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMy-0007T0-DG; Tue, 05 Feb 2013 13:15:28 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMx-0007SU-9y; Tue, 05 Feb 2013 13:15:27 +0000 Received: from [85.158.143.99:40548] by server-2.bemta-4.messagelabs.com id 21/FB-01597-EE501115; Tue, 05 Feb 2013 13:15:26 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-12.tower-216.messagelabs.com!1360070121!22200145!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 27328 invoked from network); 5 Feb 2013 13:15:23 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-216.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:23 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMi-0003aO-Bd; Tue, 05 Feb 2013 13:15:12 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMi-0008AG-9I; Tue, 05 Feb 2013 13:15:12 +0000 Date: Tue, 05 Feb 2013 13:15:12 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 39 (CVE-2013-0216, CVE-2013-0217) - Linux netback DoS via malicious guest ring. X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0216,CVE-2013-0217 / XSA-39 version 2 Linux netback DoS via malicious guest ring. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an error path which is guest triggerable. IMPACT ====== A malicious guest can mount a DoS affecting the entire system. VULNERABLE SYSTEMS ================== All systems running guests with access to PV network devices are vulnerable. CVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch kernels. CVE-2013-0217 affects only mainline ("pvops") kernels. MITIGATION ========== Running HVM guests with only emulated or passthrough NICs or PV guests with only passthrough NICs will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patches in sequence resolves this issue. xsa39-pvops-*.patch Apply to mainline Linux 3.8-rc2 xsa39-classic-*.patch Apply to linux-2.6.18-xen tree. All patches for the given branch should be applied in numerical order. $ sha256sum xsa39*.patch 4b75961673b940f5eb31451080dd668b9119eb88db1df44db1a3ba4b0d037ce1 xsa39-classic-0001-xen-netback-garbage-ring.patch 096143750b99eb2d88970338c3f9debfbbfdaef766525a620281b28528ebe0ce xsa39-classic-0002-xen-netback-wrap-around.patch 99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5 xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969 xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch 70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch 5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI5AAoJEIP+FMlX6CvZLbcIAL7gpD+EzDjb+g3ZlORl1jPV +icqyDoPWeWructbggY+YcJJc2IavNrRXBSN/9edSTUXSi7YTW+Tjeh8bcLza1JM McWKxPtJB8CKEIAjAeT8qMVaNUNQuJQTtTLtXHGuQE6xwxK8YmgLzQSx91OOp9Bx 49GK1Ptnp7bQoEoc7B3oN6GXr/hs/FvaD0Cr481yUxXX1GxV+AL7sxXiJ4kXu1rE UTSLFAzUfw1KWI5wP3GQCREhysCvgIq4mZyD5+TF8MUagpg+m1aURs2AUUxrJ/Zw o+LVEKWYRsTtWIRtwYOdPHn73bllyPOrBgimTDBM9rY9CztOnN8yoPRlUz0Sux0= =UhBt -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa39-classic-0001-xen-netback-garbage-ring.patch" Content-Disposition: attachment; filename="xsa39-classic-0001-xen-netback-garbage-ring.patch" Content-Transfer-Encoding: base64 bmV0YmFjazogc2h1dGRvd24gdGhlIHJpbmcgaWYgaXQgY29udGFpbnMgZ2Fy YmFnZQoKQSBidWdneSBvciBtYWxpY2lvdXMgZnJvbnRlbmQgc2hvdWxkIG5v dCBiZSBhYmxlIHRvIGNvbmZ1c2UgbmV0YmFjay4KSWYgd2Ugc3BvdCBhbnl0 aGluZyB3aGljaCBpcyBub3QgYXMgaXQgc2hvdWxkIGJlIHRoZW4gc2h1dGRv d24gdGhlCmRldmljZSBhbmQgZG9uJ3QgdHJ5IHRvIGNvbnRpbnVlIHdpdGgg dGhlIHJpbmcgaW4gYSBwb3RlbnRpYWxseQpob3N0aWxlIHN0YXRlLiBXZWxs IGJlaGF2ZWQgYW5kIG5vbi1ob3N0aWxlIGZyb250ZW5kcyB3aWxsIG5vdCBi ZQpwZW5hbGlzZWQuCgpBcyB3ZWxsIGFzIG1ha2luZyB0aGUgZXhpc3Rpbmcg Y2hlY2tzIGZvciBzdWNoIGVycm9ycyBmYXRhbCBhbHNvIGFkZCBhCm5ldyBj aGVjayB0aGF0IGVuc3VyZXMgdGhhdCB0aGVyZSBpc24ndCBhbiBpbnNhbmUg bnVtYmVyIG9mIHJlcXVlc3RzCm9uIHRoZSByaW5nIChpLmUuIG1vcmUgdGhh biB3b3VsZCBmaXQgaW4gdGhlIHJpbmcpLiBJZiB0aGUgcmluZwpjb250YWlu cyBnYXJiYWdlIHRoZW4gcHJldmlvdXNseSBpcyB3YXMgcG9zc2libGUgdG8g bG9vcCBvdmVyIHRoaXMKaW5zYW5lIG51bWJlciwgZ2V0dGluZyBhbiBlcnJv ciBlYWNoIHRpbWUgYW5kIHRoZXJlZm9yZSBub3QgZ2VuZXJhdGluZwphbnkg bW9yZSBwZW5kaW5nIHJlcXVlc3RzIGFuZCB0aGVyZWZvcmUgbm90IGV4aXRp bmcgdGhlIGxvb3AgaW4KeGVuX25ldGJrX3R4X2J1aWxkX2dvcHMgZm9yIGFu IGV4dGVybmRlZCBwZXJpb2QuCgpBbHNvIHR1cm4gdmFyaW91cyBuZXRkZXZf ZGJnIGNhbGxzIHdoaWNoIG5vIHByZWNpcGl0YXRlIGEgZmF0YWwgZXJyb3IK aW50byBuZXRkZXZfZXJyLCB0aGV5IGFyZSByYXRlIGxpbWl0ZWQgYmVjYXVz ZSB0aGUgZGV2aWNlIGlzIHNodXRkb3duCmFmdGVyd2FyZHMuCgpUaGlzIGZp eGVzIGF0IGxlYXN0IG9uZSBrbm93biBEb1Mvc29mdGxvY2t1cCBvZiB0aGUg YmFja2VuZCBkb21haW4uCgpTaWduZWQtb2ZmLWJ5OiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8SkJldWxpY2hAc3VzZS5jb20+CgotLS0gYS9kcml2ZXJzL3hl bi9uZXRiYWNrL2NvbW1vbi5oCisrKyBiL2RyaXZlcnMveGVuL25ldGJhY2sv Y29tbW9uLmgKQEAgLTIwNCw2ICsyMDQsOSBAQCBpbnQgbmV0aWZfYmVfc3Rh cnRfeG1pdChzdHJ1Y3Qgc2tfYnVmZiAqCiBzdHJ1Y3QgbmV0X2RldmljZV9z dGF0cyAqbmV0aWZfYmVfZ2V0X3N0YXRzKHN0cnVjdCBuZXRfZGV2aWNlICpk ZXYpOwogaXJxcmV0dXJuX3QgbmV0aWZfYmVfaW50KGludCBpcnEsIHZvaWQg KmRldl9pZCwgc3RydWN0IHB0X3JlZ3MgKnJlZ3MpOwogCisvKiBQcmV2ZW50 IHRoZSBkZXZpY2UgZnJvbSBnZW5lcmF0aW5nIGFueSBmdXJ0aGVyIHRyYWZm aWMuICovCit2b2lkIHhlbnZpZl9jYXJyaWVyX29mZihuZXRpZl90ICpuZXRp Zik7CisKIHN0YXRpYyBpbmxpbmUgaW50IG5ldGJrX2Nhbl9xdWV1ZShzdHJ1 Y3QgbmV0X2RldmljZSAqZGV2KQogewogCW5ldGlmX3QgKm5ldGlmID0gbmV0 ZGV2X3ByaXYoZGV2KTsKLS0tIGEvZHJpdmVycy94ZW4vbmV0YmFjay9pbnRl cmZhY2UuYworKysgYi9kcml2ZXJzL3hlbi9uZXRiYWNrL2ludGVyZmFjZS5j CkBAIC0zNDcsMTkgKzM0NywyMyBAQCBlcnJfcng6CiAJcmV0dXJuIGVycjsK IH0KIAordm9pZCB4ZW52aWZfY2Fycmllcl9vZmYobmV0aWZfdCAqbmV0aWYp Cit7CisJcnRubF9sb2NrKCk7CisJbmV0YmFja19jYXJyaWVyX29mZihuZXRp Zik7CisJbmV0aWZfY2Fycmllcl9vZmYobmV0aWYtPmRldik7IC8qIGRpc2Nh cmQgcXVldWVkIHBhY2tldHMgKi8KKwlpZiAobmV0aWZfcnVubmluZyhuZXRp Zi0+ZGV2KSkKKwkJX19uZXRpZl9kb3duKG5ldGlmKTsKKwlydG5sX3VubG9j aygpOworCW5ldGlmX3B1dChuZXRpZik7Cit9CisKIHZvaWQgbmV0aWZfZGlz Y29ubmVjdChzdHJ1Y3QgYmFja2VuZF9pbmZvICpiZSkKIHsKIAluZXRpZl90 ICpuZXRpZiA9IGJlLT5uZXRpZjsKIAotCWlmIChuZXRiYWNrX2NhcnJpZXJf b2sobmV0aWYpKSB7Ci0JCXJ0bmxfbG9jaygpOwotCQluZXRiYWNrX2NhcnJp ZXJfb2ZmKG5ldGlmKTsKLQkJbmV0aWZfY2Fycmllcl9vZmYobmV0aWYtPmRl dik7IC8qIGRpc2NhcmQgcXVldWVkIHBhY2tldHMgKi8KLQkJaWYgKG5ldGlm X3J1bm5pbmcobmV0aWYtPmRldikpCi0JCQlfX25ldGlmX2Rvd24obmV0aWYp OwotCQlydG5sX3VubG9jaygpOwotCQluZXRpZl9wdXQobmV0aWYpOwotCX0K KwlpZiAobmV0YmFja19jYXJyaWVyX29rKG5ldGlmKSkKKwkJeGVudmlmX2Nh cnJpZXJfb2ZmKG5ldGlmKTsKIAogCWF0b21pY19kZWMoJm5ldGlmLT5yZWZj bnQpOwogCXdhaXRfZXZlbnQobmV0aWYtPndhaXRpbmdfdG9fZnJlZSwgYXRv bWljX3JlYWQoJm5ldGlmLT5yZWZjbnQpID09IDApOwotLS0gYS9kcml2ZXJz L3hlbi9uZXRiYWNrL25ldGJhY2suYworKysgYi9kcml2ZXJzL3hlbi9uZXRi YWNrL25ldGJhY2suYwpAQCAtMTAyMCw2ICsxMDIwLDE0IEBAIHN0YXRpYyB2 b2lkIG5ldGJrX3R4X2VycihuZXRpZl90ICpuZXRpZiwKIAluZXRpZl9wdXQo bmV0aWYpOwogfQogCitzdGF0aWMgdm9pZCBuZXRia19mYXRhbF90eF9lcnIo bmV0aWZfdCAqbmV0aWYpCit7CisJcHJpbnRrKEtFUk5fRVJSICIlczogZmF0 YWwgZXJyb3I7IGRpc2FibGluZyBkZXZpY2VcbiIsCisJICAgICAgIG5ldGlm LT5kZXYtPm5hbWUpOworCXhlbnZpZl9jYXJyaWVyX29mZihuZXRpZik7CisJ bmV0aWZfcHV0KG5ldGlmKTsKK30KKwogc3RhdGljIGludCBuZXRia19jb3Vu dF9yZXF1ZXN0cyhuZXRpZl90ICpuZXRpZiwgbmV0aWZfdHhfcmVxdWVzdF90 ICpmaXJzdCwKIAkJCQluZXRpZl90eF9yZXF1ZXN0X3QgKnR4cCwgaW50IHdv cmtfdG9fZG8pCiB7CkBAIC0xMDMxLDE5ICsxMDM5LDI1IEBAIHN0YXRpYyBp bnQgbmV0YmtfY291bnRfcmVxdWVzdHMobmV0aWZfdCAKIAogCWRvIHsKIAkJ aWYgKGZyYWdzID49IHdvcmtfdG9fZG8pIHsKLQkJCURQUklOVEsoIk5lZWQg bW9yZSBmcmFnc1xuIik7CisJCQlwcmludGsoS0VSTl9FUlIgIiVzOiBOZWVk IG1vcmUgZnJhZ3NcbiIsCisJCQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSk7 CisJCQluZXRia19mYXRhbF90eF9lcnIobmV0aWYpOwogCQkJcmV0dXJuIC1m cmFnczsKIAkJfQogCiAJCWlmICh1bmxpa2VseShmcmFncyA+PSBNQVhfU0tC X0ZSQUdTKSkgewotCQkJRFBSSU5USygiVG9vIG1hbnkgZnJhZ3NcbiIpOwor CQkJcHJpbnRrKEtFUk5fRVJSICIlczogVG9vIG1hbnkgZnJhZ3NcbiIsCisJ CQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSk7CisJCQluZXRia19mYXRhbF90 eF9lcnIobmV0aWYpOwogCQkJcmV0dXJuIC1mcmFnczsKIAkJfQogCiAJCW1l bWNweSh0eHAsIFJJTkdfR0VUX1JFUVVFU1QoJm5ldGlmLT50eCwgY29ucyAr IGZyYWdzKSwKIAkJICAgICAgIHNpemVvZigqdHhwKSk7CiAJCWlmICh0eHAt PnNpemUgPiBmaXJzdC0+c2l6ZSkgewotCQkJRFBSSU5USygiRnJhZ3MgZ2Fs b3JlXG4iKTsKKwkJCXByaW50ayhLRVJOX0VSUiAiJXM6IEZyYWcgaXMgYmln Z2VyIHRoYW4gZnJhbWUuXG4iLAorCQkJICAgICAgIG5ldGlmLT5kZXYtPm5h bWUpOworCQkJbmV0YmtfZmF0YWxfdHhfZXJyKG5ldGlmKTsKIAkJCXJldHVy biAtZnJhZ3M7CiAJCX0KIApAQCAtMTA1MSw4ICsxMDY1LDkgQEAgc3RhdGlj IGludCBuZXRia19jb3VudF9yZXF1ZXN0cyhuZXRpZl90IAogCQlmcmFncysr OwogCiAJCWlmICh1bmxpa2VseSgodHhwLT5vZmZzZXQgKyB0eHAtPnNpemUp ID4gUEFHRV9TSVpFKSkgewotCQkJRFBSSU5USygidHhwLT5vZmZzZXQ6ICV4 LCBzaXplOiAldVxuIiwKLQkJCQl0eHAtPm9mZnNldCwgdHhwLT5zaXplKTsK KwkJCXByaW50ayhLRVJOX0VSUiAiJXM6IHR4cC0+b2Zmc2V0OiAleCwgc2l6 ZTogJXVcbiIsCisJCQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSwgdHhwLT5v ZmZzZXQsIHR4cC0+c2l6ZSk7CisJCQluZXRia19mYXRhbF90eF9lcnIobmV0 aWYpOwogCQkJcmV0dXJuIC1mcmFnczsKIAkJfQogCX0gd2hpbGUgKCh0eHAr KyktPmZsYWdzICYgTkVUVFhGX21vcmVfZGF0YSk7CkBAIC0xMTk1LDcgKzEy MTAsOSBAQCBpbnQgbmV0YmtfZ2V0X2V4dHJhcyhuZXRpZl90ICpuZXRpZiwg c3RyCiAKIAlkbyB7CiAJCWlmICh1bmxpa2VseSh3b3JrX3RvX2RvLS0gPD0g MCkpIHsKLQkJCURQUklOVEsoIk1pc3NpbmcgZXh0cmEgaW5mb1xuIik7CisJ CQlwcmludGsoS0VSTl9FUlIgIiVzOiBNaXNzaW5nIGV4dHJhIGluZm9cbiIs CisJCQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSk7CisJCQluZXRia19mYXRh bF90eF9lcnIobmV0aWYpOwogCQkJcmV0dXJuIC1FQkFEUjsKIAkJfQogCkBA IC0xMjA0LDcgKzEyMjEsOSBAQCBpbnQgbmV0YmtfZ2V0X2V4dHJhcyhuZXRp Zl90ICpuZXRpZiwgc3RyCiAJCWlmICh1bmxpa2VseSghZXh0cmEudHlwZSB8 fAogCQkJICAgICBleHRyYS50eXBlID49IFhFTl9ORVRJRl9FWFRSQV9UWVBF X01BWCkpIHsKIAkJCW5ldGlmLT50eC5yZXFfY29ucyA9ICsrY29uczsKLQkJ CURQUklOVEsoIkludmFsaWQgZXh0cmEgdHlwZTogJWRcbiIsIGV4dHJhLnR5 cGUpOworCQkJcHJpbnRrKEtFUk5fRVJSICIlczogSW52YWxpZCBleHRyYSB0 eXBlOiAlZFxuIiwKKwkJCSAgICAgICBuZXRpZi0+ZGV2LT5uYW1lLCBleHRy YS50eXBlKTsKKwkJCW5ldGJrX2ZhdGFsX3R4X2VycihuZXRpZik7CiAJCQly ZXR1cm4gLUVJTlZBTDsKIAkJfQogCkBAIC0xMjE1LDE2ICsxMjM0LDIxIEBA IGludCBuZXRia19nZXRfZXh0cmFzKG5ldGlmX3QgKm5ldGlmLCBzdHIKIAly ZXR1cm4gd29ya190b19kbzsKIH0KIAotc3RhdGljIGludCBuZXRia19zZXRf c2tiX2dzbyhzdHJ1Y3Qgc2tfYnVmZiAqc2tiLCBzdHJ1Y3QgbmV0aWZfZXh0 cmFfaW5mbyAqZ3NvKQorc3RhdGljIGludCBuZXRia19zZXRfc2tiX2dzbyhu ZXRpZl90ICpuZXRpZiwgc3RydWN0IHNrX2J1ZmYgKnNrYiwKKwkJCSAgICAg c3RydWN0IG5ldGlmX2V4dHJhX2luZm8gKmdzbykKIHsKIAlpZiAoIWdzby0+ dS5nc28uc2l6ZSkgewotCQlEUFJJTlRLKCJHU08gc2l6ZSBtdXN0IG5vdCBi ZSB6ZXJvLlxuIik7CisJCXByaW50ayhLRVJOX0VSUiAiJXM6IEdTTyBzaXpl IG11c3Qgbm90IGJlIHplcm8uXG4iLAorCQkgICAgICAgbmV0aWYtPmRldi0+ bmFtZSk7CisJCW5ldGJrX2ZhdGFsX3R4X2VycihuZXRpZik7CiAJCXJldHVy biAtRUlOVkFMOwogCX0KIAogCS8qIEN1cnJlbnRseSBvbmx5IFRDUHY0IFMu Ty4gaXMgc3VwcG9ydGVkLiAqLwogCWlmIChnc28tPnUuZ3NvLnR5cGUgIT0g WEVOX05FVElGX0dTT19UWVBFX1RDUFY0KSB7Ci0JCURQUklOVEsoIkJhZCBH U08gdHlwZSAlZC5cbiIsIGdzby0+dS5nc28udHlwZSk7CisJCXByaW50ayhL RVJOX0VSUiAiJXM6IEJhZCBHU08gdHlwZSAlZC5cbiIsCisJCSAgICAgICBu ZXRpZi0+ZGV2LT5uYW1lLCBnc28tPnUuZ3NvLnR5cGUpOworCQluZXRia19m YXRhbF90eF9lcnIobmV0aWYpOwogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAK QEAgLTEyNTksOSArMTI4MywyNSBAQCBzdGF0aWMgdm9pZCBuZXRfdHhfYWN0 aW9uKHVuc2lnbmVkIGxvbmcgCiAJCSFsaXN0X2VtcHR5KCZuZXRfc2NoZWR1 bGVfbGlzdCkpIHsKIAkJLyogR2V0IGEgbmV0aWYgZnJvbSB0aGUgbGlzdCB3 aXRoIHdvcmsgdG8gZG8uICovCiAJCW5ldGlmID0gcG9sbF9uZXRfc2NoZWR1 bGVfbGlzdCgpOworCQkvKgorCQkgKiBUaGlzIGNhbiBzb21ldGltZXMgaGFw cGVuIGJlY2F1c2UgdGhlIHRlc3Qgb2YKKwkJICogbGlzdF9lbXB0eShuZXRf c2NoZWR1bGVfbGlzdCkgYXQgdGhlIHRvcCBvZiB0aGUKKwkJICogbG9vcCBp cyB1bmxvY2tlZC4gIEp1c3QgZ28gYmFjayBhbmQgaGF2ZSBhbm90aGVyCisJ CSAqIGxvb2suCisJCSAqLwogCQlpZiAoIW5ldGlmKQogCQkJY29udGludWU7 CiAKKwkJaWYgKG5ldGlmLT50eC5zcmluZy0+cmVxX3Byb2QgLSBuZXRpZi0+ dHgucmVxX2NvbnMgPgorCQkgICAgTkVUX1RYX1JJTkdfU0laRSkgeworCQkJ cHJpbnRrKEtFUk5fRVJSICIlczogSW1wb3NzaWJsZSBudW1iZXIgb2YgcmVx dWVzdHMuICIKKwkJCSAgICAgICAicmVxX3Byb2QgJXUsIHJlcV9jb25zICV1 LCBzaXplICVsdVxuIiwKKwkJCSAgICAgICBuZXRpZi0+ZGV2LT5uYW1lLCBu ZXRpZi0+dHguc3JpbmctPnJlcV9wcm9kLAorCQkJICAgICAgIG5ldGlmLT50 eC5yZXFfY29ucywgTkVUX1RYX1JJTkdfU0laRSk7CisJCQluZXRia19mYXRh bF90eF9lcnIobmV0aWYpOworCQkJY29udGludWU7CisJCX0KKwogCQlSSU5H X0ZJTkFMX0NIRUNLX0ZPUl9SRVFVRVNUUygmbmV0aWYtPnR4LCB3b3JrX3Rv X2RvKTsKIAkJaWYgKCF3b3JrX3RvX2RvKSB7CiAJCQluZXRpZl9wdXQobmV0 aWYpOwpAQCAtMTMxMywxNyArMTM1MywxNCBAQCBzdGF0aWMgdm9pZCBuZXRf dHhfYWN0aW9uKHVuc2lnbmVkIGxvbmcgCiAJCQl3b3JrX3RvX2RvID0gbmV0 YmtfZ2V0X2V4dHJhcyhuZXRpZiwgZXh0cmFzLAogCQkJCQkJICAgICAgd29y a190b19kbyk7CiAJCQlpID0gbmV0aWYtPnR4LnJlcV9jb25zOwotCQkJaWYg KHVubGlrZWx5KHdvcmtfdG9fZG8gPCAwKSkgewotCQkJCW5ldGJrX3R4X2Vy cihuZXRpZiwgJnR4cmVxLCBpKTsKKwkJCWlmICh1bmxpa2VseSh3b3JrX3Rv X2RvIDwgMCkpCiAJCQkJY29udGludWU7Ci0JCQl9CiAJCX0KIAogCQlyZXQg PSBuZXRia19jb3VudF9yZXF1ZXN0cyhuZXRpZiwgJnR4cmVxLCB0eGZyYWdz LCB3b3JrX3RvX2RvKTsKLQkJaWYgKHVubGlrZWx5KHJldCA8IDApKSB7Ci0J CQluZXRia190eF9lcnIobmV0aWYsICZ0eHJlcSwgaSAtIHJldCk7CisJCWlm ICh1bmxpa2VseShyZXQgPCAwKSkKIAkJCWNvbnRpbnVlOwotCQl9CisKIAkJ aSArPSByZXQ7CiAKIAkJaWYgKHVubGlrZWx5KHR4cmVxLnNpemUgPCBFVEhf SExFTikpIHsKQEAgLTEzMzQsMTAgKzEzNzEsMTAgQEAgc3RhdGljIHZvaWQg bmV0X3R4X2FjdGlvbih1bnNpZ25lZCBsb25nIAogCiAJCS8qIE5vIGNyb3Nz aW5nIGEgcGFnZSBhcyB0aGUgcGF5bG9hZCBtdXN0bid0IGZyYWdtZW50LiAq LwogCQlpZiAodW5saWtlbHkoKHR4cmVxLm9mZnNldCArIHR4cmVxLnNpemUp ID4gUEFHRV9TSVpFKSkgewotCQkJRFBSSU5USygidHhyZXEub2Zmc2V0OiAl eCwgc2l6ZTogJXUsIGVuZDogJWx1XG4iLCAKLQkJCQl0eHJlcS5vZmZzZXQs IHR4cmVxLnNpemUsIAotCQkJCSh0eHJlcS5vZmZzZXQgJn5QQUdFX01BU0sp ICsgdHhyZXEuc2l6ZSk7Ci0JCQluZXRia190eF9lcnIobmV0aWYsICZ0eHJl cSwgaSk7CisJCQlwcmludGsoS0VSTl9FUlIgIiVzOiB0eHJlcS5vZmZzZXQ6 ICV4LCBzaXplOiAldSwgZW5kOiAlbHVcbiIsCisJCQkgICAgICAgbmV0aWYt PmRldi0+bmFtZSwgdHhyZXEub2Zmc2V0LCB0eHJlcS5zaXplLAorCQkJICAg ICAgICh0eHJlcS5vZmZzZXQgJiB+UEFHRV9NQVNLKSArIHR4cmVxLnNpemUp OworCQkJbmV0YmtfZmF0YWxfdHhfZXJyKG5ldGlmKTsKIAkJCWNvbnRpbnVl OwogCQl9CiAKQEAgLTEzNjIsOSArMTM5OSw5IEBAIHN0YXRpYyB2b2lkIG5l dF90eF9hY3Rpb24odW5zaWduZWQgbG9uZyAKIAkJCXN0cnVjdCBuZXRpZl9l eHRyYV9pbmZvICpnc287CiAJCQlnc28gPSAmZXh0cmFzW1hFTl9ORVRJRl9F WFRSQV9UWVBFX0dTTyAtIDFdOwogCi0JCQlpZiAobmV0Ymtfc2V0X3NrYl9n c28oc2tiLCBnc28pKSB7CisJCQlpZiAobmV0Ymtfc2V0X3NrYl9nc28obmV0 aWYsIHNrYiwgZ3NvKSkgeworCQkJCS8qIEZhaWx1cmUgaW4gbmV0Ymtfc2V0 X3NrYl9nc28gaXMgZmF0YWwuICovCiAJCQkJa2ZyZWVfc2tiKHNrYik7Ci0J CQkJbmV0YmtfdHhfZXJyKG5ldGlmLCAmdHhyZXEsIGkpOwogCQkJCWNvbnRp bnVlOwogCQkJfQogCQl9Cg== --=separator Content-Type: application/octet-stream; name="xsa39-classic-0002-xen-netback-wrap-around.patch" Content-Disposition: attachment; filename="xsa39-classic-0002-xen-netback-wrap-around.patch" Content-Transfer-Encoding: base64 bmV0YmFjazogY29ycmVjdCBuZXRia190eF9lcnIoKSB0byBoYW5kbGUgd3Jh cCBhcm91bmQKClNpZ25lZC1vZmYtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNh bXBiZWxsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNo IDxKQmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL2RyaXZlcnMveGVuL25ldGJh Y2svbmV0YmFjay5jCisrKyBiL2RyaXZlcnMveGVuL25ldGJhY2svbmV0YmFj ay5jCkBAIC0xMDExLDcgKzEwMTEsNyBAQCBzdGF0aWMgdm9pZCBuZXRia190 eF9lcnIobmV0aWZfdCAqbmV0aWYsCiAKIAlkbyB7CiAJCW1ha2VfdHhfcmVz cG9uc2UobmV0aWYsIHR4cCwgTkVUSUZfUlNQX0VSUk9SKTsKLQkJaWYgKGNv bnMgPj0gZW5kKQorCQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKIAkJ dHhwID0gUklOR19HRVRfUkVRVUVTVCgmbmV0aWYtPnR4LCBjb25zKyspOwog CX0gd2hpbGUgKDEpOwo= --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch" Content-Disposition: attachment; filename="xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch" Content-Transfer-Encoding: base64 RnJvbSA3ZGQ3Y2U0NDU5M2E4YzRjNzE1ZmE2NjUwMjdhZjhlMDcyNDVjOGNm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDExIEphbiAy MDEzIDE0OjI2OjI5ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzRdIHhlbi9u ZXRiYWNrOiBzaHV0ZG93biB0aGUgcmluZyBpZiBpdCBjb250YWlucyBnYXJi YWdlLgoKQSBidWdneSBvciBtYWxpY2lvdXMgZnJvbnRlbmQgc2hvdWxkIG5v dCBiZSBhYmxlIHRvIGNvbmZ1c2UgbmV0YmFjay4KSWYgd2Ugc3BvdCBhbnl0 aGluZyB3aGljaCBpcyBub3QgYXMgaXQgc2hvdWxkIGJlIHRoZW4gc2h1dGRv d24gdGhlCmRldmljZSBhbmQgZG9uJ3QgdHJ5IHRvIGNvbnRpbnVlIHdpdGgg dGhlIHJpbmcgaW4gYSBwb3RlbnRpYWxseQpob3N0aWxlIHN0YXRlLiBXZWxs IGJlaGF2ZWQgYW5kIG5vbi1ob3N0aWxlIGZyb250ZW5kcyB3aWxsIG5vdCBi ZQpwZW5hbGlzZWQuCgpBcyB3ZWxsIGFzIG1ha2luZyB0aGUgZXhpc3Rpbmcg Y2hlY2tzIGZvciBzdWNoIGVycm9ycyBmYXRhbCBhbHNvIGFkZCBhCm5ldyBj aGVjayB0aGF0IGVuc3VyZXMgdGhhdCB0aGVyZSBpc24ndCBhbiBpbnNhbmUg bnVtYmVyIG9mIHJlcXVlc3RzCm9uIHRoZSByaW5nIChpLmUuIG1vcmUgdGhh biB3b3VsZCBmaXQgaW4gdGhlIHJpbmcpLiBJZiB0aGUgcmluZwpjb250YWlu cyBnYXJiYWdlIHRoZW4gcHJldmlvdXNseSBpcyB3YXMgcG9zc2libGUgdG8g bG9vcCBvdmVyIHRoaXMKaW5zYW5lIG51bWJlciwgZ2V0dGluZyBhbiBlcnJv ciBlYWNoIHRpbWUgYW5kIHRoZXJlZm9yZSBub3QgZ2VuZXJhdGluZwphbnkg bW9yZSBwZW5kaW5nIHJlcXVlc3RzIGFuZCB0aGVyZWZvcmUgbm90IGV4aXRp bmcgdGhlIGxvb3AgaW4KeGVuX25ldGJrX3R4X2J1aWxkX2dvcHMgZm9yIGFu IGV4dGVybmRlZCBwZXJpb2QuCgpBbHNvIHR1cm4gdmFyaW91cyBuZXRkZXZf ZGJnIGNhbGxzIHdoaWNoIG5vIHByZWNpcGl0YXRlIGEgZmF0YWwgZXJyb3IK aW50byBuZXRkZXZfZXJyLCB0aGV5IGFyZSByYXRlIGxpbWl0ZWQgYmVjYXVz ZSB0aGUgZGV2aWNlIGlzIHNodXRkb3duCmFmdGVyd2FyZHMuCgpUaGlzIGZp eGVzIGF0IGxlYXN0IG9uZSBrbm93biBEb1Mvc29mdGxvY2t1cCBvZiB0aGUg YmFja2VuZCBkb21haW4uCgpTaWduZWQtb2ZmLWJ5OiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogS29ucmFk IFJ6ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgpBY2tl ZC1ieTogSmFuIEJldWxpY2ggPEpCZXVsaWNoQHN1c2UuY29tPgotLS0KIGRy aXZlcnMvbmV0L3hlbi1uZXRiYWNrL2NvbW1vbi5oICAgIHwgICAgMyArKwog ZHJpdmVycy9uZXQveGVuLW5ldGJhY2svaW50ZXJmYWNlLmMgfCAgIDIzICsr KysrKysrLS0tLS0KIGRyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2su YyAgIHwgICA2MyArKysrKysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0t CiAzIGZpbGVzIGNoYW5nZWQsIDYzIGluc2VydGlvbnMoKyksIDI2IGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNr L2NvbW1vbi5oIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svY29tbW9uLmgK aW5kZXggOTRiNzljMy4uOWQ3ZjE3MiAxMDA2NDQKLS0tIGEvZHJpdmVycy9u ZXQveGVuLW5ldGJhY2svY29tbW9uLmgKKysrIGIvZHJpdmVycy9uZXQveGVu LW5ldGJhY2svY29tbW9uLmgKQEAgLTE1MSw2ICsxNTEsOSBAQCB2b2lkIHhl bl9uZXRia19xdWV1ZV90eF9za2Ioc3RydWN0IHhlbnZpZiAqdmlmLCBzdHJ1 Y3Qgc2tfYnVmZiAqc2tiKTsKIC8qIE5vdGlmeSB4ZW52aWYgdGhhdCByaW5n IG5vdyBoYXMgc3BhY2UgdG8gc2VuZCBhbiBza2IgdG8gdGhlIGZyb250ZW5k ICovCiB2b2lkIHhlbnZpZl9ub3RpZnlfdHhfY29tcGxldGlvbihzdHJ1Y3Qg eGVudmlmICp2aWYpOwogCisvKiBQcmV2ZW50IHRoZSBkZXZpY2UgZnJvbSBn ZW5lcmF0aW5nIGFueSBmdXJ0aGVyIHRyYWZmaWMuICovCit2b2lkIHhlbnZp Zl9jYXJyaWVyX29mZihzdHJ1Y3QgeGVudmlmICp2aWYpOworCiAvKiBSZXR1 cm5zIG51bWJlciBvZiByaW5nIHNsb3RzIHJlcXVpcmVkIHRvIHNlbmQgYW4g c2tiIHRvIHRoZSBmcm9udGVuZCAqLwogdW5zaWduZWQgaW50IHhlbl9uZXRi a19jb3VudF9za2Jfc2xvdHMoc3RydWN0IHhlbnZpZiAqdmlmLCBzdHJ1Y3Qg c2tfYnVmZiAqc2tiKTsKIApkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQveGVu LW5ldGJhY2svaW50ZXJmYWNlLmMgYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFj ay9pbnRlcmZhY2UuYwppbmRleCBiN2Q0MWY4Li5iOGM1MTkzIDEwMDY0NAot LS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9pbnRlcmZhY2UuYworKysg Yi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9pbnRlcmZhY2UuYwpAQCAtMzQz LDE3ICszNDMsMjIgQEAgZXJyOgogCXJldHVybiBlcnI7CiB9CiAKLXZvaWQg eGVudmlmX2Rpc2Nvbm5lY3Qoc3RydWN0IHhlbnZpZiAqdmlmKQordm9pZCB4 ZW52aWZfY2Fycmllcl9vZmYoc3RydWN0IHhlbnZpZiAqdmlmKQogewogCXN0 cnVjdCBuZXRfZGV2aWNlICpkZXYgPSB2aWYtPmRldjsKLQlpZiAobmV0aWZf Y2Fycmllcl9vayhkZXYpKSB7Ci0JCXJ0bmxfbG9jaygpOwotCQluZXRpZl9j YXJyaWVyX29mZihkZXYpOyAvKiBkaXNjYXJkIHF1ZXVlZCBwYWNrZXRzICov Ci0JCWlmIChuZXRpZl9ydW5uaW5nKGRldikpCi0JCQl4ZW52aWZfZG93bih2 aWYpOwotCQlydG5sX3VubG9jaygpOwotCQl4ZW52aWZfcHV0KHZpZik7Ci0J fQorCisJcnRubF9sb2NrKCk7CisJbmV0aWZfY2Fycmllcl9vZmYoZGV2KTsg LyogZGlzY2FyZCBxdWV1ZWQgcGFja2V0cyAqLworCWlmIChuZXRpZl9ydW5u aW5nKGRldikpCisJCXhlbnZpZl9kb3duKHZpZik7CisJcnRubF91bmxvY2so KTsKKwl4ZW52aWZfcHV0KHZpZik7Cit9CisKK3ZvaWQgeGVudmlmX2Rpc2Nv bm5lY3Qoc3RydWN0IHhlbnZpZiAqdmlmKQoreworCWlmIChuZXRpZl9jYXJy aWVyX29rKHZpZi0+ZGV2KSkKKwkJeGVudmlmX2NhcnJpZXJfb2ZmKHZpZik7 CiAKIAlhdG9taWNfZGVjKCZ2aWYtPnJlZmNudCk7CiAJd2FpdF9ldmVudCh2 aWYtPndhaXRpbmdfdG9fZnJlZSwgYXRvbWljX3JlYWQoJnZpZi0+cmVmY250 KSA9PSAwKTsKZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNr L25ldGJhY2suYyBiL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2su YwppbmRleCBmMmQ2Yjc4Li4xYTQ0OWY5IDEwMDY0NAotLS0gYS9kcml2ZXJz L25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMKKysrIGIvZHJpdmVycy9uZXQv eGVuLW5ldGJhY2svbmV0YmFjay5jCkBAIC04ODgsNiArODg4LDEzIEBAIHN0 YXRpYyB2b2lkIG5ldGJrX3R4X2VycihzdHJ1Y3QgeGVudmlmICp2aWYsCiAJ eGVudmlmX3B1dCh2aWYpOwogfQogCitzdGF0aWMgdm9pZCBuZXRia19mYXRh bF90eF9lcnIoc3RydWN0IHhlbnZpZiAqdmlmKQoreworCW5ldGRldl9lcnIo dmlmLT5kZXYsICJmYXRhbCBlcnJvcjsgZGlzYWJsaW5nIGRldmljZVxuIik7 CisJeGVudmlmX2NhcnJpZXJfb2ZmKHZpZik7CisJeGVudmlmX3B1dCh2aWYp OworfQorCiBzdGF0aWMgaW50IG5ldGJrX2NvdW50X3JlcXVlc3RzKHN0cnVj dCB4ZW52aWYgKnZpZiwKIAkJCQlzdHJ1Y3QgeGVuX25ldGlmX3R4X3JlcXVl c3QgKmZpcnN0LAogCQkJCXN0cnVjdCB4ZW5fbmV0aWZfdHhfcmVxdWVzdCAq dHhwLApAQCAtOTAxLDE5ICs5MDgsMjIgQEAgc3RhdGljIGludCBuZXRia19j b3VudF9yZXF1ZXN0cyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAKIAlkbyB7CiAJ CWlmIChmcmFncyA+PSB3b3JrX3RvX2RvKSB7Ci0JCQluZXRkZXZfZGJnKHZp Zi0+ZGV2LCAiTmVlZCBtb3JlIGZyYWdzXG4iKTsKKwkJCW5ldGRldl9lcnIo dmlmLT5kZXYsICJOZWVkIG1vcmUgZnJhZ3NcbiIpOworCQkJbmV0YmtfZmF0 YWxfdHhfZXJyKHZpZik7CiAJCQlyZXR1cm4gLWZyYWdzOwogCQl9CiAKIAkJ aWYgKHVubGlrZWx5KGZyYWdzID49IE1BWF9TS0JfRlJBR1MpKSB7Ci0JCQlu ZXRkZXZfZGJnKHZpZi0+ZGV2LCAiVG9vIG1hbnkgZnJhZ3NcbiIpOworCQkJ bmV0ZGV2X2Vycih2aWYtPmRldiwgIlRvbyBtYW55IGZyYWdzXG4iKTsKKwkJ CW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYpOwogCQkJcmV0dXJuIC1mcmFnczsK IAkJfQogCiAJCW1lbWNweSh0eHAsIFJJTkdfR0VUX1JFUVVFU1QoJnZpZi0+ dHgsIGNvbnMgKyBmcmFncyksCiAJCSAgICAgICBzaXplb2YoKnR4cCkpOwog CQlpZiAodHhwLT5zaXplID4gZmlyc3QtPnNpemUpIHsKLQkJCW5ldGRldl9k YmcodmlmLT5kZXYsICJGcmFncyBnYWxvcmVcbiIpOworCQkJbmV0ZGV2X2Vy cih2aWYtPmRldiwgIkZyYWcgaXMgYmlnZ2VyIHRoYW4gZnJhbWUuXG4iKTsK KwkJCW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYpOwogCQkJcmV0dXJuIC1mcmFn czsKIAkJfQogCkBAIC05MjEsOCArOTMxLDkgQEAgc3RhdGljIGludCBuZXRi a19jb3VudF9yZXF1ZXN0cyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAJCWZyYWdz Kys7CiAKIAkJaWYgKHVubGlrZWx5KCh0eHAtPm9mZnNldCArIHR4cC0+c2l6 ZSkgPiBQQUdFX1NJWkUpKSB7Ci0JCQluZXRkZXZfZGJnKHZpZi0+ZGV2LCAi dHhwLT5vZmZzZXQ6ICV4LCBzaXplOiAldVxuIiwKKwkJCW5ldGRldl9lcnIo dmlmLT5kZXYsICJ0eHAtPm9mZnNldDogJXgsIHNpemU6ICV1XG4iLAogCQkJ CSB0eHAtPm9mZnNldCwgdHhwLT5zaXplKTsKKwkJCW5ldGJrX2ZhdGFsX3R4 X2Vycih2aWYpOwogCQkJcmV0dXJuIC1mcmFnczsKIAkJfQogCX0gd2hpbGUg KCh0eHArKyktPmZsYWdzICYgWEVOX05FVFRYRl9tb3JlX2RhdGEpOwpAQCAt MTA5NSw3ICsxMTA2LDggQEAgc3RhdGljIGludCB4ZW5fbmV0YmtfZ2V0X2V4 dHJhcyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAKIAlkbyB7CiAJCWlmICh1bmxp a2VseSh3b3JrX3RvX2RvLS0gPD0gMCkpIHsKLQkJCW5ldGRldl9kYmcodmlm LT5kZXYsICJNaXNzaW5nIGV4dHJhIGluZm9cbiIpOworCQkJbmV0ZGV2X2Vy cih2aWYtPmRldiwgIk1pc3NpbmcgZXh0cmEgaW5mb1xuIik7CisJCQluZXRi a19mYXRhbF90eF9lcnIodmlmKTsKIAkJCXJldHVybiAtRUJBRFI7CiAJCX0K IApAQCAtMTEwNCw4ICsxMTE2LDkgQEAgc3RhdGljIGludCB4ZW5fbmV0Ymtf Z2V0X2V4dHJhcyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAJCWlmICh1bmxpa2Vs eSghZXh0cmEudHlwZSB8fAogCQkJICAgICBleHRyYS50eXBlID49IFhFTl9O RVRJRl9FWFRSQV9UWVBFX01BWCkpIHsKIAkJCXZpZi0+dHgucmVxX2NvbnMg PSArK2NvbnM7Ci0JCQluZXRkZXZfZGJnKHZpZi0+ZGV2LAorCQkJbmV0ZGV2 X2Vycih2aWYtPmRldiwKIAkJCQkgICAiSW52YWxpZCBleHRyYSB0eXBlOiAl ZFxuIiwgZXh0cmEudHlwZSk7CisJCQluZXRia19mYXRhbF90eF9lcnIodmlm KTsKIAkJCXJldHVybiAtRUlOVkFMOwogCQl9CiAKQEAgLTExMjEsMTMgKzEx MzQsMTUgQEAgc3RhdGljIGludCBuZXRia19zZXRfc2tiX2dzbyhzdHJ1Y3Qg eGVudmlmICp2aWYsCiAJCQkgICAgIHN0cnVjdCB4ZW5fbmV0aWZfZXh0cmFf aW5mbyAqZ3NvKQogewogCWlmICghZ3NvLT51Lmdzby5zaXplKSB7Ci0JCW5l dGRldl9kYmcodmlmLT5kZXYsICJHU08gc2l6ZSBtdXN0IG5vdCBiZSB6ZXJv LlxuIik7CisJCW5ldGRldl9lcnIodmlmLT5kZXYsICJHU08gc2l6ZSBtdXN0 IG5vdCBiZSB6ZXJvLlxuIik7CisJCW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYp OwogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAKIAkvKiBDdXJyZW50bHkgb25s eSBUQ1B2NCBTLk8uIGlzIHN1cHBvcnRlZC4gKi8KIAlpZiAoZ3NvLT51Lmdz by50eXBlICE9IFhFTl9ORVRJRl9HU09fVFlQRV9UQ1BWNCkgewotCQluZXRk ZXZfZGJnKHZpZi0+ZGV2LCAiQmFkIEdTTyB0eXBlICVkLlxuIiwgZ3NvLT51 Lmdzby50eXBlKTsKKwkJbmV0ZGV2X2Vycih2aWYtPmRldiwgIkJhZCBHU08g dHlwZSAlZC5cbiIsIGdzby0+dS5nc28udHlwZSk7CisJCW5ldGJrX2ZhdGFs X3R4X2Vycih2aWYpOwogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAKQEAgLTEy NjQsOSArMTI3OSwyNiBAQCBzdGF0aWMgdW5zaWduZWQgeGVuX25ldGJrX3R4 X2J1aWxkX2dvcHMoc3RydWN0IHhlbl9uZXRiayAqbmV0YmspCiAKIAkJLyog R2V0IGEgbmV0aWYgZnJvbSB0aGUgbGlzdCB3aXRoIHdvcmsgdG8gZG8uICov CiAJCXZpZiA9IHBvbGxfbmV0X3NjaGVkdWxlX2xpc3QobmV0YmspOworCQkv KgorCQkgKiBUaGlzIGNhbiBzb21ldGltZXMgaGFwcGVuIGJlY2F1c2UgdGhl IHRlc3Qgb2YKKwkJICogbGlzdF9lbXB0eShuZXRfc2NoZWR1bGVfbGlzdCkg YXQgdGhlIHRvcCBvZiB0aGUKKwkJICogbG9vcCBpcyB1bmxvY2tlZC4gIEp1 c3QgZ28gYmFjayBhbmQgaGF2ZSBhbm90aGVyCisJCSAqIGxvb2suCisJCSAq LwogCQlpZiAoIXZpZikKIAkJCWNvbnRpbnVlOwogCisJCWlmICh2aWYtPnR4 LnNyaW5nLT5yZXFfcHJvZCAtIHZpZi0+dHgucmVxX2NvbnMgPgorCQkgICAg WEVOX05FVElGX1RYX1JJTkdfU0laRSkgeworCQkJbmV0ZGV2X2Vycih2aWYt PmRldiwKKwkJCQkgICAiSW1wb3NzaWJsZSBudW1iZXIgb2YgcmVxdWVzdHMu ICIKKwkJCQkgICAicmVxX3Byb2QgJWQsIHJlcV9jb25zICVkLCBzaXplICVs ZFxuIiwKKwkJCQkgICB2aWYtPnR4LnNyaW5nLT5yZXFfcHJvZCwgdmlmLT50 eC5yZXFfY29ucywKKwkJCQkgICBYRU5fTkVUSUZfVFhfUklOR19TSVpFKTsK KwkJCW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYpOworCQkJY29udGludWU7CisJ CX0KKwogCQlSSU5HX0ZJTkFMX0NIRUNLX0ZPUl9SRVFVRVNUUygmdmlmLT50 eCwgd29ya190b19kbyk7CiAJCWlmICghd29ya190b19kbykgewogCQkJeGVu dmlmX3B1dCh2aWYpOwpAQCAtMTI5NCwxNyArMTMyNiwxNCBAQCBzdGF0aWMg dW5zaWduZWQgeGVuX25ldGJrX3R4X2J1aWxkX2dvcHMoc3RydWN0IHhlbl9u ZXRiayAqbmV0YmspCiAJCQl3b3JrX3RvX2RvID0geGVuX25ldGJrX2dldF9l eHRyYXModmlmLCBleHRyYXMsCiAJCQkJCQkJICB3b3JrX3RvX2RvKTsKIAkJ CWlkeCA9IHZpZi0+dHgucmVxX2NvbnM7Ci0JCQlpZiAodW5saWtlbHkod29y a190b19kbyA8IDApKSB7Ci0JCQkJbmV0YmtfdHhfZXJyKHZpZiwgJnR4cmVx LCBpZHgpOworCQkJaWYgKHVubGlrZWx5KHdvcmtfdG9fZG8gPCAwKSkKIAkJ CQljb250aW51ZTsKLQkJCX0KIAkJfQogCiAJCXJldCA9IG5ldGJrX2NvdW50 X3JlcXVlc3RzKHZpZiwgJnR4cmVxLCB0eGZyYWdzLCB3b3JrX3RvX2RvKTsK LQkJaWYgKHVubGlrZWx5KHJldCA8IDApKSB7Ci0JCQluZXRia190eF9lcnIo dmlmLCAmdHhyZXEsIGlkeCAtIHJldCk7CisJCWlmICh1bmxpa2VseShyZXQg PCAwKSkKIAkJCWNvbnRpbnVlOwotCQl9CisKIAkJaWR4ICs9IHJldDsKIAog CQlpZiAodW5saWtlbHkodHhyZXEuc2l6ZSA8IEVUSF9ITEVOKSkgewpAQCAt MTMxNiwxMSArMTM0NSwxMSBAQCBzdGF0aWMgdW5zaWduZWQgeGVuX25ldGJr X3R4X2J1aWxkX2dvcHMoc3RydWN0IHhlbl9uZXRiayAqbmV0YmspCiAKIAkJ LyogTm8gY3Jvc3NpbmcgYSBwYWdlIGFzIHRoZSBwYXlsb2FkIG11c3RuJ3Qg ZnJhZ21lbnQuICovCiAJCWlmICh1bmxpa2VseSgodHhyZXEub2Zmc2V0ICsg dHhyZXEuc2l6ZSkgPiBQQUdFX1NJWkUpKSB7Ci0JCQluZXRkZXZfZGJnKHZp Zi0+ZGV2LAorCQkJbmV0ZGV2X2Vycih2aWYtPmRldiwKIAkJCQkgICAidHhy ZXEub2Zmc2V0OiAleCwgc2l6ZTogJXUsIGVuZDogJWx1XG4iLAogCQkJCSAg IHR4cmVxLm9mZnNldCwgdHhyZXEuc2l6ZSwKIAkJCQkgICAodHhyZXEub2Zm c2V0Jn5QQUdFX01BU0spICsgdHhyZXEuc2l6ZSk7Ci0JCQluZXRia190eF9l cnIodmlmLCAmdHhyZXEsIGlkeCk7CisJCQluZXRia19mYXRhbF90eF9lcnIo dmlmKTsKIAkJCWNvbnRpbnVlOwogCQl9CiAKQEAgLTEzNDgsOCArMTM3Nyw4 IEBAIHN0YXRpYyB1bnNpZ25lZCB4ZW5fbmV0YmtfdHhfYnVpbGRfZ29wcyhz dHJ1Y3QgeGVuX25ldGJrICpuZXRiaykKIAkJCWdzbyA9ICZleHRyYXNbWEVO X05FVElGX0VYVFJBX1RZUEVfR1NPIC0gMV07CiAKIAkJCWlmIChuZXRia19z ZXRfc2tiX2dzbyh2aWYsIHNrYiwgZ3NvKSkgeworCQkJCS8qIEZhaWx1cmUg aW4gbmV0Ymtfc2V0X3NrYl9nc28gaXMgZmF0YWwuICovCiAJCQkJa2ZyZWVf c2tiKHNrYik7Ci0JCQkJbmV0YmtfdHhfZXJyKHZpZiwgJnR4cmVxLCBpZHgp OwogCQkJCWNvbnRpbnVlOwogCQkJfQogCQl9Ci0tIAoxLjcuMi41Cgo= --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch" Content-Disposition: attachment; filename="xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch" Content-Transfer-Encoding: base64 RnJvbSA5MDQyMDYzMWQyYjc4YWNhMjhjOTRiZWI2NmIyNTQ0N2U1N2E4ZGQ0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE0IEphbiAy MDEzIDEyOjIwOjA0ICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzRdIHhlbi9u ZXRiYWNrOiBkb24ndCBsZWFrIHBhZ2VzIG9uIGZhaWx1cmUgaW4geGVuX25l dGJrX3R4X2NoZWNrX2dvcC4KClNpZ25lZC1vZmYtYnk6IE1hdHRoZXcgRGFs ZXkgPG1hdHRqZEBnbWFpbC5jb20+ClJldmlld2VkLWJ5OiBLb25yYWQgUnpl c3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkFja2VkLWJ5 OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpBY2tl ZC1ieTogSmFuIEJldWxpY2ggPEpCZXVsaWNoQHN1c2UuY29tPgotLS0KIGRy aXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyB8ICAgMzggKysrKysr KysrKysrLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGVzIGNoYW5n ZWQsIDEzIGluc2VydGlvbnMoKyksIDI1IGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyBiL2Ry aXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYwppbmRleCAxYTQ0OWY5 Li45NzUyNDFlIDEwMDY0NAotLS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFj ay9uZXRiYWNrLmMKKysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0 YmFjay5jCkBAIC0xNDcsNyArMTQ3LDggQEAgdm9pZCB4ZW5fbmV0YmtfcmVt b3ZlX3hlbnZpZihzdHJ1Y3QgeGVudmlmICp2aWYpCiAJYXRvbWljX2RlYygm bmV0YmstPm5ldGZyb250X2NvdW50KTsKIH0KIAotc3RhdGljIHZvaWQgeGVu X25ldGJrX2lkeF9yZWxlYXNlKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCB1 MTYgcGVuZGluZ19pZHgpOworc3RhdGljIHZvaWQgeGVuX25ldGJrX2lkeF9y ZWxlYXNlKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCB1MTYgcGVuZGluZ19p ZHgsCisJCQkJICB1OCBzdGF0dXMpOwogc3RhdGljIHZvaWQgbWFrZV90eF9y ZXNwb25zZShzdHJ1Y3QgeGVudmlmICp2aWYsCiAJCQkgICAgIHN0cnVjdCB4 ZW5fbmV0aWZfdHhfcmVxdWVzdCAqdHhwLAogCQkJICAgICBzOCAgICAgICBz dCk7CkBAIC0xMDA3LDMwICsxMDA4LDIwIEBAIHN0YXRpYyBpbnQgeGVuX25l dGJrX3R4X2NoZWNrX2dvcChzdHJ1Y3QgeGVuX25ldGJrICpuZXRiaywKIHsK IAlzdHJ1Y3QgZ250dGFiX2NvcHkgKmdvcCA9ICpnb3BwOwogCXUxNiBwZW5k aW5nX2lkeCA9ICooKHUxNiAqKXNrYi0+ZGF0YSk7Ci0Jc3RydWN0IHBlbmRp bmdfdHhfaW5mbyAqcGVuZGluZ190eF9pbmZvID0gbmV0YmstPnBlbmRpbmdf dHhfaW5mbzsKLQlzdHJ1Y3QgeGVudmlmICp2aWYgPSBwZW5kaW5nX3R4X2lu Zm9bcGVuZGluZ19pZHhdLnZpZjsKLQlzdHJ1Y3QgeGVuX25ldGlmX3R4X3Jl cXVlc3QgKnR4cDsKIAlzdHJ1Y3Qgc2tiX3NoYXJlZF9pbmZvICpzaGluZm8g PSBza2Jfc2hpbmZvKHNrYik7CiAJaW50IG5yX2ZyYWdzID0gc2hpbmZvLT5u cl9mcmFnczsKIAlpbnQgaSwgZXJyLCBzdGFydDsKIAogCS8qIENoZWNrIHN0 YXR1cyBvZiBoZWFkZXIuICovCiAJZXJyID0gZ29wLT5zdGF0dXM7Ci0JaWYg KHVubGlrZWx5KGVycikpIHsKLQkJcGVuZGluZ19yaW5nX2lkeF90IGluZGV4 OwotCQlpbmRleCA9IHBlbmRpbmdfaW5kZXgobmV0YmstPnBlbmRpbmdfcHJv ZCsrKTsKLQkJdHhwID0gJnBlbmRpbmdfdHhfaW5mb1twZW5kaW5nX2lkeF0u cmVxOwotCQltYWtlX3R4X3Jlc3BvbnNlKHZpZiwgdHhwLCBYRU5fTkVUSUZf UlNQX0VSUk9SKTsKLQkJbmV0YmstPnBlbmRpbmdfcmluZ1tpbmRleF0gPSBw ZW5kaW5nX2lkeDsKLQkJeGVudmlmX3B1dCh2aWYpOwotCX0KKwlpZiAodW5s aWtlbHkoZXJyKSkKKwkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBw ZW5kaW5nX2lkeCwgWEVOX05FVElGX1JTUF9FUlJPUik7CiAKIAkvKiBTa2lw IGZpcnN0IHNrYiBmcmFnbWVudCBpZiBpdCBpcyBvbiBzYW1lIHBhZ2UgYXMg aGVhZGVyIGZyYWdtZW50LiAqLwogCXN0YXJ0ID0gKGZyYWdfZ2V0X3BlbmRp bmdfaWR4KCZzaGluZm8tPmZyYWdzWzBdKSA9PSBwZW5kaW5nX2lkeCk7CiAK IAlmb3IgKGkgPSBzdGFydDsgaSA8IG5yX2ZyYWdzOyBpKyspIHsKIAkJaW50 IGosIG5ld2VycjsKLQkJcGVuZGluZ19yaW5nX2lkeF90IGluZGV4OwogCiAJ CXBlbmRpbmdfaWR4ID0gZnJhZ19nZXRfcGVuZGluZ19pZHgoJnNoaW5mby0+ ZnJhZ3NbaV0pOwogCkBAIC0xMDM5LDE2ICsxMDMwLDEyIEBAIHN0YXRpYyBp bnQgeGVuX25ldGJrX3R4X2NoZWNrX2dvcChzdHJ1Y3QgeGVuX25ldGJrICpu ZXRiaywKIAkJaWYgKGxpa2VseSghbmV3ZXJyKSkgewogCQkJLyogSGFkIGEg cHJldmlvdXMgZXJyb3I/IEludmFsaWRhdGUgdGhpcyBmcmFnbWVudC4gKi8K IAkJCWlmICh1bmxpa2VseShlcnIpKQotCQkJCXhlbl9uZXRia19pZHhfcmVs ZWFzZShuZXRiaywgcGVuZGluZ19pZHgpOworCQkJCXhlbl9uZXRia19pZHhf cmVsZWFzZShuZXRiaywgcGVuZGluZ19pZHgsIFhFTl9ORVRJRl9SU1BfT0tB WSk7CiAJCQljb250aW51ZTsKIAkJfQogCiAJCS8qIEVycm9yIG9uIHRoaXMg ZnJhZ21lbnQ6IHJlc3BvbmQgdG8gY2xpZW50IHdpdGggYW4gZXJyb3IuICov Ci0JCXR4cCA9ICZuZXRiay0+cGVuZGluZ190eF9pbmZvW3BlbmRpbmdfaWR4 XS5yZXE7Ci0JCW1ha2VfdHhfcmVzcG9uc2UodmlmLCB0eHAsIFhFTl9ORVRJ Rl9SU1BfRVJST1IpOwotCQlpbmRleCA9IHBlbmRpbmdfaW5kZXgobmV0Ymst PnBlbmRpbmdfcHJvZCsrKTsKLQkJbmV0YmstPnBlbmRpbmdfcmluZ1tpbmRl eF0gPSBwZW5kaW5nX2lkeDsKLQkJeGVudmlmX3B1dCh2aWYpOworCQl4ZW5f bmV0YmtfaWR4X3JlbGVhc2UobmV0YmssIHBlbmRpbmdfaWR4LCBYRU5fTkVU SUZfUlNQX0VSUk9SKTsKIAogCQkvKiBOb3QgdGhlIGZpcnN0IGVycm9yPyBQ cmVjZWRpbmcgZnJhZ3MgYWxyZWFkeSBpbnZhbGlkYXRlZC4gKi8KIAkJaWYg KGVycikKQEAgLTEwNTYsMTAgKzEwNDMsMTAgQEAgc3RhdGljIGludCB4ZW5f bmV0YmtfdHhfY2hlY2tfZ29wKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLAog CiAJCS8qIEZpcnN0IGVycm9yOiBpbnZhbGlkYXRlIGhlYWRlciBhbmQgcHJl Y2VkaW5nIGZyYWdtZW50cy4gKi8KIAkJcGVuZGluZ19pZHggPSAqKCh1MTYg Kilza2ItPmRhdGEpOwotCQl4ZW5fbmV0YmtfaWR4X3JlbGVhc2UobmV0Ymss IHBlbmRpbmdfaWR4KTsKKwkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJr LCBwZW5kaW5nX2lkeCwgWEVOX05FVElGX1JTUF9PS0FZKTsKIAkJZm9yIChq ID0gc3RhcnQ7IGogPCBpOyBqKyspIHsKIAkJCXBlbmRpbmdfaWR4ID0gZnJh Z19nZXRfcGVuZGluZ19pZHgoJnNoaW5mby0+ZnJhZ3Nbal0pOwotCQkJeGVu X25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lkeCk7CisJCQl4 ZW5fbmV0YmtfaWR4X3JlbGVhc2UobmV0YmssIHBlbmRpbmdfaWR4LCBYRU5f TkVUSUZfUlNQX09LQVkpOwogCQl9CiAKIAkJLyogUmVtZW1iZXIgdGhlIGVy cm9yOiBpbnZhbGlkYXRlIGFsbCBzdWJzZXF1ZW50IGZyYWdtZW50cy4gKi8K QEAgLTEwOTMsNyArMTA4MCw3IEBAIHN0YXRpYyB2b2lkIHhlbl9uZXRia19m aWxsX2ZyYWdzKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCBzdHJ1Y3Qgc2tf YnVmZiAqc2tiKQogCiAJCS8qIFRha2UgYW4gZXh0cmEgcmVmZXJlbmNlIHRv IG9mZnNldCB4ZW5fbmV0YmtfaWR4X3JlbGVhc2UgKi8KIAkJZ2V0X3BhZ2Uo bmV0YmstPm1tYXBfcGFnZXNbcGVuZGluZ19pZHhdKTsKLQkJeGVuX25ldGJr X2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lkeCk7CisJCXhlbl9uZXRi a19pZHhfcmVsZWFzZShuZXRiaywgcGVuZGluZ19pZHgsIFhFTl9ORVRJRl9S U1BfT0tBWSk7CiAJfQogfQogCkBAIC0xNDc3LDcgKzE0NjQsNyBAQCBzdGF0 aWMgdm9pZCB4ZW5fbmV0YmtfdHhfc3VibWl0KHN0cnVjdCB4ZW5fbmV0Ymsg Km5ldGJrKQogCQkJdHhwLT5zaXplIC09IGRhdGFfbGVuOwogCQl9IGVsc2Ug ewogCQkJLyogU2NoZWR1bGUgYSByZXNwb25zZSBpbW1lZGlhdGVseS4gKi8K LQkJCXhlbl9uZXRia19pZHhfcmVsZWFzZShuZXRiaywgcGVuZGluZ19pZHgp OworCQkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lk eCwgWEVOX05FVElGX1JTUF9PS0FZKTsKIAkJfQogCiAJCWlmICh0eHAtPmZs YWdzICYgWEVOX05FVFRYRl9jc3VtX2JsYW5rKQpAQCAtMTUyOSw3ICsxNTE2 LDggQEAgc3RhdGljIHZvaWQgeGVuX25ldGJrX3R4X2FjdGlvbihzdHJ1Y3Qg eGVuX25ldGJrICpuZXRiaykKIAl4ZW5fbmV0YmtfdHhfc3VibWl0KG5ldGJr KTsKIH0KIAotc3RhdGljIHZvaWQgeGVuX25ldGJrX2lkeF9yZWxlYXNlKHN0 cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCB1MTYgcGVuZGluZ19pZHgpCitzdGF0 aWMgdm9pZCB4ZW5fbmV0YmtfaWR4X3JlbGVhc2Uoc3RydWN0IHhlbl9uZXRi ayAqbmV0YmssIHUxNiBwZW5kaW5nX2lkeCwKKwkJCQkgIHU4IHN0YXR1cykK IHsKIAlzdHJ1Y3QgeGVudmlmICp2aWY7CiAJc3RydWN0IHBlbmRpbmdfdHhf aW5mbyAqcGVuZGluZ190eF9pbmZvOwpAQCAtMTU0Myw3ICsxNTMxLDcgQEAg c3RhdGljIHZvaWQgeGVuX25ldGJrX2lkeF9yZWxlYXNlKHN0cnVjdCB4ZW5f bmV0YmsgKm5ldGJrLCB1MTYgcGVuZGluZ19pZHgpCiAKIAl2aWYgPSBwZW5k aW5nX3R4X2luZm8tPnZpZjsKIAotCW1ha2VfdHhfcmVzcG9uc2UodmlmLCAm cGVuZGluZ190eF9pbmZvLT5yZXEsIFhFTl9ORVRJRl9SU1BfT0tBWSk7CisJ bWFrZV90eF9yZXNwb25zZSh2aWYsICZwZW5kaW5nX3R4X2luZm8tPnJlcSwg c3RhdHVzKTsKIAogCWluZGV4ID0gcGVuZGluZ19pbmRleChuZXRiay0+cGVu ZGluZ19wcm9kKyspOwogCW5ldGJrLT5wZW5kaW5nX3JpbmdbaW5kZXhdID0g cGVuZGluZ19pZHg7Ci0tIAoxLjcuMi41Cgo= --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch" Content-Disposition: attachment; filename="xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch" Content-Transfer-Encoding: base64 RnJvbSBiNmIxZjE3YWE0NGFjZmUxMDI0OTY4YmFmYjFkMWZlNzcwNGE3NDlh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE0IEphbiAy MDEzIDEyOjUxOjIyICswMDAwClN1YmplY3Q6IFtQQVRDSCAzLzRdIHhlbi9u ZXRiYWNrOiBmcmVlIGFscmVhZHkgYWxsb2NhdGVkIG1lbW9yeSBvbiBmYWls dXJlIGluIHhlbl9uZXRia19nZXRfcmVxdWVzdHMKClNpZ25lZC1vZmYtYnk6 IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+Ci0tLQog ZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jIHwgICAxNiArKysr KysrKysrKysrKystCiAxIGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMo KyksIDEgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQv eGVuLW5ldGJhY2svbmV0YmFjay5jIGIvZHJpdmVycy9uZXQveGVuLW5ldGJh Y2svbmV0YmFjay5jCmluZGV4IDk3NTI0MWUuLjFhOTkyODggMTAwNjQ0Ci0t LSBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYworKysgYi9k cml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMKQEAgLTk3OCw3ICs5 NzgsNyBAQCBzdGF0aWMgc3RydWN0IGdudHRhYl9jb3B5ICp4ZW5fbmV0Ymtf Z2V0X3JlcXVlc3RzKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLAogCQlwZW5k aW5nX2lkeCA9IG5ldGJrLT5wZW5kaW5nX3JpbmdbaW5kZXhdOwogCQlwYWdl ID0geGVuX25ldGJrX2FsbG9jX3BhZ2UobmV0YmssIHNrYiwgcGVuZGluZ19p ZHgpOwogCQlpZiAoIXBhZ2UpCi0JCQlyZXR1cm4gTlVMTDsKKwkJCWdvdG8g ZXJyOwogCiAJCWdvcC0+c291cmNlLnUucmVmID0gdHhwLT5ncmVmOwogCQln b3AtPnNvdXJjZS5kb21pZCA9IHZpZi0+ZG9taWQ7CkBAIC0xMDAwLDYgKzEw MDAsMjAgQEAgc3RhdGljIHN0cnVjdCBnbnR0YWJfY29weSAqeGVuX25ldGJr X2dldF9yZXF1ZXN0cyhzdHJ1Y3QgeGVuX25ldGJrICpuZXRiaywKIAl9CiAK IAlyZXR1cm4gZ29wOworZXJyOgorCS8qCisJICogVW53aW5kLCBmcmVlaW5n IGFsbCBwYWdlcyBhbmQgc2VuZGluZyBlcnJvcgorCSAqIHJlcG9uc2VzLgor CSAqLworCXdoaWxlIChpLS0gPiBzdGFydCkgeworCQl4ZW5fbmV0YmtfaWR4 X3JlbGVhc2UobmV0YmssIGZyYWdfZ2V0X3BlbmRpbmdfaWR4KCZmcmFnc1tp XSksCisJCQkJICAgICAgWEVOX05FVElGX1JTUF9FUlJPUik7CisJfQorCS8q IFRoZSBoZWFkIHRvbywgaWYgbmVjZXNzYXJ5LiAqLworCWlmIChzdGFydCkK KwkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lkeCwg WEVOX05FVElGX1JTUF9FUlJPUik7CisKKwlyZXR1cm4gTlVMTDsKIH0KIAog c3RhdGljIGludCB4ZW5fbmV0YmtfdHhfY2hlY2tfZ29wKHN0cnVjdCB4ZW5f bmV0YmsgKm5ldGJrLAotLSAKMS43LjIuNQoK --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch" Content-Disposition: attachment; filename="xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch" Content-Transfer-Encoding: base64 RnJvbSBlYTVlM2MxZThmZDlmZmU2MDgwZTAxYWY3NzY5YTlmYTQyMGNjNjJl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE0IEphbiAy MDEzIDEzOjMyOjMxICswMDAwClN1YmplY3Q6IFtQQVRDSCA0LzRdIG5ldGJh Y2s6IGNvcnJlY3QgbmV0YmtfdHhfZXJyIHRvIGhhbmRsZSB3cmFwIGFyb3Vu ZC4KClNpZ25lZC1vZmYtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+CkFja2VkLWJ5OiBKYW4gQmV1bGljaCA8SkJldWxpY2hA c3VzZS5jb20+Ci0tLQogZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFj ay5jIHwgICAgMiArLQogMSBmaWxlcyBjaGFuZ2VkLCAxIGluc2VydGlvbnMo KyksIDEgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQv eGVuLW5ldGJhY2svbmV0YmFjay5jIGIvZHJpdmVycy9uZXQveGVuLW5ldGJh Y2svbmV0YmFjay5jCmluZGV4IDFhOTkyODguLjI4ZDVlMDYgMTAwNjQ0Ci0t LSBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYworKysgYi9k cml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMKQEAgLTg4MCw3ICs4 ODAsNyBAQCBzdGF0aWMgdm9pZCBuZXRia190eF9lcnIoc3RydWN0IHhlbnZp ZiAqdmlmLAogCiAJZG8gewogCQltYWtlX3R4X3Jlc3BvbnNlKHZpZiwgdHhw LCBYRU5fTkVUSUZfUlNQX0VSUk9SKTsKLQkJaWYgKGNvbnMgPj0gZW5kKQor CQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKIAkJdHhwID0gUklOR19H RVRfUkVRVUVTVCgmdmlmLT50eCwgY29ucysrKTsKIAl9IHdoaWxlICgxKTsK LS0gCjEuNy4yLjUKCg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:17:33 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:17:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMr-0007Qr-EZ; Tue, 05 Feb 2013 13:15:21 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMq-0007QZ-09; Tue, 05 Feb 2013 13:15:20 +0000 Received: from [85.158.138.51:18533] by server-8.bemta-3.messagelabs.com id 91/04-25687-6E501115; Tue, 05 Feb 2013 13:15:18 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-9.tower-174.messagelabs.com!1360070116!31104417!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18786 invoked from network); 5 Feb 2013 13:15:17 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-9.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:17 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMe-0003a8-Mt; Tue, 05 Feb 2013 13:15:08 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMe-00089M-1r; Tue, 05 Feb 2013 13:15:08 +0000 Date: Tue, 05 Feb 2013 13:15:08 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0215 / XSA-38 version 2 oxenstored incorrect handling of certain Xenbus ring states UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting domain control and management functions. In more detail: A malicious guest administrator can cause oxenstored to crash; after this many host control operations (for example, starting and stopping domains, device hotplug, and some monitoring functions), will be unavailable. Domains which are already running are not directly affected. Such an attacker can also cause a memory exhaustion in the domain running oxenstored; often this will make the host's management functions unavailable. Information leak of control plane data is also theoretically possible. VULNERABLE SYSTEMS ================== Any system running oxenstored is vulnerable. oxenstored was introduced in Xen version 4.1. oxenstored was made the default in Xen 4.2.if a suitable ocaml toolchain was installed at build time. Systems running a 32-bit oxenstored are vulnerable only to the crash and not to the large memory allocation issue. MITIGATION ========== Running the C version of xenstored will avoid this issue. RESOLUTION ========== Applying the attached patch resolves this issue. xsa38.patch Xen 4.1.x, Xen 4.2.x, xen-unstable $ sha256sum xsa38*.patch 7d7a5746bc76da747bf61eb87b3303a8f3abb0d96561f35a706c671317ebe4eb xsa38.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI0AAoJEIP+FMlX6CvZ6wAIAJdVEbDm51534QlQBGEE160O beOVzi6J0y1XOV3iDVnPlSxynhhBn3HcNWl0p0ERRAJt+FbZrH/WLMZ/9XLLbzZO LWVQHPiKkTYxbgxYsNXt/64CxKN8We2lffuBZn6DUQt1ZiV7T9L4SYVTWHeKo5vW mvs4j4VvlGgQTxIy0a724bEEPbBXNCu76+b6uwbJCkocnul1QMxyMK5mCJK/n/dv Q4KCXjJ9sfRHcKR8jteU0v45MP3VXbgEjrW70nvqXed3ly01SdBt/OJVAadmiG38 /EPJiFDT9cqPbl9591yQ6tQqRH5B4J3VoT7vl/hcV9AI8cduHVkQ8nLhfo71lLg= =CAag -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa38.patch" Content-Disposition: attachment; filename="xsa38.patch" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbCBi L3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbAppbmRleCAzNTU4ODg5 Li5kNGQxYzdiIDEwMDY0NAotLS0gYS90b29scy9vY2FtbC9saWJzL3hiL3Bh cnRpYWwubWwKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi9wYXJ0aWFsLm1s CkBAIC0yNyw4ICsyNywxNSBAQCBleHRlcm5hbCBoZWFkZXJfc2l6ZTogdW5p dCAtPiBpbnQgPSAic3R1Yl9oZWFkZXJfc2l6ZSIKIGV4dGVybmFsIGhlYWRl cl9vZl9zdHJpbmdfaW50ZXJuYWw6IHN0cmluZyAtPiBpbnQgKiBpbnQgKiBp bnQgKiBpbnQKICAgICAgICAgID0gInN0dWJfaGVhZGVyX29mX3N0cmluZyIK IAorbGV0IHhlbnN0b3JlX3BheWxvYWRfbWF4ID0gNDA5NiAoKiB4ZW4vaW5j bHVkZS9wdWJsaWMvaW8veHNfd2lyZS5oICopCisKIGxldCBvZl9zdHJpbmcg cyA9CiAJbGV0IHRpZCwgcmlkLCBvcGludCwgZGxlbiA9IGhlYWRlcl9vZl9z dHJpbmdfaW50ZXJuYWwgcyBpbgorCSgqIEEgcGFja2V0IHdoaWNoIGlzIGJp Z2dlciB0aGFuIHhlbnN0b3JlX3BheWxvYWRfbWF4IGlzIGlsbGVnYWwuCisJ ICAgVGhpcyB3aWxsIGxlYXZlIHRoZSBndWVzdCBjb25uZWN0aW9uIGlzIGEg YmFkIHN0YXRlIGFuZCB3aWxsCisJICAgYmUgaGFyZCB0byByZWNvdmVyIGZy b20gd2l0aG91dCByZXN0YXJ0aW5nIHRoZSBjb25uZWN0aW9uCisJICAgKGll IHJlYm9vdGluZyB0aGUgZ3Vlc3QpICopCisJbGV0IGRsZW4gPSBtaW4geGVu c3RvcmVfcGF5bG9hZF9tYXggZGxlbiBpbgogCXsKIAkJdGlkID0gdGlkOwog CQlyaWQgPSByaWQ7CkBAIC0zOCw2ICs0NSw3IEBAIGxldCBvZl9zdHJpbmcg cyA9CiAJfQogCiBsZXQgYXBwZW5kIHBrdCBzIHN6ID0KKwlpZiBwa3QubGVu ID4gNDA5NiB0aGVuIGZhaWx3aXRoICJCdWZmZXIuYWRkOiBjYW5ub3QgZ3Jv dyBidWZmZXIiOwogCUJ1ZmZlci5hZGRfc3RyaW5nIHBrdC5idWYgKFN0cmlu Zy5zdWIgcyAwIHN6KQogCiBsZXQgdG9fY29tcGxldGUgcGt0ID0KZGlmZiAt LWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIveHNfcmluZ19zdHVicy5jIGIv dG9vbHMvb2NhbWwvbGlicy94Yi94c19yaW5nX3N0dWJzLmMKaW5kZXggMDA0 MTRjNS4uNDg4OGFjNSAxMDA2NDQKLS0tIGEvdG9vbHMvb2NhbWwvbGlicy94 Yi94c19yaW5nX3N0dWJzLmMKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi94 c19yaW5nX3N0dWJzLmMKQEAgLTM5LDIxICszOSwyMyBAQCBzdGF0aWMgaW50 IHhzX3JpbmdfcmVhZChzdHJ1Y3QgbW1hcF9pbnRlcmZhY2UgKmludGVyZmFj ZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2hhciAqYnVmZmVy LCBpbnQgbGVuKQogewogCXN0cnVjdCB4ZW5zdG9yZV9kb21haW5faW50ZXJm YWNlICppbnRmID0gaW50ZXJmYWNlLT5hZGRyOwotCVhFTlNUT1JFX1JJTkdf SURYIGNvbnMsIHByb2Q7CisJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJv ZDsgLyogb2Zmc2V0cyBvbmx5ICovCiAJaW50IHRvX3JlYWQ7CiAKLQljb25z ID0gaW50Zi0+cmVxX2NvbnM7Ci0JcHJvZCA9IGludGYtPnJlcV9wcm9kOwor CWNvbnMgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9jb25zOwor CXByb2QgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9wcm9kOwog CXhlbl9tYigpOworCWNvbnMgPSBNQVNLX1hFTlNUT1JFX0lEWChjb25zKTsK Kwlwcm9kID0gTUFTS19YRU5TVE9SRV9JRFgocHJvZCk7CiAJaWYgKHByb2Qg PT0gY29ucykKIAkJcmV0dXJuIDA7Ci0JaWYgKE1BU0tfWEVOU1RPUkVfSURY KHByb2QpID4gTUFTS19YRU5TVE9SRV9JRFgoY29ucykpIAorCWlmIChwcm9k ID4gY29ucykKIAkJdG9fcmVhZCA9IHByb2QgLSBjb25zOwogCWVsc2UKLQkJ dG9fcmVhZCA9IFhFTlNUT1JFX1JJTkdfU0laRSAtIE1BU0tfWEVOU1RPUkVf SURYKGNvbnMpOworCQl0b19yZWFkID0gWEVOU1RPUkVfUklOR19TSVpFIC0g Y29uczsKIAlpZiAodG9fcmVhZCA8IGxlbikKIAkJbGVuID0gdG9fcmVhZDsK LQltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBNQVNLX1hFTlNUT1JFX0lE WChjb25zKSwgbGVuKTsKKwltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBj b25zLCBsZW4pOwogCXhlbl9tYigpOwogCWludGYtPnJlcV9jb25zICs9IGxl bjsKIAlyZXR1cm4gbGVuOwpAQCAtNjYsOCArNjgsOCBAQCBzdGF0aWMgaW50 IHhzX3Jpbmdfd3JpdGUoc3RydWN0IG1tYXBfaW50ZXJmYWNlICppbnRlcmZh Y2UsCiAJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJvZDsKIAlpbnQgY2Fu X3dyaXRlOwogCi0JY29ucyA9IGludGYtPnJzcF9jb25zOwotCXByb2QgPSBp bnRmLT5yc3BfcHJvZDsKKwljb25zID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfY29uczsKKwlwcm9kID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfcHJvZDsKIAl4ZW5fbWIoKTsKIAlpZiAoIChwcm9kIC0gY29u cykgPj0gWEVOU1RPUkVfUklOR19TSVpFICkKIAkJcmV0dXJuIDA7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:17:33 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:17:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMr-0007Qr-EZ; Tue, 05 Feb 2013 13:15:21 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMq-0007QZ-09; Tue, 05 Feb 2013 13:15:20 +0000 Received: from [85.158.138.51:18533] by server-8.bemta-3.messagelabs.com id 91/04-25687-6E501115; Tue, 05 Feb 2013 13:15:18 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-9.tower-174.messagelabs.com!1360070116!31104417!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18786 invoked from network); 5 Feb 2013 13:15:17 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-9.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:17 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMe-0003a8-Mt; Tue, 05 Feb 2013 13:15:08 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMe-00089M-1r; Tue, 05 Feb 2013 13:15:08 +0000 Date: Tue, 05 Feb 2013 13:15:08 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0215 / XSA-38 version 2 oxenstored incorrect handling of certain Xenbus ring states UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting domain control and management functions. In more detail: A malicious guest administrator can cause oxenstored to crash; after this many host control operations (for example, starting and stopping domains, device hotplug, and some monitoring functions), will be unavailable. Domains which are already running are not directly affected. Such an attacker can also cause a memory exhaustion in the domain running oxenstored; often this will make the host's management functions unavailable. Information leak of control plane data is also theoretically possible. VULNERABLE SYSTEMS ================== Any system running oxenstored is vulnerable. oxenstored was introduced in Xen version 4.1. oxenstored was made the default in Xen 4.2.if a suitable ocaml toolchain was installed at build time. Systems running a 32-bit oxenstored are vulnerable only to the crash and not to the large memory allocation issue. MITIGATION ========== Running the C version of xenstored will avoid this issue. RESOLUTION ========== Applying the attached patch resolves this issue. xsa38.patch Xen 4.1.x, Xen 4.2.x, xen-unstable $ sha256sum xsa38*.patch 7d7a5746bc76da747bf61eb87b3303a8f3abb0d96561f35a706c671317ebe4eb xsa38.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI0AAoJEIP+FMlX6CvZ6wAIAJdVEbDm51534QlQBGEE160O beOVzi6J0y1XOV3iDVnPlSxynhhBn3HcNWl0p0ERRAJt+FbZrH/WLMZ/9XLLbzZO LWVQHPiKkTYxbgxYsNXt/64CxKN8We2lffuBZn6DUQt1ZiV7T9L4SYVTWHeKo5vW mvs4j4VvlGgQTxIy0a724bEEPbBXNCu76+b6uwbJCkocnul1QMxyMK5mCJK/n/dv Q4KCXjJ9sfRHcKR8jteU0v45MP3VXbgEjrW70nvqXed3ly01SdBt/OJVAadmiG38 /EPJiFDT9cqPbl9591yQ6tQqRH5B4J3VoT7vl/hcV9AI8cduHVkQ8nLhfo71lLg= =CAag -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa38.patch" Content-Disposition: attachment; filename="xsa38.patch" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbCBi L3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbAppbmRleCAzNTU4ODg5 Li5kNGQxYzdiIDEwMDY0NAotLS0gYS90b29scy9vY2FtbC9saWJzL3hiL3Bh cnRpYWwubWwKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi9wYXJ0aWFsLm1s CkBAIC0yNyw4ICsyNywxNSBAQCBleHRlcm5hbCBoZWFkZXJfc2l6ZTogdW5p dCAtPiBpbnQgPSAic3R1Yl9oZWFkZXJfc2l6ZSIKIGV4dGVybmFsIGhlYWRl cl9vZl9zdHJpbmdfaW50ZXJuYWw6IHN0cmluZyAtPiBpbnQgKiBpbnQgKiBp bnQgKiBpbnQKICAgICAgICAgID0gInN0dWJfaGVhZGVyX29mX3N0cmluZyIK IAorbGV0IHhlbnN0b3JlX3BheWxvYWRfbWF4ID0gNDA5NiAoKiB4ZW4vaW5j bHVkZS9wdWJsaWMvaW8veHNfd2lyZS5oICopCisKIGxldCBvZl9zdHJpbmcg cyA9CiAJbGV0IHRpZCwgcmlkLCBvcGludCwgZGxlbiA9IGhlYWRlcl9vZl9z dHJpbmdfaW50ZXJuYWwgcyBpbgorCSgqIEEgcGFja2V0IHdoaWNoIGlzIGJp Z2dlciB0aGFuIHhlbnN0b3JlX3BheWxvYWRfbWF4IGlzIGlsbGVnYWwuCisJ ICAgVGhpcyB3aWxsIGxlYXZlIHRoZSBndWVzdCBjb25uZWN0aW9uIGlzIGEg YmFkIHN0YXRlIGFuZCB3aWxsCisJICAgYmUgaGFyZCB0byByZWNvdmVyIGZy b20gd2l0aG91dCByZXN0YXJ0aW5nIHRoZSBjb25uZWN0aW9uCisJICAgKGll IHJlYm9vdGluZyB0aGUgZ3Vlc3QpICopCisJbGV0IGRsZW4gPSBtaW4geGVu c3RvcmVfcGF5bG9hZF9tYXggZGxlbiBpbgogCXsKIAkJdGlkID0gdGlkOwog CQlyaWQgPSByaWQ7CkBAIC0zOCw2ICs0NSw3IEBAIGxldCBvZl9zdHJpbmcg cyA9CiAJfQogCiBsZXQgYXBwZW5kIHBrdCBzIHN6ID0KKwlpZiBwa3QubGVu ID4gNDA5NiB0aGVuIGZhaWx3aXRoICJCdWZmZXIuYWRkOiBjYW5ub3QgZ3Jv dyBidWZmZXIiOwogCUJ1ZmZlci5hZGRfc3RyaW5nIHBrdC5idWYgKFN0cmlu Zy5zdWIgcyAwIHN6KQogCiBsZXQgdG9fY29tcGxldGUgcGt0ID0KZGlmZiAt LWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIveHNfcmluZ19zdHVicy5jIGIv dG9vbHMvb2NhbWwvbGlicy94Yi94c19yaW5nX3N0dWJzLmMKaW5kZXggMDA0 MTRjNS4uNDg4OGFjNSAxMDA2NDQKLS0tIGEvdG9vbHMvb2NhbWwvbGlicy94 Yi94c19yaW5nX3N0dWJzLmMKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi94 c19yaW5nX3N0dWJzLmMKQEAgLTM5LDIxICszOSwyMyBAQCBzdGF0aWMgaW50 IHhzX3JpbmdfcmVhZChzdHJ1Y3QgbW1hcF9pbnRlcmZhY2UgKmludGVyZmFj ZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2hhciAqYnVmZmVy LCBpbnQgbGVuKQogewogCXN0cnVjdCB4ZW5zdG9yZV9kb21haW5faW50ZXJm YWNlICppbnRmID0gaW50ZXJmYWNlLT5hZGRyOwotCVhFTlNUT1JFX1JJTkdf SURYIGNvbnMsIHByb2Q7CisJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJv ZDsgLyogb2Zmc2V0cyBvbmx5ICovCiAJaW50IHRvX3JlYWQ7CiAKLQljb25z ID0gaW50Zi0+cmVxX2NvbnM7Ci0JcHJvZCA9IGludGYtPnJlcV9wcm9kOwor CWNvbnMgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9jb25zOwor CXByb2QgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9wcm9kOwog CXhlbl9tYigpOworCWNvbnMgPSBNQVNLX1hFTlNUT1JFX0lEWChjb25zKTsK Kwlwcm9kID0gTUFTS19YRU5TVE9SRV9JRFgocHJvZCk7CiAJaWYgKHByb2Qg PT0gY29ucykKIAkJcmV0dXJuIDA7Ci0JaWYgKE1BU0tfWEVOU1RPUkVfSURY KHByb2QpID4gTUFTS19YRU5TVE9SRV9JRFgoY29ucykpIAorCWlmIChwcm9k ID4gY29ucykKIAkJdG9fcmVhZCA9IHByb2QgLSBjb25zOwogCWVsc2UKLQkJ dG9fcmVhZCA9IFhFTlNUT1JFX1JJTkdfU0laRSAtIE1BU0tfWEVOU1RPUkVf SURYKGNvbnMpOworCQl0b19yZWFkID0gWEVOU1RPUkVfUklOR19TSVpFIC0g Y29uczsKIAlpZiAodG9fcmVhZCA8IGxlbikKIAkJbGVuID0gdG9fcmVhZDsK LQltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBNQVNLX1hFTlNUT1JFX0lE WChjb25zKSwgbGVuKTsKKwltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBj b25zLCBsZW4pOwogCXhlbl9tYigpOwogCWludGYtPnJlcV9jb25zICs9IGxl bjsKIAlyZXR1cm4gbGVuOwpAQCAtNjYsOCArNjgsOCBAQCBzdGF0aWMgaW50 IHhzX3Jpbmdfd3JpdGUoc3RydWN0IG1tYXBfaW50ZXJmYWNlICppbnRlcmZh Y2UsCiAJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJvZDsKIAlpbnQgY2Fu X3dyaXRlOwogCi0JY29ucyA9IGludGYtPnJzcF9jb25zOwotCXByb2QgPSBp bnRmLT5yc3BfcHJvZDsKKwljb25zID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfY29uczsKKwlwcm9kID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfcHJvZDsKIAl4ZW5fbWIoKTsKIAlpZiAoIChwcm9kIC0gY29u cykgPj0gWEVOU1RPUkVfUklOR19TSVpFICkKIAkJcmV0dXJuIDA7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:17:33 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:17:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iNJ-0007ZU-1e; Tue, 05 Feb 2013 13:15:49 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iNG-0007YC-H3; Tue, 05 Feb 2013 13:15:47 +0000 Received: from [85.158.138.51:8056] by server-3.bemta-3.messagelabs.com id 27/9E-31070-10601115; Tue, 05 Feb 2013 13:15:45 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-5.tower-174.messagelabs.com!1360070134!28898814!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 23853 invoked from network); 5 Feb 2013 13:15:36 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-5.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:36 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMZ-0003Zw-6U; Tue, 05 Feb 2013 13:15:03 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMY-00088X-Tl; Tue, 05 Feb 2013 13:15:02 +0000 Date: Tue, 05 Feb 2013 13:15:02 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0153 / XSA-36 version 3 interrupt remap entries shared and old ones not cleared on AMD IOMMUs UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= To avoid an erratum in early hardware, the Xen AMD IOMMU code by default chooses to use a single interrupt remapping table for the whole system. This sharing implies that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. Furthermore, regardless of whether a shared interrupt remapping table is in use, old entries are not always cleared, providing opportunities (which accumulate over time) for guests to inject interrupts into other guests, again including domain 0. In a typical Xen system many devices are owned by domain 0 or driver domains, leaving them vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system. IMPACT ====== A malicious domain which is given access to a physical PCI device can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Xen versions 3.3 onwards are vulnerable. Earlier Xen versions do not implement interrupt remapping, and hence do not support secure AMD-Vi PCI passthrough in any case. Only systems using AMD-Vi for PCI passthrough are vulnerable. Any domain which is given access to a PCI device can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. In Xen versions 4.1.3 and above the sharing of the interrupt remapping table (and hence the more severe part of this problem) can be avoided by passing "iommu=amd-iommu-perdev-intremap" as a command line option to the hypervisor. This option is not fully functional on earlier hypervisors. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that on certain systems (SP5100 chipsets with erratum 28 present, or such with broken IVRS ACPI table) these patches will result in the IOMMU not being enabled anymore. This should be dealt with by a BIOS update, if available. Alternatively the check can be overridden by specifying "iommu=no-amd-iommu-perdev-intremap" on the Xen command line ("iommu=amd-iommu-global-intremap" on 4.1.x), at the price of re-opening the security hole addressed by these patches. xsa36-unstable.patch Xen unstable xsa36-4.2.patch Xen 4.2.x xsa36-4.1.patch Xen 4.1.x $ sha256sum xsa36*.patch 2254fa46dcbc164d2d55ad9d519e7aa4ac5b83e9fb8d8e1f224114d08fe44237 xsa36-4.1.patch 6848712b560b522f7d3cede53e29e799624311e7dee6e450f0c02c165a590783 xsa36-4.2.patch 0e5d53c0b2bbbf07ef07bf31d8adeca4c043c0277f122f74557b018dc7348b74 xsa36-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQItAAoJEIP+FMlX6CvZapMH/i+AeMV4Mi9EAe97JWto2xrg bCBdq7LEJ1cIpXGbhpXwTRzmsEGJmFR2VwkaxEtk+BuC7bzJ/KRjWYg6viQ7v+0t thHEMtaRYTOIIel8YZ5t+v8oMdEUos7Oo94xhCk+n7ioH6PO+quUTI+aGd0+lcJm d/5TC5f8w+HZNTB0nCQX9tQx5d4veQXghKs1NbKHeMyZ66nMZiqUqVUwQNTaFhUO 9eWyGOik5/mFctRrMxoOZHQm3d36AnDisiOku2CaG1xYYwDaAnOe/u6QcBZcVX3M Q9COmTAWnOfIKYMIFnXRnyHSiw2+oZL6PTD5nX4O68B6hZ8pemVa+lFhSTvxsXM= =5jP3 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa36-4.1.patch" Content-Disposition: attachment; filename="xsa36-4.1.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgotLS0g YS94ZW4vYXJjaC94ODYvaXJxLmMKKysrIGIveGVuL2FyY2gveDg2L2lycS5j CkBAIC0xNjc3LDkgKzE2NzcsNiBAQCBpbnQgbWFwX2RvbWFpbl9waXJxKAog ICAgICAgICBkLT5hcmNoLnBpcnFfaXJxW3BpcnFdID0gaXJxOwogICAgICAg ICBkLT5hcmNoLmlycV9waXJxW2lycV0gPSBwaXJxOwogICAgICAgICBzcGlu X3VubG9ja19pcnFyZXN0b3JlKCZkZXNjLT5sb2NrLCBmbGFncyk7Ci0KLSAg ICAgICAgaWYgKCBvcHRfaXJxX3ZlY3Rvcl9tYXAgPT0gT1BUX0lSUV9WRUNU T1JfTUFQX1BFUkRFViApCi0gICAgICAgICAgICBwcmludGsoWEVOTE9HX0lO Rk8gIlBlci1kZXZpY2UgdmVjdG9yIG1hcHMgZm9yIEdTSXMgbm90IGltcGxl bWVudGVkIHlldC5cbiIpOwogICAgIH0KIAogZG9uZToKLS0tIGEveGVuL2Ry aXZlcnMvYWNwaS90YWJsZXMuYworKysgYi94ZW4vZHJpdmVycy9hY3BpL3Rh Ymxlcy5jCkBAIC0yNjcsNyArMjY3LDcgQEAgYWNwaV90YWJsZV9wYXJzZV9t YWR0KGVudW0gYWNwaV9tYWR0X3R5cAogICogQGhhbmRsZXI6IGhhbmRsZXIg dG8gcnVuCiAgKgogICogU2NhbiB0aGUgQUNQSSBTeXN0ZW0gRGVzY3JpcHRv ciBUYWJsZSAoU1REKSBmb3IgYSB0YWJsZSBtYXRjaGluZyBAaWQsCi0gKiBy dW4gQGhhbmRsZXIgb24gaXQuICBSZXR1cm4gMCBpZiB0YWJsZSBmb3VuZCwg cmV0dXJuIG9uIGlmIG5vdC4KKyAqIHJ1biBAaGFuZGxlciBvbiBpdC4KICAq LwogaW50IGFjcGlfdGFibGVfcGFyc2UoY2hhciAqaWQsIGFjcGlfdGFibGVf aGFuZGxlciBoYW5kbGVyKQogewpAQCAtMjgyLDggKzI4Miw3IEBAIGludCBh Y3BpX3RhYmxlX3BhcnNlKGNoYXIgKmlkLCBhY3BpX3RhYmwKIAkJYWNwaV9n ZXRfdGFibGUoaWQsIDAsICZ0YWJsZSk7CiAKIAlpZiAodGFibGUpIHsKLQkJ aGFuZGxlcih0YWJsZSk7Ci0JCXJldHVybiAwOworCQlyZXR1cm4gaGFuZGxl cih0YWJsZSk7CiAJfSBlbHNlCiAJCXJldHVybiAxOwogfQotLS0gYS94ZW4v ZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfYWNwaS5jCisrKyBiL3hl bi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9hY3BpLmMKQEAgLTIx LDYgKzIxLDcgQEAKICNpbmNsdWRlIDx4ZW4vY29uZmlnLmg+CiAjaW5jbHVk ZSA8eGVuL2Vycm5vLmg+CiAjaW5jbHVkZSA8YXNtL2FwaWNkZWYuaD4KKyNp bmNsdWRlIDxhc20vaW9fYXBpYy5oPgogI2luY2x1ZGUgPGFzbS9hbWQtaW9t bXUuaD4KICNpbmNsdWRlIDxhc20vaHZtL3N2bS9hbWQtaW9tbXUtcHJvdG8u aD4KICNpbmNsdWRlIDxhc20vaHZtL3N2bS9hbWQtaW9tbXUtYWNwaS5oPgpA QCAtMjksNyArMzAsNiBAQCBleHRlcm4gdW5zaWduZWQgbG9uZyBhbWRfaW9t bXVfcGFnZV9lbnRyCiBleHRlcm4gdW5zaWduZWQgc2hvcnQgaXZyc19iZGZf ZW50cmllczsKIGV4dGVybiBzdHJ1Y3QgaXZyc19tYXBwaW5ncyAqaXZyc19t YXBwaW5nczsKIGV4dGVybiB1bnNpZ25lZCBzaG9ydCBsYXN0X2JkZjsKLWV4 dGVybiBpbnQgaW9hcGljX2JkZltNQVhfSU9fQVBJQ1NdOwogZXh0ZXJuIHZv aWQgKnNoYXJlZF9pbnRyZW1hcF90YWJsZTsKIAogc3RhdGljIHZvaWQgYWRk X2l2cnNfbWFwcGluZ19lbnRyeSgKQEAgLTYzNiw2ICs2MzYsNyBAQCBzdGF0 aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAgdTE2 IGhlYWRlcl9sZW5ndGgsIHUxNiBibG9ja19sZW5ndGgsIHN0cnVjdCBhbWRf aW9tbXUgKmlvbW11KQogewogICAgIHUxNiBkZXZfbGVuZ3RoLCBiZGY7Cisg ICAgaW50IGFwaWM7CiAKICAgICBkZXZfbGVuZ3RoID0gc2l6ZW9mKHN0cnVj dCBhY3BpX2l2aGRfZGV2aWNlX3NwZWNpYWwpOwogICAgIGlmICggaGVhZGVy X2xlbmd0aCA8IChibG9ja19sZW5ndGggKyBkZXZfbGVuZ3RoKSApCkBAIC02 NTIsOSArNjUzLDU4IEBAIHN0YXRpYyB1MTYgX19pbml0IHBhcnNlX2l2aGRf ZGV2aWNlX3NwZWMKICAgICB9CiAKICAgICBhZGRfaXZyc19tYXBwaW5nX2Vu dHJ5KGJkZiwgYmRmLCBpdmhkX2RldmljZS0+aGVhZGVyLmZsYWdzLCBpb21t dSk7Ci0gICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMgKi8KLSAgICBp b2FwaWNfYmRmW2l2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZV0gPSBiZGY7 Ci0gICAgcmV0dXJuIGRldl9sZW5ndGg7CisKKyAgICBpZiAoIGl2aGRfZGV2 aWNlLT5zcGVjaWFsLnZhcmlldHkgIT0gMSAvKiBBQ1BJX0lWSERfSU9BUElD ICovICkKKyAgICB7CisgICAgICAgIGlmICggaXZoZF9kZXZpY2UtPnNwZWNp YWwudmFyaWV0eSAhPSAyIC8qIEFDUElfSVZIRF9IUEVUICovICkKKyAgICAg ICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJVbnJlY29nbml6ZWQgSVZIRCBz cGVjaWFsIHZhcmlldHkgJSN4XG4iLAorICAgICAgICAgICAgICAgICAgIGl2 aGRfZGV2aWNlLT5zcGVjaWFsLnZhcmlldHkpOworICAgICAgICByZXR1cm4g ZGV2X2xlbmd0aDsKKyAgICB9CisKKyAgICAvKgorICAgICAqIFNvbWUgQklP U2VzIGhhdmUgSU9BUElDIGJyb2tlbiBlbnRyaWVzIHNvIHdlIGNoZWNrIGZv ciBJVlJTCisgICAgICogY29uc2lzdGVuY3kgaGVyZSAtLS0gd2hldGhlciBl bnRyeSdzIElPQVBJQyBJRCBpcyB2YWxpZCBhbmQKKyAgICAgKiB3aGV0aGVy IHRoZXJlIGFyZSBjb25mbGljdGluZy9kdXBsaWNhdGVkIGVudHJpZXMuCisg ICAgICovCisgICAgZm9yICggYXBpYyA9IDA7IGFwaWMgPCBucl9pb2FwaWNz OyBhcGljKysgKQorICAgIHsKKyAgICAgICAgaWYgKCBJT19BUElDX0lEKGFw aWMpICE9IGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSApCisgICAgICAg ICAgICBjb250aW51ZTsKKworICAgICAgICBpZiAoIGlvYXBpY19iZGZbaXZo ZF9kZXZpY2UtPnNwZWNpYWwuaGFuZGxlXS5waW5fc2V0dXAgKQorICAgICAg ICB7CisgICAgICAgICAgICBpZiAoIGlvYXBpY19iZGZbaXZoZF9kZXZpY2Ut PnNwZWNpYWwuaGFuZGxlXS5iZGYgPT0gYmRmICkKKyAgICAgICAgICAgICAg ICBBTURfSU9NTVVfREVCVUcoIklWSEQgV2FybmluZzogRHVwbGljYXRlIElP LUFQSUMgJSN4IGVudHJpZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSk7CisgICAg ICAgICAgICBlbHNlCisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAg cHJpbnRrKFhFTkxPR19FUlIgIklWSEQgRXJyb3I6IENvbmZsaWN0aW5nIElP LUFQSUMgJSN4IGVudHJpZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAg IGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSk7CisgICAgICAgICAgICAg ICAgaWYgKCBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAg ICAgICAgICAgICAgcmV0dXJuIDA7CisgICAgICAgICAgICB9CisgICAgICAg IH0KKyAgICAgICAgZWxzZQorICAgICAgICB7CisgICAgICAgICAgICAvKiBz ZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyAqLworICAgICAgICAgICAgaW9hcGlj X2JkZltpdmhkX2RldmljZS0+c3BlY2lhbC5oYW5kbGVdLmJkZiA9IGJkZjsK KworICAgICAgICAgICAgaW9hcGljX2JkZltpdmhkX2RldmljZS0+c3BlY2lh bC5oYW5kbGVdLnBpbl9zZXR1cCA9IHh6YWxsb2NfYXJyYXkoCisgICAgICAg ICAgICAgICAgdW5zaWduZWQgbG9uZywgQklUU19UT19MT05HUyhucl9pb2Fw aWNfcmVnaXN0ZXJzW2FwaWNdKSk7CisgICAgICAgICAgICBpZiAoIG5yX2lv YXBpY19yZWdpc3RlcnNbYXBpY10gJiYKKyAgICAgICAgICAgICAgICAgIWlv YXBpY19iZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3NldHVwICkKKyAgICAg ICAgICAgIHsKKyAgICAgICAgICAgICAgICBwcmludGsoWEVOTE9HX0VSUiAi SVZIRCBFcnJvcjogT3V0IG9mIG1lbW9yeVxuIik7CisgICAgICAgICAgICAg ICAgcmV0dXJuIDA7CisgICAgICAgICAgICB9CisgICAgICAgIH0KKyAgICAg ICAgcmV0dXJuIGRldl9sZW5ndGg7CisgICAgfQorCisgICAgcHJpbnRrKFhF TkxPR19FUlIgIklWSEQgRXJyb3I6IEludmFsaWQgSU8tQVBJQyAlI3hcbiIs CisgICAgICAgICAgIGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSk7Cisg ICAgcmV0dXJuIDA7CiB9CiAKIHN0YXRpYyBpbnQgX19pbml0IHBhcnNlX2l2 aGRfYmxvY2soc3RydWN0IGFjcGlfaXZoZF9ibG9ja19oZWFkZXIgKml2aGRf YmxvY2spCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21t dV9pbml0LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lv bW11X2luaXQuYwpAQCAtODk3LDEyICs4OTcsNDUgQEAgc3RhdGljIGludCBf X2luaXQgYW1kX2lvbW11X3NldHVwX2RldmljZQogICAgIHJldHVybiAwOwog fQogCisvKiBDaGVjayB3aGV0aGVyIFNQNTEwMCBTQVRBIENvbWJpbmVkIG1v ZGUgaXMgb24gKi8KK3N0YXRpYyBib29sX3QgX19pbml0IGFtZF9zcDUxMDBf ZXJyYXR1bTI4KHZvaWQpCit7CisgICAgdTMyIGJ1cywgaWQ7CisgICAgdTE2 IHZlbmRvcl9pZCwgZGV2X2lkOworICAgIHU4IGJ5dGU7CisKKyAgICBmb3Ig KGJ1cyA9IDA7IGJ1cyA8IDI1NjsgYnVzKyspCisgICAgeworICAgICAgICBp ZCA9IHBjaV9jb25mX3JlYWQzMihidXMsIDB4MTQsIDAsIFBDSV9WRU5ET1Jf SUQpOworCisgICAgICAgIHZlbmRvcl9pZCA9IGlkICYgMHhmZmZmOworICAg ICAgICBkZXZfaWQgPSAoaWQgPj4gMTYpICYgMHhmZmZmOworCisgICAgICAg IC8qIFNQNTEwMCBTTUJ1cyBtb2R1bGUgc2V0cyBDb21iaW5lZCBtb2RlIG9u ICovCisgICAgICAgIGlmICh2ZW5kb3JfaWQgIT0gMHgxMDAyIHx8IGRldl9p ZCAhPSAweDQzODUpCisgICAgICAgICAgICBjb250aW51ZTsKKworICAgICAg ICBieXRlID0gcGNpX2NvbmZfcmVhZDgoYnVzLCAweDE0LCAwLCAweGFkKTsK KyAgICAgICAgaWYgKCAoYnl0ZSA+PiAzKSAmIDEgKQorICAgICAgICB7Cisg ICAgICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5JTkcgIkFNRC1WaTogU1A1 MTAwIGVycmF0dW0gMjggZGV0ZWN0ZWQsIGRpc2FibGluZyBJT01NVS5cbiIK KyAgICAgICAgICAgICAgICAgICAiSWYgcG9zc2libGUsIGRpc2FibGUgU0FU QSBDb21iaW5lZCBtb2RlIGluIEJJT1Mgb3IgY29udGFjdCB5b3VyIHZlbmRv ciBmb3IgQklPUyB1cGRhdGUuXG4iKTsKKyAgICAgICAgICAgIHJldHVybiAx OworICAgICAgICB9CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9CisKIGlu dCBfX2luaXQgYW1kX2lvbW11X2luaXQodm9pZCkKIHsKICAgICBzdHJ1Y3Qg YW1kX2lvbW11ICppb21tdTsKIAogICAgIEJVR19PTiggIWlvbW11X2ZvdW5k KCkgKTsKIAorICAgIGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCAm JiBhbWRfc3A1MTAwX2VycmF0dW0yOCgpICkKKyAgICAgICAgZ290byBlcnJv cl9vdXQ7CisKICAgICBpcnFfdG9faW9tbXUgPSB4bWFsbG9jX2FycmF5KHN0 cnVjdCBhbWRfaW9tbXUgKiwgbnJfaXJxcyk7CiAgICAgaWYgKCBpcnFfdG9f aW9tbXUgPT0gTlVMTCApCiAgICAgICAgIGdvdG8gZXJyb3Jfb3V0OwotLS0g YS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW50ci5jCisr KyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbnRyLmMK QEAgLTI3LDcgKzI3LDcgQEAKICNkZWZpbmUgSU5UUkVNQVBfTEVOR1RIIDB4 QgogI2RlZmluZSBJTlRSRU1BUF9FTlRSSUVTICgxIDw8IElOVFJFTUFQX0xF TkdUSCkKIAotaW50IGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsKK3N0cnVj dCBpb2FwaWNfYmRmIGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsKIGV4dGVy biBzdHJ1Y3QgaXZyc19tYXBwaW5ncyAqaXZyc19tYXBwaW5nczsKIGV4dGVy biB1bnNpZ25lZCBzaG9ydCBpdnJzX2JkZl9lbnRyaWVzOwogdm9pZCAqc2hh cmVkX2ludHJlbWFwX3RhYmxlOwpAQCAtMTE3LDEyICsxMTcsMTIgQEAgdm9p ZCBpbnZhbGlkYXRlX2ludGVycnVwdF90YWJsZShzdHJ1Y3QgYQogc3RhdGlj IHZvaWQgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGljKAogICAg IGludCBiZGYsCiAgICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUsCi0gICAg c3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKmlvYXBpY19ydGUpCisgICAg Y29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSwKKyAgICBj b25zdCBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqb2xkX3J0ZSkKIHsK ICAgICB1bnNpZ25lZCBsb25nIGZsYWdzOwogICAgIHUzMiogZW50cnk7CiAg ICAgdTggZGVsaXZlcnlfbW9kZSwgZGVzdCwgdmVjdG9yLCBkZXN0X21vZGU7 Ci0gICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSA9IGlvYXBp Y19ydGU7CiAgICAgaW50IHJlcV9pZDsKICAgICBzcGlubG9ja190ICpsb2Nr OwogICAgIGludCBvZmZzZXQ7CkBAIC0xMzgsNiArMTM4LDE0IEBAIHN0YXRp YyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2kKICAgICBzcGlu X2xvY2tfaXJxc2F2ZShsb2NrLCBmbGFncyk7CiAKICAgICBvZmZzZXQgPSBn ZXRfaW50cmVtYXBfb2Zmc2V0KHZlY3RvciwgZGVsaXZlcnlfbW9kZSk7Cisg ICAgaWYgKCBvbGRfcnRlICkKKyAgICB7CisgICAgICAgIGludCBvbGRfb2Zm c2V0ID0gZ2V0X2ludHJlbWFwX29mZnNldChvbGRfcnRlLT52ZWN0b3IsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBv bGRfcnRlLT5kZWxpdmVyeV9tb2RlKTsKKworICAgICAgICBpZiAoIG9mZnNl dCAhPSBvbGRfb2Zmc2V0ICkKKyAgICAgICAgICAgIGZyZWVfaW50cmVtYXBf ZW50cnkoYmRmLCBvbGRfb2Zmc2V0KTsKKyAgICB9CiAgICAgZW50cnkgPSAo dTMyKilnZXRfaW50cmVtYXBfZW50cnkocmVxX2lkLCBvZmZzZXQpOwogICAg IHVwZGF0ZV9pbnRyZW1hcF9lbnRyeShlbnRyeSwgdmVjdG9yLCBkZWxpdmVy eV9tb2RlLCBkZXN0X21vZGUsIGRlc3QpOwogCkBAIC0xNzYsNyArMTg0LDcg QEAgaW50IF9faW5pdCBhbWRfaW9tbXVfc2V0dXBfaW9hcGljX3JlbWFwcAog ICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogCiAgICAgICAgICAgICAvKiBn ZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyBkZXZpY2VzICovCi0gICAgICAgICAg ICBiZGYgPSBpb2FwaWNfYmRmW0lPX0FQSUNfSUQoYXBpYyldOworICAgICAg ICAgICAgYmRmID0gaW9hcGljX2JkZltJT19BUElDX0lEKGFwaWMpXS5iZGY7 CiAgICAgICAgICAgICBpb21tdSA9IGZpbmRfaW9tbXVfZm9yX2RldmljZShi ZGYpOwogICAgICAgICAgICAgaWYgKCAhaW9tbXUgKQogICAgICAgICAgICAg ewpAQCAtMjA3LDYgKzIxNSw3IEBAIGludCBfX2luaXQgYW1kX2lvbW11X3Nl dHVwX2lvYXBpY19yZW1hcHAKICAgICAgICAgICAgICAgICBmbHVzaF9jb21t YW5kX2J1ZmZlcihpb21tdSk7CiAgICAgICAgICAgICAgICAgc3Bpbl91bmxv Y2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKICAgICAgICAg ICAgIH0KKyAgICAgICAgICAgIHNldF9iaXQocGluLCBpb2FwaWNfYmRmW0lP X0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCk7CiAgICAgICAgIH0KICAgICB9 CiAgICAgcmV0dXJuIDA7CkBAIC0yMTgsNiArMjI3LDcgQEAgdm9pZCBhbWRf aW9tbXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAgICAgc3RydWN0IElPX0FQSUNf cm91dGVfZW50cnkgb2xkX3J0ZSA9IHsgMCB9OwogICAgIHN0cnVjdCBJT19B UElDX3JvdXRlX2VudHJ5IG5ld19ydGUgPSB7IDAgfTsKICAgICB1bnNpZ25l ZCBpbnQgcnRlX2xvID0gKHJlZyAmIDEpID8gcmVnIC0gMSA6IHJlZzsKKyAg ICB1bnNpZ25lZCBpbnQgcGluID0gKHJlZyAtIDB4MTApIC8gMjsKICAgICBp bnQgc2F2ZWRfbWFzaywgYmRmOwogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlv bW11OwogCkBAIC0yMjgsNyArMjM4LDcgQEAgdm9pZCBhbWRfaW9tbXVfaW9h cGljX3VwZGF0ZV9pcmUoCiAgICAgfQogCiAgICAgLyogZ2V0IGRldmljZSBp ZCBvZiBpb2FwaWMgZGV2aWNlcyAqLwotICAgIGJkZiA9IGlvYXBpY19iZGZb SU9fQVBJQ19JRChhcGljKV07CisgICAgYmRmID0gaW9hcGljX2JkZltJT19B UElDX0lEKGFwaWMpXS5iZGY7CiAgICAgaW9tbXUgPSBmaW5kX2lvbW11X2Zv cl9kZXZpY2UoYmRmKTsKICAgICBpZiAoICFpb21tdSApCiAgICAgewpAQCAt MjU0LDYgKzI2NCwxNCBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRl X2lyZSgKICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRlKSArIDEpID0gdmFs dWU7CiAgICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1hc2sgJiYKKyAgICAg ICAgICF0ZXN0X2JpdChwaW4sIGlvYXBpY19iZGZbSU9fQVBJQ19JRChhcGlj KV0ucGluX3NldHVwKSApCisgICAgeworICAgICAgICBBU1NFUlQoc2F2ZWRf bWFzayk7CisgICAgICAgIF9faW9fYXBpY193cml0ZShhcGljLCByZWcsIHZh bHVlKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIC8qIG1hc2sg dGhlIGludGVycnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGludHJlbWFwIHRh YmxlICovCiAgICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAgewpAQCAtMjYy LDcgKzI4MCwxMSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2ly ZSgKICAgICB9CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0IHJlbWFwcGlu ZyBlbnRyeSAqLwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lv YXBpYyhiZGYsIGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBkYXRlX2ludHJl bWFwX2VudHJ5X2Zyb21faW9hcGljKAorICAgICAgICBiZGYsIGlvbW11LCAm bmV3X3J0ZSwKKyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChwaW4sCisgICAg ICAgICAgICAgICAgICAgICAgICAgaW9hcGljX2JkZltJT19BUElDX0lEKGFw aWMpXS5waW5fc2V0dXApID8gJm9sZF9ydGUKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgOiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQgd3JpdGUgYWNjZXNzIHRv IElPLUFQSUMgUlRFICovCiAgICAgX19pb19hcGljX3dyaXRlKGFwaWMsIHJl ZywgdmFsdWUpOwpAQCAtMzczLDYgKzM5NSwxMiBAQCB2b2lkIGFtZF9pb21t dV9tc2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAgIHJldHVybjsKICAgICB9 CiAKKyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9pbmRleCA+PSAwICkKKyAg ICAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21zZyhpb21t dSwgcGRldiwgbXNpX2Rlc2MsIE5VTEwpOworCisgICAgaWYgKCAhbXNnICkK KyAgICAgICAgcmV0dXJuOworCiAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5 X2Zyb21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIG1zZyk7CiB9 CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRf aW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvcGNp X2FtZF9pb21tdS5jCkBAIC0xOTUsNiArMTk1LDggQEAgaW50IF9faW5pdCBh bWRfaW92X2RldGVjdCh2b2lkKQogICAgIHsKICAgICAgICAgcHJpbnRrKCJB TUQtVmk6IE5vdCBvdmVycmlkaW5nIGlycV92ZWN0b3JfbWFwIHNldHRpbmdc biIpOwogICAgIH0KKyAgICBpZiAoICFhbWRfaW9tbXVfcGVyZGV2X2ludHJl bWFwICkKKyAgICAgICAgcHJpbnRrKFhFTkxPR19XQVJOSU5HICJBTUQtVmk6 IFVzaW5nIGdsb2JhbCBpbnRlcnJ1cHQgcmVtYXAgdGFibGUgaXMgbm90IHJl Y29tbWVuZGVkIChzZWUgWFNBLTM2KSFcbiIpOwogICAgIHJldHVybiBzY2Fu X3BjaV9kZXZpY2VzKCk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Ro cm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9p b21tdS5jCkBAIC00OSw3ICs0OSw3IEBAIGJvb2xfdCBfX3JlYWRfbW9zdGx5 IGlvbW11X3FpbnZhbCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21t dV9pbnRyZW1hcCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9o YXBfcHRfc2hhcmU7CiBib29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVf ZGVidWc7Ci1ib29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVfcGVyZGV2 X2ludHJlbWFwOworYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lvbW11X3Bl cmRldl9pbnRyZW1hcCA9IDE7CiAKIHN0YXRpYyB2b2lkIF9faW5pdCBwYXJz ZV9pb21tdV9wYXJhbShjaGFyICpzKQogewpAQCAtNzgsNiArNzgsOCBAQCBz dGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfaW9tbXVfcGFyYW0oY2hhCiAgICAg ICAgICAgICBhbWRfaW9tbXVfZGVidWcgPSAxOwogICAgICAgICBlbHNlIGlm ICggIXN0cmNtcChzLCAiYW1kLWlvbW11LXBlcmRldi1pbnRyZW1hcCIpICkK ICAgICAgICAgICAgIGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAgPSAxOwor ICAgICAgICBlbHNlIGlmICggIXN0cmNtcChzLCAiYW1kLWlvbW11LWdsb2Jh bC1pbnRyZW1hcCIpICkKKyAgICAgICAgICAgIGFtZF9pb21tdV9wZXJkZXZf aW50cmVtYXAgPSAwOwogICAgICAgICBlbHNlIGlmICggIXN0cmNtcChzLCAi ZG9tMC1wYXNzdGhyb3VnaCIpICkKICAgICAgICAgICAgIGlvbW11X3Bhc3N0 aHJvdWdoID0gMTsKICAgICAgICAgZWxzZSBpZiAoICFzdHJjbXAocywgImRv bTAtc3RyaWN0IikgKQotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2h2bS9z dm0vYW1kLWlvbW11LXByb3RvLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4 Ni9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oCkBAIC04OCw2ICs4OCwxMSBA QCB2b2lkIGFtZF9pb21tdV9yZWFkX21zaV9mcm9tX2lyZSgKIHVuc2lnbmVk IGludCBhbWRfaW9tbXVfcmVhZF9pb2FwaWNfZnJvbV9pcmUoCiAgICAgdW5z aWduZWQgaW50IGFwaWMsIHVuc2lnbmVkIGludCByZWcpOwogCitleHRlcm4g c3RydWN0IGlvYXBpY19iZGYgeworICAgIHUxNiBiZGY7CisgICAgdW5zaWdu ZWQgbG9uZyAqcGluX3NldHVwOworfSBpb2FwaWNfYmRmW107CisKIC8qIHBv d2VyIG1hbmFnZW1lbnQgc3VwcG9ydCAqLwogdm9pZCBhbWRfaW9tbXVfcmVz dW1lKHZvaWQpOwogdm9pZCBhbWRfaW9tbXVfc3VzcGVuZCh2b2lkKTsK --=separator Content-Type: application/octet-stream; name="xsa36-4.2.patch" Content-Disposition: attachment; filename="xsa36-4.2.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgotLS0g YS94ZW4vYXJjaC94ODYvaXJxLmMKKysrIGIveGVuL2FyY2gveDg2L2lycS5j CkBAIC0xOTQyLDkgKzE5NDIsNiBAQCBpbnQgbWFwX2RvbWFpbl9waXJxKAog ICAgICAgICBzcGluX2xvY2tfaXJxc2F2ZSgmZGVzYy0+bG9jaywgZmxhZ3Mp OwogICAgICAgICBzZXRfZG9tYWluX2lycV9waXJxKGQsIGlycSwgaW5mbyk7 CiAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJmRlc2MtPmxvY2ss IGZsYWdzKTsKLQotICAgICAgICBpZiAoIG9wdF9pcnFfdmVjdG9yX21hcCA9 PSBPUFRfSVJRX1ZFQ1RPUl9NQVBfUEVSREVWICkKLSAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfSU5GTyAiUGVyLWRldmljZSB2ZWN0b3IgbWFwcyBmb3Ig R1NJcyBub3QgaW1wbGVtZW50ZWQgeWV0LlxuIik7CiAgICAgfQogCiBkb25l OgotLS0gYS94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCisrKyBiL3hlbi9k cml2ZXJzL2FjcGkvdGFibGVzLmMKQEAgLTI2Nyw3ICsyNjcsNyBAQCBhY3Bp X3RhYmxlX3BhcnNlX21hZHQoZW51bSBhY3BpX21hZHRfdHlwCiAgKiBAaGFu ZGxlcjogaGFuZGxlciB0byBydW4KICAqCiAgKiBTY2FuIHRoZSBBQ1BJIFN5 c3RlbSBEZXNjcmlwdG9yIFRhYmxlIChTVEQpIGZvciBhIHRhYmxlIG1hdGNo aW5nIEBpZCwKLSAqIHJ1biBAaGFuZGxlciBvbiBpdC4gIFJldHVybiAwIGlm IHRhYmxlIGZvdW5kLCByZXR1cm4gb24gaWYgbm90LgorICogcnVuIEBoYW5k bGVyIG9uIGl0LgogICovCiBpbnQgX19pbml0IGFjcGlfdGFibGVfcGFyc2Uo Y2hhciAqaWQsIGFjcGlfdGFibGVfaGFuZGxlciBoYW5kbGVyKQogewpAQCAt MjgyLDggKzI4Miw3IEBAIGludCBfX2luaXQgYWNwaV90YWJsZV9wYXJzZShj aGFyICppZCwgYWMKIAkJYWNwaV9nZXRfdGFibGUoaWQsIDAsICZ0YWJsZSk7 CiAKIAlpZiAodGFibGUpIHsKLQkJaGFuZGxlcih0YWJsZSk7Ci0JCXJldHVy biAwOworCQlyZXR1cm4gaGFuZGxlcih0YWJsZSk7CiAJfSBlbHNlCiAJCXJl dHVybiAxOwogfQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfYWNwaS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9hY3BpLmMKQEAgLTIyLDYgKzIyLDcgQEAKICNpbmNsdWRlIDx4 ZW4vZXJybm8uaD4KICNpbmNsdWRlIDx4ZW4vYWNwaS5oPgogI2luY2x1ZGUg PGFzbS9hcGljZGVmLmg+CisjaW5jbHVkZSA8YXNtL2lvX2FwaWMuaD4KICNp bmNsdWRlIDxhc20vYW1kLWlvbW11Lmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9z dm0vYW1kLWlvbW11LXByb3RvLmg+CiAKQEAgLTYzNSw2ICs2MzYsNyBAQCBz dGF0aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAg dTE2IGhlYWRlcl9sZW5ndGgsIHUxNiBibG9ja19sZW5ndGgsIHN0cnVjdCBh bWRfaW9tbXUgKmlvbW11KQogewogICAgIHUxNiBkZXZfbGVuZ3RoLCBiZGY7 CisgICAgaW50IGFwaWM7CiAKICAgICBkZXZfbGVuZ3RoID0gc2l6ZW9mKCpz cGVjaWFsKTsKICAgICBpZiAoIGhlYWRlcl9sZW5ndGggPCAoYmxvY2tfbGVu Z3RoICsgZGV2X2xlbmd0aCkgKQpAQCAtNjUxLDEwICs2NTMsNTkgQEAgc3Rh dGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZpY2Vfc3BlYwogICAgIH0K IAogICAgIGFkZF9pdnJzX21hcHBpbmdfZW50cnkoYmRmLCBiZGYsIHNwZWNp YWwtPmhlYWRlci5kYXRhX3NldHRpbmcsIGlvbW11KTsKLSAgICAvKiBzZXQg ZGV2aWNlIGlkIG9mIGlvYXBpYyAqLwotICAgIGlvYXBpY19zYmRmW3NwZWNp YWwtPmhhbmRsZV0uYmRmID0gYmRmOwotICAgIGlvYXBpY19zYmRmW3NwZWNp YWwtPmhhbmRsZV0uc2VnID0gc2VnOwotICAgIHJldHVybiBkZXZfbGVuZ3Ro OworCisgICAgaWYgKCBzcGVjaWFsLT52YXJpZXR5ICE9IEFDUElfSVZIRF9J T0FQSUMgKQorICAgIHsKKyAgICAgICAgaWYgKCBzcGVjaWFsLT52YXJpZXR5 ICE9IEFDUElfSVZIRF9IUEVUICkKKyAgICAgICAgICAgIHByaW50ayhYRU5M T0dfRVJSICJVbnJlY29nbml6ZWQgSVZIRCBzcGVjaWFsIHZhcmlldHkgJSN4 XG4iLAorICAgICAgICAgICAgICAgICAgIHNwZWNpYWwtPnZhcmlldHkpOwor ICAgICAgICByZXR1cm4gZGV2X2xlbmd0aDsKKyAgICB9CisKKyAgICAvKgor ICAgICAqIFNvbWUgQklPU2VzIGhhdmUgSU9BUElDIGJyb2tlbiBlbnRyaWVz IHNvIHdlIGNoZWNrIGZvciBJVlJTCisgICAgICogY29uc2lzdGVuY3kgaGVy ZSAtLS0gd2hldGhlciBlbnRyeSdzIElPQVBJQyBJRCBpcyB2YWxpZCBhbmQK KyAgICAgKiB3aGV0aGVyIHRoZXJlIGFyZSBjb25mbGljdGluZy9kdXBsaWNh dGVkIGVudHJpZXMuCisgICAgICovCisgICAgZm9yICggYXBpYyA9IDA7IGFw aWMgPCBucl9pb2FwaWNzOyBhcGljKysgKQorICAgIHsKKyAgICAgICAgaWYg KCBJT19BUElDX0lEKGFwaWMpICE9IHNwZWNpYWwtPmhhbmRsZSApCisgICAg ICAgICAgICBjb250aW51ZTsKKworICAgICAgICBpZiAoIGlvYXBpY19zYmRm W3NwZWNpYWwtPmhhbmRsZV0ucGluX3NldHVwICkKKyAgICAgICAgeworICAg ICAgICAgICAgaWYgKCBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLmJk ZiA9PSBiZGYgJiYKKyAgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZbc3Bl Y2lhbC0+aGFuZGxlXS5zZWcgPT0gc2VnICkKKyAgICAgICAgICAgICAgICBB TURfSU9NTVVfREVCVUcoIklWSEQgV2FybmluZzogRHVwbGljYXRlIElPLUFQ SUMgJSN4IGVudHJpZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNwZWNpYWwtPmhhbmRsZSk7CisgICAgICAgICAgICBlbHNlCisg ICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19F UlIgIklWSEQgRXJyb3I6IENvbmZsaWN0aW5nIElPLUFQSUMgJSN4IGVudHJp ZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAgIHNwZWNpYWwtPmhhbmRs ZSk7CisgICAgICAgICAgICAgICAgaWYgKCBhbWRfaW9tbXVfcGVyZGV2X2lu dHJlbWFwICkKKyAgICAgICAgICAgICAgICAgICAgcmV0dXJuIDA7CisgICAg ICAgICAgICB9CisgICAgICAgIH0KKyAgICAgICAgZWxzZQorICAgICAgICB7 CisgICAgICAgICAgICAvKiBzZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyAqLwor ICAgICAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lhbC0+aGFuZGxlXS5iZGYg PSBiZGY7CisgICAgICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5k bGVdLnNlZyA9IHNlZzsKKworICAgICAgICAgICAgaW9hcGljX3NiZGZbc3Bl Y2lhbC0+aGFuZGxlXS5waW5fc2V0dXAgPSB4emFsbG9jX2FycmF5KAorICAg ICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcsIEJJVFNfVE9fTE9OR1MobnJf aW9hcGljX2VudHJpZXNbYXBpY10pKTsKKyAgICAgICAgICAgIGlmICggbnJf aW9hcGljX2VudHJpZXNbYXBpY10gJiYKKyAgICAgICAgICAgICAgICAgIWlv YXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCApCisgICAg ICAgICAgICB7CisgICAgICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19FUlIg IklWSEQgRXJyb3I6IE91dCBvZiBtZW1vcnlcbiIpOworICAgICAgICAgICAg ICAgIHJldHVybiAwOworICAgICAgICAgICAgfQorICAgICAgICB9CisgICAg ICAgIHJldHVybiBkZXZfbGVuZ3RoOworICAgIH0KKworICAgIHByaW50ayhY RU5MT0dfRVJSICJJVkhEIEVycm9yOiBJbnZhbGlkIElPLUFQSUMgJSN4XG4i LCBzcGVjaWFsLT5oYW5kbGUpOworICAgIHJldHVybiAwOwogfQogCiBzdGF0 aWMgaW50IF9faW5pdCBwYXJzZV9pdmhkX2Jsb2NrKGNvbnN0IHN0cnVjdCBh Y3BpX2l2cnNfaGFyZHdhcmUgKml2aGRfYmxvY2spCi0tLSBhL3hlbi9kcml2 ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbml0LmMKKysrIGIveGVuL2Ry aXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X2luaXQuYwpAQCAtMTEyNiwx MiArMTEyNiw0NSBAQCBzdGF0aWMgaW50IF9faW5pdCBhbWRfaW9tbXVfc2V0 dXBfZGV2aWNlCiAgICAgcmV0dXJuIDA7CiB9CiAKKy8qIENoZWNrIHdoZXRo ZXIgU1A1MTAwIFNBVEEgQ29tYmluZWQgbW9kZSBpcyBvbiAqLworc3RhdGlj IGJvb2xfdCBfX2luaXQgYW1kX3NwNTEwMF9lcnJhdHVtMjgodm9pZCkKK3sK KyAgICB1MzIgYnVzLCBpZDsKKyAgICB1MTYgdmVuZG9yX2lkLCBkZXZfaWQ7 CisgICAgdTggYnl0ZTsKKworICAgIGZvciAoYnVzID0gMDsgYnVzIDwgMjU2 OyBidXMrKykKKyAgICB7CisgICAgICAgIGlkID0gcGNpX2NvbmZfcmVhZDMy KDAsIGJ1cywgMHgxNCwgMCwgUENJX1ZFTkRPUl9JRCk7CisKKyAgICAgICAg dmVuZG9yX2lkID0gaWQgJiAweGZmZmY7CisgICAgICAgIGRldl9pZCA9IChp ZCA+PiAxNikgJiAweGZmZmY7CisKKyAgICAgICAgLyogU1A1MTAwIFNNQnVz IG1vZHVsZSBzZXRzIENvbWJpbmVkIG1vZGUgb24gKi8KKyAgICAgICAgaWYg KHZlbmRvcl9pZCAhPSAweDEwMDIgfHwgZGV2X2lkICE9IDB4NDM4NSkKKyAg ICAgICAgICAgIGNvbnRpbnVlOworCisgICAgICAgIGJ5dGUgPSBwY2lfY29u Zl9yZWFkOCgwLCBidXMsIDB4MTQsIDAsIDB4YWQpOworICAgICAgICBpZiAo IChieXRlID4+IDMpICYgMSApCisgICAgICAgIHsKKyAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfV0FSTklORyAiQU1ELVZpOiBTUDUxMDAgZXJyYXR1bSAy OCBkZXRlY3RlZCwgZGlzYWJsaW5nIElPTU1VLlxuIgorICAgICAgICAgICAg ICAgICAgICJJZiBwb3NzaWJsZSwgZGlzYWJsZSBTQVRBIENvbWJpbmVkIG1v ZGUgaW4gQklPUyBvciBjb250YWN0IHlvdXIgdmVuZG9yIGZvciBCSU9TIHVw ZGF0ZS5cbiIpOworICAgICAgICAgICAgcmV0dXJuIDE7CisgICAgICAgIH0K KyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKwogaW50IF9faW5pdCBhbWRf aW9tbXVfaW5pdCh2b2lkKQogewogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlv bW11OwogCiAgICAgQlVHX09OKCAhaW9tbXVfZm91bmQoKSApOwogCisgICAg aWYgKCBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICYmIGFtZF9zcDUxMDBf ZXJyYXR1bTI4KCkgKQorICAgICAgICBnb3RvIGVycm9yX291dDsKKwogICAg IGl2cnNfYmRmX2VudHJpZXMgPSBhbWRfaW9tbXVfZ2V0X2l2cnNfZGV2X2Vu dHJpZXMoKTsKIAogICAgIGlmICggIWl2cnNfYmRmX2VudHJpZXMgKQotLS0g YS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW50ci5jCisr KyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbnRyLmMK QEAgLTk5LDEyICs5OSwxMiBAQCBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVt YXBfZW50cnkodTMyKiBlCiBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBf ZW50cnlfZnJvbV9pb2FwaWMoCiAgICAgaW50IGJkZiwKICAgICBzdHJ1Y3Qg YW1kX2lvbW11ICppb21tdSwKLSAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9l bnRyeSAqaW9hcGljX3J0ZSkKKyAgICBjb25zdCBzdHJ1Y3QgSU9fQVBJQ19y b3V0ZV9lbnRyeSAqcnRlLAorICAgIGNvbnN0IHN0cnVjdCBJT19BUElDX3Jv dXRlX2VudHJ5ICpvbGRfcnRlKQogewogICAgIHVuc2lnbmVkIGxvbmcgZmxh Z3M7CiAgICAgdTMyKiBlbnRyeTsKICAgICB1OCBkZWxpdmVyeV9tb2RlLCBk ZXN0LCB2ZWN0b3IsIGRlc3RfbW9kZTsKLSAgICBzdHJ1Y3QgSU9fQVBJQ19y b3V0ZV9lbnRyeSAqcnRlID0gaW9hcGljX3J0ZTsKICAgICBpbnQgcmVxX2lk OwogICAgIHNwaW5sb2NrX3QgKmxvY2s7CiAgICAgaW50IG9mZnNldDsKQEAg LTEyMCw2ICsxMjAsMTQgQEAgc3RhdGljIHZvaWQgdXBkYXRlX2ludHJlbWFw X2VudHJ5X2Zyb21faQogICAgIHNwaW5fbG9ja19pcnFzYXZlKGxvY2ssIGZs YWdzKTsKIAogICAgIG9mZnNldCA9IGdldF9pbnRyZW1hcF9vZmZzZXQodmVj dG9yLCBkZWxpdmVyeV9tb2RlKTsKKyAgICBpZiAoIG9sZF9ydGUgKQorICAg IHsKKyAgICAgICAgaW50IG9sZF9vZmZzZXQgPSBnZXRfaW50cmVtYXBfb2Zm c2V0KG9sZF9ydGUtPnZlY3RvciwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIG9sZF9ydGUtPmRlbGl2ZXJ5X21vZGUp OworCisgICAgICAgIGlmICggb2Zmc2V0ICE9IG9sZF9vZmZzZXQgKQorICAg ICAgICAgICAgZnJlZV9pbnRyZW1hcF9lbnRyeShpb21tdS0+c2VnLCBiZGYs IG9sZF9vZmZzZXQpOworICAgIH0KICAgICBlbnRyeSA9ICh1MzIqKWdldF9p bnRyZW1hcF9lbnRyeShpb21tdS0+c2VnLCByZXFfaWQsIG9mZnNldCk7CiAg ICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5KGVudHJ5LCB2ZWN0b3IsIGRlbGl2 ZXJ5X21vZGUsIGRlc3RfbW9kZSwgZGVzdCk7CiAKQEAgLTE4OCw2ICsxOTYs NyBAQCBpbnQgX19pbml0IGFtZF9pb21tdV9zZXR1cF9pb2FwaWNfcmVtYXBw CiAgICAgICAgICAgICAgICAgYW1kX2lvbW11X2ZsdXNoX2ludHJlbWFwKGlv bW11LCByZXFfaWQpOwogICAgICAgICAgICAgICAgIHNwaW5fdW5sb2NrX2ly cXJlc3RvcmUoJmlvbW11LT5sb2NrLCBmbGFncyk7CiAgICAgICAgICAgICB9 CisgICAgICAgICAgICBzZXRfYml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJ Q19JRChhcGljKV0ucGluX3NldHVwKTsKICAgICAgICAgfQogICAgIH0KICAg ICByZXR1cm4gMDsKQEAgLTE5OSw2ICsyMDgsNyBAQCB2b2lkIGFtZF9pb21t dV9pb2FwaWNfdXBkYXRlX2lyZSgKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0 ZV9lbnRyeSBvbGRfcnRlID0geyAwIH07CiAgICAgc3RydWN0IElPX0FQSUNf cm91dGVfZW50cnkgbmV3X3J0ZSA9IHsgMCB9OwogICAgIHVuc2lnbmVkIGlu dCBydGVfbG8gPSAocmVnICYgMSkgPyByZWcgLSAxIDogcmVnOworICAgIHVu c2lnbmVkIGludCBwaW4gPSAocmVnIC0gMHgxMCkgLyAyOwogICAgIGludCBz YXZlZF9tYXNrLCBzZWcsIGJkZjsKICAgICBzdHJ1Y3QgYW1kX2lvbW11ICpp b21tdTsKIApAQCAtMjM2LDYgKzI0NiwxNCBAQCB2b2lkIGFtZF9pb21tdV9p b2FwaWNfdXBkYXRlX2lyZSgKICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRl KSArIDEpID0gdmFsdWU7CiAgICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1h c2sgJiYKKyAgICAgICAgICF0ZXN0X2JpdChwaW4sIGlvYXBpY19zYmRmW0lP X0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCkgKQorICAgIHsKKyAgICAgICAg QVNTRVJUKHNhdmVkX21hc2spOworICAgICAgICBfX2lvX2FwaWNfd3JpdGUo YXBpYywgcmVnLCB2YWx1ZSk7CisgICAgICAgIHJldHVybjsKKyAgICB9CisK ICAgICAvKiBtYXNrIHRoZSBpbnRlcnJ1cHQgd2hpbGUgd2UgY2hhbmdlIHRo ZSBpbnRyZW1hcCB0YWJsZSAqLwogICAgIGlmICggIXNhdmVkX21hc2sgKQog ICAgIHsKQEAgLTI0NCw3ICsyNjIsMTEgQEAgdm9pZCBhbWRfaW9tbXVfaW9h cGljX3VwZGF0ZV9pcmUoCiAgICAgfQogCiAgICAgLyogVXBkYXRlIGludGVy cnVwdCByZW1hcHBpbmcgZW50cnkgKi8KLSAgICB1cGRhdGVfaW50cmVtYXBf ZW50cnlfZnJvbV9pb2FwaWMoYmRmLCBpb21tdSwgJm5ld19ydGUpOworICAg IHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lvYXBpYygKKyAgICAgICAg YmRmLCBpb21tdSwgJm5ld19ydGUsCisgICAgICAgIHRlc3RfYW5kX3NldF9i aXQocGluLAorICAgICAgICAgICAgICAgICAgICAgICAgIGlvYXBpY19zYmRm W0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCkgPyAmb2xkX3J0ZQorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgOiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQg d3JpdGUgYWNjZXNzIHRvIElPLUFQSUMgUlRFICovCiAgICAgX19pb19hcGlj X3dyaXRlKGFwaWMsIHJlZywgdmFsdWUpOwpAQCAtMzU0LDYgKzM3NiwxMiBA QCB2b2lkIGFtZF9pb21tdV9tc2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAg IHJldHVybjsKICAgICB9CiAKKyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9p bmRleCA+PSAwICkKKyAgICAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zy b21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIE5VTEwpOworCisg ICAgaWYgKCAhbXNnICkKKyAgICAgICAgcmV0dXJuOworCiAgICAgdXBkYXRl X2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNp X2Rlc2MsIG1zZyk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91 Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jCkBAIC0yMDUsNiArMjA1LDgg QEAgaW50IF9faW5pdCBhbWRfaW92X2RldGVjdCh2b2lkKQogICAgIHsKICAg ICAgICAgcHJpbnRrKCJBTUQtVmk6IE5vdCBvdmVycmlkaW5nIGlycV92ZWN0 b3JfbWFwIHNldHRpbmdcbiIpOwogICAgIH0KKyAgICBpZiAoICFhbWRfaW9t bXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgcHJpbnRrKFhFTkxPR19X QVJOSU5HICJBTUQtVmk6IFVzaW5nIGdsb2JhbCBpbnRlcnJ1cHQgcmVtYXAg dGFibGUgaXMgbm90IHJlY29tbWVuZGVkIChzZWUgWFNBLTM2KSFcbiIpOwog ICAgIHJldHVybiBzY2FuX3BjaV9kZXZpY2VzKCk7CiB9CiAKLS0tIGEveGVu L2RyaXZlcnMvcGFzc3Rocm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9pb21tdS5jCkBAIC01Miw3ICs1Miw3IEBAIGJvb2xf dCBfX3JlYWRfbW9zdGx5IGlvbW11X3FpbnZhbCA9IDE7CiBib29sX3QgX19y ZWFkX21vc3RseSBpb21tdV9pbnRyZW1hcCA9IDE7CiBib29sX3QgX19yZWFk X21vc3RseSBpb21tdV9oYXBfcHRfc2hhcmUgPSAxOwogYm9vbF90IF9fcmVh ZF9tb3N0bHkgaW9tbXVfZGVidWc7Ci1ib29sX3QgX19yZWFkX21vc3RseSBh bWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwOworYm9vbF90IF9fcmVhZF9tb3N0 bHkgYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCA9IDE7CiAKIERFRklORV9Q RVJfQ1BVKGJvb2xfdCwgaW9tbXVfZG9udF9mbHVzaF9pb3RsYik7CiAKLS0t IGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9odm0vc3ZtL2FtZC1pb21tdS1wcm90 by5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvaHZtL3N2bS9hbWQtaW9t bXUtcHJvdG8uaApAQCAtMTAwLDYgKzEwMCw3IEBAIHZvaWQgYW1kX2lvbW11 X3JlYWRfbXNpX2Zyb21faXJlKAogCiBleHRlcm4gc3RydWN0IGlvYXBpY19z YmRmIHsKICAgICB1MTYgYmRmLCBzZWc7CisgICAgdW5zaWduZWQgbG9uZyAq cGluX3NldHVwOwogfSBpb2FwaWNfc2JkZltNQVhfSU9fQVBJQ1NdOwogZXh0 ZXJuIHZvaWQgKnNoYXJlZF9pbnRyZW1hcF90YWJsZTsKIAo= --=separator Content-Type: application/octet-stream; name="xsa36-unstable.patch" Content-Disposition: attachment; filename="xsa36-unstable.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgotLS0g YS94ZW4vYXJjaC94ODYvaXJxLmMKKysrIGIveGVuL2FyY2gveDg2L2lycS5j CkBAIC0xOTQzLDkgKzE5NDMsNiBAQCBpbnQgbWFwX2RvbWFpbl9waXJxKAog ICAgICAgICBzcGluX2xvY2tfaXJxc2F2ZSgmZGVzYy0+bG9jaywgZmxhZ3Mp OwogICAgICAgICBzZXRfZG9tYWluX2lycV9waXJxKGQsIGlycSwgaW5mbyk7 CiAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJmRlc2MtPmxvY2ss IGZsYWdzKTsKLQotICAgICAgICBpZiAoIG9wdF9pcnFfdmVjdG9yX21hcCA9 PSBPUFRfSVJRX1ZFQ1RPUl9NQVBfUEVSREVWICkKLSAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfSU5GTyAiUGVyLWRldmljZSB2ZWN0b3IgbWFwcyBmb3Ig R1NJcyBub3QgaW1wbGVtZW50ZWQgeWV0LlxuIik7CiAgICAgfQogCiBkb25l OgotLS0gYS94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCisrKyBiL3hlbi9k cml2ZXJzL2FjcGkvdGFibGVzLmMKQEAgLTI2NSw3ICsyNjUsNyBAQCBhY3Bp X3RhYmxlX3BhcnNlX21hZHQoZW51bSBhY3BpX21hZHRfdHlwCiAgKiBAaGFu ZGxlcjogaGFuZGxlciB0byBydW4KICAqCiAgKiBTY2FuIHRoZSBBQ1BJIFN5 c3RlbSBEZXNjcmlwdG9yIFRhYmxlIChTVEQpIGZvciBhIHRhYmxlIG1hdGNo aW5nIEBpZCwKLSAqIHJ1biBAaGFuZGxlciBvbiBpdC4gIFJldHVybiAwIGlm IHRhYmxlIGZvdW5kLCByZXR1cm4gb24gaWYgbm90LgorICogcnVuIEBoYW5k bGVyIG9uIGl0LgogICovCiBpbnQgX19pbml0IGFjcGlfdGFibGVfcGFyc2Uo Y2hhciAqaWQsIGFjcGlfdGFibGVfaGFuZGxlciBoYW5kbGVyKQogewpAQCAt MjgwLDggKzI4MCw3IEBAIGludCBfX2luaXQgYWNwaV90YWJsZV9wYXJzZShj aGFyICppZCwgYWMKIAkJYWNwaV9nZXRfdGFibGUoaWQsIDAsICZ0YWJsZSk7 CiAKIAlpZiAodGFibGUpIHsKLQkJaGFuZGxlcih0YWJsZSk7Ci0JCXJldHVy biAwOworCQlyZXR1cm4gaGFuZGxlcih0YWJsZSk7CiAJfSBlbHNlCiAJCXJl dHVybiAxOwogfQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfYWNwaS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9hY3BpLmMKQEAgLTIyLDYgKzIyLDcgQEAKICNpbmNsdWRlIDx4 ZW4vZXJybm8uaD4KICNpbmNsdWRlIDx4ZW4vYWNwaS5oPgogI2luY2x1ZGUg PGFzbS9hcGljZGVmLmg+CisjaW5jbHVkZSA8YXNtL2lvX2FwaWMuaD4KICNp bmNsdWRlIDxhc20vYW1kLWlvbW11Lmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9z dm0vYW1kLWlvbW11LXByb3RvLmg+CiAKQEAgLTYzNyw2ICs2MzgsNyBAQCBz dGF0aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAg dTE2IGhlYWRlcl9sZW5ndGgsIHUxNiBibG9ja19sZW5ndGgsIHN0cnVjdCBh bWRfaW9tbXUgKmlvbW11KQogewogICAgIHUxNiBkZXZfbGVuZ3RoLCBiZGY7 CisgICAgaW50IGFwaWM7CiAKICAgICBkZXZfbGVuZ3RoID0gc2l6ZW9mKCpz cGVjaWFsKTsKICAgICBpZiAoIGhlYWRlcl9sZW5ndGggPCAoYmxvY2tfbGVu Z3RoICsgZGV2X2xlbmd0aCkgKQpAQCAtNjU3LDkgKzY1OSw1MyBAQCBzdGF0 aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAgc3dp dGNoICggc3BlY2lhbC0+dmFyaWV0eSApCiAgICAgewogICAgIGNhc2UgQUNQ SV9JVkhEX0lPQVBJQzoKLSAgICAvKiBzZXQgZGV2aWNlIGlkIG9mIGlvYXBp YyAqLwotICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLmJk ZiA9IGJkZjsKLSAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lhbC0+aGFuZGxl XS5zZWcgPSBzZWc7CisgICAgICAgIC8qCisgICAgICAgICAqIFNvbWUgQklP U2VzIGhhdmUgSU9BUElDIGJyb2tlbiBlbnRyaWVzIHNvIHdlIGNoZWNrIGZv ciBJVlJTCisgICAgICAgICAqIGNvbnNpc3RlbmN5IGhlcmUgLS0tIHdoZXRo ZXIgZW50cnkncyBJT0FQSUMgSUQgaXMgdmFsaWQgYW5kCisgICAgICAgICAq IHdoZXRoZXIgdGhlcmUgYXJlIGNvbmZsaWN0aW5nL2R1cGxpY2F0ZWQgZW50 cmllcy4KKyAgICAgICAgICovCisgICAgICAgIGZvciAoIGFwaWMgPSAwOyBh cGljIDwgbnJfaW9hcGljczsgYXBpYysrICkKKyAgICAgICAgeworICAgICAg ICAgICAgaWYgKCBJT19BUElDX0lEKGFwaWMpICE9IHNwZWNpYWwtPmhhbmRs ZSApCisgICAgICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgICAg IGlmICggaW9hcGljX3NiZGZbc3BlY2lhbC0+aGFuZGxlXS5waW5fc2V0dXAg KQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIGlmICggaW9hcGlj X3NiZGZbc3BlY2lhbC0+aGFuZGxlXS5iZGYgPT0gYmRmICYmCisgICAgICAg ICAgICAgICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLnNl ZyA9PSBzZWcgKQorICAgICAgICAgICAgICAgICAgICBBTURfSU9NTVVfREVC VUcoIklWSEQgV2FybmluZzogRHVwbGljYXRlIElPLUFQSUMgJSN4IGVudHJp ZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBz cGVjaWFsLT5oYW5kbGUpOworICAgICAgICAgICAgICAgIGVsc2UKKyAgICAg ICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgICAgIHByaW50ayhYRU5M T0dfRVJSICJJVkhEIEVycm9yOiBDb25mbGljdGluZyBJTy1BUElDICUjeCBl bnRyaWVzXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgc3BlY2lh bC0+aGFuZGxlKTsKKyAgICAgICAgICAgICAgICAgICAgaWYgKCBhbWRfaW9t bXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgICAgICAgICAgICAgICAg IHJldHVybiAwOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH0K KyAgICAgICAgICAgIGVsc2UKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAg ICAgICAvKiBzZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyAqLworICAgICAgICAg ICAgICAgIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0uYmRmID0gYmRm OworICAgICAgICAgICAgICAgIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRs ZV0uc2VnID0gc2VnOworCisgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZb c3BlY2lhbC0+aGFuZGxlXS5waW5fc2V0dXAgPSB4emFsbG9jX2FycmF5KAor ICAgICAgICAgICAgICAgICAgICB1bnNpZ25lZCBsb25nLCBCSVRTX1RPX0xP TkdTKG5yX2lvYXBpY19lbnRyaWVzW2FwaWNdKSk7CisgICAgICAgICAgICAg ICAgaWYgKCBucl9pb2FwaWNfZW50cmllc1thcGljXSAmJgorICAgICAgICAg ICAgICAgICAgICAgIWlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBp bl9zZXR1cCApCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAg ICAgICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogT3V0IG9mIG1l bW9yeVxuIik7CisgICAgICAgICAgICAgICAgICAgIHJldHVybiAwOworICAg ICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIGJy ZWFrOworICAgICAgICB9CisgICAgICAgIGlmICggYXBpYyA9PSBucl9pb2Fw aWNzICkKKyAgICAgICAgeworICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19F UlIgIklWSEQgRXJyb3I6IEludmFsaWQgSU8tQVBJQyAlI3hcbiIsCisgICAg ICAgICAgICAgICAgICAgc3BlY2lhbC0+aGFuZGxlKTsKKyAgICAgICAgICAg IHJldHVybiAwOworICAgICAgICB9CiAgICAgICAgIGJyZWFrOwogICAgIGNh c2UgQUNQSV9JVkhEX0hQRVQ6CiAgICAgICAgIC8qIHNldCBkZXZpY2UgaWQg b2YgaHBldCAqLwotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfaW5pdC5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9pbml0LmMKQEAgLTExMjAsMTIgKzExMjAsNDUgQEAgc3RhdGlj IGludCBfX2luaXQgYW1kX2lvbW11X3NldHVwX2RldmljZQogICAgIHJldHVy biAwOwogfQogCisvKiBDaGVjayB3aGV0aGVyIFNQNTEwMCBTQVRBIENvbWJp bmVkIG1vZGUgaXMgb24gKi8KK3N0YXRpYyBib29sX3QgX19pbml0IGFtZF9z cDUxMDBfZXJyYXR1bTI4KHZvaWQpCit7CisgICAgdTMyIGJ1cywgaWQ7Cisg ICAgdTE2IHZlbmRvcl9pZCwgZGV2X2lkOworICAgIHU4IGJ5dGU7CisKKyAg ICBmb3IgKGJ1cyA9IDA7IGJ1cyA8IDI1NjsgYnVzKyspCisgICAgeworICAg ICAgICBpZCA9IHBjaV9jb25mX3JlYWQzMigwLCBidXMsIDB4MTQsIDAsIFBD SV9WRU5ET1JfSUQpOworCisgICAgICAgIHZlbmRvcl9pZCA9IGlkICYgMHhm ZmZmOworICAgICAgICBkZXZfaWQgPSAoaWQgPj4gMTYpICYgMHhmZmZmOwor CisgICAgICAgIC8qIFNQNTEwMCBTTUJ1cyBtb2R1bGUgc2V0cyBDb21iaW5l ZCBtb2RlIG9uICovCisgICAgICAgIGlmICh2ZW5kb3JfaWQgIT0gMHgxMDAy IHx8IGRldl9pZCAhPSAweDQzODUpCisgICAgICAgICAgICBjb250aW51ZTsK KworICAgICAgICBieXRlID0gcGNpX2NvbmZfcmVhZDgoMCwgYnVzLCAweDE0 LCAwLCAweGFkKTsKKyAgICAgICAgaWYgKCAoYnl0ZSA+PiAzKSAmIDEgKQor ICAgICAgICB7CisgICAgICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5JTkcg IkFNRC1WaTogU1A1MTAwIGVycmF0dW0gMjggZGV0ZWN0ZWQsIGRpc2FibGlu ZyBJT01NVS5cbiIKKyAgICAgICAgICAgICAgICAgICAiSWYgcG9zc2libGUs IGRpc2FibGUgU0FUQSBDb21iaW5lZCBtb2RlIGluIEJJT1Mgb3IgY29udGFj dCB5b3VyIHZlbmRvciBmb3IgQklPUyB1cGRhdGUuXG4iKTsKKyAgICAgICAg ICAgIHJldHVybiAxOworICAgICAgICB9CisgICAgfQorCisgICAgcmV0dXJu IDA7Cit9CisKIGludCBfX2luaXQgYW1kX2lvbW11X2luaXQodm9pZCkKIHsK ICAgICBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdTsKIAogICAgIEJVR19PTigg IWlvbW11X2ZvdW5kKCkgKTsKIAorICAgIGlmICggYW1kX2lvbW11X3BlcmRl dl9pbnRyZW1hcCAmJiBhbWRfc3A1MTAwX2VycmF0dW0yOCgpICkKKyAgICAg ICAgZ290byBlcnJvcl9vdXQ7CisKICAgICBpdnJzX2JkZl9lbnRyaWVzID0g YW1kX2lvbW11X2dldF9pdnJzX2Rldl9lbnRyaWVzKCk7CiAKICAgICBpZiAo ICFpdnJzX2JkZl9lbnRyaWVzICkKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Ro cm91Z2gvYW1kL2lvbW11X2ludHIuYworKysgYi94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9hbWQvaW9tbXVfaW50ci5jCkBAIC0xMDAsMTIgKzEwMCwxMiBA QCBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50cnkodTMyKiBlCiBz dGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9pb2FwaWMo CiAgICAgaW50IGJkZiwKICAgICBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSwK LSAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqaW9hcGljX3J0ZSkK KyAgICBjb25zdCBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqcnRlLAor ICAgIGNvbnN0IHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICpvbGRfcnRl KQogewogICAgIHVuc2lnbmVkIGxvbmcgZmxhZ3M7CiAgICAgdTMyKiBlbnRy eTsKICAgICB1OCBkZWxpdmVyeV9tb2RlLCBkZXN0LCB2ZWN0b3IsIGRlc3Rf bW9kZTsKLSAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqcnRlID0g aW9hcGljX3J0ZTsKICAgICBpbnQgcmVxX2lkOwogICAgIHNwaW5sb2NrX3Qg KmxvY2s7CiAgICAgaW50IG9mZnNldDsKQEAgLTEyMSw2ICsxMjEsMTQgQEAg c3RhdGljIHZvaWQgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faQogICAg IHNwaW5fbG9ja19pcnFzYXZlKGxvY2ssIGZsYWdzKTsKIAogICAgIG9mZnNl dCA9IGdldF9pbnRyZW1hcF9vZmZzZXQodmVjdG9yLCBkZWxpdmVyeV9tb2Rl KTsKKyAgICBpZiAoIG9sZF9ydGUgKQorICAgIHsKKyAgICAgICAgaW50IG9s ZF9vZmZzZXQgPSBnZXRfaW50cmVtYXBfb2Zmc2V0KG9sZF9ydGUtPnZlY3Rv ciwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIG9sZF9ydGUtPmRlbGl2ZXJ5X21vZGUpOworCisgICAgICAgIGlmICgg b2Zmc2V0ICE9IG9sZF9vZmZzZXQgKQorICAgICAgICAgICAgZnJlZV9pbnRy ZW1hcF9lbnRyeShpb21tdS0+c2VnLCBiZGYsIG9sZF9vZmZzZXQpOworICAg IH0KICAgICBlbnRyeSA9ICh1MzIqKWdldF9pbnRyZW1hcF9lbnRyeShpb21t dS0+c2VnLCByZXFfaWQsIG9mZnNldCk7CiAgICAgdXBkYXRlX2ludHJlbWFw X2VudHJ5KGVudHJ5LCB2ZWN0b3IsIGRlbGl2ZXJ5X21vZGUsIGRlc3RfbW9k ZSwgZGVzdCk7CiAKQEAgLTE4OSw2ICsxOTcsNyBAQCBpbnQgX19pbml0IGFt ZF9pb21tdV9zZXR1cF9pb2FwaWNfcmVtYXBwCiAgICAgICAgICAgICAgICAg YW1kX2lvbW11X2ZsdXNoX2ludHJlbWFwKGlvbW11LCByZXFfaWQpOwogICAg ICAgICAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJmlvbW11LT5s b2NrLCBmbGFncyk7CiAgICAgICAgICAgICB9CisgICAgICAgICAgICBzZXRf Yml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3Nl dHVwKTsKICAgICAgICAgfQogICAgIH0KICAgICByZXR1cm4gMDsKQEAgLTIw MCw2ICsyMDksNyBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2ly ZSgKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSBvbGRfcnRlID0g eyAwIH07CiAgICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgbmV3X3J0 ZSA9IHsgMCB9OwogICAgIHVuc2lnbmVkIGludCBydGVfbG8gPSAocmVnICYg MSkgPyByZWcgLSAxIDogcmVnOworICAgIHVuc2lnbmVkIGludCBwaW4gPSAo cmVnIC0gMHgxMCkgLyAyOwogICAgIGludCBzYXZlZF9tYXNrLCBzZWcsIGJk ZjsKICAgICBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdTsKIApAQCAtMjM3LDYg KzI0NywxNCBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2lyZSgK ICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRlKSArIDEpID0gdmFsdWU7CiAg ICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1hc2sgJiYKKyAgICAgICAgICF0 ZXN0X2JpdChwaW4sIGlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBp bl9zZXR1cCkgKQorICAgIHsKKyAgICAgICAgQVNTRVJUKHNhdmVkX21hc2sp OworICAgICAgICBfX2lvX2FwaWNfd3JpdGUoYXBpYywgcmVnLCB2YWx1ZSk7 CisgICAgICAgIHJldHVybjsKKyAgICB9CisKICAgICAvKiBtYXNrIHRoZSBp bnRlcnJ1cHQgd2hpbGUgd2UgY2hhbmdlIHRoZSBpbnRyZW1hcCB0YWJsZSAq LwogICAgIGlmICggIXNhdmVkX21hc2sgKQogICAgIHsKQEAgLTI0NSw3ICsy NjMsMTEgQEAgdm9pZCBhbWRfaW9tbXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAg ICAgfQogCiAgICAgLyogVXBkYXRlIGludGVycnVwdCByZW1hcHBpbmcgZW50 cnkgKi8KLSAgICB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9pb2FwaWMo YmRmLCBpb21tdSwgJm5ld19ydGUpOworICAgIHVwZGF0ZV9pbnRyZW1hcF9l bnRyeV9mcm9tX2lvYXBpYygKKyAgICAgICAgYmRmLCBpb21tdSwgJm5ld19y dGUsCisgICAgICAgIHRlc3RfYW5kX3NldF9iaXQocGluLAorICAgICAgICAg ICAgICAgICAgICAgICAgIGlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyld LnBpbl9zZXR1cCkgPyAmb2xkX3J0ZQorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg OiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQgd3JpdGUgYWNjZXNzIHRvIElP LUFQSUMgUlRFICovCiAgICAgX19pb19hcGljX3dyaXRlKGFwaWMsIHJlZywg dmFsdWUpOwpAQCAtMzU2LDYgKzM3OCwxMiBAQCB2b2lkIGFtZF9pb21tdV9t c2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAgIHJldHVybjsKICAgICB9CiAK KyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9pbmRleCA+PSAwICkKKyAgICAg ICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21zZyhpb21tdSwg YmRmLCBtc2lfZGVzYywgTlVMTCk7CisKKyAgICBpZiAoICFtc2cgKQorICAg ICAgICByZXR1cm47CisKICAgICB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJv bV9tc2lfbXNnKGlvbW11LCBiZGYsIG1zaV9kZXNjLCBtc2cpOwogfQogCi0t LSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9wY2lfYW1kX2lvbW11 LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRf aW9tbXUuYwpAQCAtMjA4LDYgKzIwOCw4IEBAIGludCBfX2luaXQgYW1kX2lv dl9kZXRlY3Qodm9pZCkKICAgICB7CiAgICAgICAgIHByaW50aygiQU1ELVZp OiBOb3Qgb3ZlcnJpZGluZyBpcnFfdmVjdG9yX21hcCBzZXR0aW5nXG4iKTsK ICAgICB9CisgICAgaWYgKCAhYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCAp CisgICAgICAgIHByaW50ayhYRU5MT0dfV0FSTklORyAiQU1ELVZpOiBVc2lu ZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwIHRhYmxlIGlzIG5vdCByZWNvbW1l bmRlZCAoc2VlIFhTQS0zNikhXG4iKTsKICAgICByZXR1cm4gc2Nhbl9wY2lf ZGV2aWNlcygpOwogfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdo L2lvbW11LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvaW9tbXUu YwpAQCAtNTMsNyArNTMsNyBAQCBib29sX3QgX19yZWFkX21vc3RseSBpb21t dV9xaW52YWwgPSAxOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfaW50 cmVtYXAgPSAxOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfaGFwX3B0 X3NoYXJlID0gMTsKIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlvbW11X2RlYnVn OwotYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lvbW11X3BlcmRldl9pbnRy ZW1hcDsKK2Jvb2xfdCBfX3JlYWRfbW9zdGx5IGFtZF9pb21tdV9wZXJkZXZf aW50cmVtYXAgPSAxOwogCiBERUZJTkVfUEVSX0NQVShib29sX3QsIGlvbW11 X2RvbnRfZmx1c2hfaW90bGIpOwogCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS14 ODYvaHZtL3N2bS9hbWQtaW9tbXUtcHJvdG8uaAorKysgYi94ZW4vaW5jbHVk ZS9hc20teDg2L2h2bS9zdm0vYW1kLWlvbW11LXByb3RvLmgKQEAgLTEwMSw2 ICsxMDEsNyBAQCBpbnQgYW1kX3NldHVwX2hwZXRfbXNpKHN0cnVjdCBtc2lf ZGVzYyAqCiAKIGV4dGVybiBzdHJ1Y3QgaW9hcGljX3NiZGYgewogICAgIHUx NiBiZGYsIHNlZzsKKyAgICB1bnNpZ25lZCBsb25nICpwaW5fc2V0dXA7CiB9 IGlvYXBpY19zYmRmW01BWF9JT19BUElDU107CiBleHRlcm4gdm9pZCAqc2hh cmVkX2ludHJlbWFwX3RhYmxlOwogCg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:17:33 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:17:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMy-0007T0-DG; Tue, 05 Feb 2013 13:15:28 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMx-0007SU-9y; Tue, 05 Feb 2013 13:15:27 +0000 Received: from [85.158.143.99:40548] by server-2.bemta-4.messagelabs.com id 21/FB-01597-EE501115; Tue, 05 Feb 2013 13:15:26 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-12.tower-216.messagelabs.com!1360070121!22200145!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 27328 invoked from network); 5 Feb 2013 13:15:23 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-216.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:23 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMi-0003aO-Bd; Tue, 05 Feb 2013 13:15:12 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMi-0008AG-9I; Tue, 05 Feb 2013 13:15:12 +0000 Date: Tue, 05 Feb 2013 13:15:12 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 39 (CVE-2013-0216, CVE-2013-0217) - Linux netback DoS via malicious guest ring. X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0216,CVE-2013-0217 / XSA-39 version 2 Linux netback DoS via malicious guest ring. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an error path which is guest triggerable. IMPACT ====== A malicious guest can mount a DoS affecting the entire system. VULNERABLE SYSTEMS ================== All systems running guests with access to PV network devices are vulnerable. CVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch kernels. CVE-2013-0217 affects only mainline ("pvops") kernels. MITIGATION ========== Running HVM guests with only emulated or passthrough NICs or PV guests with only passthrough NICs will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patches in sequence resolves this issue. xsa39-pvops-*.patch Apply to mainline Linux 3.8-rc2 xsa39-classic-*.patch Apply to linux-2.6.18-xen tree. All patches for the given branch should be applied in numerical order. $ sha256sum xsa39*.patch 4b75961673b940f5eb31451080dd668b9119eb88db1df44db1a3ba4b0d037ce1 xsa39-classic-0001-xen-netback-garbage-ring.patch 096143750b99eb2d88970338c3f9debfbbfdaef766525a620281b28528ebe0ce xsa39-classic-0002-xen-netback-wrap-around.patch 99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5 xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969 xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch 70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch 5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI5AAoJEIP+FMlX6CvZLbcIAL7gpD+EzDjb+g3ZlORl1jPV +icqyDoPWeWructbggY+YcJJc2IavNrRXBSN/9edSTUXSi7YTW+Tjeh8bcLza1JM McWKxPtJB8CKEIAjAeT8qMVaNUNQuJQTtTLtXHGuQE6xwxK8YmgLzQSx91OOp9Bx 49GK1Ptnp7bQoEoc7B3oN6GXr/hs/FvaD0Cr481yUxXX1GxV+AL7sxXiJ4kXu1rE UTSLFAzUfw1KWI5wP3GQCREhysCvgIq4mZyD5+TF8MUagpg+m1aURs2AUUxrJ/Zw o+LVEKWYRsTtWIRtwYOdPHn73bllyPOrBgimTDBM9rY9CztOnN8yoPRlUz0Sux0= =UhBt -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa39-classic-0001-xen-netback-garbage-ring.patch" Content-Disposition: attachment; filename="xsa39-classic-0001-xen-netback-garbage-ring.patch" Content-Transfer-Encoding: base64 bmV0YmFjazogc2h1dGRvd24gdGhlIHJpbmcgaWYgaXQgY29udGFpbnMgZ2Fy YmFnZQoKQSBidWdneSBvciBtYWxpY2lvdXMgZnJvbnRlbmQgc2hvdWxkIG5v dCBiZSBhYmxlIHRvIGNvbmZ1c2UgbmV0YmFjay4KSWYgd2Ugc3BvdCBhbnl0 aGluZyB3aGljaCBpcyBub3QgYXMgaXQgc2hvdWxkIGJlIHRoZW4gc2h1dGRv d24gdGhlCmRldmljZSBhbmQgZG9uJ3QgdHJ5IHRvIGNvbnRpbnVlIHdpdGgg dGhlIHJpbmcgaW4gYSBwb3RlbnRpYWxseQpob3N0aWxlIHN0YXRlLiBXZWxs IGJlaGF2ZWQgYW5kIG5vbi1ob3N0aWxlIGZyb250ZW5kcyB3aWxsIG5vdCBi ZQpwZW5hbGlzZWQuCgpBcyB3ZWxsIGFzIG1ha2luZyB0aGUgZXhpc3Rpbmcg Y2hlY2tzIGZvciBzdWNoIGVycm9ycyBmYXRhbCBhbHNvIGFkZCBhCm5ldyBj aGVjayB0aGF0IGVuc3VyZXMgdGhhdCB0aGVyZSBpc24ndCBhbiBpbnNhbmUg bnVtYmVyIG9mIHJlcXVlc3RzCm9uIHRoZSByaW5nIChpLmUuIG1vcmUgdGhh biB3b3VsZCBmaXQgaW4gdGhlIHJpbmcpLiBJZiB0aGUgcmluZwpjb250YWlu cyBnYXJiYWdlIHRoZW4gcHJldmlvdXNseSBpcyB3YXMgcG9zc2libGUgdG8g bG9vcCBvdmVyIHRoaXMKaW5zYW5lIG51bWJlciwgZ2V0dGluZyBhbiBlcnJv ciBlYWNoIHRpbWUgYW5kIHRoZXJlZm9yZSBub3QgZ2VuZXJhdGluZwphbnkg bW9yZSBwZW5kaW5nIHJlcXVlc3RzIGFuZCB0aGVyZWZvcmUgbm90IGV4aXRp bmcgdGhlIGxvb3AgaW4KeGVuX25ldGJrX3R4X2J1aWxkX2dvcHMgZm9yIGFu IGV4dGVybmRlZCBwZXJpb2QuCgpBbHNvIHR1cm4gdmFyaW91cyBuZXRkZXZf ZGJnIGNhbGxzIHdoaWNoIG5vIHByZWNpcGl0YXRlIGEgZmF0YWwgZXJyb3IK aW50byBuZXRkZXZfZXJyLCB0aGV5IGFyZSByYXRlIGxpbWl0ZWQgYmVjYXVz ZSB0aGUgZGV2aWNlIGlzIHNodXRkb3duCmFmdGVyd2FyZHMuCgpUaGlzIGZp eGVzIGF0IGxlYXN0IG9uZSBrbm93biBEb1Mvc29mdGxvY2t1cCBvZiB0aGUg YmFja2VuZCBkb21haW4uCgpTaWduZWQtb2ZmLWJ5OiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8SkJldWxpY2hAc3VzZS5jb20+CgotLS0gYS9kcml2ZXJzL3hl bi9uZXRiYWNrL2NvbW1vbi5oCisrKyBiL2RyaXZlcnMveGVuL25ldGJhY2sv Y29tbW9uLmgKQEAgLTIwNCw2ICsyMDQsOSBAQCBpbnQgbmV0aWZfYmVfc3Rh cnRfeG1pdChzdHJ1Y3Qgc2tfYnVmZiAqCiBzdHJ1Y3QgbmV0X2RldmljZV9z dGF0cyAqbmV0aWZfYmVfZ2V0X3N0YXRzKHN0cnVjdCBuZXRfZGV2aWNlICpk ZXYpOwogaXJxcmV0dXJuX3QgbmV0aWZfYmVfaW50KGludCBpcnEsIHZvaWQg KmRldl9pZCwgc3RydWN0IHB0X3JlZ3MgKnJlZ3MpOwogCisvKiBQcmV2ZW50 IHRoZSBkZXZpY2UgZnJvbSBnZW5lcmF0aW5nIGFueSBmdXJ0aGVyIHRyYWZm aWMuICovCit2b2lkIHhlbnZpZl9jYXJyaWVyX29mZihuZXRpZl90ICpuZXRp Zik7CisKIHN0YXRpYyBpbmxpbmUgaW50IG5ldGJrX2Nhbl9xdWV1ZShzdHJ1 Y3QgbmV0X2RldmljZSAqZGV2KQogewogCW5ldGlmX3QgKm5ldGlmID0gbmV0 ZGV2X3ByaXYoZGV2KTsKLS0tIGEvZHJpdmVycy94ZW4vbmV0YmFjay9pbnRl cmZhY2UuYworKysgYi9kcml2ZXJzL3hlbi9uZXRiYWNrL2ludGVyZmFjZS5j CkBAIC0zNDcsMTkgKzM0NywyMyBAQCBlcnJfcng6CiAJcmV0dXJuIGVycjsK IH0KIAordm9pZCB4ZW52aWZfY2Fycmllcl9vZmYobmV0aWZfdCAqbmV0aWYp Cit7CisJcnRubF9sb2NrKCk7CisJbmV0YmFja19jYXJyaWVyX29mZihuZXRp Zik7CisJbmV0aWZfY2Fycmllcl9vZmYobmV0aWYtPmRldik7IC8qIGRpc2Nh cmQgcXVldWVkIHBhY2tldHMgKi8KKwlpZiAobmV0aWZfcnVubmluZyhuZXRp Zi0+ZGV2KSkKKwkJX19uZXRpZl9kb3duKG5ldGlmKTsKKwlydG5sX3VubG9j aygpOworCW5ldGlmX3B1dChuZXRpZik7Cit9CisKIHZvaWQgbmV0aWZfZGlz Y29ubmVjdChzdHJ1Y3QgYmFja2VuZF9pbmZvICpiZSkKIHsKIAluZXRpZl90 ICpuZXRpZiA9IGJlLT5uZXRpZjsKIAotCWlmIChuZXRiYWNrX2NhcnJpZXJf b2sobmV0aWYpKSB7Ci0JCXJ0bmxfbG9jaygpOwotCQluZXRiYWNrX2NhcnJp ZXJfb2ZmKG5ldGlmKTsKLQkJbmV0aWZfY2Fycmllcl9vZmYobmV0aWYtPmRl dik7IC8qIGRpc2NhcmQgcXVldWVkIHBhY2tldHMgKi8KLQkJaWYgKG5ldGlm X3J1bm5pbmcobmV0aWYtPmRldikpCi0JCQlfX25ldGlmX2Rvd24obmV0aWYp OwotCQlydG5sX3VubG9jaygpOwotCQluZXRpZl9wdXQobmV0aWYpOwotCX0K KwlpZiAobmV0YmFja19jYXJyaWVyX29rKG5ldGlmKSkKKwkJeGVudmlmX2Nh cnJpZXJfb2ZmKG5ldGlmKTsKIAogCWF0b21pY19kZWMoJm5ldGlmLT5yZWZj bnQpOwogCXdhaXRfZXZlbnQobmV0aWYtPndhaXRpbmdfdG9fZnJlZSwgYXRv bWljX3JlYWQoJm5ldGlmLT5yZWZjbnQpID09IDApOwotLS0gYS9kcml2ZXJz L3hlbi9uZXRiYWNrL25ldGJhY2suYworKysgYi9kcml2ZXJzL3hlbi9uZXRi YWNrL25ldGJhY2suYwpAQCAtMTAyMCw2ICsxMDIwLDE0IEBAIHN0YXRpYyB2 b2lkIG5ldGJrX3R4X2VycihuZXRpZl90ICpuZXRpZiwKIAluZXRpZl9wdXQo bmV0aWYpOwogfQogCitzdGF0aWMgdm9pZCBuZXRia19mYXRhbF90eF9lcnIo bmV0aWZfdCAqbmV0aWYpCit7CisJcHJpbnRrKEtFUk5fRVJSICIlczogZmF0 YWwgZXJyb3I7IGRpc2FibGluZyBkZXZpY2VcbiIsCisJICAgICAgIG5ldGlm LT5kZXYtPm5hbWUpOworCXhlbnZpZl9jYXJyaWVyX29mZihuZXRpZik7CisJ bmV0aWZfcHV0KG5ldGlmKTsKK30KKwogc3RhdGljIGludCBuZXRia19jb3Vu dF9yZXF1ZXN0cyhuZXRpZl90ICpuZXRpZiwgbmV0aWZfdHhfcmVxdWVzdF90 ICpmaXJzdCwKIAkJCQluZXRpZl90eF9yZXF1ZXN0X3QgKnR4cCwgaW50IHdv cmtfdG9fZG8pCiB7CkBAIC0xMDMxLDE5ICsxMDM5LDI1IEBAIHN0YXRpYyBp bnQgbmV0YmtfY291bnRfcmVxdWVzdHMobmV0aWZfdCAKIAogCWRvIHsKIAkJ aWYgKGZyYWdzID49IHdvcmtfdG9fZG8pIHsKLQkJCURQUklOVEsoIk5lZWQg bW9yZSBmcmFnc1xuIik7CisJCQlwcmludGsoS0VSTl9FUlIgIiVzOiBOZWVk IG1vcmUgZnJhZ3NcbiIsCisJCQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSk7 CisJCQluZXRia19mYXRhbF90eF9lcnIobmV0aWYpOwogCQkJcmV0dXJuIC1m cmFnczsKIAkJfQogCiAJCWlmICh1bmxpa2VseShmcmFncyA+PSBNQVhfU0tC X0ZSQUdTKSkgewotCQkJRFBSSU5USygiVG9vIG1hbnkgZnJhZ3NcbiIpOwor CQkJcHJpbnRrKEtFUk5fRVJSICIlczogVG9vIG1hbnkgZnJhZ3NcbiIsCisJ CQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSk7CisJCQluZXRia19mYXRhbF90 eF9lcnIobmV0aWYpOwogCQkJcmV0dXJuIC1mcmFnczsKIAkJfQogCiAJCW1l bWNweSh0eHAsIFJJTkdfR0VUX1JFUVVFU1QoJm5ldGlmLT50eCwgY29ucyAr IGZyYWdzKSwKIAkJICAgICAgIHNpemVvZigqdHhwKSk7CiAJCWlmICh0eHAt PnNpemUgPiBmaXJzdC0+c2l6ZSkgewotCQkJRFBSSU5USygiRnJhZ3MgZ2Fs b3JlXG4iKTsKKwkJCXByaW50ayhLRVJOX0VSUiAiJXM6IEZyYWcgaXMgYmln Z2VyIHRoYW4gZnJhbWUuXG4iLAorCQkJICAgICAgIG5ldGlmLT5kZXYtPm5h bWUpOworCQkJbmV0YmtfZmF0YWxfdHhfZXJyKG5ldGlmKTsKIAkJCXJldHVy biAtZnJhZ3M7CiAJCX0KIApAQCAtMTA1MSw4ICsxMDY1LDkgQEAgc3RhdGlj IGludCBuZXRia19jb3VudF9yZXF1ZXN0cyhuZXRpZl90IAogCQlmcmFncysr OwogCiAJCWlmICh1bmxpa2VseSgodHhwLT5vZmZzZXQgKyB0eHAtPnNpemUp ID4gUEFHRV9TSVpFKSkgewotCQkJRFBSSU5USygidHhwLT5vZmZzZXQ6ICV4 LCBzaXplOiAldVxuIiwKLQkJCQl0eHAtPm9mZnNldCwgdHhwLT5zaXplKTsK KwkJCXByaW50ayhLRVJOX0VSUiAiJXM6IHR4cC0+b2Zmc2V0OiAleCwgc2l6 ZTogJXVcbiIsCisJCQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSwgdHhwLT5v ZmZzZXQsIHR4cC0+c2l6ZSk7CisJCQluZXRia19mYXRhbF90eF9lcnIobmV0 aWYpOwogCQkJcmV0dXJuIC1mcmFnczsKIAkJfQogCX0gd2hpbGUgKCh0eHAr KyktPmZsYWdzICYgTkVUVFhGX21vcmVfZGF0YSk7CkBAIC0xMTk1LDcgKzEy MTAsOSBAQCBpbnQgbmV0YmtfZ2V0X2V4dHJhcyhuZXRpZl90ICpuZXRpZiwg c3RyCiAKIAlkbyB7CiAJCWlmICh1bmxpa2VseSh3b3JrX3RvX2RvLS0gPD0g MCkpIHsKLQkJCURQUklOVEsoIk1pc3NpbmcgZXh0cmEgaW5mb1xuIik7CisJ CQlwcmludGsoS0VSTl9FUlIgIiVzOiBNaXNzaW5nIGV4dHJhIGluZm9cbiIs CisJCQkgICAgICAgbmV0aWYtPmRldi0+bmFtZSk7CisJCQluZXRia19mYXRh bF90eF9lcnIobmV0aWYpOwogCQkJcmV0dXJuIC1FQkFEUjsKIAkJfQogCkBA IC0xMjA0LDcgKzEyMjEsOSBAQCBpbnQgbmV0YmtfZ2V0X2V4dHJhcyhuZXRp Zl90ICpuZXRpZiwgc3RyCiAJCWlmICh1bmxpa2VseSghZXh0cmEudHlwZSB8 fAogCQkJICAgICBleHRyYS50eXBlID49IFhFTl9ORVRJRl9FWFRSQV9UWVBF X01BWCkpIHsKIAkJCW5ldGlmLT50eC5yZXFfY29ucyA9ICsrY29uczsKLQkJ CURQUklOVEsoIkludmFsaWQgZXh0cmEgdHlwZTogJWRcbiIsIGV4dHJhLnR5 cGUpOworCQkJcHJpbnRrKEtFUk5fRVJSICIlczogSW52YWxpZCBleHRyYSB0 eXBlOiAlZFxuIiwKKwkJCSAgICAgICBuZXRpZi0+ZGV2LT5uYW1lLCBleHRy YS50eXBlKTsKKwkJCW5ldGJrX2ZhdGFsX3R4X2VycihuZXRpZik7CiAJCQly ZXR1cm4gLUVJTlZBTDsKIAkJfQogCkBAIC0xMjE1LDE2ICsxMjM0LDIxIEBA IGludCBuZXRia19nZXRfZXh0cmFzKG5ldGlmX3QgKm5ldGlmLCBzdHIKIAly ZXR1cm4gd29ya190b19kbzsKIH0KIAotc3RhdGljIGludCBuZXRia19zZXRf c2tiX2dzbyhzdHJ1Y3Qgc2tfYnVmZiAqc2tiLCBzdHJ1Y3QgbmV0aWZfZXh0 cmFfaW5mbyAqZ3NvKQorc3RhdGljIGludCBuZXRia19zZXRfc2tiX2dzbyhu ZXRpZl90ICpuZXRpZiwgc3RydWN0IHNrX2J1ZmYgKnNrYiwKKwkJCSAgICAg c3RydWN0IG5ldGlmX2V4dHJhX2luZm8gKmdzbykKIHsKIAlpZiAoIWdzby0+ dS5nc28uc2l6ZSkgewotCQlEUFJJTlRLKCJHU08gc2l6ZSBtdXN0IG5vdCBi ZSB6ZXJvLlxuIik7CisJCXByaW50ayhLRVJOX0VSUiAiJXM6IEdTTyBzaXpl IG11c3Qgbm90IGJlIHplcm8uXG4iLAorCQkgICAgICAgbmV0aWYtPmRldi0+ bmFtZSk7CisJCW5ldGJrX2ZhdGFsX3R4X2VycihuZXRpZik7CiAJCXJldHVy biAtRUlOVkFMOwogCX0KIAogCS8qIEN1cnJlbnRseSBvbmx5IFRDUHY0IFMu Ty4gaXMgc3VwcG9ydGVkLiAqLwogCWlmIChnc28tPnUuZ3NvLnR5cGUgIT0g WEVOX05FVElGX0dTT19UWVBFX1RDUFY0KSB7Ci0JCURQUklOVEsoIkJhZCBH U08gdHlwZSAlZC5cbiIsIGdzby0+dS5nc28udHlwZSk7CisJCXByaW50ayhL RVJOX0VSUiAiJXM6IEJhZCBHU08gdHlwZSAlZC5cbiIsCisJCSAgICAgICBu ZXRpZi0+ZGV2LT5uYW1lLCBnc28tPnUuZ3NvLnR5cGUpOworCQluZXRia19m YXRhbF90eF9lcnIobmV0aWYpOwogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAK QEAgLTEyNTksOSArMTI4MywyNSBAQCBzdGF0aWMgdm9pZCBuZXRfdHhfYWN0 aW9uKHVuc2lnbmVkIGxvbmcgCiAJCSFsaXN0X2VtcHR5KCZuZXRfc2NoZWR1 bGVfbGlzdCkpIHsKIAkJLyogR2V0IGEgbmV0aWYgZnJvbSB0aGUgbGlzdCB3 aXRoIHdvcmsgdG8gZG8uICovCiAJCW5ldGlmID0gcG9sbF9uZXRfc2NoZWR1 bGVfbGlzdCgpOworCQkvKgorCQkgKiBUaGlzIGNhbiBzb21ldGltZXMgaGFw cGVuIGJlY2F1c2UgdGhlIHRlc3Qgb2YKKwkJICogbGlzdF9lbXB0eShuZXRf c2NoZWR1bGVfbGlzdCkgYXQgdGhlIHRvcCBvZiB0aGUKKwkJICogbG9vcCBp cyB1bmxvY2tlZC4gIEp1c3QgZ28gYmFjayBhbmQgaGF2ZSBhbm90aGVyCisJ CSAqIGxvb2suCisJCSAqLwogCQlpZiAoIW5ldGlmKQogCQkJY29udGludWU7 CiAKKwkJaWYgKG5ldGlmLT50eC5zcmluZy0+cmVxX3Byb2QgLSBuZXRpZi0+ dHgucmVxX2NvbnMgPgorCQkgICAgTkVUX1RYX1JJTkdfU0laRSkgeworCQkJ cHJpbnRrKEtFUk5fRVJSICIlczogSW1wb3NzaWJsZSBudW1iZXIgb2YgcmVx dWVzdHMuICIKKwkJCSAgICAgICAicmVxX3Byb2QgJXUsIHJlcV9jb25zICV1 LCBzaXplICVsdVxuIiwKKwkJCSAgICAgICBuZXRpZi0+ZGV2LT5uYW1lLCBu ZXRpZi0+dHguc3JpbmctPnJlcV9wcm9kLAorCQkJICAgICAgIG5ldGlmLT50 eC5yZXFfY29ucywgTkVUX1RYX1JJTkdfU0laRSk7CisJCQluZXRia19mYXRh bF90eF9lcnIobmV0aWYpOworCQkJY29udGludWU7CisJCX0KKwogCQlSSU5H X0ZJTkFMX0NIRUNLX0ZPUl9SRVFVRVNUUygmbmV0aWYtPnR4LCB3b3JrX3Rv X2RvKTsKIAkJaWYgKCF3b3JrX3RvX2RvKSB7CiAJCQluZXRpZl9wdXQobmV0 aWYpOwpAQCAtMTMxMywxNyArMTM1MywxNCBAQCBzdGF0aWMgdm9pZCBuZXRf dHhfYWN0aW9uKHVuc2lnbmVkIGxvbmcgCiAJCQl3b3JrX3RvX2RvID0gbmV0 YmtfZ2V0X2V4dHJhcyhuZXRpZiwgZXh0cmFzLAogCQkJCQkJICAgICAgd29y a190b19kbyk7CiAJCQlpID0gbmV0aWYtPnR4LnJlcV9jb25zOwotCQkJaWYg KHVubGlrZWx5KHdvcmtfdG9fZG8gPCAwKSkgewotCQkJCW5ldGJrX3R4X2Vy cihuZXRpZiwgJnR4cmVxLCBpKTsKKwkJCWlmICh1bmxpa2VseSh3b3JrX3Rv X2RvIDwgMCkpCiAJCQkJY29udGludWU7Ci0JCQl9CiAJCX0KIAogCQlyZXQg PSBuZXRia19jb3VudF9yZXF1ZXN0cyhuZXRpZiwgJnR4cmVxLCB0eGZyYWdz LCB3b3JrX3RvX2RvKTsKLQkJaWYgKHVubGlrZWx5KHJldCA8IDApKSB7Ci0J CQluZXRia190eF9lcnIobmV0aWYsICZ0eHJlcSwgaSAtIHJldCk7CisJCWlm ICh1bmxpa2VseShyZXQgPCAwKSkKIAkJCWNvbnRpbnVlOwotCQl9CisKIAkJ aSArPSByZXQ7CiAKIAkJaWYgKHVubGlrZWx5KHR4cmVxLnNpemUgPCBFVEhf SExFTikpIHsKQEAgLTEzMzQsMTAgKzEzNzEsMTAgQEAgc3RhdGljIHZvaWQg bmV0X3R4X2FjdGlvbih1bnNpZ25lZCBsb25nIAogCiAJCS8qIE5vIGNyb3Nz aW5nIGEgcGFnZSBhcyB0aGUgcGF5bG9hZCBtdXN0bid0IGZyYWdtZW50LiAq LwogCQlpZiAodW5saWtlbHkoKHR4cmVxLm9mZnNldCArIHR4cmVxLnNpemUp ID4gUEFHRV9TSVpFKSkgewotCQkJRFBSSU5USygidHhyZXEub2Zmc2V0OiAl eCwgc2l6ZTogJXUsIGVuZDogJWx1XG4iLCAKLQkJCQl0eHJlcS5vZmZzZXQs IHR4cmVxLnNpemUsIAotCQkJCSh0eHJlcS5vZmZzZXQgJn5QQUdFX01BU0sp ICsgdHhyZXEuc2l6ZSk7Ci0JCQluZXRia190eF9lcnIobmV0aWYsICZ0eHJl cSwgaSk7CisJCQlwcmludGsoS0VSTl9FUlIgIiVzOiB0eHJlcS5vZmZzZXQ6 ICV4LCBzaXplOiAldSwgZW5kOiAlbHVcbiIsCisJCQkgICAgICAgbmV0aWYt PmRldi0+bmFtZSwgdHhyZXEub2Zmc2V0LCB0eHJlcS5zaXplLAorCQkJICAg ICAgICh0eHJlcS5vZmZzZXQgJiB+UEFHRV9NQVNLKSArIHR4cmVxLnNpemUp OworCQkJbmV0YmtfZmF0YWxfdHhfZXJyKG5ldGlmKTsKIAkJCWNvbnRpbnVl OwogCQl9CiAKQEAgLTEzNjIsOSArMTM5OSw5IEBAIHN0YXRpYyB2b2lkIG5l dF90eF9hY3Rpb24odW5zaWduZWQgbG9uZyAKIAkJCXN0cnVjdCBuZXRpZl9l eHRyYV9pbmZvICpnc287CiAJCQlnc28gPSAmZXh0cmFzW1hFTl9ORVRJRl9F WFRSQV9UWVBFX0dTTyAtIDFdOwogCi0JCQlpZiAobmV0Ymtfc2V0X3NrYl9n c28oc2tiLCBnc28pKSB7CisJCQlpZiAobmV0Ymtfc2V0X3NrYl9nc28obmV0 aWYsIHNrYiwgZ3NvKSkgeworCQkJCS8qIEZhaWx1cmUgaW4gbmV0Ymtfc2V0 X3NrYl9nc28gaXMgZmF0YWwuICovCiAJCQkJa2ZyZWVfc2tiKHNrYik7Ci0J CQkJbmV0YmtfdHhfZXJyKG5ldGlmLCAmdHhyZXEsIGkpOwogCQkJCWNvbnRp bnVlOwogCQkJfQogCQl9Cg== --=separator Content-Type: application/octet-stream; name="xsa39-classic-0002-xen-netback-wrap-around.patch" Content-Disposition: attachment; filename="xsa39-classic-0002-xen-netback-wrap-around.patch" Content-Transfer-Encoding: base64 bmV0YmFjazogY29ycmVjdCBuZXRia190eF9lcnIoKSB0byBoYW5kbGUgd3Jh cCBhcm91bmQKClNpZ25lZC1vZmYtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNh bXBiZWxsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNo IDxKQmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL2RyaXZlcnMveGVuL25ldGJh Y2svbmV0YmFjay5jCisrKyBiL2RyaXZlcnMveGVuL25ldGJhY2svbmV0YmFj ay5jCkBAIC0xMDExLDcgKzEwMTEsNyBAQCBzdGF0aWMgdm9pZCBuZXRia190 eF9lcnIobmV0aWZfdCAqbmV0aWYsCiAKIAlkbyB7CiAJCW1ha2VfdHhfcmVz cG9uc2UobmV0aWYsIHR4cCwgTkVUSUZfUlNQX0VSUk9SKTsKLQkJaWYgKGNv bnMgPj0gZW5kKQorCQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKIAkJ dHhwID0gUklOR19HRVRfUkVRVUVTVCgmbmV0aWYtPnR4LCBjb25zKyspOwog CX0gd2hpbGUgKDEpOwo= --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch" Content-Disposition: attachment; filename="xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch" Content-Transfer-Encoding: base64 RnJvbSA3ZGQ3Y2U0NDU5M2E4YzRjNzE1ZmE2NjUwMjdhZjhlMDcyNDVjOGNm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDExIEphbiAy MDEzIDE0OjI2OjI5ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzRdIHhlbi9u ZXRiYWNrOiBzaHV0ZG93biB0aGUgcmluZyBpZiBpdCBjb250YWlucyBnYXJi YWdlLgoKQSBidWdneSBvciBtYWxpY2lvdXMgZnJvbnRlbmQgc2hvdWxkIG5v dCBiZSBhYmxlIHRvIGNvbmZ1c2UgbmV0YmFjay4KSWYgd2Ugc3BvdCBhbnl0 aGluZyB3aGljaCBpcyBub3QgYXMgaXQgc2hvdWxkIGJlIHRoZW4gc2h1dGRv d24gdGhlCmRldmljZSBhbmQgZG9uJ3QgdHJ5IHRvIGNvbnRpbnVlIHdpdGgg dGhlIHJpbmcgaW4gYSBwb3RlbnRpYWxseQpob3N0aWxlIHN0YXRlLiBXZWxs IGJlaGF2ZWQgYW5kIG5vbi1ob3N0aWxlIGZyb250ZW5kcyB3aWxsIG5vdCBi ZQpwZW5hbGlzZWQuCgpBcyB3ZWxsIGFzIG1ha2luZyB0aGUgZXhpc3Rpbmcg Y2hlY2tzIGZvciBzdWNoIGVycm9ycyBmYXRhbCBhbHNvIGFkZCBhCm5ldyBj aGVjayB0aGF0IGVuc3VyZXMgdGhhdCB0aGVyZSBpc24ndCBhbiBpbnNhbmUg bnVtYmVyIG9mIHJlcXVlc3RzCm9uIHRoZSByaW5nIChpLmUuIG1vcmUgdGhh biB3b3VsZCBmaXQgaW4gdGhlIHJpbmcpLiBJZiB0aGUgcmluZwpjb250YWlu cyBnYXJiYWdlIHRoZW4gcHJldmlvdXNseSBpcyB3YXMgcG9zc2libGUgdG8g bG9vcCBvdmVyIHRoaXMKaW5zYW5lIG51bWJlciwgZ2V0dGluZyBhbiBlcnJv ciBlYWNoIHRpbWUgYW5kIHRoZXJlZm9yZSBub3QgZ2VuZXJhdGluZwphbnkg bW9yZSBwZW5kaW5nIHJlcXVlc3RzIGFuZCB0aGVyZWZvcmUgbm90IGV4aXRp bmcgdGhlIGxvb3AgaW4KeGVuX25ldGJrX3R4X2J1aWxkX2dvcHMgZm9yIGFu IGV4dGVybmRlZCBwZXJpb2QuCgpBbHNvIHR1cm4gdmFyaW91cyBuZXRkZXZf ZGJnIGNhbGxzIHdoaWNoIG5vIHByZWNpcGl0YXRlIGEgZmF0YWwgZXJyb3IK aW50byBuZXRkZXZfZXJyLCB0aGV5IGFyZSByYXRlIGxpbWl0ZWQgYmVjYXVz ZSB0aGUgZGV2aWNlIGlzIHNodXRkb3duCmFmdGVyd2FyZHMuCgpUaGlzIGZp eGVzIGF0IGxlYXN0IG9uZSBrbm93biBEb1Mvc29mdGxvY2t1cCBvZiB0aGUg YmFja2VuZCBkb21haW4uCgpTaWduZWQtb2ZmLWJ5OiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogS29ucmFk IFJ6ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgpBY2tl ZC1ieTogSmFuIEJldWxpY2ggPEpCZXVsaWNoQHN1c2UuY29tPgotLS0KIGRy aXZlcnMvbmV0L3hlbi1uZXRiYWNrL2NvbW1vbi5oICAgIHwgICAgMyArKwog ZHJpdmVycy9uZXQveGVuLW5ldGJhY2svaW50ZXJmYWNlLmMgfCAgIDIzICsr KysrKysrLS0tLS0KIGRyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2su YyAgIHwgICA2MyArKysrKysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0t CiAzIGZpbGVzIGNoYW5nZWQsIDYzIGluc2VydGlvbnMoKyksIDI2IGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNr L2NvbW1vbi5oIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svY29tbW9uLmgK aW5kZXggOTRiNzljMy4uOWQ3ZjE3MiAxMDA2NDQKLS0tIGEvZHJpdmVycy9u ZXQveGVuLW5ldGJhY2svY29tbW9uLmgKKysrIGIvZHJpdmVycy9uZXQveGVu LW5ldGJhY2svY29tbW9uLmgKQEAgLTE1MSw2ICsxNTEsOSBAQCB2b2lkIHhl bl9uZXRia19xdWV1ZV90eF9za2Ioc3RydWN0IHhlbnZpZiAqdmlmLCBzdHJ1 Y3Qgc2tfYnVmZiAqc2tiKTsKIC8qIE5vdGlmeSB4ZW52aWYgdGhhdCByaW5n IG5vdyBoYXMgc3BhY2UgdG8gc2VuZCBhbiBza2IgdG8gdGhlIGZyb250ZW5k ICovCiB2b2lkIHhlbnZpZl9ub3RpZnlfdHhfY29tcGxldGlvbihzdHJ1Y3Qg eGVudmlmICp2aWYpOwogCisvKiBQcmV2ZW50IHRoZSBkZXZpY2UgZnJvbSBn ZW5lcmF0aW5nIGFueSBmdXJ0aGVyIHRyYWZmaWMuICovCit2b2lkIHhlbnZp Zl9jYXJyaWVyX29mZihzdHJ1Y3QgeGVudmlmICp2aWYpOworCiAvKiBSZXR1 cm5zIG51bWJlciBvZiByaW5nIHNsb3RzIHJlcXVpcmVkIHRvIHNlbmQgYW4g c2tiIHRvIHRoZSBmcm9udGVuZCAqLwogdW5zaWduZWQgaW50IHhlbl9uZXRi a19jb3VudF9za2Jfc2xvdHMoc3RydWN0IHhlbnZpZiAqdmlmLCBzdHJ1Y3Qg c2tfYnVmZiAqc2tiKTsKIApkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQveGVu LW5ldGJhY2svaW50ZXJmYWNlLmMgYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFj ay9pbnRlcmZhY2UuYwppbmRleCBiN2Q0MWY4Li5iOGM1MTkzIDEwMDY0NAot LS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9pbnRlcmZhY2UuYworKysg Yi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9pbnRlcmZhY2UuYwpAQCAtMzQz LDE3ICszNDMsMjIgQEAgZXJyOgogCXJldHVybiBlcnI7CiB9CiAKLXZvaWQg eGVudmlmX2Rpc2Nvbm5lY3Qoc3RydWN0IHhlbnZpZiAqdmlmKQordm9pZCB4 ZW52aWZfY2Fycmllcl9vZmYoc3RydWN0IHhlbnZpZiAqdmlmKQogewogCXN0 cnVjdCBuZXRfZGV2aWNlICpkZXYgPSB2aWYtPmRldjsKLQlpZiAobmV0aWZf Y2Fycmllcl9vayhkZXYpKSB7Ci0JCXJ0bmxfbG9jaygpOwotCQluZXRpZl9j YXJyaWVyX29mZihkZXYpOyAvKiBkaXNjYXJkIHF1ZXVlZCBwYWNrZXRzICov Ci0JCWlmIChuZXRpZl9ydW5uaW5nKGRldikpCi0JCQl4ZW52aWZfZG93bih2 aWYpOwotCQlydG5sX3VubG9jaygpOwotCQl4ZW52aWZfcHV0KHZpZik7Ci0J fQorCisJcnRubF9sb2NrKCk7CisJbmV0aWZfY2Fycmllcl9vZmYoZGV2KTsg LyogZGlzY2FyZCBxdWV1ZWQgcGFja2V0cyAqLworCWlmIChuZXRpZl9ydW5u aW5nKGRldikpCisJCXhlbnZpZl9kb3duKHZpZik7CisJcnRubF91bmxvY2so KTsKKwl4ZW52aWZfcHV0KHZpZik7Cit9CisKK3ZvaWQgeGVudmlmX2Rpc2Nv bm5lY3Qoc3RydWN0IHhlbnZpZiAqdmlmKQoreworCWlmIChuZXRpZl9jYXJy aWVyX29rKHZpZi0+ZGV2KSkKKwkJeGVudmlmX2NhcnJpZXJfb2ZmKHZpZik7 CiAKIAlhdG9taWNfZGVjKCZ2aWYtPnJlZmNudCk7CiAJd2FpdF9ldmVudCh2 aWYtPndhaXRpbmdfdG9fZnJlZSwgYXRvbWljX3JlYWQoJnZpZi0+cmVmY250 KSA9PSAwKTsKZGlmZiAtLWdpdCBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNr L25ldGJhY2suYyBiL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2su YwppbmRleCBmMmQ2Yjc4Li4xYTQ0OWY5IDEwMDY0NAotLS0gYS9kcml2ZXJz L25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMKKysrIGIvZHJpdmVycy9uZXQv eGVuLW5ldGJhY2svbmV0YmFjay5jCkBAIC04ODgsNiArODg4LDEzIEBAIHN0 YXRpYyB2b2lkIG5ldGJrX3R4X2VycihzdHJ1Y3QgeGVudmlmICp2aWYsCiAJ eGVudmlmX3B1dCh2aWYpOwogfQogCitzdGF0aWMgdm9pZCBuZXRia19mYXRh bF90eF9lcnIoc3RydWN0IHhlbnZpZiAqdmlmKQoreworCW5ldGRldl9lcnIo dmlmLT5kZXYsICJmYXRhbCBlcnJvcjsgZGlzYWJsaW5nIGRldmljZVxuIik7 CisJeGVudmlmX2NhcnJpZXJfb2ZmKHZpZik7CisJeGVudmlmX3B1dCh2aWYp OworfQorCiBzdGF0aWMgaW50IG5ldGJrX2NvdW50X3JlcXVlc3RzKHN0cnVj dCB4ZW52aWYgKnZpZiwKIAkJCQlzdHJ1Y3QgeGVuX25ldGlmX3R4X3JlcXVl c3QgKmZpcnN0LAogCQkJCXN0cnVjdCB4ZW5fbmV0aWZfdHhfcmVxdWVzdCAq dHhwLApAQCAtOTAxLDE5ICs5MDgsMjIgQEAgc3RhdGljIGludCBuZXRia19j b3VudF9yZXF1ZXN0cyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAKIAlkbyB7CiAJ CWlmIChmcmFncyA+PSB3b3JrX3RvX2RvKSB7Ci0JCQluZXRkZXZfZGJnKHZp Zi0+ZGV2LCAiTmVlZCBtb3JlIGZyYWdzXG4iKTsKKwkJCW5ldGRldl9lcnIo dmlmLT5kZXYsICJOZWVkIG1vcmUgZnJhZ3NcbiIpOworCQkJbmV0YmtfZmF0 YWxfdHhfZXJyKHZpZik7CiAJCQlyZXR1cm4gLWZyYWdzOwogCQl9CiAKIAkJ aWYgKHVubGlrZWx5KGZyYWdzID49IE1BWF9TS0JfRlJBR1MpKSB7Ci0JCQlu ZXRkZXZfZGJnKHZpZi0+ZGV2LCAiVG9vIG1hbnkgZnJhZ3NcbiIpOworCQkJ bmV0ZGV2X2Vycih2aWYtPmRldiwgIlRvbyBtYW55IGZyYWdzXG4iKTsKKwkJ CW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYpOwogCQkJcmV0dXJuIC1mcmFnczsK IAkJfQogCiAJCW1lbWNweSh0eHAsIFJJTkdfR0VUX1JFUVVFU1QoJnZpZi0+ dHgsIGNvbnMgKyBmcmFncyksCiAJCSAgICAgICBzaXplb2YoKnR4cCkpOwog CQlpZiAodHhwLT5zaXplID4gZmlyc3QtPnNpemUpIHsKLQkJCW5ldGRldl9k YmcodmlmLT5kZXYsICJGcmFncyBnYWxvcmVcbiIpOworCQkJbmV0ZGV2X2Vy cih2aWYtPmRldiwgIkZyYWcgaXMgYmlnZ2VyIHRoYW4gZnJhbWUuXG4iKTsK KwkJCW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYpOwogCQkJcmV0dXJuIC1mcmFn czsKIAkJfQogCkBAIC05MjEsOCArOTMxLDkgQEAgc3RhdGljIGludCBuZXRi a19jb3VudF9yZXF1ZXN0cyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAJCWZyYWdz Kys7CiAKIAkJaWYgKHVubGlrZWx5KCh0eHAtPm9mZnNldCArIHR4cC0+c2l6 ZSkgPiBQQUdFX1NJWkUpKSB7Ci0JCQluZXRkZXZfZGJnKHZpZi0+ZGV2LCAi dHhwLT5vZmZzZXQ6ICV4LCBzaXplOiAldVxuIiwKKwkJCW5ldGRldl9lcnIo dmlmLT5kZXYsICJ0eHAtPm9mZnNldDogJXgsIHNpemU6ICV1XG4iLAogCQkJ CSB0eHAtPm9mZnNldCwgdHhwLT5zaXplKTsKKwkJCW5ldGJrX2ZhdGFsX3R4 X2Vycih2aWYpOwogCQkJcmV0dXJuIC1mcmFnczsKIAkJfQogCX0gd2hpbGUg KCh0eHArKyktPmZsYWdzICYgWEVOX05FVFRYRl9tb3JlX2RhdGEpOwpAQCAt MTA5NSw3ICsxMTA2LDggQEAgc3RhdGljIGludCB4ZW5fbmV0YmtfZ2V0X2V4 dHJhcyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAKIAlkbyB7CiAJCWlmICh1bmxp a2VseSh3b3JrX3RvX2RvLS0gPD0gMCkpIHsKLQkJCW5ldGRldl9kYmcodmlm LT5kZXYsICJNaXNzaW5nIGV4dHJhIGluZm9cbiIpOworCQkJbmV0ZGV2X2Vy cih2aWYtPmRldiwgIk1pc3NpbmcgZXh0cmEgaW5mb1xuIik7CisJCQluZXRi a19mYXRhbF90eF9lcnIodmlmKTsKIAkJCXJldHVybiAtRUJBRFI7CiAJCX0K IApAQCAtMTEwNCw4ICsxMTE2LDkgQEAgc3RhdGljIGludCB4ZW5fbmV0Ymtf Z2V0X2V4dHJhcyhzdHJ1Y3QgeGVudmlmICp2aWYsCiAJCWlmICh1bmxpa2Vs eSghZXh0cmEudHlwZSB8fAogCQkJICAgICBleHRyYS50eXBlID49IFhFTl9O RVRJRl9FWFRSQV9UWVBFX01BWCkpIHsKIAkJCXZpZi0+dHgucmVxX2NvbnMg PSArK2NvbnM7Ci0JCQluZXRkZXZfZGJnKHZpZi0+ZGV2LAorCQkJbmV0ZGV2 X2Vycih2aWYtPmRldiwKIAkJCQkgICAiSW52YWxpZCBleHRyYSB0eXBlOiAl ZFxuIiwgZXh0cmEudHlwZSk7CisJCQluZXRia19mYXRhbF90eF9lcnIodmlm KTsKIAkJCXJldHVybiAtRUlOVkFMOwogCQl9CiAKQEAgLTExMjEsMTMgKzEx MzQsMTUgQEAgc3RhdGljIGludCBuZXRia19zZXRfc2tiX2dzbyhzdHJ1Y3Qg eGVudmlmICp2aWYsCiAJCQkgICAgIHN0cnVjdCB4ZW5fbmV0aWZfZXh0cmFf aW5mbyAqZ3NvKQogewogCWlmICghZ3NvLT51Lmdzby5zaXplKSB7Ci0JCW5l dGRldl9kYmcodmlmLT5kZXYsICJHU08gc2l6ZSBtdXN0IG5vdCBiZSB6ZXJv LlxuIik7CisJCW5ldGRldl9lcnIodmlmLT5kZXYsICJHU08gc2l6ZSBtdXN0 IG5vdCBiZSB6ZXJvLlxuIik7CisJCW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYp OwogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAKIAkvKiBDdXJyZW50bHkgb25s eSBUQ1B2NCBTLk8uIGlzIHN1cHBvcnRlZC4gKi8KIAlpZiAoZ3NvLT51Lmdz by50eXBlICE9IFhFTl9ORVRJRl9HU09fVFlQRV9UQ1BWNCkgewotCQluZXRk ZXZfZGJnKHZpZi0+ZGV2LCAiQmFkIEdTTyB0eXBlICVkLlxuIiwgZ3NvLT51 Lmdzby50eXBlKTsKKwkJbmV0ZGV2X2Vycih2aWYtPmRldiwgIkJhZCBHU08g dHlwZSAlZC5cbiIsIGdzby0+dS5nc28udHlwZSk7CisJCW5ldGJrX2ZhdGFs X3R4X2Vycih2aWYpOwogCQlyZXR1cm4gLUVJTlZBTDsKIAl9CiAKQEAgLTEy NjQsOSArMTI3OSwyNiBAQCBzdGF0aWMgdW5zaWduZWQgeGVuX25ldGJrX3R4 X2J1aWxkX2dvcHMoc3RydWN0IHhlbl9uZXRiayAqbmV0YmspCiAKIAkJLyog R2V0IGEgbmV0aWYgZnJvbSB0aGUgbGlzdCB3aXRoIHdvcmsgdG8gZG8uICov CiAJCXZpZiA9IHBvbGxfbmV0X3NjaGVkdWxlX2xpc3QobmV0YmspOworCQkv KgorCQkgKiBUaGlzIGNhbiBzb21ldGltZXMgaGFwcGVuIGJlY2F1c2UgdGhl IHRlc3Qgb2YKKwkJICogbGlzdF9lbXB0eShuZXRfc2NoZWR1bGVfbGlzdCkg YXQgdGhlIHRvcCBvZiB0aGUKKwkJICogbG9vcCBpcyB1bmxvY2tlZC4gIEp1 c3QgZ28gYmFjayBhbmQgaGF2ZSBhbm90aGVyCisJCSAqIGxvb2suCisJCSAq LwogCQlpZiAoIXZpZikKIAkJCWNvbnRpbnVlOwogCisJCWlmICh2aWYtPnR4 LnNyaW5nLT5yZXFfcHJvZCAtIHZpZi0+dHgucmVxX2NvbnMgPgorCQkgICAg WEVOX05FVElGX1RYX1JJTkdfU0laRSkgeworCQkJbmV0ZGV2X2Vycih2aWYt PmRldiwKKwkJCQkgICAiSW1wb3NzaWJsZSBudW1iZXIgb2YgcmVxdWVzdHMu ICIKKwkJCQkgICAicmVxX3Byb2QgJWQsIHJlcV9jb25zICVkLCBzaXplICVs ZFxuIiwKKwkJCQkgICB2aWYtPnR4LnNyaW5nLT5yZXFfcHJvZCwgdmlmLT50 eC5yZXFfY29ucywKKwkJCQkgICBYRU5fTkVUSUZfVFhfUklOR19TSVpFKTsK KwkJCW5ldGJrX2ZhdGFsX3R4X2Vycih2aWYpOworCQkJY29udGludWU7CisJ CX0KKwogCQlSSU5HX0ZJTkFMX0NIRUNLX0ZPUl9SRVFVRVNUUygmdmlmLT50 eCwgd29ya190b19kbyk7CiAJCWlmICghd29ya190b19kbykgewogCQkJeGVu dmlmX3B1dCh2aWYpOwpAQCAtMTI5NCwxNyArMTMyNiwxNCBAQCBzdGF0aWMg dW5zaWduZWQgeGVuX25ldGJrX3R4X2J1aWxkX2dvcHMoc3RydWN0IHhlbl9u ZXRiayAqbmV0YmspCiAJCQl3b3JrX3RvX2RvID0geGVuX25ldGJrX2dldF9l eHRyYXModmlmLCBleHRyYXMsCiAJCQkJCQkJICB3b3JrX3RvX2RvKTsKIAkJ CWlkeCA9IHZpZi0+dHgucmVxX2NvbnM7Ci0JCQlpZiAodW5saWtlbHkod29y a190b19kbyA8IDApKSB7Ci0JCQkJbmV0YmtfdHhfZXJyKHZpZiwgJnR4cmVx LCBpZHgpOworCQkJaWYgKHVubGlrZWx5KHdvcmtfdG9fZG8gPCAwKSkKIAkJ CQljb250aW51ZTsKLQkJCX0KIAkJfQogCiAJCXJldCA9IG5ldGJrX2NvdW50 X3JlcXVlc3RzKHZpZiwgJnR4cmVxLCB0eGZyYWdzLCB3b3JrX3RvX2RvKTsK LQkJaWYgKHVubGlrZWx5KHJldCA8IDApKSB7Ci0JCQluZXRia190eF9lcnIo dmlmLCAmdHhyZXEsIGlkeCAtIHJldCk7CisJCWlmICh1bmxpa2VseShyZXQg PCAwKSkKIAkJCWNvbnRpbnVlOwotCQl9CisKIAkJaWR4ICs9IHJldDsKIAog CQlpZiAodW5saWtlbHkodHhyZXEuc2l6ZSA8IEVUSF9ITEVOKSkgewpAQCAt MTMxNiwxMSArMTM0NSwxMSBAQCBzdGF0aWMgdW5zaWduZWQgeGVuX25ldGJr X3R4X2J1aWxkX2dvcHMoc3RydWN0IHhlbl9uZXRiayAqbmV0YmspCiAKIAkJ LyogTm8gY3Jvc3NpbmcgYSBwYWdlIGFzIHRoZSBwYXlsb2FkIG11c3RuJ3Qg ZnJhZ21lbnQuICovCiAJCWlmICh1bmxpa2VseSgodHhyZXEub2Zmc2V0ICsg dHhyZXEuc2l6ZSkgPiBQQUdFX1NJWkUpKSB7Ci0JCQluZXRkZXZfZGJnKHZp Zi0+ZGV2LAorCQkJbmV0ZGV2X2Vycih2aWYtPmRldiwKIAkJCQkgICAidHhy ZXEub2Zmc2V0OiAleCwgc2l6ZTogJXUsIGVuZDogJWx1XG4iLAogCQkJCSAg IHR4cmVxLm9mZnNldCwgdHhyZXEuc2l6ZSwKIAkJCQkgICAodHhyZXEub2Zm c2V0Jn5QQUdFX01BU0spICsgdHhyZXEuc2l6ZSk7Ci0JCQluZXRia190eF9l cnIodmlmLCAmdHhyZXEsIGlkeCk7CisJCQluZXRia19mYXRhbF90eF9lcnIo dmlmKTsKIAkJCWNvbnRpbnVlOwogCQl9CiAKQEAgLTEzNDgsOCArMTM3Nyw4 IEBAIHN0YXRpYyB1bnNpZ25lZCB4ZW5fbmV0YmtfdHhfYnVpbGRfZ29wcyhz dHJ1Y3QgeGVuX25ldGJrICpuZXRiaykKIAkJCWdzbyA9ICZleHRyYXNbWEVO X05FVElGX0VYVFJBX1RZUEVfR1NPIC0gMV07CiAKIAkJCWlmIChuZXRia19z ZXRfc2tiX2dzbyh2aWYsIHNrYiwgZ3NvKSkgeworCQkJCS8qIEZhaWx1cmUg aW4gbmV0Ymtfc2V0X3NrYl9nc28gaXMgZmF0YWwuICovCiAJCQkJa2ZyZWVf c2tiKHNrYik7Ci0JCQkJbmV0YmtfdHhfZXJyKHZpZiwgJnR4cmVxLCBpZHgp OwogCQkJCWNvbnRpbnVlOwogCQkJfQogCQl9Ci0tIAoxLjcuMi41Cgo= --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch" Content-Disposition: attachment; filename="xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch" Content-Transfer-Encoding: base64 RnJvbSA5MDQyMDYzMWQyYjc4YWNhMjhjOTRiZWI2NmIyNTQ0N2U1N2E4ZGQ0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE0IEphbiAy MDEzIDEyOjIwOjA0ICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzRdIHhlbi9u ZXRiYWNrOiBkb24ndCBsZWFrIHBhZ2VzIG9uIGZhaWx1cmUgaW4geGVuX25l dGJrX3R4X2NoZWNrX2dvcC4KClNpZ25lZC1vZmYtYnk6IE1hdHRoZXcgRGFs ZXkgPG1hdHRqZEBnbWFpbC5jb20+ClJldmlld2VkLWJ5OiBLb25yYWQgUnpl c3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkFja2VkLWJ5 OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpBY2tl ZC1ieTogSmFuIEJldWxpY2ggPEpCZXVsaWNoQHN1c2UuY29tPgotLS0KIGRy aXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyB8ICAgMzggKysrKysr KysrKysrLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGVzIGNoYW5n ZWQsIDEzIGluc2VydGlvbnMoKyksIDI1IGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyBiL2Ry aXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYwppbmRleCAxYTQ0OWY5 Li45NzUyNDFlIDEwMDY0NAotLS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFj ay9uZXRiYWNrLmMKKysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0 YmFjay5jCkBAIC0xNDcsNyArMTQ3LDggQEAgdm9pZCB4ZW5fbmV0YmtfcmVt b3ZlX3hlbnZpZihzdHJ1Y3QgeGVudmlmICp2aWYpCiAJYXRvbWljX2RlYygm bmV0YmstPm5ldGZyb250X2NvdW50KTsKIH0KIAotc3RhdGljIHZvaWQgeGVu X25ldGJrX2lkeF9yZWxlYXNlKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCB1 MTYgcGVuZGluZ19pZHgpOworc3RhdGljIHZvaWQgeGVuX25ldGJrX2lkeF9y ZWxlYXNlKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCB1MTYgcGVuZGluZ19p ZHgsCisJCQkJICB1OCBzdGF0dXMpOwogc3RhdGljIHZvaWQgbWFrZV90eF9y ZXNwb25zZShzdHJ1Y3QgeGVudmlmICp2aWYsCiAJCQkgICAgIHN0cnVjdCB4 ZW5fbmV0aWZfdHhfcmVxdWVzdCAqdHhwLAogCQkJICAgICBzOCAgICAgICBz dCk7CkBAIC0xMDA3LDMwICsxMDA4LDIwIEBAIHN0YXRpYyBpbnQgeGVuX25l dGJrX3R4X2NoZWNrX2dvcChzdHJ1Y3QgeGVuX25ldGJrICpuZXRiaywKIHsK IAlzdHJ1Y3QgZ250dGFiX2NvcHkgKmdvcCA9ICpnb3BwOwogCXUxNiBwZW5k aW5nX2lkeCA9ICooKHUxNiAqKXNrYi0+ZGF0YSk7Ci0Jc3RydWN0IHBlbmRp bmdfdHhfaW5mbyAqcGVuZGluZ190eF9pbmZvID0gbmV0YmstPnBlbmRpbmdf dHhfaW5mbzsKLQlzdHJ1Y3QgeGVudmlmICp2aWYgPSBwZW5kaW5nX3R4X2lu Zm9bcGVuZGluZ19pZHhdLnZpZjsKLQlzdHJ1Y3QgeGVuX25ldGlmX3R4X3Jl cXVlc3QgKnR4cDsKIAlzdHJ1Y3Qgc2tiX3NoYXJlZF9pbmZvICpzaGluZm8g PSBza2Jfc2hpbmZvKHNrYik7CiAJaW50IG5yX2ZyYWdzID0gc2hpbmZvLT5u cl9mcmFnczsKIAlpbnQgaSwgZXJyLCBzdGFydDsKIAogCS8qIENoZWNrIHN0 YXR1cyBvZiBoZWFkZXIuICovCiAJZXJyID0gZ29wLT5zdGF0dXM7Ci0JaWYg KHVubGlrZWx5KGVycikpIHsKLQkJcGVuZGluZ19yaW5nX2lkeF90IGluZGV4 OwotCQlpbmRleCA9IHBlbmRpbmdfaW5kZXgobmV0YmstPnBlbmRpbmdfcHJv ZCsrKTsKLQkJdHhwID0gJnBlbmRpbmdfdHhfaW5mb1twZW5kaW5nX2lkeF0u cmVxOwotCQltYWtlX3R4X3Jlc3BvbnNlKHZpZiwgdHhwLCBYRU5fTkVUSUZf UlNQX0VSUk9SKTsKLQkJbmV0YmstPnBlbmRpbmdfcmluZ1tpbmRleF0gPSBw ZW5kaW5nX2lkeDsKLQkJeGVudmlmX3B1dCh2aWYpOwotCX0KKwlpZiAodW5s aWtlbHkoZXJyKSkKKwkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBw ZW5kaW5nX2lkeCwgWEVOX05FVElGX1JTUF9FUlJPUik7CiAKIAkvKiBTa2lw IGZpcnN0IHNrYiBmcmFnbWVudCBpZiBpdCBpcyBvbiBzYW1lIHBhZ2UgYXMg aGVhZGVyIGZyYWdtZW50LiAqLwogCXN0YXJ0ID0gKGZyYWdfZ2V0X3BlbmRp bmdfaWR4KCZzaGluZm8tPmZyYWdzWzBdKSA9PSBwZW5kaW5nX2lkeCk7CiAK IAlmb3IgKGkgPSBzdGFydDsgaSA8IG5yX2ZyYWdzOyBpKyspIHsKIAkJaW50 IGosIG5ld2VycjsKLQkJcGVuZGluZ19yaW5nX2lkeF90IGluZGV4OwogCiAJ CXBlbmRpbmdfaWR4ID0gZnJhZ19nZXRfcGVuZGluZ19pZHgoJnNoaW5mby0+ ZnJhZ3NbaV0pOwogCkBAIC0xMDM5LDE2ICsxMDMwLDEyIEBAIHN0YXRpYyBp bnQgeGVuX25ldGJrX3R4X2NoZWNrX2dvcChzdHJ1Y3QgeGVuX25ldGJrICpu ZXRiaywKIAkJaWYgKGxpa2VseSghbmV3ZXJyKSkgewogCQkJLyogSGFkIGEg cHJldmlvdXMgZXJyb3I/IEludmFsaWRhdGUgdGhpcyBmcmFnbWVudC4gKi8K IAkJCWlmICh1bmxpa2VseShlcnIpKQotCQkJCXhlbl9uZXRia19pZHhfcmVs ZWFzZShuZXRiaywgcGVuZGluZ19pZHgpOworCQkJCXhlbl9uZXRia19pZHhf cmVsZWFzZShuZXRiaywgcGVuZGluZ19pZHgsIFhFTl9ORVRJRl9SU1BfT0tB WSk7CiAJCQljb250aW51ZTsKIAkJfQogCiAJCS8qIEVycm9yIG9uIHRoaXMg ZnJhZ21lbnQ6IHJlc3BvbmQgdG8gY2xpZW50IHdpdGggYW4gZXJyb3IuICov Ci0JCXR4cCA9ICZuZXRiay0+cGVuZGluZ190eF9pbmZvW3BlbmRpbmdfaWR4 XS5yZXE7Ci0JCW1ha2VfdHhfcmVzcG9uc2UodmlmLCB0eHAsIFhFTl9ORVRJ Rl9SU1BfRVJST1IpOwotCQlpbmRleCA9IHBlbmRpbmdfaW5kZXgobmV0Ymst PnBlbmRpbmdfcHJvZCsrKTsKLQkJbmV0YmstPnBlbmRpbmdfcmluZ1tpbmRl eF0gPSBwZW5kaW5nX2lkeDsKLQkJeGVudmlmX3B1dCh2aWYpOworCQl4ZW5f bmV0YmtfaWR4X3JlbGVhc2UobmV0YmssIHBlbmRpbmdfaWR4LCBYRU5fTkVU SUZfUlNQX0VSUk9SKTsKIAogCQkvKiBOb3QgdGhlIGZpcnN0IGVycm9yPyBQ cmVjZWRpbmcgZnJhZ3MgYWxyZWFkeSBpbnZhbGlkYXRlZC4gKi8KIAkJaWYg KGVycikKQEAgLTEwNTYsMTAgKzEwNDMsMTAgQEAgc3RhdGljIGludCB4ZW5f bmV0YmtfdHhfY2hlY2tfZ29wKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLAog CiAJCS8qIEZpcnN0IGVycm9yOiBpbnZhbGlkYXRlIGhlYWRlciBhbmQgcHJl Y2VkaW5nIGZyYWdtZW50cy4gKi8KIAkJcGVuZGluZ19pZHggPSAqKCh1MTYg Kilza2ItPmRhdGEpOwotCQl4ZW5fbmV0YmtfaWR4X3JlbGVhc2UobmV0Ymss IHBlbmRpbmdfaWR4KTsKKwkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJr LCBwZW5kaW5nX2lkeCwgWEVOX05FVElGX1JTUF9PS0FZKTsKIAkJZm9yIChq ID0gc3RhcnQ7IGogPCBpOyBqKyspIHsKIAkJCXBlbmRpbmdfaWR4ID0gZnJh Z19nZXRfcGVuZGluZ19pZHgoJnNoaW5mby0+ZnJhZ3Nbal0pOwotCQkJeGVu X25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lkeCk7CisJCQl4 ZW5fbmV0YmtfaWR4X3JlbGVhc2UobmV0YmssIHBlbmRpbmdfaWR4LCBYRU5f TkVUSUZfUlNQX09LQVkpOwogCQl9CiAKIAkJLyogUmVtZW1iZXIgdGhlIGVy cm9yOiBpbnZhbGlkYXRlIGFsbCBzdWJzZXF1ZW50IGZyYWdtZW50cy4gKi8K QEAgLTEwOTMsNyArMTA4MCw3IEBAIHN0YXRpYyB2b2lkIHhlbl9uZXRia19m aWxsX2ZyYWdzKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCBzdHJ1Y3Qgc2tf YnVmZiAqc2tiKQogCiAJCS8qIFRha2UgYW4gZXh0cmEgcmVmZXJlbmNlIHRv IG9mZnNldCB4ZW5fbmV0YmtfaWR4X3JlbGVhc2UgKi8KIAkJZ2V0X3BhZ2Uo bmV0YmstPm1tYXBfcGFnZXNbcGVuZGluZ19pZHhdKTsKLQkJeGVuX25ldGJr X2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lkeCk7CisJCXhlbl9uZXRi a19pZHhfcmVsZWFzZShuZXRiaywgcGVuZGluZ19pZHgsIFhFTl9ORVRJRl9S U1BfT0tBWSk7CiAJfQogfQogCkBAIC0xNDc3LDcgKzE0NjQsNyBAQCBzdGF0 aWMgdm9pZCB4ZW5fbmV0YmtfdHhfc3VibWl0KHN0cnVjdCB4ZW5fbmV0Ymsg Km5ldGJrKQogCQkJdHhwLT5zaXplIC09IGRhdGFfbGVuOwogCQl9IGVsc2Ug ewogCQkJLyogU2NoZWR1bGUgYSByZXNwb25zZSBpbW1lZGlhdGVseS4gKi8K LQkJCXhlbl9uZXRia19pZHhfcmVsZWFzZShuZXRiaywgcGVuZGluZ19pZHgp OworCQkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lk eCwgWEVOX05FVElGX1JTUF9PS0FZKTsKIAkJfQogCiAJCWlmICh0eHAtPmZs YWdzICYgWEVOX05FVFRYRl9jc3VtX2JsYW5rKQpAQCAtMTUyOSw3ICsxNTE2 LDggQEAgc3RhdGljIHZvaWQgeGVuX25ldGJrX3R4X2FjdGlvbihzdHJ1Y3Qg eGVuX25ldGJrICpuZXRiaykKIAl4ZW5fbmV0YmtfdHhfc3VibWl0KG5ldGJr KTsKIH0KIAotc3RhdGljIHZvaWQgeGVuX25ldGJrX2lkeF9yZWxlYXNlKHN0 cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLCB1MTYgcGVuZGluZ19pZHgpCitzdGF0 aWMgdm9pZCB4ZW5fbmV0YmtfaWR4X3JlbGVhc2Uoc3RydWN0IHhlbl9uZXRi ayAqbmV0YmssIHUxNiBwZW5kaW5nX2lkeCwKKwkJCQkgIHU4IHN0YXR1cykK IHsKIAlzdHJ1Y3QgeGVudmlmICp2aWY7CiAJc3RydWN0IHBlbmRpbmdfdHhf aW5mbyAqcGVuZGluZ190eF9pbmZvOwpAQCAtMTU0Myw3ICsxNTMxLDcgQEAg c3RhdGljIHZvaWQgeGVuX25ldGJrX2lkeF9yZWxlYXNlKHN0cnVjdCB4ZW5f bmV0YmsgKm5ldGJrLCB1MTYgcGVuZGluZ19pZHgpCiAKIAl2aWYgPSBwZW5k aW5nX3R4X2luZm8tPnZpZjsKIAotCW1ha2VfdHhfcmVzcG9uc2UodmlmLCAm cGVuZGluZ190eF9pbmZvLT5yZXEsIFhFTl9ORVRJRl9SU1BfT0tBWSk7CisJ bWFrZV90eF9yZXNwb25zZSh2aWYsICZwZW5kaW5nX3R4X2luZm8tPnJlcSwg c3RhdHVzKTsKIAogCWluZGV4ID0gcGVuZGluZ19pbmRleChuZXRiay0+cGVu ZGluZ19wcm9kKyspOwogCW5ldGJrLT5wZW5kaW5nX3JpbmdbaW5kZXhdID0g cGVuZGluZ19pZHg7Ci0tIAoxLjcuMi41Cgo= --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch" Content-Disposition: attachment; filename="xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch" Content-Transfer-Encoding: base64 RnJvbSBiNmIxZjE3YWE0NGFjZmUxMDI0OTY4YmFmYjFkMWZlNzcwNGE3NDlh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE0IEphbiAy MDEzIDEyOjUxOjIyICswMDAwClN1YmplY3Q6IFtQQVRDSCAzLzRdIHhlbi9u ZXRiYWNrOiBmcmVlIGFscmVhZHkgYWxsb2NhdGVkIG1lbW9yeSBvbiBmYWls dXJlIGluIHhlbl9uZXRia19nZXRfcmVxdWVzdHMKClNpZ25lZC1vZmYtYnk6 IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+Ci0tLQog ZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jIHwgICAxNiArKysr KysrKysrKysrKystCiAxIGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMo KyksIDEgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQv eGVuLW5ldGJhY2svbmV0YmFjay5jIGIvZHJpdmVycy9uZXQveGVuLW5ldGJh Y2svbmV0YmFjay5jCmluZGV4IDk3NTI0MWUuLjFhOTkyODggMTAwNjQ0Ci0t LSBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYworKysgYi9k cml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMKQEAgLTk3OCw3ICs5 NzgsNyBAQCBzdGF0aWMgc3RydWN0IGdudHRhYl9jb3B5ICp4ZW5fbmV0Ymtf Z2V0X3JlcXVlc3RzKHN0cnVjdCB4ZW5fbmV0YmsgKm5ldGJrLAogCQlwZW5k aW5nX2lkeCA9IG5ldGJrLT5wZW5kaW5nX3JpbmdbaW5kZXhdOwogCQlwYWdl ID0geGVuX25ldGJrX2FsbG9jX3BhZ2UobmV0YmssIHNrYiwgcGVuZGluZ19p ZHgpOwogCQlpZiAoIXBhZ2UpCi0JCQlyZXR1cm4gTlVMTDsKKwkJCWdvdG8g ZXJyOwogCiAJCWdvcC0+c291cmNlLnUucmVmID0gdHhwLT5ncmVmOwogCQln b3AtPnNvdXJjZS5kb21pZCA9IHZpZi0+ZG9taWQ7CkBAIC0xMDAwLDYgKzEw MDAsMjAgQEAgc3RhdGljIHN0cnVjdCBnbnR0YWJfY29weSAqeGVuX25ldGJr X2dldF9yZXF1ZXN0cyhzdHJ1Y3QgeGVuX25ldGJrICpuZXRiaywKIAl9CiAK IAlyZXR1cm4gZ29wOworZXJyOgorCS8qCisJICogVW53aW5kLCBmcmVlaW5n IGFsbCBwYWdlcyBhbmQgc2VuZGluZyBlcnJvcgorCSAqIHJlcG9uc2VzLgor CSAqLworCXdoaWxlIChpLS0gPiBzdGFydCkgeworCQl4ZW5fbmV0YmtfaWR4 X3JlbGVhc2UobmV0YmssIGZyYWdfZ2V0X3BlbmRpbmdfaWR4KCZmcmFnc1tp XSksCisJCQkJICAgICAgWEVOX05FVElGX1JTUF9FUlJPUik7CisJfQorCS8q IFRoZSBoZWFkIHRvbywgaWYgbmVjZXNzYXJ5LiAqLworCWlmIChzdGFydCkK KwkJeGVuX25ldGJrX2lkeF9yZWxlYXNlKG5ldGJrLCBwZW5kaW5nX2lkeCwg WEVOX05FVElGX1JTUF9FUlJPUik7CisKKwlyZXR1cm4gTlVMTDsKIH0KIAog c3RhdGljIGludCB4ZW5fbmV0YmtfdHhfY2hlY2tfZ29wKHN0cnVjdCB4ZW5f bmV0YmsgKm5ldGJrLAotLSAKMS43LjIuNQoK --=separator Content-Type: application/octet-stream; name="xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch" Content-Disposition: attachment; filename="xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch" Content-Transfer-Encoding: base64 RnJvbSBlYTVlM2MxZThmZDlmZmU2MDgwZTAxYWY3NzY5YTlmYTQyMGNjNjJl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gQ2FtcGJlbGwg PGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE0IEphbiAy MDEzIDEzOjMyOjMxICswMDAwClN1YmplY3Q6IFtQQVRDSCA0LzRdIG5ldGJh Y2s6IGNvcnJlY3QgbmV0YmtfdHhfZXJyIHRvIGhhbmRsZSB3cmFwIGFyb3Vu ZC4KClNpZ25lZC1vZmYtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+CkFja2VkLWJ5OiBKYW4gQmV1bGljaCA8SkJldWxpY2hA c3VzZS5jb20+Ci0tLQogZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFj ay5jIHwgICAgMiArLQogMSBmaWxlcyBjaGFuZ2VkLCAxIGluc2VydGlvbnMo KyksIDEgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQv eGVuLW5ldGJhY2svbmV0YmFjay5jIGIvZHJpdmVycy9uZXQveGVuLW5ldGJh Y2svbmV0YmFjay5jCmluZGV4IDFhOTkyODguLjI4ZDVlMDYgMTAwNjQ0Ci0t LSBhL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYworKysgYi9k cml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMKQEAgLTg4MCw3ICs4 ODAsNyBAQCBzdGF0aWMgdm9pZCBuZXRia190eF9lcnIoc3RydWN0IHhlbnZp ZiAqdmlmLAogCiAJZG8gewogCQltYWtlX3R4X3Jlc3BvbnNlKHZpZiwgdHhw LCBYRU5fTkVUSUZfUlNQX0VSUk9SKTsKLQkJaWYgKGNvbnMgPj0gZW5kKQor CQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKIAkJdHhwID0gUklOR19H RVRfUkVRVUVTVCgmdmlmLT50eCwgY29ucysrKTsKIAl9IHdoaWxlICgxKTsK LS0gCjEuNy4yLjUKCg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:17:33 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:17:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iNJ-0007ZU-1e; Tue, 05 Feb 2013 13:15:49 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iNG-0007YC-H3; Tue, 05 Feb 2013 13:15:47 +0000 Received: from [85.158.138.51:8056] by server-3.bemta-3.messagelabs.com id 27/9E-31070-10601115; Tue, 05 Feb 2013 13:15:45 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-5.tower-174.messagelabs.com!1360070134!28898814!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 23853 invoked from network); 5 Feb 2013 13:15:36 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-5.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:36 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMZ-0003Zw-6U; Tue, 05 Feb 2013 13:15:03 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMY-00088X-Tl; Tue, 05 Feb 2013 13:15:02 +0000 Date: Tue, 05 Feb 2013 13:15:02 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0153 / XSA-36 version 3 interrupt remap entries shared and old ones not cleared on AMD IOMMUs UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= To avoid an erratum in early hardware, the Xen AMD IOMMU code by default chooses to use a single interrupt remapping table for the whole system. This sharing implies that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. Furthermore, regardless of whether a shared interrupt remapping table is in use, old entries are not always cleared, providing opportunities (which accumulate over time) for guests to inject interrupts into other guests, again including domain 0. In a typical Xen system many devices are owned by domain 0 or driver domains, leaving them vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system. IMPACT ====== A malicious domain which is given access to a physical PCI device can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Xen versions 3.3 onwards are vulnerable. Earlier Xen versions do not implement interrupt remapping, and hence do not support secure AMD-Vi PCI passthrough in any case. Only systems using AMD-Vi for PCI passthrough are vulnerable. Any domain which is given access to a PCI device can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. In Xen versions 4.1.3 and above the sharing of the interrupt remapping table (and hence the more severe part of this problem) can be avoided by passing "iommu=amd-iommu-perdev-intremap" as a command line option to the hypervisor. This option is not fully functional on earlier hypervisors. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that on certain systems (SP5100 chipsets with erratum 28 present, or such with broken IVRS ACPI table) these patches will result in the IOMMU not being enabled anymore. This should be dealt with by a BIOS update, if available. Alternatively the check can be overridden by specifying "iommu=no-amd-iommu-perdev-intremap" on the Xen command line ("iommu=amd-iommu-global-intremap" on 4.1.x), at the price of re-opening the security hole addressed by these patches. xsa36-unstable.patch Xen unstable xsa36-4.2.patch Xen 4.2.x xsa36-4.1.patch Xen 4.1.x $ sha256sum xsa36*.patch 2254fa46dcbc164d2d55ad9d519e7aa4ac5b83e9fb8d8e1f224114d08fe44237 xsa36-4.1.patch 6848712b560b522f7d3cede53e29e799624311e7dee6e450f0c02c165a590783 xsa36-4.2.patch 0e5d53c0b2bbbf07ef07bf31d8adeca4c043c0277f122f74557b018dc7348b74 xsa36-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQItAAoJEIP+FMlX6CvZapMH/i+AeMV4Mi9EAe97JWto2xrg bCBdq7LEJ1cIpXGbhpXwTRzmsEGJmFR2VwkaxEtk+BuC7bzJ/KRjWYg6viQ7v+0t thHEMtaRYTOIIel8YZ5t+v8oMdEUos7Oo94xhCk+n7ioH6PO+quUTI+aGd0+lcJm d/5TC5f8w+HZNTB0nCQX9tQx5d4veQXghKs1NbKHeMyZ66nMZiqUqVUwQNTaFhUO 9eWyGOik5/mFctRrMxoOZHQm3d36AnDisiOku2CaG1xYYwDaAnOe/u6QcBZcVX3M Q9COmTAWnOfIKYMIFnXRnyHSiw2+oZL6PTD5nX4O68B6hZ8pemVa+lFhSTvxsXM= =5jP3 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa36-4.1.patch" Content-Disposition: attachment; filename="xsa36-4.1.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgotLS0g YS94ZW4vYXJjaC94ODYvaXJxLmMKKysrIGIveGVuL2FyY2gveDg2L2lycS5j CkBAIC0xNjc3LDkgKzE2NzcsNiBAQCBpbnQgbWFwX2RvbWFpbl9waXJxKAog ICAgICAgICBkLT5hcmNoLnBpcnFfaXJxW3BpcnFdID0gaXJxOwogICAgICAg ICBkLT5hcmNoLmlycV9waXJxW2lycV0gPSBwaXJxOwogICAgICAgICBzcGlu X3VubG9ja19pcnFyZXN0b3JlKCZkZXNjLT5sb2NrLCBmbGFncyk7Ci0KLSAg ICAgICAgaWYgKCBvcHRfaXJxX3ZlY3Rvcl9tYXAgPT0gT1BUX0lSUV9WRUNU T1JfTUFQX1BFUkRFViApCi0gICAgICAgICAgICBwcmludGsoWEVOTE9HX0lO Rk8gIlBlci1kZXZpY2UgdmVjdG9yIG1hcHMgZm9yIEdTSXMgbm90IGltcGxl bWVudGVkIHlldC5cbiIpOwogICAgIH0KIAogZG9uZToKLS0tIGEveGVuL2Ry aXZlcnMvYWNwaS90YWJsZXMuYworKysgYi94ZW4vZHJpdmVycy9hY3BpL3Rh Ymxlcy5jCkBAIC0yNjcsNyArMjY3LDcgQEAgYWNwaV90YWJsZV9wYXJzZV9t YWR0KGVudW0gYWNwaV9tYWR0X3R5cAogICogQGhhbmRsZXI6IGhhbmRsZXIg dG8gcnVuCiAgKgogICogU2NhbiB0aGUgQUNQSSBTeXN0ZW0gRGVzY3JpcHRv ciBUYWJsZSAoU1REKSBmb3IgYSB0YWJsZSBtYXRjaGluZyBAaWQsCi0gKiBy dW4gQGhhbmRsZXIgb24gaXQuICBSZXR1cm4gMCBpZiB0YWJsZSBmb3VuZCwg cmV0dXJuIG9uIGlmIG5vdC4KKyAqIHJ1biBAaGFuZGxlciBvbiBpdC4KICAq LwogaW50IGFjcGlfdGFibGVfcGFyc2UoY2hhciAqaWQsIGFjcGlfdGFibGVf aGFuZGxlciBoYW5kbGVyKQogewpAQCAtMjgyLDggKzI4Miw3IEBAIGludCBh Y3BpX3RhYmxlX3BhcnNlKGNoYXIgKmlkLCBhY3BpX3RhYmwKIAkJYWNwaV9n ZXRfdGFibGUoaWQsIDAsICZ0YWJsZSk7CiAKIAlpZiAodGFibGUpIHsKLQkJ aGFuZGxlcih0YWJsZSk7Ci0JCXJldHVybiAwOworCQlyZXR1cm4gaGFuZGxl cih0YWJsZSk7CiAJfSBlbHNlCiAJCXJldHVybiAxOwogfQotLS0gYS94ZW4v ZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfYWNwaS5jCisrKyBiL3hl bi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9hY3BpLmMKQEAgLTIx LDYgKzIxLDcgQEAKICNpbmNsdWRlIDx4ZW4vY29uZmlnLmg+CiAjaW5jbHVk ZSA8eGVuL2Vycm5vLmg+CiAjaW5jbHVkZSA8YXNtL2FwaWNkZWYuaD4KKyNp bmNsdWRlIDxhc20vaW9fYXBpYy5oPgogI2luY2x1ZGUgPGFzbS9hbWQtaW9t bXUuaD4KICNpbmNsdWRlIDxhc20vaHZtL3N2bS9hbWQtaW9tbXUtcHJvdG8u aD4KICNpbmNsdWRlIDxhc20vaHZtL3N2bS9hbWQtaW9tbXUtYWNwaS5oPgpA QCAtMjksNyArMzAsNiBAQCBleHRlcm4gdW5zaWduZWQgbG9uZyBhbWRfaW9t bXVfcGFnZV9lbnRyCiBleHRlcm4gdW5zaWduZWQgc2hvcnQgaXZyc19iZGZf ZW50cmllczsKIGV4dGVybiBzdHJ1Y3QgaXZyc19tYXBwaW5ncyAqaXZyc19t YXBwaW5nczsKIGV4dGVybiB1bnNpZ25lZCBzaG9ydCBsYXN0X2JkZjsKLWV4 dGVybiBpbnQgaW9hcGljX2JkZltNQVhfSU9fQVBJQ1NdOwogZXh0ZXJuIHZv aWQgKnNoYXJlZF9pbnRyZW1hcF90YWJsZTsKIAogc3RhdGljIHZvaWQgYWRk X2l2cnNfbWFwcGluZ19lbnRyeSgKQEAgLTYzNiw2ICs2MzYsNyBAQCBzdGF0 aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAgdTE2 IGhlYWRlcl9sZW5ndGgsIHUxNiBibG9ja19sZW5ndGgsIHN0cnVjdCBhbWRf aW9tbXUgKmlvbW11KQogewogICAgIHUxNiBkZXZfbGVuZ3RoLCBiZGY7Cisg ICAgaW50IGFwaWM7CiAKICAgICBkZXZfbGVuZ3RoID0gc2l6ZW9mKHN0cnVj dCBhY3BpX2l2aGRfZGV2aWNlX3NwZWNpYWwpOwogICAgIGlmICggaGVhZGVy X2xlbmd0aCA8IChibG9ja19sZW5ndGggKyBkZXZfbGVuZ3RoKSApCkBAIC02 NTIsOSArNjUzLDU4IEBAIHN0YXRpYyB1MTYgX19pbml0IHBhcnNlX2l2aGRf ZGV2aWNlX3NwZWMKICAgICB9CiAKICAgICBhZGRfaXZyc19tYXBwaW5nX2Vu dHJ5KGJkZiwgYmRmLCBpdmhkX2RldmljZS0+aGVhZGVyLmZsYWdzLCBpb21t dSk7Ci0gICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMgKi8KLSAgICBp b2FwaWNfYmRmW2l2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZV0gPSBiZGY7 Ci0gICAgcmV0dXJuIGRldl9sZW5ndGg7CisKKyAgICBpZiAoIGl2aGRfZGV2 aWNlLT5zcGVjaWFsLnZhcmlldHkgIT0gMSAvKiBBQ1BJX0lWSERfSU9BUElD ICovICkKKyAgICB7CisgICAgICAgIGlmICggaXZoZF9kZXZpY2UtPnNwZWNp YWwudmFyaWV0eSAhPSAyIC8qIEFDUElfSVZIRF9IUEVUICovICkKKyAgICAg ICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJVbnJlY29nbml6ZWQgSVZIRCBz cGVjaWFsIHZhcmlldHkgJSN4XG4iLAorICAgICAgICAgICAgICAgICAgIGl2 aGRfZGV2aWNlLT5zcGVjaWFsLnZhcmlldHkpOworICAgICAgICByZXR1cm4g ZGV2X2xlbmd0aDsKKyAgICB9CisKKyAgICAvKgorICAgICAqIFNvbWUgQklP U2VzIGhhdmUgSU9BUElDIGJyb2tlbiBlbnRyaWVzIHNvIHdlIGNoZWNrIGZv ciBJVlJTCisgICAgICogY29uc2lzdGVuY3kgaGVyZSAtLS0gd2hldGhlciBl bnRyeSdzIElPQVBJQyBJRCBpcyB2YWxpZCBhbmQKKyAgICAgKiB3aGV0aGVy IHRoZXJlIGFyZSBjb25mbGljdGluZy9kdXBsaWNhdGVkIGVudHJpZXMuCisg ICAgICovCisgICAgZm9yICggYXBpYyA9IDA7IGFwaWMgPCBucl9pb2FwaWNz OyBhcGljKysgKQorICAgIHsKKyAgICAgICAgaWYgKCBJT19BUElDX0lEKGFw aWMpICE9IGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSApCisgICAgICAg ICAgICBjb250aW51ZTsKKworICAgICAgICBpZiAoIGlvYXBpY19iZGZbaXZo ZF9kZXZpY2UtPnNwZWNpYWwuaGFuZGxlXS5waW5fc2V0dXAgKQorICAgICAg ICB7CisgICAgICAgICAgICBpZiAoIGlvYXBpY19iZGZbaXZoZF9kZXZpY2Ut PnNwZWNpYWwuaGFuZGxlXS5iZGYgPT0gYmRmICkKKyAgICAgICAgICAgICAg ICBBTURfSU9NTVVfREVCVUcoIklWSEQgV2FybmluZzogRHVwbGljYXRlIElP LUFQSUMgJSN4IGVudHJpZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSk7CisgICAg ICAgICAgICBlbHNlCisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAg cHJpbnRrKFhFTkxPR19FUlIgIklWSEQgRXJyb3I6IENvbmZsaWN0aW5nIElP LUFQSUMgJSN4IGVudHJpZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAg IGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSk7CisgICAgICAgICAgICAg ICAgaWYgKCBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAg ICAgICAgICAgICAgcmV0dXJuIDA7CisgICAgICAgICAgICB9CisgICAgICAg IH0KKyAgICAgICAgZWxzZQorICAgICAgICB7CisgICAgICAgICAgICAvKiBz ZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyAqLworICAgICAgICAgICAgaW9hcGlj X2JkZltpdmhkX2RldmljZS0+c3BlY2lhbC5oYW5kbGVdLmJkZiA9IGJkZjsK KworICAgICAgICAgICAgaW9hcGljX2JkZltpdmhkX2RldmljZS0+c3BlY2lh bC5oYW5kbGVdLnBpbl9zZXR1cCA9IHh6YWxsb2NfYXJyYXkoCisgICAgICAg ICAgICAgICAgdW5zaWduZWQgbG9uZywgQklUU19UT19MT05HUyhucl9pb2Fw aWNfcmVnaXN0ZXJzW2FwaWNdKSk7CisgICAgICAgICAgICBpZiAoIG5yX2lv YXBpY19yZWdpc3RlcnNbYXBpY10gJiYKKyAgICAgICAgICAgICAgICAgIWlv YXBpY19iZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3NldHVwICkKKyAgICAg ICAgICAgIHsKKyAgICAgICAgICAgICAgICBwcmludGsoWEVOTE9HX0VSUiAi SVZIRCBFcnJvcjogT3V0IG9mIG1lbW9yeVxuIik7CisgICAgICAgICAgICAg ICAgcmV0dXJuIDA7CisgICAgICAgICAgICB9CisgICAgICAgIH0KKyAgICAg ICAgcmV0dXJuIGRldl9sZW5ndGg7CisgICAgfQorCisgICAgcHJpbnRrKFhF TkxPR19FUlIgIklWSEQgRXJyb3I6IEludmFsaWQgSU8tQVBJQyAlI3hcbiIs CisgICAgICAgICAgIGl2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZSk7Cisg ICAgcmV0dXJuIDA7CiB9CiAKIHN0YXRpYyBpbnQgX19pbml0IHBhcnNlX2l2 aGRfYmxvY2soc3RydWN0IGFjcGlfaXZoZF9ibG9ja19oZWFkZXIgKml2aGRf YmxvY2spCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21t dV9pbml0LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lv bW11X2luaXQuYwpAQCAtODk3LDEyICs4OTcsNDUgQEAgc3RhdGljIGludCBf X2luaXQgYW1kX2lvbW11X3NldHVwX2RldmljZQogICAgIHJldHVybiAwOwog fQogCisvKiBDaGVjayB3aGV0aGVyIFNQNTEwMCBTQVRBIENvbWJpbmVkIG1v ZGUgaXMgb24gKi8KK3N0YXRpYyBib29sX3QgX19pbml0IGFtZF9zcDUxMDBf ZXJyYXR1bTI4KHZvaWQpCit7CisgICAgdTMyIGJ1cywgaWQ7CisgICAgdTE2 IHZlbmRvcl9pZCwgZGV2X2lkOworICAgIHU4IGJ5dGU7CisKKyAgICBmb3Ig KGJ1cyA9IDA7IGJ1cyA8IDI1NjsgYnVzKyspCisgICAgeworICAgICAgICBp ZCA9IHBjaV9jb25mX3JlYWQzMihidXMsIDB4MTQsIDAsIFBDSV9WRU5ET1Jf SUQpOworCisgICAgICAgIHZlbmRvcl9pZCA9IGlkICYgMHhmZmZmOworICAg ICAgICBkZXZfaWQgPSAoaWQgPj4gMTYpICYgMHhmZmZmOworCisgICAgICAg IC8qIFNQNTEwMCBTTUJ1cyBtb2R1bGUgc2V0cyBDb21iaW5lZCBtb2RlIG9u ICovCisgICAgICAgIGlmICh2ZW5kb3JfaWQgIT0gMHgxMDAyIHx8IGRldl9p ZCAhPSAweDQzODUpCisgICAgICAgICAgICBjb250aW51ZTsKKworICAgICAg ICBieXRlID0gcGNpX2NvbmZfcmVhZDgoYnVzLCAweDE0LCAwLCAweGFkKTsK KyAgICAgICAgaWYgKCAoYnl0ZSA+PiAzKSAmIDEgKQorICAgICAgICB7Cisg ICAgICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5JTkcgIkFNRC1WaTogU1A1 MTAwIGVycmF0dW0gMjggZGV0ZWN0ZWQsIGRpc2FibGluZyBJT01NVS5cbiIK KyAgICAgICAgICAgICAgICAgICAiSWYgcG9zc2libGUsIGRpc2FibGUgU0FU QSBDb21iaW5lZCBtb2RlIGluIEJJT1Mgb3IgY29udGFjdCB5b3VyIHZlbmRv ciBmb3IgQklPUyB1cGRhdGUuXG4iKTsKKyAgICAgICAgICAgIHJldHVybiAx OworICAgICAgICB9CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9CisKIGlu dCBfX2luaXQgYW1kX2lvbW11X2luaXQodm9pZCkKIHsKICAgICBzdHJ1Y3Qg YW1kX2lvbW11ICppb21tdTsKIAogICAgIEJVR19PTiggIWlvbW11X2ZvdW5k KCkgKTsKIAorICAgIGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCAm JiBhbWRfc3A1MTAwX2VycmF0dW0yOCgpICkKKyAgICAgICAgZ290byBlcnJv cl9vdXQ7CisKICAgICBpcnFfdG9faW9tbXUgPSB4bWFsbG9jX2FycmF5KHN0 cnVjdCBhbWRfaW9tbXUgKiwgbnJfaXJxcyk7CiAgICAgaWYgKCBpcnFfdG9f aW9tbXUgPT0gTlVMTCApCiAgICAgICAgIGdvdG8gZXJyb3Jfb3V0OwotLS0g YS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW50ci5jCisr KyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbnRyLmMK QEAgLTI3LDcgKzI3LDcgQEAKICNkZWZpbmUgSU5UUkVNQVBfTEVOR1RIIDB4 QgogI2RlZmluZSBJTlRSRU1BUF9FTlRSSUVTICgxIDw8IElOVFJFTUFQX0xF TkdUSCkKIAotaW50IGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsKK3N0cnVj dCBpb2FwaWNfYmRmIGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsKIGV4dGVy biBzdHJ1Y3QgaXZyc19tYXBwaW5ncyAqaXZyc19tYXBwaW5nczsKIGV4dGVy biB1bnNpZ25lZCBzaG9ydCBpdnJzX2JkZl9lbnRyaWVzOwogdm9pZCAqc2hh cmVkX2ludHJlbWFwX3RhYmxlOwpAQCAtMTE3LDEyICsxMTcsMTIgQEAgdm9p ZCBpbnZhbGlkYXRlX2ludGVycnVwdF90YWJsZShzdHJ1Y3QgYQogc3RhdGlj IHZvaWQgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGljKAogICAg IGludCBiZGYsCiAgICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUsCi0gICAg c3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKmlvYXBpY19ydGUpCisgICAg Y29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSwKKyAgICBj b25zdCBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqb2xkX3J0ZSkKIHsK ICAgICB1bnNpZ25lZCBsb25nIGZsYWdzOwogICAgIHUzMiogZW50cnk7CiAg ICAgdTggZGVsaXZlcnlfbW9kZSwgZGVzdCwgdmVjdG9yLCBkZXN0X21vZGU7 Ci0gICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSA9IGlvYXBp Y19ydGU7CiAgICAgaW50IHJlcV9pZDsKICAgICBzcGlubG9ja190ICpsb2Nr OwogICAgIGludCBvZmZzZXQ7CkBAIC0xMzgsNiArMTM4LDE0IEBAIHN0YXRp YyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2kKICAgICBzcGlu X2xvY2tfaXJxc2F2ZShsb2NrLCBmbGFncyk7CiAKICAgICBvZmZzZXQgPSBn ZXRfaW50cmVtYXBfb2Zmc2V0KHZlY3RvciwgZGVsaXZlcnlfbW9kZSk7Cisg ICAgaWYgKCBvbGRfcnRlICkKKyAgICB7CisgICAgICAgIGludCBvbGRfb2Zm c2V0ID0gZ2V0X2ludHJlbWFwX29mZnNldChvbGRfcnRlLT52ZWN0b3IsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBv bGRfcnRlLT5kZWxpdmVyeV9tb2RlKTsKKworICAgICAgICBpZiAoIG9mZnNl dCAhPSBvbGRfb2Zmc2V0ICkKKyAgICAgICAgICAgIGZyZWVfaW50cmVtYXBf ZW50cnkoYmRmLCBvbGRfb2Zmc2V0KTsKKyAgICB9CiAgICAgZW50cnkgPSAo dTMyKilnZXRfaW50cmVtYXBfZW50cnkocmVxX2lkLCBvZmZzZXQpOwogICAg IHVwZGF0ZV9pbnRyZW1hcF9lbnRyeShlbnRyeSwgdmVjdG9yLCBkZWxpdmVy eV9tb2RlLCBkZXN0X21vZGUsIGRlc3QpOwogCkBAIC0xNzYsNyArMTg0LDcg QEAgaW50IF9faW5pdCBhbWRfaW9tbXVfc2V0dXBfaW9hcGljX3JlbWFwcAog ICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogCiAgICAgICAgICAgICAvKiBn ZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyBkZXZpY2VzICovCi0gICAgICAgICAg ICBiZGYgPSBpb2FwaWNfYmRmW0lPX0FQSUNfSUQoYXBpYyldOworICAgICAg ICAgICAgYmRmID0gaW9hcGljX2JkZltJT19BUElDX0lEKGFwaWMpXS5iZGY7 CiAgICAgICAgICAgICBpb21tdSA9IGZpbmRfaW9tbXVfZm9yX2RldmljZShi ZGYpOwogICAgICAgICAgICAgaWYgKCAhaW9tbXUgKQogICAgICAgICAgICAg ewpAQCAtMjA3LDYgKzIxNSw3IEBAIGludCBfX2luaXQgYW1kX2lvbW11X3Nl dHVwX2lvYXBpY19yZW1hcHAKICAgICAgICAgICAgICAgICBmbHVzaF9jb21t YW5kX2J1ZmZlcihpb21tdSk7CiAgICAgICAgICAgICAgICAgc3Bpbl91bmxv Y2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKICAgICAgICAg ICAgIH0KKyAgICAgICAgICAgIHNldF9iaXQocGluLCBpb2FwaWNfYmRmW0lP X0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCk7CiAgICAgICAgIH0KICAgICB9 CiAgICAgcmV0dXJuIDA7CkBAIC0yMTgsNiArMjI3LDcgQEAgdm9pZCBhbWRf aW9tbXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAgICAgc3RydWN0IElPX0FQSUNf cm91dGVfZW50cnkgb2xkX3J0ZSA9IHsgMCB9OwogICAgIHN0cnVjdCBJT19B UElDX3JvdXRlX2VudHJ5IG5ld19ydGUgPSB7IDAgfTsKICAgICB1bnNpZ25l ZCBpbnQgcnRlX2xvID0gKHJlZyAmIDEpID8gcmVnIC0gMSA6IHJlZzsKKyAg ICB1bnNpZ25lZCBpbnQgcGluID0gKHJlZyAtIDB4MTApIC8gMjsKICAgICBp bnQgc2F2ZWRfbWFzaywgYmRmOwogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlv bW11OwogCkBAIC0yMjgsNyArMjM4LDcgQEAgdm9pZCBhbWRfaW9tbXVfaW9h cGljX3VwZGF0ZV9pcmUoCiAgICAgfQogCiAgICAgLyogZ2V0IGRldmljZSBp ZCBvZiBpb2FwaWMgZGV2aWNlcyAqLwotICAgIGJkZiA9IGlvYXBpY19iZGZb SU9fQVBJQ19JRChhcGljKV07CisgICAgYmRmID0gaW9hcGljX2JkZltJT19B UElDX0lEKGFwaWMpXS5iZGY7CiAgICAgaW9tbXUgPSBmaW5kX2lvbW11X2Zv cl9kZXZpY2UoYmRmKTsKICAgICBpZiAoICFpb21tdSApCiAgICAgewpAQCAt MjU0LDYgKzI2NCwxNCBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRl X2lyZSgKICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRlKSArIDEpID0gdmFs dWU7CiAgICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1hc2sgJiYKKyAgICAg ICAgICF0ZXN0X2JpdChwaW4sIGlvYXBpY19iZGZbSU9fQVBJQ19JRChhcGlj KV0ucGluX3NldHVwKSApCisgICAgeworICAgICAgICBBU1NFUlQoc2F2ZWRf bWFzayk7CisgICAgICAgIF9faW9fYXBpY193cml0ZShhcGljLCByZWcsIHZh bHVlKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIC8qIG1hc2sg dGhlIGludGVycnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGludHJlbWFwIHRh YmxlICovCiAgICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAgewpAQCAtMjYy LDcgKzI4MCwxMSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2ly ZSgKICAgICB9CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0IHJlbWFwcGlu ZyBlbnRyeSAqLwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lv YXBpYyhiZGYsIGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBkYXRlX2ludHJl bWFwX2VudHJ5X2Zyb21faW9hcGljKAorICAgICAgICBiZGYsIGlvbW11LCAm bmV3X3J0ZSwKKyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChwaW4sCisgICAg ICAgICAgICAgICAgICAgICAgICAgaW9hcGljX2JkZltJT19BUElDX0lEKGFw aWMpXS5waW5fc2V0dXApID8gJm9sZF9ydGUKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgOiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQgd3JpdGUgYWNjZXNzIHRv IElPLUFQSUMgUlRFICovCiAgICAgX19pb19hcGljX3dyaXRlKGFwaWMsIHJl ZywgdmFsdWUpOwpAQCAtMzczLDYgKzM5NSwxMiBAQCB2b2lkIGFtZF9pb21t dV9tc2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAgIHJldHVybjsKICAgICB9 CiAKKyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9pbmRleCA+PSAwICkKKyAg ICAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21zZyhpb21t dSwgcGRldiwgbXNpX2Rlc2MsIE5VTEwpOworCisgICAgaWYgKCAhbXNnICkK KyAgICAgICAgcmV0dXJuOworCiAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5 X2Zyb21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIG1zZyk7CiB9 CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRf aW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvcGNp X2FtZF9pb21tdS5jCkBAIC0xOTUsNiArMTk1LDggQEAgaW50IF9faW5pdCBh bWRfaW92X2RldGVjdCh2b2lkKQogICAgIHsKICAgICAgICAgcHJpbnRrKCJB TUQtVmk6IE5vdCBvdmVycmlkaW5nIGlycV92ZWN0b3JfbWFwIHNldHRpbmdc biIpOwogICAgIH0KKyAgICBpZiAoICFhbWRfaW9tbXVfcGVyZGV2X2ludHJl bWFwICkKKyAgICAgICAgcHJpbnRrKFhFTkxPR19XQVJOSU5HICJBTUQtVmk6 IFVzaW5nIGdsb2JhbCBpbnRlcnJ1cHQgcmVtYXAgdGFibGUgaXMgbm90IHJl Y29tbWVuZGVkIChzZWUgWFNBLTM2KSFcbiIpOwogICAgIHJldHVybiBzY2Fu X3BjaV9kZXZpY2VzKCk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Ro cm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9p b21tdS5jCkBAIC00OSw3ICs0OSw3IEBAIGJvb2xfdCBfX3JlYWRfbW9zdGx5 IGlvbW11X3FpbnZhbCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21t dV9pbnRyZW1hcCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9o YXBfcHRfc2hhcmU7CiBib29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVf ZGVidWc7Ci1ib29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVfcGVyZGV2 X2ludHJlbWFwOworYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lvbW11X3Bl cmRldl9pbnRyZW1hcCA9IDE7CiAKIHN0YXRpYyB2b2lkIF9faW5pdCBwYXJz ZV9pb21tdV9wYXJhbShjaGFyICpzKQogewpAQCAtNzgsNiArNzgsOCBAQCBz dGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfaW9tbXVfcGFyYW0oY2hhCiAgICAg ICAgICAgICBhbWRfaW9tbXVfZGVidWcgPSAxOwogICAgICAgICBlbHNlIGlm ICggIXN0cmNtcChzLCAiYW1kLWlvbW11LXBlcmRldi1pbnRyZW1hcCIpICkK ICAgICAgICAgICAgIGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAgPSAxOwor ICAgICAgICBlbHNlIGlmICggIXN0cmNtcChzLCAiYW1kLWlvbW11LWdsb2Jh bC1pbnRyZW1hcCIpICkKKyAgICAgICAgICAgIGFtZF9pb21tdV9wZXJkZXZf aW50cmVtYXAgPSAwOwogICAgICAgICBlbHNlIGlmICggIXN0cmNtcChzLCAi ZG9tMC1wYXNzdGhyb3VnaCIpICkKICAgICAgICAgICAgIGlvbW11X3Bhc3N0 aHJvdWdoID0gMTsKICAgICAgICAgZWxzZSBpZiAoICFzdHJjbXAocywgImRv bTAtc3RyaWN0IikgKQotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2h2bS9z dm0vYW1kLWlvbW11LXByb3RvLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4 Ni9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oCkBAIC04OCw2ICs4OCwxMSBA QCB2b2lkIGFtZF9pb21tdV9yZWFkX21zaV9mcm9tX2lyZSgKIHVuc2lnbmVk IGludCBhbWRfaW9tbXVfcmVhZF9pb2FwaWNfZnJvbV9pcmUoCiAgICAgdW5z aWduZWQgaW50IGFwaWMsIHVuc2lnbmVkIGludCByZWcpOwogCitleHRlcm4g c3RydWN0IGlvYXBpY19iZGYgeworICAgIHUxNiBiZGY7CisgICAgdW5zaWdu ZWQgbG9uZyAqcGluX3NldHVwOworfSBpb2FwaWNfYmRmW107CisKIC8qIHBv d2VyIG1hbmFnZW1lbnQgc3VwcG9ydCAqLwogdm9pZCBhbWRfaW9tbXVfcmVz dW1lKHZvaWQpOwogdm9pZCBhbWRfaW9tbXVfc3VzcGVuZCh2b2lkKTsK --=separator Content-Type: application/octet-stream; name="xsa36-4.2.patch" Content-Disposition: attachment; filename="xsa36-4.2.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgotLS0g YS94ZW4vYXJjaC94ODYvaXJxLmMKKysrIGIveGVuL2FyY2gveDg2L2lycS5j CkBAIC0xOTQyLDkgKzE5NDIsNiBAQCBpbnQgbWFwX2RvbWFpbl9waXJxKAog ICAgICAgICBzcGluX2xvY2tfaXJxc2F2ZSgmZGVzYy0+bG9jaywgZmxhZ3Mp OwogICAgICAgICBzZXRfZG9tYWluX2lycV9waXJxKGQsIGlycSwgaW5mbyk7 CiAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJmRlc2MtPmxvY2ss IGZsYWdzKTsKLQotICAgICAgICBpZiAoIG9wdF9pcnFfdmVjdG9yX21hcCA9 PSBPUFRfSVJRX1ZFQ1RPUl9NQVBfUEVSREVWICkKLSAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfSU5GTyAiUGVyLWRldmljZSB2ZWN0b3IgbWFwcyBmb3Ig R1NJcyBub3QgaW1wbGVtZW50ZWQgeWV0LlxuIik7CiAgICAgfQogCiBkb25l OgotLS0gYS94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCisrKyBiL3hlbi9k cml2ZXJzL2FjcGkvdGFibGVzLmMKQEAgLTI2Nyw3ICsyNjcsNyBAQCBhY3Bp X3RhYmxlX3BhcnNlX21hZHQoZW51bSBhY3BpX21hZHRfdHlwCiAgKiBAaGFu ZGxlcjogaGFuZGxlciB0byBydW4KICAqCiAgKiBTY2FuIHRoZSBBQ1BJIFN5 c3RlbSBEZXNjcmlwdG9yIFRhYmxlIChTVEQpIGZvciBhIHRhYmxlIG1hdGNo aW5nIEBpZCwKLSAqIHJ1biBAaGFuZGxlciBvbiBpdC4gIFJldHVybiAwIGlm IHRhYmxlIGZvdW5kLCByZXR1cm4gb24gaWYgbm90LgorICogcnVuIEBoYW5k bGVyIG9uIGl0LgogICovCiBpbnQgX19pbml0IGFjcGlfdGFibGVfcGFyc2Uo Y2hhciAqaWQsIGFjcGlfdGFibGVfaGFuZGxlciBoYW5kbGVyKQogewpAQCAt MjgyLDggKzI4Miw3IEBAIGludCBfX2luaXQgYWNwaV90YWJsZV9wYXJzZShj aGFyICppZCwgYWMKIAkJYWNwaV9nZXRfdGFibGUoaWQsIDAsICZ0YWJsZSk7 CiAKIAlpZiAodGFibGUpIHsKLQkJaGFuZGxlcih0YWJsZSk7Ci0JCXJldHVy biAwOworCQlyZXR1cm4gaGFuZGxlcih0YWJsZSk7CiAJfSBlbHNlCiAJCXJl dHVybiAxOwogfQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfYWNwaS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9hY3BpLmMKQEAgLTIyLDYgKzIyLDcgQEAKICNpbmNsdWRlIDx4 ZW4vZXJybm8uaD4KICNpbmNsdWRlIDx4ZW4vYWNwaS5oPgogI2luY2x1ZGUg PGFzbS9hcGljZGVmLmg+CisjaW5jbHVkZSA8YXNtL2lvX2FwaWMuaD4KICNp bmNsdWRlIDxhc20vYW1kLWlvbW11Lmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9z dm0vYW1kLWlvbW11LXByb3RvLmg+CiAKQEAgLTYzNSw2ICs2MzYsNyBAQCBz dGF0aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAg dTE2IGhlYWRlcl9sZW5ndGgsIHUxNiBibG9ja19sZW5ndGgsIHN0cnVjdCBh bWRfaW9tbXUgKmlvbW11KQogewogICAgIHUxNiBkZXZfbGVuZ3RoLCBiZGY7 CisgICAgaW50IGFwaWM7CiAKICAgICBkZXZfbGVuZ3RoID0gc2l6ZW9mKCpz cGVjaWFsKTsKICAgICBpZiAoIGhlYWRlcl9sZW5ndGggPCAoYmxvY2tfbGVu Z3RoICsgZGV2X2xlbmd0aCkgKQpAQCAtNjUxLDEwICs2NTMsNTkgQEAgc3Rh dGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZpY2Vfc3BlYwogICAgIH0K IAogICAgIGFkZF9pdnJzX21hcHBpbmdfZW50cnkoYmRmLCBiZGYsIHNwZWNp YWwtPmhlYWRlci5kYXRhX3NldHRpbmcsIGlvbW11KTsKLSAgICAvKiBzZXQg ZGV2aWNlIGlkIG9mIGlvYXBpYyAqLwotICAgIGlvYXBpY19zYmRmW3NwZWNp YWwtPmhhbmRsZV0uYmRmID0gYmRmOwotICAgIGlvYXBpY19zYmRmW3NwZWNp YWwtPmhhbmRsZV0uc2VnID0gc2VnOwotICAgIHJldHVybiBkZXZfbGVuZ3Ro OworCisgICAgaWYgKCBzcGVjaWFsLT52YXJpZXR5ICE9IEFDUElfSVZIRF9J T0FQSUMgKQorICAgIHsKKyAgICAgICAgaWYgKCBzcGVjaWFsLT52YXJpZXR5 ICE9IEFDUElfSVZIRF9IUEVUICkKKyAgICAgICAgICAgIHByaW50ayhYRU5M T0dfRVJSICJVbnJlY29nbml6ZWQgSVZIRCBzcGVjaWFsIHZhcmlldHkgJSN4 XG4iLAorICAgICAgICAgICAgICAgICAgIHNwZWNpYWwtPnZhcmlldHkpOwor ICAgICAgICByZXR1cm4gZGV2X2xlbmd0aDsKKyAgICB9CisKKyAgICAvKgor ICAgICAqIFNvbWUgQklPU2VzIGhhdmUgSU9BUElDIGJyb2tlbiBlbnRyaWVz IHNvIHdlIGNoZWNrIGZvciBJVlJTCisgICAgICogY29uc2lzdGVuY3kgaGVy ZSAtLS0gd2hldGhlciBlbnRyeSdzIElPQVBJQyBJRCBpcyB2YWxpZCBhbmQK KyAgICAgKiB3aGV0aGVyIHRoZXJlIGFyZSBjb25mbGljdGluZy9kdXBsaWNh dGVkIGVudHJpZXMuCisgICAgICovCisgICAgZm9yICggYXBpYyA9IDA7IGFw aWMgPCBucl9pb2FwaWNzOyBhcGljKysgKQorICAgIHsKKyAgICAgICAgaWYg KCBJT19BUElDX0lEKGFwaWMpICE9IHNwZWNpYWwtPmhhbmRsZSApCisgICAg ICAgICAgICBjb250aW51ZTsKKworICAgICAgICBpZiAoIGlvYXBpY19zYmRm W3NwZWNpYWwtPmhhbmRsZV0ucGluX3NldHVwICkKKyAgICAgICAgeworICAg ICAgICAgICAgaWYgKCBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLmJk ZiA9PSBiZGYgJiYKKyAgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZbc3Bl Y2lhbC0+aGFuZGxlXS5zZWcgPT0gc2VnICkKKyAgICAgICAgICAgICAgICBB TURfSU9NTVVfREVCVUcoIklWSEQgV2FybmluZzogRHVwbGljYXRlIElPLUFQ SUMgJSN4IGVudHJpZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNwZWNpYWwtPmhhbmRsZSk7CisgICAgICAgICAgICBlbHNlCisg ICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19F UlIgIklWSEQgRXJyb3I6IENvbmZsaWN0aW5nIElPLUFQSUMgJSN4IGVudHJp ZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAgIHNwZWNpYWwtPmhhbmRs ZSk7CisgICAgICAgICAgICAgICAgaWYgKCBhbWRfaW9tbXVfcGVyZGV2X2lu dHJlbWFwICkKKyAgICAgICAgICAgICAgICAgICAgcmV0dXJuIDA7CisgICAg ICAgICAgICB9CisgICAgICAgIH0KKyAgICAgICAgZWxzZQorICAgICAgICB7 CisgICAgICAgICAgICAvKiBzZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyAqLwor ICAgICAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lhbC0+aGFuZGxlXS5iZGYg PSBiZGY7CisgICAgICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5k bGVdLnNlZyA9IHNlZzsKKworICAgICAgICAgICAgaW9hcGljX3NiZGZbc3Bl Y2lhbC0+aGFuZGxlXS5waW5fc2V0dXAgPSB4emFsbG9jX2FycmF5KAorICAg ICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcsIEJJVFNfVE9fTE9OR1MobnJf aW9hcGljX2VudHJpZXNbYXBpY10pKTsKKyAgICAgICAgICAgIGlmICggbnJf aW9hcGljX2VudHJpZXNbYXBpY10gJiYKKyAgICAgICAgICAgICAgICAgIWlv YXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCApCisgICAg ICAgICAgICB7CisgICAgICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19FUlIg IklWSEQgRXJyb3I6IE91dCBvZiBtZW1vcnlcbiIpOworICAgICAgICAgICAg ICAgIHJldHVybiAwOworICAgICAgICAgICAgfQorICAgICAgICB9CisgICAg ICAgIHJldHVybiBkZXZfbGVuZ3RoOworICAgIH0KKworICAgIHByaW50ayhY RU5MT0dfRVJSICJJVkhEIEVycm9yOiBJbnZhbGlkIElPLUFQSUMgJSN4XG4i LCBzcGVjaWFsLT5oYW5kbGUpOworICAgIHJldHVybiAwOwogfQogCiBzdGF0 aWMgaW50IF9faW5pdCBwYXJzZV9pdmhkX2Jsb2NrKGNvbnN0IHN0cnVjdCBh Y3BpX2l2cnNfaGFyZHdhcmUgKml2aGRfYmxvY2spCi0tLSBhL3hlbi9kcml2 ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbml0LmMKKysrIGIveGVuL2Ry aXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X2luaXQuYwpAQCAtMTEyNiwx MiArMTEyNiw0NSBAQCBzdGF0aWMgaW50IF9faW5pdCBhbWRfaW9tbXVfc2V0 dXBfZGV2aWNlCiAgICAgcmV0dXJuIDA7CiB9CiAKKy8qIENoZWNrIHdoZXRo ZXIgU1A1MTAwIFNBVEEgQ29tYmluZWQgbW9kZSBpcyBvbiAqLworc3RhdGlj IGJvb2xfdCBfX2luaXQgYW1kX3NwNTEwMF9lcnJhdHVtMjgodm9pZCkKK3sK KyAgICB1MzIgYnVzLCBpZDsKKyAgICB1MTYgdmVuZG9yX2lkLCBkZXZfaWQ7 CisgICAgdTggYnl0ZTsKKworICAgIGZvciAoYnVzID0gMDsgYnVzIDwgMjU2 OyBidXMrKykKKyAgICB7CisgICAgICAgIGlkID0gcGNpX2NvbmZfcmVhZDMy KDAsIGJ1cywgMHgxNCwgMCwgUENJX1ZFTkRPUl9JRCk7CisKKyAgICAgICAg dmVuZG9yX2lkID0gaWQgJiAweGZmZmY7CisgICAgICAgIGRldl9pZCA9IChp ZCA+PiAxNikgJiAweGZmZmY7CisKKyAgICAgICAgLyogU1A1MTAwIFNNQnVz IG1vZHVsZSBzZXRzIENvbWJpbmVkIG1vZGUgb24gKi8KKyAgICAgICAgaWYg KHZlbmRvcl9pZCAhPSAweDEwMDIgfHwgZGV2X2lkICE9IDB4NDM4NSkKKyAg ICAgICAgICAgIGNvbnRpbnVlOworCisgICAgICAgIGJ5dGUgPSBwY2lfY29u Zl9yZWFkOCgwLCBidXMsIDB4MTQsIDAsIDB4YWQpOworICAgICAgICBpZiAo IChieXRlID4+IDMpICYgMSApCisgICAgICAgIHsKKyAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfV0FSTklORyAiQU1ELVZpOiBTUDUxMDAgZXJyYXR1bSAy OCBkZXRlY3RlZCwgZGlzYWJsaW5nIElPTU1VLlxuIgorICAgICAgICAgICAg ICAgICAgICJJZiBwb3NzaWJsZSwgZGlzYWJsZSBTQVRBIENvbWJpbmVkIG1v ZGUgaW4gQklPUyBvciBjb250YWN0IHlvdXIgdmVuZG9yIGZvciBCSU9TIHVw ZGF0ZS5cbiIpOworICAgICAgICAgICAgcmV0dXJuIDE7CisgICAgICAgIH0K KyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKwogaW50IF9faW5pdCBhbWRf aW9tbXVfaW5pdCh2b2lkKQogewogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlv bW11OwogCiAgICAgQlVHX09OKCAhaW9tbXVfZm91bmQoKSApOwogCisgICAg aWYgKCBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICYmIGFtZF9zcDUxMDBf ZXJyYXR1bTI4KCkgKQorICAgICAgICBnb3RvIGVycm9yX291dDsKKwogICAg IGl2cnNfYmRmX2VudHJpZXMgPSBhbWRfaW9tbXVfZ2V0X2l2cnNfZGV2X2Vu dHJpZXMoKTsKIAogICAgIGlmICggIWl2cnNfYmRmX2VudHJpZXMgKQotLS0g YS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW50ci5jCisr KyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbnRyLmMK QEAgLTk5LDEyICs5OSwxMiBAQCBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVt YXBfZW50cnkodTMyKiBlCiBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBf ZW50cnlfZnJvbV9pb2FwaWMoCiAgICAgaW50IGJkZiwKICAgICBzdHJ1Y3Qg YW1kX2lvbW11ICppb21tdSwKLSAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9l bnRyeSAqaW9hcGljX3J0ZSkKKyAgICBjb25zdCBzdHJ1Y3QgSU9fQVBJQ19y b3V0ZV9lbnRyeSAqcnRlLAorICAgIGNvbnN0IHN0cnVjdCBJT19BUElDX3Jv dXRlX2VudHJ5ICpvbGRfcnRlKQogewogICAgIHVuc2lnbmVkIGxvbmcgZmxh Z3M7CiAgICAgdTMyKiBlbnRyeTsKICAgICB1OCBkZWxpdmVyeV9tb2RlLCBk ZXN0LCB2ZWN0b3IsIGRlc3RfbW9kZTsKLSAgICBzdHJ1Y3QgSU9fQVBJQ19y b3V0ZV9lbnRyeSAqcnRlID0gaW9hcGljX3J0ZTsKICAgICBpbnQgcmVxX2lk OwogICAgIHNwaW5sb2NrX3QgKmxvY2s7CiAgICAgaW50IG9mZnNldDsKQEAg LTEyMCw2ICsxMjAsMTQgQEAgc3RhdGljIHZvaWQgdXBkYXRlX2ludHJlbWFw X2VudHJ5X2Zyb21faQogICAgIHNwaW5fbG9ja19pcnFzYXZlKGxvY2ssIGZs YWdzKTsKIAogICAgIG9mZnNldCA9IGdldF9pbnRyZW1hcF9vZmZzZXQodmVj dG9yLCBkZWxpdmVyeV9tb2RlKTsKKyAgICBpZiAoIG9sZF9ydGUgKQorICAg IHsKKyAgICAgICAgaW50IG9sZF9vZmZzZXQgPSBnZXRfaW50cmVtYXBfb2Zm c2V0KG9sZF9ydGUtPnZlY3RvciwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIG9sZF9ydGUtPmRlbGl2ZXJ5X21vZGUp OworCisgICAgICAgIGlmICggb2Zmc2V0ICE9IG9sZF9vZmZzZXQgKQorICAg ICAgICAgICAgZnJlZV9pbnRyZW1hcF9lbnRyeShpb21tdS0+c2VnLCBiZGYs IG9sZF9vZmZzZXQpOworICAgIH0KICAgICBlbnRyeSA9ICh1MzIqKWdldF9p bnRyZW1hcF9lbnRyeShpb21tdS0+c2VnLCByZXFfaWQsIG9mZnNldCk7CiAg ICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5KGVudHJ5LCB2ZWN0b3IsIGRlbGl2 ZXJ5X21vZGUsIGRlc3RfbW9kZSwgZGVzdCk7CiAKQEAgLTE4OCw2ICsxOTYs NyBAQCBpbnQgX19pbml0IGFtZF9pb21tdV9zZXR1cF9pb2FwaWNfcmVtYXBw CiAgICAgICAgICAgICAgICAgYW1kX2lvbW11X2ZsdXNoX2ludHJlbWFwKGlv bW11LCByZXFfaWQpOwogICAgICAgICAgICAgICAgIHNwaW5fdW5sb2NrX2ly cXJlc3RvcmUoJmlvbW11LT5sb2NrLCBmbGFncyk7CiAgICAgICAgICAgICB9 CisgICAgICAgICAgICBzZXRfYml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJ Q19JRChhcGljKV0ucGluX3NldHVwKTsKICAgICAgICAgfQogICAgIH0KICAg ICByZXR1cm4gMDsKQEAgLTE5OSw2ICsyMDgsNyBAQCB2b2lkIGFtZF9pb21t dV9pb2FwaWNfdXBkYXRlX2lyZSgKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0 ZV9lbnRyeSBvbGRfcnRlID0geyAwIH07CiAgICAgc3RydWN0IElPX0FQSUNf cm91dGVfZW50cnkgbmV3X3J0ZSA9IHsgMCB9OwogICAgIHVuc2lnbmVkIGlu dCBydGVfbG8gPSAocmVnICYgMSkgPyByZWcgLSAxIDogcmVnOworICAgIHVu c2lnbmVkIGludCBwaW4gPSAocmVnIC0gMHgxMCkgLyAyOwogICAgIGludCBz YXZlZF9tYXNrLCBzZWcsIGJkZjsKICAgICBzdHJ1Y3QgYW1kX2lvbW11ICpp b21tdTsKIApAQCAtMjM2LDYgKzI0NiwxNCBAQCB2b2lkIGFtZF9pb21tdV9p b2FwaWNfdXBkYXRlX2lyZSgKICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRl KSArIDEpID0gdmFsdWU7CiAgICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1h c2sgJiYKKyAgICAgICAgICF0ZXN0X2JpdChwaW4sIGlvYXBpY19zYmRmW0lP X0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCkgKQorICAgIHsKKyAgICAgICAg QVNTRVJUKHNhdmVkX21hc2spOworICAgICAgICBfX2lvX2FwaWNfd3JpdGUo YXBpYywgcmVnLCB2YWx1ZSk7CisgICAgICAgIHJldHVybjsKKyAgICB9CisK ICAgICAvKiBtYXNrIHRoZSBpbnRlcnJ1cHQgd2hpbGUgd2UgY2hhbmdlIHRo ZSBpbnRyZW1hcCB0YWJsZSAqLwogICAgIGlmICggIXNhdmVkX21hc2sgKQog ICAgIHsKQEAgLTI0NCw3ICsyNjIsMTEgQEAgdm9pZCBhbWRfaW9tbXVfaW9h cGljX3VwZGF0ZV9pcmUoCiAgICAgfQogCiAgICAgLyogVXBkYXRlIGludGVy cnVwdCByZW1hcHBpbmcgZW50cnkgKi8KLSAgICB1cGRhdGVfaW50cmVtYXBf ZW50cnlfZnJvbV9pb2FwaWMoYmRmLCBpb21tdSwgJm5ld19ydGUpOworICAg IHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lvYXBpYygKKyAgICAgICAg YmRmLCBpb21tdSwgJm5ld19ydGUsCisgICAgICAgIHRlc3RfYW5kX3NldF9i aXQocGluLAorICAgICAgICAgICAgICAgICAgICAgICAgIGlvYXBpY19zYmRm W0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCkgPyAmb2xkX3J0ZQorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgOiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQg d3JpdGUgYWNjZXNzIHRvIElPLUFQSUMgUlRFICovCiAgICAgX19pb19hcGlj X3dyaXRlKGFwaWMsIHJlZywgdmFsdWUpOwpAQCAtMzU0LDYgKzM3NiwxMiBA QCB2b2lkIGFtZF9pb21tdV9tc2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAg IHJldHVybjsKICAgICB9CiAKKyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9p bmRleCA+PSAwICkKKyAgICAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zy b21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIE5VTEwpOworCisg ICAgaWYgKCAhbXNnICkKKyAgICAgICAgcmV0dXJuOworCiAgICAgdXBkYXRl X2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNp X2Rlc2MsIG1zZyk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91 Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jCkBAIC0yMDUsNiArMjA1LDgg QEAgaW50IF9faW5pdCBhbWRfaW92X2RldGVjdCh2b2lkKQogICAgIHsKICAg ICAgICAgcHJpbnRrKCJBTUQtVmk6IE5vdCBvdmVycmlkaW5nIGlycV92ZWN0 b3JfbWFwIHNldHRpbmdcbiIpOwogICAgIH0KKyAgICBpZiAoICFhbWRfaW9t bXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgcHJpbnRrKFhFTkxPR19X QVJOSU5HICJBTUQtVmk6IFVzaW5nIGdsb2JhbCBpbnRlcnJ1cHQgcmVtYXAg dGFibGUgaXMgbm90IHJlY29tbWVuZGVkIChzZWUgWFNBLTM2KSFcbiIpOwog ICAgIHJldHVybiBzY2FuX3BjaV9kZXZpY2VzKCk7CiB9CiAKLS0tIGEveGVu L2RyaXZlcnMvcGFzc3Rocm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9pb21tdS5jCkBAIC01Miw3ICs1Miw3IEBAIGJvb2xf dCBfX3JlYWRfbW9zdGx5IGlvbW11X3FpbnZhbCA9IDE7CiBib29sX3QgX19y ZWFkX21vc3RseSBpb21tdV9pbnRyZW1hcCA9IDE7CiBib29sX3QgX19yZWFk X21vc3RseSBpb21tdV9oYXBfcHRfc2hhcmUgPSAxOwogYm9vbF90IF9fcmVh ZF9tb3N0bHkgaW9tbXVfZGVidWc7Ci1ib29sX3QgX19yZWFkX21vc3RseSBh bWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwOworYm9vbF90IF9fcmVhZF9tb3N0 bHkgYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCA9IDE7CiAKIERFRklORV9Q RVJfQ1BVKGJvb2xfdCwgaW9tbXVfZG9udF9mbHVzaF9pb3RsYik7CiAKLS0t IGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9odm0vc3ZtL2FtZC1pb21tdS1wcm90 by5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvaHZtL3N2bS9hbWQtaW9t bXUtcHJvdG8uaApAQCAtMTAwLDYgKzEwMCw3IEBAIHZvaWQgYW1kX2lvbW11 X3JlYWRfbXNpX2Zyb21faXJlKAogCiBleHRlcm4gc3RydWN0IGlvYXBpY19z YmRmIHsKICAgICB1MTYgYmRmLCBzZWc7CisgICAgdW5zaWduZWQgbG9uZyAq cGluX3NldHVwOwogfSBpb2FwaWNfc2JkZltNQVhfSU9fQVBJQ1NdOwogZXh0 ZXJuIHZvaWQgKnNoYXJlZF9pbnRyZW1hcF90YWJsZTsKIAo= --=separator Content-Type: application/octet-stream; name="xsa36-unstable.patch" Content-Disposition: attachment; filename="xsa36-unstable.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgotLS0g YS94ZW4vYXJjaC94ODYvaXJxLmMKKysrIGIveGVuL2FyY2gveDg2L2lycS5j CkBAIC0xOTQzLDkgKzE5NDMsNiBAQCBpbnQgbWFwX2RvbWFpbl9waXJxKAog ICAgICAgICBzcGluX2xvY2tfaXJxc2F2ZSgmZGVzYy0+bG9jaywgZmxhZ3Mp OwogICAgICAgICBzZXRfZG9tYWluX2lycV9waXJxKGQsIGlycSwgaW5mbyk7 CiAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJmRlc2MtPmxvY2ss IGZsYWdzKTsKLQotICAgICAgICBpZiAoIG9wdF9pcnFfdmVjdG9yX21hcCA9 PSBPUFRfSVJRX1ZFQ1RPUl9NQVBfUEVSREVWICkKLSAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfSU5GTyAiUGVyLWRldmljZSB2ZWN0b3IgbWFwcyBmb3Ig R1NJcyBub3QgaW1wbGVtZW50ZWQgeWV0LlxuIik7CiAgICAgfQogCiBkb25l OgotLS0gYS94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCisrKyBiL3hlbi9k cml2ZXJzL2FjcGkvdGFibGVzLmMKQEAgLTI2NSw3ICsyNjUsNyBAQCBhY3Bp X3RhYmxlX3BhcnNlX21hZHQoZW51bSBhY3BpX21hZHRfdHlwCiAgKiBAaGFu ZGxlcjogaGFuZGxlciB0byBydW4KICAqCiAgKiBTY2FuIHRoZSBBQ1BJIFN5 c3RlbSBEZXNjcmlwdG9yIFRhYmxlIChTVEQpIGZvciBhIHRhYmxlIG1hdGNo aW5nIEBpZCwKLSAqIHJ1biBAaGFuZGxlciBvbiBpdC4gIFJldHVybiAwIGlm IHRhYmxlIGZvdW5kLCByZXR1cm4gb24gaWYgbm90LgorICogcnVuIEBoYW5k bGVyIG9uIGl0LgogICovCiBpbnQgX19pbml0IGFjcGlfdGFibGVfcGFyc2Uo Y2hhciAqaWQsIGFjcGlfdGFibGVfaGFuZGxlciBoYW5kbGVyKQogewpAQCAt MjgwLDggKzI4MCw3IEBAIGludCBfX2luaXQgYWNwaV90YWJsZV9wYXJzZShj aGFyICppZCwgYWMKIAkJYWNwaV9nZXRfdGFibGUoaWQsIDAsICZ0YWJsZSk7 CiAKIAlpZiAodGFibGUpIHsKLQkJaGFuZGxlcih0YWJsZSk7Ci0JCXJldHVy biAwOworCQlyZXR1cm4gaGFuZGxlcih0YWJsZSk7CiAJfSBlbHNlCiAJCXJl dHVybiAxOwogfQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfYWNwaS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9hY3BpLmMKQEAgLTIyLDYgKzIyLDcgQEAKICNpbmNsdWRlIDx4 ZW4vZXJybm8uaD4KICNpbmNsdWRlIDx4ZW4vYWNwaS5oPgogI2luY2x1ZGUg PGFzbS9hcGljZGVmLmg+CisjaW5jbHVkZSA8YXNtL2lvX2FwaWMuaD4KICNp bmNsdWRlIDxhc20vYW1kLWlvbW11Lmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9z dm0vYW1kLWlvbW11LXByb3RvLmg+CiAKQEAgLTYzNyw2ICs2MzgsNyBAQCBz dGF0aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAg dTE2IGhlYWRlcl9sZW5ndGgsIHUxNiBibG9ja19sZW5ndGgsIHN0cnVjdCBh bWRfaW9tbXUgKmlvbW11KQogewogICAgIHUxNiBkZXZfbGVuZ3RoLCBiZGY7 CisgICAgaW50IGFwaWM7CiAKICAgICBkZXZfbGVuZ3RoID0gc2l6ZW9mKCpz cGVjaWFsKTsKICAgICBpZiAoIGhlYWRlcl9sZW5ndGggPCAoYmxvY2tfbGVu Z3RoICsgZGV2X2xlbmd0aCkgKQpAQCAtNjU3LDkgKzY1OSw1MyBAQCBzdGF0 aWMgdTE2IF9faW5pdCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAgc3dp dGNoICggc3BlY2lhbC0+dmFyaWV0eSApCiAgICAgewogICAgIGNhc2UgQUNQ SV9JVkhEX0lPQVBJQzoKLSAgICAvKiBzZXQgZGV2aWNlIGlkIG9mIGlvYXBp YyAqLwotICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLmJk ZiA9IGJkZjsKLSAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lhbC0+aGFuZGxl XS5zZWcgPSBzZWc7CisgICAgICAgIC8qCisgICAgICAgICAqIFNvbWUgQklP U2VzIGhhdmUgSU9BUElDIGJyb2tlbiBlbnRyaWVzIHNvIHdlIGNoZWNrIGZv ciBJVlJTCisgICAgICAgICAqIGNvbnNpc3RlbmN5IGhlcmUgLS0tIHdoZXRo ZXIgZW50cnkncyBJT0FQSUMgSUQgaXMgdmFsaWQgYW5kCisgICAgICAgICAq IHdoZXRoZXIgdGhlcmUgYXJlIGNvbmZsaWN0aW5nL2R1cGxpY2F0ZWQgZW50 cmllcy4KKyAgICAgICAgICovCisgICAgICAgIGZvciAoIGFwaWMgPSAwOyBh cGljIDwgbnJfaW9hcGljczsgYXBpYysrICkKKyAgICAgICAgeworICAgICAg ICAgICAgaWYgKCBJT19BUElDX0lEKGFwaWMpICE9IHNwZWNpYWwtPmhhbmRs ZSApCisgICAgICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgICAg IGlmICggaW9hcGljX3NiZGZbc3BlY2lhbC0+aGFuZGxlXS5waW5fc2V0dXAg KQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIGlmICggaW9hcGlj X3NiZGZbc3BlY2lhbC0+aGFuZGxlXS5iZGYgPT0gYmRmICYmCisgICAgICAg ICAgICAgICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLnNl ZyA9PSBzZWcgKQorICAgICAgICAgICAgICAgICAgICBBTURfSU9NTVVfREVC VUcoIklWSEQgV2FybmluZzogRHVwbGljYXRlIElPLUFQSUMgJSN4IGVudHJp ZXNcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBz cGVjaWFsLT5oYW5kbGUpOworICAgICAgICAgICAgICAgIGVsc2UKKyAgICAg ICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgICAgIHByaW50ayhYRU5M T0dfRVJSICJJVkhEIEVycm9yOiBDb25mbGljdGluZyBJTy1BUElDICUjeCBl bnRyaWVzXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgc3BlY2lh bC0+aGFuZGxlKTsKKyAgICAgICAgICAgICAgICAgICAgaWYgKCBhbWRfaW9t bXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgICAgICAgICAgICAgICAg IHJldHVybiAwOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH0K KyAgICAgICAgICAgIGVsc2UKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAg ICAgICAvKiBzZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyAqLworICAgICAgICAg ICAgICAgIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0uYmRmID0gYmRm OworICAgICAgICAgICAgICAgIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRs ZV0uc2VnID0gc2VnOworCisgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZb c3BlY2lhbC0+aGFuZGxlXS5waW5fc2V0dXAgPSB4emFsbG9jX2FycmF5KAor ICAgICAgICAgICAgICAgICAgICB1bnNpZ25lZCBsb25nLCBCSVRTX1RPX0xP TkdTKG5yX2lvYXBpY19lbnRyaWVzW2FwaWNdKSk7CisgICAgICAgICAgICAg ICAgaWYgKCBucl9pb2FwaWNfZW50cmllc1thcGljXSAmJgorICAgICAgICAg ICAgICAgICAgICAgIWlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBp bl9zZXR1cCApCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAg ICAgICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogT3V0IG9mIG1l bW9yeVxuIik7CisgICAgICAgICAgICAgICAgICAgIHJldHVybiAwOworICAg ICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIGJy ZWFrOworICAgICAgICB9CisgICAgICAgIGlmICggYXBpYyA9PSBucl9pb2Fw aWNzICkKKyAgICAgICAgeworICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19F UlIgIklWSEQgRXJyb3I6IEludmFsaWQgSU8tQVBJQyAlI3hcbiIsCisgICAg ICAgICAgICAgICAgICAgc3BlY2lhbC0+aGFuZGxlKTsKKyAgICAgICAgICAg IHJldHVybiAwOworICAgICAgICB9CiAgICAgICAgIGJyZWFrOwogICAgIGNh c2UgQUNQSV9JVkhEX0hQRVQ6CiAgICAgICAgIC8qIHNldCBkZXZpY2UgaWQg b2YgaHBldCAqLwotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfaW5pdC5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9pbml0LmMKQEAgLTExMjAsMTIgKzExMjAsNDUgQEAgc3RhdGlj IGludCBfX2luaXQgYW1kX2lvbW11X3NldHVwX2RldmljZQogICAgIHJldHVy biAwOwogfQogCisvKiBDaGVjayB3aGV0aGVyIFNQNTEwMCBTQVRBIENvbWJp bmVkIG1vZGUgaXMgb24gKi8KK3N0YXRpYyBib29sX3QgX19pbml0IGFtZF9z cDUxMDBfZXJyYXR1bTI4KHZvaWQpCit7CisgICAgdTMyIGJ1cywgaWQ7Cisg ICAgdTE2IHZlbmRvcl9pZCwgZGV2X2lkOworICAgIHU4IGJ5dGU7CisKKyAg ICBmb3IgKGJ1cyA9IDA7IGJ1cyA8IDI1NjsgYnVzKyspCisgICAgeworICAg ICAgICBpZCA9IHBjaV9jb25mX3JlYWQzMigwLCBidXMsIDB4MTQsIDAsIFBD SV9WRU5ET1JfSUQpOworCisgICAgICAgIHZlbmRvcl9pZCA9IGlkICYgMHhm ZmZmOworICAgICAgICBkZXZfaWQgPSAoaWQgPj4gMTYpICYgMHhmZmZmOwor CisgICAgICAgIC8qIFNQNTEwMCBTTUJ1cyBtb2R1bGUgc2V0cyBDb21iaW5l ZCBtb2RlIG9uICovCisgICAgICAgIGlmICh2ZW5kb3JfaWQgIT0gMHgxMDAy IHx8IGRldl9pZCAhPSAweDQzODUpCisgICAgICAgICAgICBjb250aW51ZTsK KworICAgICAgICBieXRlID0gcGNpX2NvbmZfcmVhZDgoMCwgYnVzLCAweDE0 LCAwLCAweGFkKTsKKyAgICAgICAgaWYgKCAoYnl0ZSA+PiAzKSAmIDEgKQor ICAgICAgICB7CisgICAgICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5JTkcg IkFNRC1WaTogU1A1MTAwIGVycmF0dW0gMjggZGV0ZWN0ZWQsIGRpc2FibGlu ZyBJT01NVS5cbiIKKyAgICAgICAgICAgICAgICAgICAiSWYgcG9zc2libGUs IGRpc2FibGUgU0FUQSBDb21iaW5lZCBtb2RlIGluIEJJT1Mgb3IgY29udGFj dCB5b3VyIHZlbmRvciBmb3IgQklPUyB1cGRhdGUuXG4iKTsKKyAgICAgICAg ICAgIHJldHVybiAxOworICAgICAgICB9CisgICAgfQorCisgICAgcmV0dXJu IDA7Cit9CisKIGludCBfX2luaXQgYW1kX2lvbW11X2luaXQodm9pZCkKIHsK ICAgICBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdTsKIAogICAgIEJVR19PTigg IWlvbW11X2ZvdW5kKCkgKTsKIAorICAgIGlmICggYW1kX2lvbW11X3BlcmRl dl9pbnRyZW1hcCAmJiBhbWRfc3A1MTAwX2VycmF0dW0yOCgpICkKKyAgICAg ICAgZ290byBlcnJvcl9vdXQ7CisKICAgICBpdnJzX2JkZl9lbnRyaWVzID0g YW1kX2lvbW11X2dldF9pdnJzX2Rldl9lbnRyaWVzKCk7CiAKICAgICBpZiAo ICFpdnJzX2JkZl9lbnRyaWVzICkKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Ro cm91Z2gvYW1kL2lvbW11X2ludHIuYworKysgYi94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9hbWQvaW9tbXVfaW50ci5jCkBAIC0xMDAsMTIgKzEwMCwxMiBA QCBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50cnkodTMyKiBlCiBz dGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9pb2FwaWMo CiAgICAgaW50IGJkZiwKICAgICBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSwK LSAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqaW9hcGljX3J0ZSkK KyAgICBjb25zdCBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqcnRlLAor ICAgIGNvbnN0IHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICpvbGRfcnRl KQogewogICAgIHVuc2lnbmVkIGxvbmcgZmxhZ3M7CiAgICAgdTMyKiBlbnRy eTsKICAgICB1OCBkZWxpdmVyeV9tb2RlLCBkZXN0LCB2ZWN0b3IsIGRlc3Rf bW9kZTsKLSAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqcnRlID0g aW9hcGljX3J0ZTsKICAgICBpbnQgcmVxX2lkOwogICAgIHNwaW5sb2NrX3Qg KmxvY2s7CiAgICAgaW50IG9mZnNldDsKQEAgLTEyMSw2ICsxMjEsMTQgQEAg c3RhdGljIHZvaWQgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faQogICAg IHNwaW5fbG9ja19pcnFzYXZlKGxvY2ssIGZsYWdzKTsKIAogICAgIG9mZnNl dCA9IGdldF9pbnRyZW1hcF9vZmZzZXQodmVjdG9yLCBkZWxpdmVyeV9tb2Rl KTsKKyAgICBpZiAoIG9sZF9ydGUgKQorICAgIHsKKyAgICAgICAgaW50IG9s ZF9vZmZzZXQgPSBnZXRfaW50cmVtYXBfb2Zmc2V0KG9sZF9ydGUtPnZlY3Rv ciwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIG9sZF9ydGUtPmRlbGl2ZXJ5X21vZGUpOworCisgICAgICAgIGlmICgg b2Zmc2V0ICE9IG9sZF9vZmZzZXQgKQorICAgICAgICAgICAgZnJlZV9pbnRy ZW1hcF9lbnRyeShpb21tdS0+c2VnLCBiZGYsIG9sZF9vZmZzZXQpOworICAg IH0KICAgICBlbnRyeSA9ICh1MzIqKWdldF9pbnRyZW1hcF9lbnRyeShpb21t dS0+c2VnLCByZXFfaWQsIG9mZnNldCk7CiAgICAgdXBkYXRlX2ludHJlbWFw X2VudHJ5KGVudHJ5LCB2ZWN0b3IsIGRlbGl2ZXJ5X21vZGUsIGRlc3RfbW9k ZSwgZGVzdCk7CiAKQEAgLTE4OSw2ICsxOTcsNyBAQCBpbnQgX19pbml0IGFt ZF9pb21tdV9zZXR1cF9pb2FwaWNfcmVtYXBwCiAgICAgICAgICAgICAgICAg YW1kX2lvbW11X2ZsdXNoX2ludHJlbWFwKGlvbW11LCByZXFfaWQpOwogICAg ICAgICAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJmlvbW11LT5s b2NrLCBmbGFncyk7CiAgICAgICAgICAgICB9CisgICAgICAgICAgICBzZXRf Yml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3Nl dHVwKTsKICAgICAgICAgfQogICAgIH0KICAgICByZXR1cm4gMDsKQEAgLTIw MCw2ICsyMDksNyBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2ly ZSgKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSBvbGRfcnRlID0g eyAwIH07CiAgICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgbmV3X3J0 ZSA9IHsgMCB9OwogICAgIHVuc2lnbmVkIGludCBydGVfbG8gPSAocmVnICYg MSkgPyByZWcgLSAxIDogcmVnOworICAgIHVuc2lnbmVkIGludCBwaW4gPSAo cmVnIC0gMHgxMCkgLyAyOwogICAgIGludCBzYXZlZF9tYXNrLCBzZWcsIGJk ZjsKICAgICBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdTsKIApAQCAtMjM3LDYg KzI0NywxNCBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2lyZSgK ICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRlKSArIDEpID0gdmFsdWU7CiAg ICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1hc2sgJiYKKyAgICAgICAgICF0 ZXN0X2JpdChwaW4sIGlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBp bl9zZXR1cCkgKQorICAgIHsKKyAgICAgICAgQVNTRVJUKHNhdmVkX21hc2sp OworICAgICAgICBfX2lvX2FwaWNfd3JpdGUoYXBpYywgcmVnLCB2YWx1ZSk7 CisgICAgICAgIHJldHVybjsKKyAgICB9CisKICAgICAvKiBtYXNrIHRoZSBp bnRlcnJ1cHQgd2hpbGUgd2UgY2hhbmdlIHRoZSBpbnRyZW1hcCB0YWJsZSAq LwogICAgIGlmICggIXNhdmVkX21hc2sgKQogICAgIHsKQEAgLTI0NSw3ICsy NjMsMTEgQEAgdm9pZCBhbWRfaW9tbXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAg ICAgfQogCiAgICAgLyogVXBkYXRlIGludGVycnVwdCByZW1hcHBpbmcgZW50 cnkgKi8KLSAgICB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9pb2FwaWMo YmRmLCBpb21tdSwgJm5ld19ydGUpOworICAgIHVwZGF0ZV9pbnRyZW1hcF9l bnRyeV9mcm9tX2lvYXBpYygKKyAgICAgICAgYmRmLCBpb21tdSwgJm5ld19y dGUsCisgICAgICAgIHRlc3RfYW5kX3NldF9iaXQocGluLAorICAgICAgICAg ICAgICAgICAgICAgICAgIGlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyld LnBpbl9zZXR1cCkgPyAmb2xkX3J0ZQorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg OiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQgd3JpdGUgYWNjZXNzIHRvIElP LUFQSUMgUlRFICovCiAgICAgX19pb19hcGljX3dyaXRlKGFwaWMsIHJlZywg dmFsdWUpOwpAQCAtMzU2LDYgKzM3OCwxMiBAQCB2b2lkIGFtZF9pb21tdV9t c2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAgIHJldHVybjsKICAgICB9CiAK KyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9pbmRleCA+PSAwICkKKyAgICAg ICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21zZyhpb21tdSwg YmRmLCBtc2lfZGVzYywgTlVMTCk7CisKKyAgICBpZiAoICFtc2cgKQorICAg ICAgICByZXR1cm47CisKICAgICB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJv bV9tc2lfbXNnKGlvbW11LCBiZGYsIG1zaV9kZXNjLCBtc2cpOwogfQogCi0t LSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9wY2lfYW1kX2lvbW11 LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRf aW9tbXUuYwpAQCAtMjA4LDYgKzIwOCw4IEBAIGludCBfX2luaXQgYW1kX2lv dl9kZXRlY3Qodm9pZCkKICAgICB7CiAgICAgICAgIHByaW50aygiQU1ELVZp OiBOb3Qgb3ZlcnJpZGluZyBpcnFfdmVjdG9yX21hcCBzZXR0aW5nXG4iKTsK ICAgICB9CisgICAgaWYgKCAhYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCAp CisgICAgICAgIHByaW50ayhYRU5MT0dfV0FSTklORyAiQU1ELVZpOiBVc2lu ZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwIHRhYmxlIGlzIG5vdCByZWNvbW1l bmRlZCAoc2VlIFhTQS0zNikhXG4iKTsKICAgICByZXR1cm4gc2Nhbl9wY2lf ZGV2aWNlcygpOwogfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdo L2lvbW11LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvaW9tbXUu YwpAQCAtNTMsNyArNTMsNyBAQCBib29sX3QgX19yZWFkX21vc3RseSBpb21t dV9xaW52YWwgPSAxOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfaW50 cmVtYXAgPSAxOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfaGFwX3B0 X3NoYXJlID0gMTsKIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlvbW11X2RlYnVn OwotYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lvbW11X3BlcmRldl9pbnRy ZW1hcDsKK2Jvb2xfdCBfX3JlYWRfbW9zdGx5IGFtZF9pb21tdV9wZXJkZXZf aW50cmVtYXAgPSAxOwogCiBERUZJTkVfUEVSX0NQVShib29sX3QsIGlvbW11 X2RvbnRfZmx1c2hfaW90bGIpOwogCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS14 ODYvaHZtL3N2bS9hbWQtaW9tbXUtcHJvdG8uaAorKysgYi94ZW4vaW5jbHVk ZS9hc20teDg2L2h2bS9zdm0vYW1kLWlvbW11LXByb3RvLmgKQEAgLTEwMSw2 ICsxMDEsNyBAQCBpbnQgYW1kX3NldHVwX2hwZXRfbXNpKHN0cnVjdCBtc2lf ZGVzYyAqCiAKIGV4dGVybiBzdHJ1Y3QgaW9hcGljX3NiZGYgewogICAgIHUx NiBiZGYsIHNlZzsKKyAgICB1bnNpZ25lZCBsb25nICpwaW5fc2V0dXA7CiB9 IGlvYXBpY19zYmRmW01BWF9JT19BUElDU107CiBleHRlcm4gdm9pZCAqc2hh cmVkX2ludHJlbWFwX3RhYmxlOwogCg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:18:03 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:18:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iO0-0007yz-11; Tue, 05 Feb 2013 13:16:32 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iNy-0007xy-Q3; Tue, 05 Feb 2013 13:16:31 +0000 Received: from [193.109.254.147:30992] by server-15.bemta-14.messagelabs.com id 2E/C5-24599-D2601115; Tue, 05 Feb 2013 13:16:29 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-9.tower-27.messagelabs.com!1360070124!9615039!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14883 invoked from network); 5 Feb 2013 13:15:26 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-9.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:26 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMo-0003am-0E; Tue, 05 Feb 2013 13:15:18 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMn-0008As-4b; Tue, 05 Feb 2013 13:15:17 +0000 Date: Tue, 05 Feb 2013 13:15:17 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0231 / XSA-43 version 2 Linux pciback DoS via not rate limited log messages. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Xen's PCI backend drivers in Linux allow a guest with assigned PCI device(s) to cause a DoS through a flood of kernel messages, potentially affecting other domains in the system. IMPACT ====== A malicious guest can mount a DoS affecting the entire system. VULNERABLE SYSTEMS ================== All systems running guests with access to passed through PCI devices are vulnerable. Both mainline ("pvops") and classic-Xen patch kernels are affected. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa43-pvops.patch Apply to mainline Linux 3.8-rc5. xsa43-classic.patch Apply to linux-2.6.18-xen tree. $ sha256sum xsa43*.patch 4dec2d9b043bce2b8b54578573ba254fa7e6cbf4640cd100f40d8bf8a5a6a470 xsa43-classic.patch 6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8 xsa43-pvops.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI+AAoJEIP+FMlX6CvZkoEH/2sIEO+1qLiHTde/UJznrvr8 R8MDNC5tqXVLtbPjScoTItMHaPfz33lcypz9UFknHepdwZKhRrcuqy4E79lxeXDG BybbbbfNfJPeUG44O1fkyJTJys0xRBnAGzWInZZwq+gWRaJv+JNhzinFujvLNDJV 4m2ObnSwT1mx/9CjRxWGakKDhPcZSGmWIicyN5tueNKdWbAjSqiR/J8N5W+QJiCm +BzjzYpfUqn0vKOlARQIMshzqFjYVTnoHFZf/4Hl7ogIibxfGGo5t05pzBoAlIgj nTizW2Bxs9XM1NaFsZ2ESg8KVDTFSHS+jsMtdl0bWoHwRs6nNMQJJTjTPHXspCQ= =5o5U -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa43-classic.patch" Content-Disposition: attachment; filename="xsa43-classic.patch" Content-Transfer-Encoding: base64 cGNpYmFjazogcmF0ZSBsaW1pdCBlcnJvciBtZXNzYWdlIGZyb20gcGNpYmFj a19lbmFibGVfbXNpKCkKCi4uLiBhcyBiZWluZyBndWVzdCB0cmlnZ2VyYWJs ZSAoZS5nLiBieSBpbnZva2luZyBYRU5fUENJX09QX2VuYWJsZV9tc2kKb24g YSBkZXZpY2Ugbm90IGJlaW5nIE1TSSBjYXBhYmxlKS4KClRoaXMgaXMgQ1ZF LTIwMTMtMDIzMSAvIFhTQS00My4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL2RyaXZlcnMveGVuL3Bj aWJhY2svY29uZl9zcGFjZV9jYXBhYmlsaXR5X21zaS5jCisrKyBiL2RyaXZl cnMveGVuL3BjaWJhY2svY29uZl9zcGFjZV9jYXBhYmlsaXR5X21zaS5jCkBA IC0xMSwxMyArMTEsMTIgQEAKIGludCBwY2liYWNrX2VuYWJsZV9tc2koc3Ry dWN0IHBjaWJhY2tfZGV2aWNlICpwZGV2LAogCQlzdHJ1Y3QgcGNpX2RldiAq ZGV2LCBzdHJ1Y3QgeGVuX3BjaV9vcCAqb3ApCiB7Ci0JaW50IG90aGVyZW5k ID0gcGRldi0+eGRldi0+b3RoZXJlbmRfaWQ7Ci0JaW50IHN0YXR1czsKLQot CXN0YXR1cyA9IHBjaV9lbmFibGVfbXNpKGRldik7CisJaW50IHN0YXR1cyA9 IHBjaV9lbmFibGVfbXNpKGRldik7CiAKIAlpZiAoc3RhdHVzKSB7Ci0JCXBy aW50aygiZXJyb3IgZW5hYmxlIG1zaSBmb3IgZ3Vlc3QgJXggc3RhdHVzICV4 XG4iLCBvdGhlcmVuZCwgc3RhdHVzKTsKKwkJaWYgKHByaW50a19yYXRlbGlt aXQoKSkKKwkJCXByaW50aygiZXJyb3IgZW5hYmxpbmcgTVNJIGZvciBndWVz dCAldSBzdGF0dXMgJWRcbiIsCisJCQkgICAgICAgcGRldi0+eGRldi0+b3Ro ZXJlbmRfaWQsIHN0YXR1cyk7CiAJCW9wLT52YWx1ZSA9IDA7CiAJCXJldHVy biBYRU5fUENJX0VSUl9vcF9mYWlsZWQ7CiAJfQo= --=separator Content-Type: application/octet-stream; name="xsa43-pvops.patch" Content-Disposition: attachment; filename="xsa43-pvops.patch" Content-Transfer-Encoding: base64 eGVuLXBjaWJhY2s6IHJhdGUgbGltaXQgZXJyb3IgbWVzc2FnZXMgZnJvbSB4 ZW5fcGNpYmtfZW5hYmxlX21zaXsseH0oKQoKLi4uIGFzIGJlaW5nIGd1ZXN0 IHRyaWdnZXJhYmxlIChlLmcuIGJ5IGludm9raW5nClhFTl9QQ0lfT1BfZW5h YmxlX21zaXsseH0gb24gYSBkZXZpY2Ugbm90IGJlaW5nIE1TSS9NU0ktWCBj YXBhYmxlKS4KClRoaXMgaXMgQ1ZFLTIwMTMtMDIzMSAvIFhTQS00My4KCkFs c28gbWFrZSB0aGUgdHdvIG1lc3NhZ2VzIHVuaWZvcm0gaW4gYm90aCB0aGVp ciB3b3JkaW5nIGFuZCBzZXZlcml0eS4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBL b25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ CgotLS0KIGRyaXZlcnMveGVuL3hlbi1wY2liYWNrL3BjaWJhY2tfb3BzLmMg fCAgIDE0ICsrKysrKystLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgNyBpbnNl cnRpb25zKCspLCA3IGRlbGV0aW9ucygtKQoKLS0tIDMuOC1yYzUvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYworKysgMy44LXJjNS14 ZW4tcGNpYmFjay1yYXRlbGltaXQvZHJpdmVycy94ZW4veGVuLXBjaWJhY2sv cGNpYmFja19vcHMuYwpAQCAtMTM1LDcgKzEzNSw2IEBAIGludCB4ZW5fcGNp YmtfZW5hYmxlX21zaShzdHJ1Y3QgeGVuX3BjaWIKIAkJCSBzdHJ1Y3QgcGNp X2RldiAqZGV2LCBzdHJ1Y3QgeGVuX3BjaV9vcCAqb3ApCiB7CiAJc3RydWN0 IHhlbl9wY2lia19kZXZfZGF0YSAqZGV2X2RhdGE7Ci0JaW50IG90aGVyZW5k ID0gcGRldi0+eGRldi0+b3RoZXJlbmRfaWQ7CiAJaW50IHN0YXR1czsKIAog CWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQpAQCAtMTQ0LDggKzE0 Myw5IEBAIGludCB4ZW5fcGNpYmtfZW5hYmxlX21zaShzdHJ1Y3QgeGVuX3Bj aWIKIAlzdGF0dXMgPSBwY2lfZW5hYmxlX21zaShkZXYpOwogCiAJaWYgKHN0 YXR1cykgewotCQlwcmludGsoS0VSTl9FUlIgImVycm9yIGVuYWJsZSBtc2kg Zm9yIGd1ZXN0ICV4IHN0YXR1cyAleFxuIiwKLQkJCW90aGVyZW5kLCBzdGF0 dXMpOworCQlwcl93YXJuX3JhdGVsaW1pdGVkKERSVl9OQU1FICI6ICVzOiBl cnJvciBlbmFibGluZyBNU0kgZm9yIGd1ZXN0ICV1OiBlcnIgJWRcbiIsCisJ CQkJICAgIHBjaV9uYW1lKGRldiksIHBkZXYtPnhkZXYtPm90aGVyZW5kX2lk LAorCQkJCSAgICBzdGF0dXMpOwogCQlvcC0+dmFsdWUgPSAwOwogCQlyZXR1 cm4gWEVOX1BDSV9FUlJfb3BfZmFpbGVkOwogCX0KQEAgLTIyMywxMCArMjIz LDEwIEBAIGludCB4ZW5fcGNpYmtfZW5hYmxlX21zaXgoc3RydWN0IHhlbl9w Y2kKIAkJCQkJCXBjaV9uYW1lKGRldiksIGksCiAJCQkJCQlvcC0+bXNpeF9l bnRyaWVzW2ldLnZlY3Rvcik7CiAJCX0KLQl9IGVsc2UgewotCQlwcmludGso S0VSTl9XQVJOSU5HIERSVl9OQU1FICI6ICVzOiBmYWlsZWQgdG8gZW5hYmxl IE1TSS1YOiBlcnIgJWQhXG4iLAotCQkJcGNpX25hbWUoZGV2KSwgcmVzdWx0 KTsKLQl9CisJfSBlbHNlCisJCXByX3dhcm5fcmF0ZWxpbWl0ZWQoRFJWX05B TUUgIjogJXM6IGVycm9yIGVuYWJsaW5nIE1TSS1YIGZvciBndWVzdCAldTog ZXJyICVkIVxuIiwKKwkJCQkgICAgcGNpX25hbWUoZGV2KSwgcGRldi0+eGRl di0+b3RoZXJlbmRfaWQsCisJCQkJICAgIHJlc3VsdCk7CiAJa2ZyZWUoZW50 cmllcyk7CiAKIAlvcC0+dmFsdWUgPSByZXN1bHQ7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Feb 05 13:18:03 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 05 Feb 2013 13:18:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iO0-0007yz-11; Tue, 05 Feb 2013 13:16:32 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iNy-0007xy-Q3; Tue, 05 Feb 2013 13:16:31 +0000 Received: from [193.109.254.147:30992] by server-15.bemta-14.messagelabs.com id 2E/C5-24599-D2601115; Tue, 05 Feb 2013 13:16:29 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-9.tower-27.messagelabs.com!1360070124!9615039!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.7; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14883 invoked from network); 5 Feb 2013 13:15:26 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-9.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 5 Feb 2013 13:15:26 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U2iMo-0003am-0E; Tue, 05 Feb 2013 13:15:18 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U2iMn-0008As-4b; Tue, 05 Feb 2013 13:15:17 +0000 Date: Tue, 05 Feb 2013 13:15:17 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0231 / XSA-43 version 2 Linux pciback DoS via not rate limited log messages. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Xen's PCI backend drivers in Linux allow a guest with assigned PCI device(s) to cause a DoS through a flood of kernel messages, potentially affecting other domains in the system. IMPACT ====== A malicious guest can mount a DoS affecting the entire system. VULNERABLE SYSTEMS ================== All systems running guests with access to passed through PCI devices are vulnerable. Both mainline ("pvops") and classic-Xen patch kernels are affected. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa43-pvops.patch Apply to mainline Linux 3.8-rc5. xsa43-classic.patch Apply to linux-2.6.18-xen tree. $ sha256sum xsa43*.patch 4dec2d9b043bce2b8b54578573ba254fa7e6cbf4640cd100f40d8bf8a5a6a470 xsa43-classic.patch 6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8 xsa43-pvops.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI+AAoJEIP+FMlX6CvZkoEH/2sIEO+1qLiHTde/UJznrvr8 R8MDNC5tqXVLtbPjScoTItMHaPfz33lcypz9UFknHepdwZKhRrcuqy4E79lxeXDG BybbbbfNfJPeUG44O1fkyJTJys0xRBnAGzWInZZwq+gWRaJv+JNhzinFujvLNDJV 4m2ObnSwT1mx/9CjRxWGakKDhPcZSGmWIicyN5tueNKdWbAjSqiR/J8N5W+QJiCm +BzjzYpfUqn0vKOlARQIMshzqFjYVTnoHFZf/4Hl7ogIibxfGGo5t05pzBoAlIgj nTizW2Bxs9XM1NaFsZ2ESg8KVDTFSHS+jsMtdl0bWoHwRs6nNMQJJTjTPHXspCQ= =5o5U -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa43-classic.patch" Content-Disposition: attachment; filename="xsa43-classic.patch" Content-Transfer-Encoding: base64 cGNpYmFjazogcmF0ZSBsaW1pdCBlcnJvciBtZXNzYWdlIGZyb20gcGNpYmFj a19lbmFibGVfbXNpKCkKCi4uLiBhcyBiZWluZyBndWVzdCB0cmlnZ2VyYWJs ZSAoZS5nLiBieSBpbnZva2luZyBYRU5fUENJX09QX2VuYWJsZV9tc2kKb24g YSBkZXZpY2Ugbm90IGJlaW5nIE1TSSBjYXBhYmxlKS4KClRoaXMgaXMgQ1ZF LTIwMTMtMDIzMSAvIFhTQS00My4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL2RyaXZlcnMveGVuL3Bj aWJhY2svY29uZl9zcGFjZV9jYXBhYmlsaXR5X21zaS5jCisrKyBiL2RyaXZl cnMveGVuL3BjaWJhY2svY29uZl9zcGFjZV9jYXBhYmlsaXR5X21zaS5jCkBA IC0xMSwxMyArMTEsMTIgQEAKIGludCBwY2liYWNrX2VuYWJsZV9tc2koc3Ry dWN0IHBjaWJhY2tfZGV2aWNlICpwZGV2LAogCQlzdHJ1Y3QgcGNpX2RldiAq ZGV2LCBzdHJ1Y3QgeGVuX3BjaV9vcCAqb3ApCiB7Ci0JaW50IG90aGVyZW5k ID0gcGRldi0+eGRldi0+b3RoZXJlbmRfaWQ7Ci0JaW50IHN0YXR1czsKLQot CXN0YXR1cyA9IHBjaV9lbmFibGVfbXNpKGRldik7CisJaW50IHN0YXR1cyA9 IHBjaV9lbmFibGVfbXNpKGRldik7CiAKIAlpZiAoc3RhdHVzKSB7Ci0JCXBy aW50aygiZXJyb3IgZW5hYmxlIG1zaSBmb3IgZ3Vlc3QgJXggc3RhdHVzICV4 XG4iLCBvdGhlcmVuZCwgc3RhdHVzKTsKKwkJaWYgKHByaW50a19yYXRlbGlt aXQoKSkKKwkJCXByaW50aygiZXJyb3IgZW5hYmxpbmcgTVNJIGZvciBndWVz dCAldSBzdGF0dXMgJWRcbiIsCisJCQkgICAgICAgcGRldi0+eGRldi0+b3Ro ZXJlbmRfaWQsIHN0YXR1cyk7CiAJCW9wLT52YWx1ZSA9IDA7CiAJCXJldHVy biBYRU5fUENJX0VSUl9vcF9mYWlsZWQ7CiAJfQo= --=separator Content-Type: application/octet-stream; name="xsa43-pvops.patch" Content-Disposition: attachment; filename="xsa43-pvops.patch" Content-Transfer-Encoding: base64 eGVuLXBjaWJhY2s6IHJhdGUgbGltaXQgZXJyb3IgbWVzc2FnZXMgZnJvbSB4 ZW5fcGNpYmtfZW5hYmxlX21zaXsseH0oKQoKLi4uIGFzIGJlaW5nIGd1ZXN0 IHRyaWdnZXJhYmxlIChlLmcuIGJ5IGludm9raW5nClhFTl9QQ0lfT1BfZW5h YmxlX21zaXsseH0gb24gYSBkZXZpY2Ugbm90IGJlaW5nIE1TSS9NU0ktWCBj YXBhYmxlKS4KClRoaXMgaXMgQ1ZFLTIwMTMtMDIzMSAvIFhTQS00My4KCkFs c28gbWFrZSB0aGUgdHdvIG1lc3NhZ2VzIHVuaWZvcm0gaW4gYm90aCB0aGVp ciB3b3JkaW5nIGFuZCBzZXZlcml0eS4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBL b25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ CgotLS0KIGRyaXZlcnMveGVuL3hlbi1wY2liYWNrL3BjaWJhY2tfb3BzLmMg fCAgIDE0ICsrKysrKystLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgNyBpbnNl cnRpb25zKCspLCA3IGRlbGV0aW9ucygtKQoKLS0tIDMuOC1yYzUvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYworKysgMy44LXJjNS14 ZW4tcGNpYmFjay1yYXRlbGltaXQvZHJpdmVycy94ZW4veGVuLXBjaWJhY2sv cGNpYmFja19vcHMuYwpAQCAtMTM1LDcgKzEzNSw2IEBAIGludCB4ZW5fcGNp YmtfZW5hYmxlX21zaShzdHJ1Y3QgeGVuX3BjaWIKIAkJCSBzdHJ1Y3QgcGNp X2RldiAqZGV2LCBzdHJ1Y3QgeGVuX3BjaV9vcCAqb3ApCiB7CiAJc3RydWN0 IHhlbl9wY2lia19kZXZfZGF0YSAqZGV2X2RhdGE7Ci0JaW50IG90aGVyZW5k ID0gcGRldi0+eGRldi0+b3RoZXJlbmRfaWQ7CiAJaW50IHN0YXR1czsKIAog CWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQpAQCAtMTQ0LDggKzE0 Myw5IEBAIGludCB4ZW5fcGNpYmtfZW5hYmxlX21zaShzdHJ1Y3QgeGVuX3Bj aWIKIAlzdGF0dXMgPSBwY2lfZW5hYmxlX21zaShkZXYpOwogCiAJaWYgKHN0 YXR1cykgewotCQlwcmludGsoS0VSTl9FUlIgImVycm9yIGVuYWJsZSBtc2kg Zm9yIGd1ZXN0ICV4IHN0YXR1cyAleFxuIiwKLQkJCW90aGVyZW5kLCBzdGF0 dXMpOworCQlwcl93YXJuX3JhdGVsaW1pdGVkKERSVl9OQU1FICI6ICVzOiBl cnJvciBlbmFibGluZyBNU0kgZm9yIGd1ZXN0ICV1OiBlcnIgJWRcbiIsCisJ CQkJICAgIHBjaV9uYW1lKGRldiksIHBkZXYtPnhkZXYtPm90aGVyZW5kX2lk LAorCQkJCSAgICBzdGF0dXMpOwogCQlvcC0+dmFsdWUgPSAwOwogCQlyZXR1 cm4gWEVOX1BDSV9FUlJfb3BfZmFpbGVkOwogCX0KQEAgLTIyMywxMCArMjIz LDEwIEBAIGludCB4ZW5fcGNpYmtfZW5hYmxlX21zaXgoc3RydWN0IHhlbl9w Y2kKIAkJCQkJCXBjaV9uYW1lKGRldiksIGksCiAJCQkJCQlvcC0+bXNpeF9l bnRyaWVzW2ldLnZlY3Rvcik7CiAJCX0KLQl9IGVsc2UgewotCQlwcmludGso S0VSTl9XQVJOSU5HIERSVl9OQU1FICI6ICVzOiBmYWlsZWQgdG8gZW5hYmxl IE1TSS1YOiBlcnIgJWQhXG4iLAotCQkJcGNpX25hbWUoZGV2KSwgcmVzdWx0 KTsKLQl9CisJfSBlbHNlCisJCXByX3dhcm5fcmF0ZWxpbWl0ZWQoRFJWX05B TUUgIjogJXM6IGVycm9yIGVuYWJsaW5nIE1TSS1YIGZvciBndWVzdCAldTog ZXJyICVkIVxuIiwKKwkJCQkgICAgcGNpX25hbWUoZGV2KSwgcGRldi0+eGRl di0+b3RoZXJlbmRfaWQsCisJCQkJICAgIHJlc3VsdCk7CiAJa2ZyZWUoZW50 cmllcyk7CiAKIAlvcC0+dmFsdWUgPSByZXN1bHQ7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Wed Feb 13 16:53:53 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Feb 2013 16:53:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U5fYI-0001lS-Uw; Wed, 13 Feb 2013 16:51:22 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U5fYH-0001lH-VA; Wed, 13 Feb 2013 16:51:22 +0000 Received: from [85.158.143.35:32056] by server-3.bemta-4.messagelabs.com id 66/97-08920-984CB115; Wed, 13 Feb 2013 16:51:21 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-10.tower-21.messagelabs.com!1360774248!10193618!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.8.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14092 invoked from network); 13 Feb 2013 16:50:50 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-10.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 13 Feb 2013 16:50:50 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U5fXd-0000EK-Hh; Wed, 13 Feb 2013 16:50:41 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U5fXd-0004ML-2n; Wed, 13 Feb 2013 16:50:41 +0000 Date: Wed, 13 Feb 2013 16:50:41 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0228 / XSA-42 version 2 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Linux kernel when returning from an iret assumes that %ds segment is safe and uses it to reference various per-cpu related fields. Unfortunately the user can modify the LDT and provide a NULL one. Whenever an iret is called we end up in xen_iret and try to use the %ds segment and cause an general protection fault. IMPACT ====== Malicious or buggy unprivileged user space can cause the guest kernel to crash, or permit a privilege escalation within the guest, or operate erroneously. VULNERABLE SYSTEMS ================== All 32bit PVOPS versions of Linux are affected, since the introduction of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable. MITIGATION ========== This can be mitigated by not running 32bit PVOPS Linux guests. 32bit classic-Xen guests, all 64bit PV guests and all HVM guests are unaffected. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. $ sha256sum xsa42*.patch a931fdc161653fb1a3a6d8c1cf6d2c9954c5aec134b610be6e9699552a659eb8 xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRG8PxAAoJEIP+FMlX6CvZC3gH/0v/9nr3jXbsMHZlkBRtCx9n np1ed8btQGpmmk/WqbyLj/KcTNlXLIa1zwhTSPUgXlVIoDPuzstfGXm96gBNfYhS hl56QYTruhHPAvvrAwE8SNIlMUH+n7Wq1BThkXFU1yBnjXxzTi4SdmUwy4gAA/SE Xp35RAcIV6IwLRMMY12aat7XKnVx4S5n+gCC5eu0WZ+n73Ecrlqmsq+2X2ZHo3wP nu9UN+PChmBJHfcA8OhelY/X4X4DV1HNPuFkj9ypyPrvXIrl6M0D5TfGoyRNXMHq izAn51ro8gTGND6xY+s3auelquKiJkyl/5AXnfd0y9bSewGJS6oxoRzFdctJqxM= =mgHb -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch" Content-Disposition: attachment; filename="xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch" Content-Transfer-Encoding: base64 RnJvbSA5OGUwODljNWYyM2IzNmRiNDE1ZDBhNGMzODU0ZTk2OWM3YTRlY2Zh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gQmV1bGljaCA8 SkJldWxpY2hAc3VzZS5jb20+CkRhdGU6IFRodSwgMjQgSmFuIDIwMTMgMTM6 MTE6MTAgKzAwMDAKU3ViamVjdDogW1BBVENIXSB4ODYveGVuOiBkb24ndCBh c3N1bWUgJWRzIGlzIHVzYWJsZSBpbiB4ZW5faXJldCBmb3IgMzItYml0CiBQ Vk9QUy4KClRoaXMgZml4ZXMgQ1ZFLTIwMTMtMDIyOCAvIFhTQS00MgoKRHJl dyBKb25lcyB3aGlsZSB3b3JraW5nIG9uIENWRS0yMDEzLTAxOTAgZm91bmQg dGhhdCB0aGF0IHVucHJpdmlsZWdlZCBndWVzdCB1c2VyCmluIDMyYml0IFBW IGd1ZXN0IGNhbiB1c2UgdG8gY3Jhc2ggdGhlID4gZ3Vlc3Qgd2l0aCB0aGUg cGFuaWMgbGlrZSB0aGlzOgoKLS0tLS0tLS0tLS0tLQpnZW5lcmFsIHByb3Rl Y3Rpb24gZmF1bHQ6IDAwMDAgWyMxXSBTTVAKbGFzdCBzeXNmcyBmaWxlOiAv c3lzL2RldmljZXMvdmJkLTUxNzEyL2Jsb2NrL3h2ZGEvZGV2Ck1vZHVsZXMg bGlua2VkIGluOiBzdW5ycGMgaXB0X1JFSkVDVCBuZl9jb25udHJhY2tfaXB2 NCBuZl9kZWZyYWdfaXB2NAppcHRhYmxlX2ZpbHRlciBpcF90YWJsZXMgaXA2 dF9SRUpFQ1QgbmZfY29ubnRyYWNrX2lwdjYgbmZfZGVmcmFnX2lwdjYKeHRf c3RhdGUgbmZfY29ubnRyYWNrIGlwNnRhYmxlX2ZpbHRlciBpcDZfdGFibGVz IGlwdjYgeGVuX25ldGZyb250IGV4dDQKbWJjYWNoZSBqYmQyIHhlbl9ibGtm cm9udCBkbV9taXJyb3IgZG1fcmVnaW9uX2hhc2ggZG1fbG9nIGRtX21vZCBb bGFzdAp1bmxvYWRlZDogc2NzaV93YWl0X3NjYW5dCgpQaWQ6IDEyNTAsIGNv bW06IHIgTm90IHRhaW50ZWQgMi42LjMyLTM1Ni5lbDYuaTY4NiAjMQpFSVA6 IDAwNjE6WzxjMDQwNzQ2Mj5dIEVGTEFHUzogMDAwMTAwODYgQ1BVOiAwCkVJ UCBpcyBhdCB4ZW5faXJldCsweDEyLzB4MmIKRUFYOiBlYjhkMDAwMCBFQlg6 IDAwMDAwMDAxIEVDWDogMDgwNDk4NjAgRURYOiAwMDAwMDAxMApFU0k6IDAw MDAwMDAwIEVESTogMDAzZDBmMDAgRUJQOiBiNzdmODM4OCBFU1A6IGViOGQx ZmUwCiBEUzogMDAwMCBFUzogMDA3YiBGUzogMDAwMCBHUzogMDBlMCBTUzog MDA2OQpQcm9jZXNzIHIgKHBpZDogMTI1MCwgdGk9ZWI4ZDAwMDAgdGFzaz1j Mjk1MzU1MCB0YXNrLnRpPWViOGQwMDAwKQpTdGFjazoKIDAwMDAwMDAwIDAw MjdmNDE2IDAwMDAwMDczIDAwMDAwMjA2IGI3N2Y4MzY0IDAwMDAwMDdiIDAw MDAwMDAwIDAwMDAwMDAwCkNhbGwgVHJhY2U6CkNvZGU6IGMzIDhiIDQ0IDI0 IDE4IDgxIDRjIDI0IDM4IDAwIDAyIDAwIDAwIDhkIDY0IDI0IDMwIGU5IDAz IDAwIDAwIDAwCjhkIDc2IDAwIGY3IDQ0IDI0IDA4IDAwIDAwIDAyIDgwIDc1 IDMzIDUwIGI4IDAwIGUwIGZmIGZmIDIxIGUwIDw4Yj4gNDAKMTAgOGIgMDQg ODUgYTAgZjYgYWIgYzAgOGIgODAgMGMgYjAgYjMgYzAgZjYgNDQgMjQgMGQg MDIKRUlQOiBbPGMwNDA3NDYyPl0geGVuX2lyZXQrMHgxMi8weDJiIFNTOkVT UCAwMDY5OmViOGQxZmUwCmdlbmVyYWwgcHJvdGVjdGlvbiBmYXVsdDogMDAw MCBbIzJdCi0tLVsgZW5kIHRyYWNlIGFiMGQyOWE0OTJkY2QzMzAgXS0tLQpL ZXJuZWwgcGFuaWMgLSBub3Qgc3luY2luZzogRmF0YWwgZXhjZXB0aW9uClBp ZDogMTI1MCwgY29tbTogciBUYWludGVkOiBHICAgICAgRCAgICAtLS0tLS0t LS0tLS0tLS0KMi42LjMyLTM1Ni5lbDYuaTY4NiAjMQpDYWxsIFRyYWNlOgog WzxjMDg0NzZkZj5dID8gcGFuaWMrMHg2ZS8weDEyMgogWzxjMDg0YjYzYz5d ID8gb29wc19lbmQrMHhiYy8weGQwCiBbPGMwODRiMjYwPl0gPyBkb19nZW5l cmFsX3Byb3RlY3Rpb24rMHgwLzB4MjEwCiBbPGMwODRhOWI3Pl0gPyBlcnJv cl9jb2RlKzB4NzMvCi0tLS0tLS0tLS0tLS0KClBldHIgc2F5czogIgogSSd2 ZSBhbmFseXNlZCB0aGUgYnVnIGFuZCBJIHRoaW5rIHRoYXQgeGVuX2lyZXQo KSBjYW5ub3QgY29wZSB3aXRoCiBtYW5nbGVkIERTLCBpbiB0aGlzIGNhc2Ug emVyb2VkIG91dCAobnVsbCBzZWxlY3Rvci9kZXNjcmlwdG9yKSBieSBlaXRo ZXIKIHhlbl9mYWlsc2FmZV9jYWxsYmFjaygpIG9yIFJFU1RPUkVfUkVHUyBi ZWNhdXNlIHRoZSBjb3JyZXNwb25kaW5nIExEVAogZW50cnkgd2FzIGludmFs aWRhdGVkIGJ5IHRoZSByZXByb2R1Y2VyLiAiCgpKYW4gdG9vayBhIGxvb2sg YXQgdGhlIHByZWxpbWluYXJ5IHBhdGNoIGFuZCBjYW1lIHVwIGEgZml4IHRo YXQgc29sdmVzCnRoaXMgcHJvYmxlbToKCiJUaGlzIGNvZGUgZ2V0cyBjYWxs ZWQgYWZ0ZXIgYWxsIHJlZ2lzdGVycyBvdGhlciB0aGFuIHRob3NlIGhhbmRs ZWQgYnkKSVJFVCBnb3QgYWxyZWFkeSByZXN0b3JlZCwgaGVuY2UgYSBudWxs IHNlbGVjdG9yIGluICVkcyBvciBhIG5vbi1udWxsCm9uZSB0aGF0IGdvdCBs b2FkZWQgZnJvbSBhIGNvZGUgb3IgcmVhZC1vbmx5IGRhdGEgZGVzY3JpcHRv ciB3b3VsZApjYXVzZSBhIGtlcm5lbCBtb2RlIGZhdWx0ICh3aXRoIHRoZSBw b3RlbnRpYWwgb2YgY3Jhc2hpbmcgdGhlIGtlcm5lbAphcyBhIHdob2xlLCBp ZiBwYW5pY19vbl9vb3BzIGlzIHNldCkuIgoKVGhlIHdheSB0byBmaXggdGhp cyBpcyB0byByZWFsaXplIHRoYXQgdGhlIHdlIGNhbiBvbmx5IHJlbGF5IG9u IHRoZQpyZWdpc3RlcnMgdGhhdCBJUkVUIHJlc3RvcmVzLiBUaGUgdHdvIHRo YXQgYXJlIGd1YXJhbnRlZWQgYXJlIHRoZQolY3MgYW5kICVzcyBhcyB0aGV5 IGFyZSBhbHdheXMgZml4ZWQgR0RUIHNlbGVjdG9ycy4gQWxzbyB0aGV5IGFy ZQppbmFjY2Vzc2libGUgZnJvbSB1c2VyIG1vZGUgLSBzbyB0aGV5IGNhbm5v dCBiZSBhbHRlcmVkLiBUaGlzIGlzCnRoZSBhcHByb2FjaCB0YWtlbiBpbiB0 aGlzIHBhdGNoLgoKQW5vdGhlciBhbHRlcm5hdGl2ZSBvcHRpb24gc3VnZ2Vz dGVkIGJ5IEphbiB3b3VsZCBiZSB0byByZWxheSBvbgp0aGUgc3VidGxlIHJl YWxpemF0aW9uIHRoYXQgdXNpbmcgdGhlICVlYnAgb3IgJWVzcCByZWxhdGl2 ZSByZWZlcmVuY2VzIHVzZXMKdGhlICVzcyBzZWdtZW50LiAgSW4gd2hpY2gg Y2FzZSB3ZSBjb3VsZCBzd2l0Y2ggZnJvbSB1c2luZyAlZWF4IHRvICVlYnAg YW5kCndvdWxkIG5vdCBuZWVkIHRoZSAlc3Mgb3Zlci1yaWRlcy4gVGhhdCB3 b3VsZCBhbHNvIHJlcXVpcmUgb25lIGV4dHJhCmluc3RydWN0aW9uIHRvIGNv bXBlbnNhdGUgZm9yIHRoZSBvbmUgcGxhY2Ugd2hlcmUgdGhlIHJlZ2lzdGVy IGlzIHVzZWQKYXMgc2NhbGVkIGluZGV4LiBIb3dldmVyIEFuZHJldyBwb2lu dGVkIG91dCB0aGF0IGlzIHRvbyBzdWJ0bGUgYW5kIGlmCmZ1cnRoZXIgd29y ayB3YXMgdG8gYmUgZG9uZSBpbiB0aGlzIGNvZGUtcGF0aCBpdCBjb3VsZCBl c2NhcGUgZm9sa3MgYXR0ZW50aW9uCmFuZCBsZWFkIHRvIGFjY2lkZW50cy4K ClJldmlld2VkLWJ5OiBQZXRyIE1hdG91c2VrIDxwbWF0b3VzZUByZWRoYXQu Y29tPgpSZXBvcnRlZC1ieTogUGV0ciBNYXRvdXNlayA8cG1hdG91c2VAcmVk aGF0LmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5j b29wZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNo IDxqYmV1bGljaEBzdXNlLmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6 ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGFy Y2gveDg2L3hlbi94ZW4tYXNtXzMyLlMgfCAxNCArKysrKysrLS0tLS0tLQog MSBmaWxlIGNoYW5nZWQsIDcgaW5zZXJ0aW9ucygrKSwgNyBkZWxldGlvbnMo LSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni94ZW4veGVuLWFzbV8zMi5TIGIv YXJjaC94ODYveGVuL3hlbi1hc21fMzIuUwppbmRleCBmOTY0M2ZjLi4zM2Nh NmU0IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni94ZW4veGVuLWFzbV8zMi5TCisr KyBiL2FyY2gveDg2L3hlbi94ZW4tYXNtXzMyLlMKQEAgLTg5LDExICs4OSwx MSBAQCBFTlRSWSh4ZW5faXJldCkKIAkgKi8KICNpZmRlZiBDT05GSUdfU01Q CiAJR0VUX1RIUkVBRF9JTkZPKCVlYXgpCi0JbW92bCBUSV9jcHUoJWVheCks ICVlYXgKLQltb3ZsIF9fcGVyX2NwdV9vZmZzZXQoLCVlYXgsNCksICVlYXgK LQltb3YgeGVuX3ZjcHUoJWVheCksICVlYXgKKwltb3ZsICVzczpUSV9jcHUo JWVheCksICVlYXgKKwltb3ZsICVzczpfX3Blcl9jcHVfb2Zmc2V0KCwlZWF4 LDQpLCAlZWF4CisJbW92ICVzczp4ZW5fdmNwdSglZWF4KSwgJWVheAogI2Vs c2UKLQltb3ZsIHhlbl92Y3B1LCAlZWF4CisJbW92bCAlc3M6eGVuX3ZjcHUs ICVlYXgKICNlbmRpZgogCiAJLyogY2hlY2sgSUYgc3RhdGUgd2UncmUgcmVz dG9yaW5nICovCkBAIC0xMDYsMTEgKzEwNiwxMSBAQCBFTlRSWSh4ZW5faXJl dCkKIAkgKiByZXN1bWluZyB0aGUgY29kZSwgc28gd2UgZG9uJ3QgaGF2ZSB0 byBiZSB3b3JyaWVkIGFib3V0CiAJICogYmVpbmcgcHJlZW1wdGVkIHRvIGFu b3RoZXIgQ1BVLgogCSAqLwotCXNldHogWEVOX3ZjcHVfaW5mb19tYXNrKCVl YXgpCisJc2V0eiAlc3M6WEVOX3ZjcHVfaW5mb19tYXNrKCVlYXgpCiB4ZW5f aXJldF9zdGFydF9jcml0OgogCiAJLyogY2hlY2sgZm9yIHVubWFza2VkIGFu ZCBwZW5kaW5nICovCi0JY21wdyAkMHgwMDAxLCBYRU5fdmNwdV9pbmZvX3Bl bmRpbmcoJWVheCkKKwljbXB3ICQweDAwMDEsICVzczpYRU5fdmNwdV9pbmZv X3BlbmRpbmcoJWVheCkKIAogCS8qCiAJICogSWYgdGhlcmUncyBzb21ldGhp bmcgcGVuZGluZywgbWFzayBldmVudHMgYWdhaW4gc28gd2UgY2FuCkBAIC0x MTgsNyArMTE4LDcgQEAgeGVuX2lyZXRfc3RhcnRfY3JpdDoKIAkgKiB0b3Vj aCBYRU5fdmNwdV9pbmZvX21hc2suCiAJICovCiAJam5lIDFmCi0JbW92YiAk MSwgWEVOX3ZjcHVfaW5mb19tYXNrKCVlYXgpCisJbW92YiAkMSwgJXNzOlhF Tl92Y3B1X2luZm9fbWFzayglZWF4KQogCiAxOglwb3BsICVlYXgKIAotLSAK MS44LjAuMgoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Wed Feb 13 16:53:53 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 13 Feb 2013 16:53:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U5fYI-0001lS-Uw; Wed, 13 Feb 2013 16:51:22 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U5fYH-0001lH-VA; Wed, 13 Feb 2013 16:51:22 +0000 Received: from [85.158.143.35:32056] by server-3.bemta-4.messagelabs.com id 66/97-08920-984CB115; Wed, 13 Feb 2013 16:51:21 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-10.tower-21.messagelabs.com!1360774248!10193618!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.8.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14092 invoked from network); 13 Feb 2013 16:50:50 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-10.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 13 Feb 2013 16:50:50 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U5fXd-0000EK-Hh; Wed, 13 Feb 2013 16:50:41 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U5fXd-0004ML-2n; Wed, 13 Feb 2013 16:50:41 +0000 Date: Wed, 13 Feb 2013 16:50:41 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0228 / XSA-42 version 2 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Linux kernel when returning from an iret assumes that %ds segment is safe and uses it to reference various per-cpu related fields. Unfortunately the user can modify the LDT and provide a NULL one. Whenever an iret is called we end up in xen_iret and try to use the %ds segment and cause an general protection fault. IMPACT ====== Malicious or buggy unprivileged user space can cause the guest kernel to crash, or permit a privilege escalation within the guest, or operate erroneously. VULNERABLE SYSTEMS ================== All 32bit PVOPS versions of Linux are affected, since the introduction of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable. MITIGATION ========== This can be mitigated by not running 32bit PVOPS Linux guests. 32bit classic-Xen guests, all 64bit PV guests and all HVM guests are unaffected. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. $ sha256sum xsa42*.patch a931fdc161653fb1a3a6d8c1cf6d2c9954c5aec134b610be6e9699552a659eb8 xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRG8PxAAoJEIP+FMlX6CvZC3gH/0v/9nr3jXbsMHZlkBRtCx9n np1ed8btQGpmmk/WqbyLj/KcTNlXLIa1zwhTSPUgXlVIoDPuzstfGXm96gBNfYhS hl56QYTruhHPAvvrAwE8SNIlMUH+n7Wq1BThkXFU1yBnjXxzTi4SdmUwy4gAA/SE Xp35RAcIV6IwLRMMY12aat7XKnVx4S5n+gCC5eu0WZ+n73Ecrlqmsq+2X2ZHo3wP nu9UN+PChmBJHfcA8OhelY/X4X4DV1HNPuFkj9ypyPrvXIrl6M0D5TfGoyRNXMHq izAn51ro8gTGND6xY+s3auelquKiJkyl/5AXnfd0y9bSewGJS6oxoRzFdctJqxM= =mgHb -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch" Content-Disposition: attachment; filename="xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch" Content-Transfer-Encoding: base64 RnJvbSA5OGUwODljNWYyM2IzNmRiNDE1ZDBhNGMzODU0ZTk2OWM3YTRlY2Zh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gQmV1bGljaCA8 SkJldWxpY2hAc3VzZS5jb20+CkRhdGU6IFRodSwgMjQgSmFuIDIwMTMgMTM6 MTE6MTAgKzAwMDAKU3ViamVjdDogW1BBVENIXSB4ODYveGVuOiBkb24ndCBh c3N1bWUgJWRzIGlzIHVzYWJsZSBpbiB4ZW5faXJldCBmb3IgMzItYml0CiBQ Vk9QUy4KClRoaXMgZml4ZXMgQ1ZFLTIwMTMtMDIyOCAvIFhTQS00MgoKRHJl dyBKb25lcyB3aGlsZSB3b3JraW5nIG9uIENWRS0yMDEzLTAxOTAgZm91bmQg dGhhdCB0aGF0IHVucHJpdmlsZWdlZCBndWVzdCB1c2VyCmluIDMyYml0IFBW IGd1ZXN0IGNhbiB1c2UgdG8gY3Jhc2ggdGhlID4gZ3Vlc3Qgd2l0aCB0aGUg cGFuaWMgbGlrZSB0aGlzOgoKLS0tLS0tLS0tLS0tLQpnZW5lcmFsIHByb3Rl Y3Rpb24gZmF1bHQ6IDAwMDAgWyMxXSBTTVAKbGFzdCBzeXNmcyBmaWxlOiAv c3lzL2RldmljZXMvdmJkLTUxNzEyL2Jsb2NrL3h2ZGEvZGV2Ck1vZHVsZXMg bGlua2VkIGluOiBzdW5ycGMgaXB0X1JFSkVDVCBuZl9jb25udHJhY2tfaXB2 NCBuZl9kZWZyYWdfaXB2NAppcHRhYmxlX2ZpbHRlciBpcF90YWJsZXMgaXA2 dF9SRUpFQ1QgbmZfY29ubnRyYWNrX2lwdjYgbmZfZGVmcmFnX2lwdjYKeHRf c3RhdGUgbmZfY29ubnRyYWNrIGlwNnRhYmxlX2ZpbHRlciBpcDZfdGFibGVz IGlwdjYgeGVuX25ldGZyb250IGV4dDQKbWJjYWNoZSBqYmQyIHhlbl9ibGtm cm9udCBkbV9taXJyb3IgZG1fcmVnaW9uX2hhc2ggZG1fbG9nIGRtX21vZCBb bGFzdAp1bmxvYWRlZDogc2NzaV93YWl0X3NjYW5dCgpQaWQ6IDEyNTAsIGNv bW06IHIgTm90IHRhaW50ZWQgMi42LjMyLTM1Ni5lbDYuaTY4NiAjMQpFSVA6 IDAwNjE6WzxjMDQwNzQ2Mj5dIEVGTEFHUzogMDAwMTAwODYgQ1BVOiAwCkVJ UCBpcyBhdCB4ZW5faXJldCsweDEyLzB4MmIKRUFYOiBlYjhkMDAwMCBFQlg6 IDAwMDAwMDAxIEVDWDogMDgwNDk4NjAgRURYOiAwMDAwMDAxMApFU0k6IDAw MDAwMDAwIEVESTogMDAzZDBmMDAgRUJQOiBiNzdmODM4OCBFU1A6IGViOGQx ZmUwCiBEUzogMDAwMCBFUzogMDA3YiBGUzogMDAwMCBHUzogMDBlMCBTUzog MDA2OQpQcm9jZXNzIHIgKHBpZDogMTI1MCwgdGk9ZWI4ZDAwMDAgdGFzaz1j Mjk1MzU1MCB0YXNrLnRpPWViOGQwMDAwKQpTdGFjazoKIDAwMDAwMDAwIDAw MjdmNDE2IDAwMDAwMDczIDAwMDAwMjA2IGI3N2Y4MzY0IDAwMDAwMDdiIDAw MDAwMDAwIDAwMDAwMDAwCkNhbGwgVHJhY2U6CkNvZGU6IGMzIDhiIDQ0IDI0 IDE4IDgxIDRjIDI0IDM4IDAwIDAyIDAwIDAwIDhkIDY0IDI0IDMwIGU5IDAz IDAwIDAwIDAwCjhkIDc2IDAwIGY3IDQ0IDI0IDA4IDAwIDAwIDAyIDgwIDc1 IDMzIDUwIGI4IDAwIGUwIGZmIGZmIDIxIGUwIDw4Yj4gNDAKMTAgOGIgMDQg ODUgYTAgZjYgYWIgYzAgOGIgODAgMGMgYjAgYjMgYzAgZjYgNDQgMjQgMGQg MDIKRUlQOiBbPGMwNDA3NDYyPl0geGVuX2lyZXQrMHgxMi8weDJiIFNTOkVT UCAwMDY5OmViOGQxZmUwCmdlbmVyYWwgcHJvdGVjdGlvbiBmYXVsdDogMDAw MCBbIzJdCi0tLVsgZW5kIHRyYWNlIGFiMGQyOWE0OTJkY2QzMzAgXS0tLQpL ZXJuZWwgcGFuaWMgLSBub3Qgc3luY2luZzogRmF0YWwgZXhjZXB0aW9uClBp ZDogMTI1MCwgY29tbTogciBUYWludGVkOiBHICAgICAgRCAgICAtLS0tLS0t LS0tLS0tLS0KMi42LjMyLTM1Ni5lbDYuaTY4NiAjMQpDYWxsIFRyYWNlOgog WzxjMDg0NzZkZj5dID8gcGFuaWMrMHg2ZS8weDEyMgogWzxjMDg0YjYzYz5d ID8gb29wc19lbmQrMHhiYy8weGQwCiBbPGMwODRiMjYwPl0gPyBkb19nZW5l cmFsX3Byb3RlY3Rpb24rMHgwLzB4MjEwCiBbPGMwODRhOWI3Pl0gPyBlcnJv cl9jb2RlKzB4NzMvCi0tLS0tLS0tLS0tLS0KClBldHIgc2F5czogIgogSSd2 ZSBhbmFseXNlZCB0aGUgYnVnIGFuZCBJIHRoaW5rIHRoYXQgeGVuX2lyZXQo KSBjYW5ub3QgY29wZSB3aXRoCiBtYW5nbGVkIERTLCBpbiB0aGlzIGNhc2Ug emVyb2VkIG91dCAobnVsbCBzZWxlY3Rvci9kZXNjcmlwdG9yKSBieSBlaXRo ZXIKIHhlbl9mYWlsc2FmZV9jYWxsYmFjaygpIG9yIFJFU1RPUkVfUkVHUyBi ZWNhdXNlIHRoZSBjb3JyZXNwb25kaW5nIExEVAogZW50cnkgd2FzIGludmFs aWRhdGVkIGJ5IHRoZSByZXByb2R1Y2VyLiAiCgpKYW4gdG9vayBhIGxvb2sg YXQgdGhlIHByZWxpbWluYXJ5IHBhdGNoIGFuZCBjYW1lIHVwIGEgZml4IHRo YXQgc29sdmVzCnRoaXMgcHJvYmxlbToKCiJUaGlzIGNvZGUgZ2V0cyBjYWxs ZWQgYWZ0ZXIgYWxsIHJlZ2lzdGVycyBvdGhlciB0aGFuIHRob3NlIGhhbmRs ZWQgYnkKSVJFVCBnb3QgYWxyZWFkeSByZXN0b3JlZCwgaGVuY2UgYSBudWxs IHNlbGVjdG9yIGluICVkcyBvciBhIG5vbi1udWxsCm9uZSB0aGF0IGdvdCBs b2FkZWQgZnJvbSBhIGNvZGUgb3IgcmVhZC1vbmx5IGRhdGEgZGVzY3JpcHRv ciB3b3VsZApjYXVzZSBhIGtlcm5lbCBtb2RlIGZhdWx0ICh3aXRoIHRoZSBw b3RlbnRpYWwgb2YgY3Jhc2hpbmcgdGhlIGtlcm5lbAphcyBhIHdob2xlLCBp ZiBwYW5pY19vbl9vb3BzIGlzIHNldCkuIgoKVGhlIHdheSB0byBmaXggdGhp cyBpcyB0byByZWFsaXplIHRoYXQgdGhlIHdlIGNhbiBvbmx5IHJlbGF5IG9u IHRoZQpyZWdpc3RlcnMgdGhhdCBJUkVUIHJlc3RvcmVzLiBUaGUgdHdvIHRo YXQgYXJlIGd1YXJhbnRlZWQgYXJlIHRoZQolY3MgYW5kICVzcyBhcyB0aGV5 IGFyZSBhbHdheXMgZml4ZWQgR0RUIHNlbGVjdG9ycy4gQWxzbyB0aGV5IGFy ZQppbmFjY2Vzc2libGUgZnJvbSB1c2VyIG1vZGUgLSBzbyB0aGV5IGNhbm5v dCBiZSBhbHRlcmVkLiBUaGlzIGlzCnRoZSBhcHByb2FjaCB0YWtlbiBpbiB0 aGlzIHBhdGNoLgoKQW5vdGhlciBhbHRlcm5hdGl2ZSBvcHRpb24gc3VnZ2Vz dGVkIGJ5IEphbiB3b3VsZCBiZSB0byByZWxheSBvbgp0aGUgc3VidGxlIHJl YWxpemF0aW9uIHRoYXQgdXNpbmcgdGhlICVlYnAgb3IgJWVzcCByZWxhdGl2 ZSByZWZlcmVuY2VzIHVzZXMKdGhlICVzcyBzZWdtZW50LiAgSW4gd2hpY2gg Y2FzZSB3ZSBjb3VsZCBzd2l0Y2ggZnJvbSB1c2luZyAlZWF4IHRvICVlYnAg YW5kCndvdWxkIG5vdCBuZWVkIHRoZSAlc3Mgb3Zlci1yaWRlcy4gVGhhdCB3 b3VsZCBhbHNvIHJlcXVpcmUgb25lIGV4dHJhCmluc3RydWN0aW9uIHRvIGNv bXBlbnNhdGUgZm9yIHRoZSBvbmUgcGxhY2Ugd2hlcmUgdGhlIHJlZ2lzdGVy IGlzIHVzZWQKYXMgc2NhbGVkIGluZGV4LiBIb3dldmVyIEFuZHJldyBwb2lu dGVkIG91dCB0aGF0IGlzIHRvbyBzdWJ0bGUgYW5kIGlmCmZ1cnRoZXIgd29y ayB3YXMgdG8gYmUgZG9uZSBpbiB0aGlzIGNvZGUtcGF0aCBpdCBjb3VsZCBl c2NhcGUgZm9sa3MgYXR0ZW50aW9uCmFuZCBsZWFkIHRvIGFjY2lkZW50cy4K ClJldmlld2VkLWJ5OiBQZXRyIE1hdG91c2VrIDxwbWF0b3VzZUByZWRoYXQu Y29tPgpSZXBvcnRlZC1ieTogUGV0ciBNYXRvdXNlayA8cG1hdG91c2VAcmVk aGF0LmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5j b29wZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNo IDxqYmV1bGljaEBzdXNlLmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6 ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGFy Y2gveDg2L3hlbi94ZW4tYXNtXzMyLlMgfCAxNCArKysrKysrLS0tLS0tLQog MSBmaWxlIGNoYW5nZWQsIDcgaW5zZXJ0aW9ucygrKSwgNyBkZWxldGlvbnMo LSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni94ZW4veGVuLWFzbV8zMi5TIGIv YXJjaC94ODYveGVuL3hlbi1hc21fMzIuUwppbmRleCBmOTY0M2ZjLi4zM2Nh NmU0IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni94ZW4veGVuLWFzbV8zMi5TCisr KyBiL2FyY2gveDg2L3hlbi94ZW4tYXNtXzMyLlMKQEAgLTg5LDExICs4OSwx MSBAQCBFTlRSWSh4ZW5faXJldCkKIAkgKi8KICNpZmRlZiBDT05GSUdfU01Q CiAJR0VUX1RIUkVBRF9JTkZPKCVlYXgpCi0JbW92bCBUSV9jcHUoJWVheCks ICVlYXgKLQltb3ZsIF9fcGVyX2NwdV9vZmZzZXQoLCVlYXgsNCksICVlYXgK LQltb3YgeGVuX3ZjcHUoJWVheCksICVlYXgKKwltb3ZsICVzczpUSV9jcHUo JWVheCksICVlYXgKKwltb3ZsICVzczpfX3Blcl9jcHVfb2Zmc2V0KCwlZWF4 LDQpLCAlZWF4CisJbW92ICVzczp4ZW5fdmNwdSglZWF4KSwgJWVheAogI2Vs c2UKLQltb3ZsIHhlbl92Y3B1LCAlZWF4CisJbW92bCAlc3M6eGVuX3ZjcHUs ICVlYXgKICNlbmRpZgogCiAJLyogY2hlY2sgSUYgc3RhdGUgd2UncmUgcmVz dG9yaW5nICovCkBAIC0xMDYsMTEgKzEwNiwxMSBAQCBFTlRSWSh4ZW5faXJl dCkKIAkgKiByZXN1bWluZyB0aGUgY29kZSwgc28gd2UgZG9uJ3QgaGF2ZSB0 byBiZSB3b3JyaWVkIGFib3V0CiAJICogYmVpbmcgcHJlZW1wdGVkIHRvIGFu b3RoZXIgQ1BVLgogCSAqLwotCXNldHogWEVOX3ZjcHVfaW5mb19tYXNrKCVl YXgpCisJc2V0eiAlc3M6WEVOX3ZjcHVfaW5mb19tYXNrKCVlYXgpCiB4ZW5f aXJldF9zdGFydF9jcml0OgogCiAJLyogY2hlY2sgZm9yIHVubWFza2VkIGFu ZCBwZW5kaW5nICovCi0JY21wdyAkMHgwMDAxLCBYRU5fdmNwdV9pbmZvX3Bl bmRpbmcoJWVheCkKKwljbXB3ICQweDAwMDEsICVzczpYRU5fdmNwdV9pbmZv X3BlbmRpbmcoJWVheCkKIAogCS8qCiAJICogSWYgdGhlcmUncyBzb21ldGhp bmcgcGVuZGluZywgbWFzayBldmVudHMgYWdhaW4gc28gd2UgY2FuCkBAIC0x MTgsNyArMTE4LDcgQEAgeGVuX2lyZXRfc3RhcnRfY3JpdDoKIAkgKiB0b3Vj aCBYRU5fdmNwdV9pbmZvX21hc2suCiAJICovCiAJam5lIDFmCi0JbW92YiAk MSwgWEVOX3ZjcHVfaW5mb19tYXNrKCVlYXgpCisJbW92YiAkMSwgJXNzOlhF Tl92Y3B1X2luZm9fbWFzayglZWF4KQogCiAxOglwb3BsICVlYXgKIAotLSAK MS44LjAuMgoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Fri Feb 15 11:45:21 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 15 Feb 2013 11:45:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U6Jgx-0005x8-3r; Fri, 15 Feb 2013 11:42:59 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U6Jgv-0005ww-Av; Fri, 15 Feb 2013 11:42:57 +0000 Received: from [85.158.138.51:23424] by server-3.bemta-3.messagelabs.com id CF/2C-31070-04F1E115; Fri, 15 Feb 2013 11:42:56 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-174.messagelabs.com!1360928487!19616301!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.8.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10916 invoked from network); 15 Feb 2013 11:41:30 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 15 Feb 2013 11:41:30 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U6JfM-0001hk-PT; Fri, 15 Feb 2013 11:41:20 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U6JfM-0003Qu-0l; Fri, 15 Feb 2013 11:41:20 +0000 Date: Fri, 15 Feb 2013 11:41:20 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0215 / XSA-38 version 3 oxenstored incorrect handling of certain Xenbus ring states UPDATES IN VERSION 3 ==================== The patch supplied contained an error which would cause a failure when the ring became full. An updated patch is attached. The incremental fix can be found at: http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/759574df84a6 ISSUE DESCRIPTION ================= The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting domain control and management functions. In more detail: A malicious guest administrator can cause oxenstored to crash; after this many host control operations (for example, starting and stopping domains, device hotplug, and some monitoring functions), will be unavailable. Domains which are already running are not directly affected. Such an attacker can also cause a memory exhaustion in the domain running oxenstored; often this will make the host's management functions unavailable. Information leak of control plane data is also theoretically possible. VULNERABLE SYSTEMS ================== Any system running oxenstored is vulnerable. oxenstored was introduced in Xen version 4.1. oxenstored was made the default in Xen 4.2.if a suitable ocaml toolchain was installed at build time. Systems running a 32-bit oxenstored are vulnerable only to the crash and not to the large memory allocation issue. MITIGATION ========== Running the C version of xenstored will avoid this issue. RESOLUTION ========== Applying the attached patch resolves this issue. xsa38.patch Xen 4.1.x, Xen 4.2.x, xen-unstable $ sha256sum xsa38*.patch 9912d3239a6f784418fcec53fad7c316588a421e352462f661cd1070fcf21d4b xsa38.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRHh6yAAoJEIP+FMlX6CvZekUH/AsBw9dg8t2QLsPd391zxX6C XUJGW616979+tVCGVr+ahyRKnE2T598LBD+Vojvi7/jL+k59/j48jOkJIen9NfV6 aawnCrDWICa1Hq4/7xoj1ZagmdQuRuESbdsV6VbzF7v6eBybzKHjhFLNg2cSw6YB Zhay6tqpQGQIZrqWZla0OzNf34gWFZAnD4SL3CzlQaMlUb4gab1qprb2kOHttfcK wlPxy+U3CPppiRHR5Zs9RmGqnRCA9YpZF2JjxuunrZhFtvY1v+udLCiMkdUGblss tKimBDyxC1Qlthye6MTVftvRSsmBmhRJV7R9Wia3s7iAW4KASeobxS+4wicbcHM= =GBLo -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa38.patch" Content-Disposition: attachment; filename="xsa38.patch" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbCBi L3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbAppbmRleCAzNTU4ODg5 Li5kNGQxYzdiIDEwMDY0NAotLS0gYS90b29scy9vY2FtbC9saWJzL3hiL3Bh cnRpYWwubWwKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi9wYXJ0aWFsLm1s CkBAIC0yNyw4ICsyNywxNSBAQCBleHRlcm5hbCBoZWFkZXJfc2l6ZTogdW5p dCAtPiBpbnQgPSAic3R1Yl9oZWFkZXJfc2l6ZSIKIGV4dGVybmFsIGhlYWRl cl9vZl9zdHJpbmdfaW50ZXJuYWw6IHN0cmluZyAtPiBpbnQgKiBpbnQgKiBp bnQgKiBpbnQKICAgICAgICAgID0gInN0dWJfaGVhZGVyX29mX3N0cmluZyIK IAorbGV0IHhlbnN0b3JlX3BheWxvYWRfbWF4ID0gNDA5NiAoKiB4ZW4vaW5j bHVkZS9wdWJsaWMvaW8veHNfd2lyZS5oICopCisKIGxldCBvZl9zdHJpbmcg cyA9CiAJbGV0IHRpZCwgcmlkLCBvcGludCwgZGxlbiA9IGhlYWRlcl9vZl9z dHJpbmdfaW50ZXJuYWwgcyBpbgorCSgqIEEgcGFja2V0IHdoaWNoIGlzIGJp Z2dlciB0aGFuIHhlbnN0b3JlX3BheWxvYWRfbWF4IGlzIGlsbGVnYWwuCisJ ICAgVGhpcyB3aWxsIGxlYXZlIHRoZSBndWVzdCBjb25uZWN0aW9uIGlzIGEg YmFkIHN0YXRlIGFuZCB3aWxsCisJICAgYmUgaGFyZCB0byByZWNvdmVyIGZy b20gd2l0aG91dCByZXN0YXJ0aW5nIHRoZSBjb25uZWN0aW9uCisJICAgKGll IHJlYm9vdGluZyB0aGUgZ3Vlc3QpICopCisJbGV0IGRsZW4gPSBtaW4geGVu c3RvcmVfcGF5bG9hZF9tYXggZGxlbiBpbgogCXsKIAkJdGlkID0gdGlkOwog CQlyaWQgPSByaWQ7CkBAIC0zOCw2ICs0NSw3IEBAIGxldCBvZl9zdHJpbmcg cyA9CiAJfQogCiBsZXQgYXBwZW5kIHBrdCBzIHN6ID0KKwlpZiBwa3QubGVu ID4gNDA5NiB0aGVuIGZhaWx3aXRoICJCdWZmZXIuYWRkOiBjYW5ub3QgZ3Jv dyBidWZmZXIiOwogCUJ1ZmZlci5hZGRfc3RyaW5nIHBrdC5idWYgKFN0cmlu Zy5zdWIgcyAwIHN6KQogCiBsZXQgdG9fY29tcGxldGUgcGt0ID0KZGlmZiAt LWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIveHNfcmluZ19zdHVicy5jIGIv dG9vbHMvb2NhbWwvbGlicy94Yi94c19yaW5nX3N0dWJzLmMKaW5kZXggMDA0 MTRjNS4uNDg4OGFjNSAxMDA2NDQKLS0tIGEvdG9vbHMvb2NhbWwvbGlicy94 Yi94c19yaW5nX3N0dWJzLmMKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi94 c19yaW5nX3N0dWJzLmMKQEAgLTM5LDIxICszOSwyMyBAQCBzdGF0aWMgaW50 IHhzX3JpbmdfcmVhZChzdHJ1Y3QgbW1hcF9pbnRlcmZhY2UgKmludGVyZmFj ZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2hhciAqYnVmZmVy LCBpbnQgbGVuKQogewogCXN0cnVjdCB4ZW5zdG9yZV9kb21haW5faW50ZXJm YWNlICppbnRmID0gaW50ZXJmYWNlLT5hZGRyOwotCVhFTlNUT1JFX1JJTkdf SURYIGNvbnMsIHByb2Q7CisJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJv ZDsgLyogb2Zmc2V0cyBvbmx5ICovCiAJaW50IHRvX3JlYWQ7CiAKLQljb25z ID0gaW50Zi0+cmVxX2NvbnM7Ci0JcHJvZCA9IGludGYtPnJlcV9wcm9kOwor CWNvbnMgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9jb25zOwor CXByb2QgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9wcm9kOwog CXhlbl9tYigpOwogCWlmIChwcm9kID09IGNvbnMpCiAJCXJldHVybiAwOwot CWlmIChNQVNLX1hFTlNUT1JFX0lEWChwcm9kKSA+IE1BU0tfWEVOU1RPUkVf SURYKGNvbnMpKSAKKwljb25zID0gTUFTS19YRU5TVE9SRV9JRFgoY29ucyk7 CisJcHJvZCA9IE1BU0tfWEVOU1RPUkVfSURYKHByb2QpOworCWlmIChwcm9k ID4gY29ucykKIAkJdG9fcmVhZCA9IHByb2QgLSBjb25zOwogCWVsc2UKLQkJ dG9fcmVhZCA9IFhFTlNUT1JFX1JJTkdfU0laRSAtIE1BU0tfWEVOU1RPUkVf SURYKGNvbnMpOworCQl0b19yZWFkID0gWEVOU1RPUkVfUklOR19TSVpFIC0g Y29uczsKIAlpZiAodG9fcmVhZCA8IGxlbikKIAkJbGVuID0gdG9fcmVhZDsK LQltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBNQVNLX1hFTlNUT1JFX0lE WChjb25zKSwgbGVuKTsKKwltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBj b25zLCBsZW4pOwogCXhlbl9tYigpOwogCWludGYtPnJlcV9jb25zICs9IGxl bjsKIAlyZXR1cm4gbGVuOwpAQCAtNjYsOCArNjgsOCBAQCBzdGF0aWMgaW50 IHhzX3Jpbmdfd3JpdGUoc3RydWN0IG1tYXBfaW50ZXJmYWNlICppbnRlcmZh Y2UsCiAJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJvZDsKIAlpbnQgY2Fu X3dyaXRlOwogCi0JY29ucyA9IGludGYtPnJzcF9jb25zOwotCXByb2QgPSBp bnRmLT5yc3BfcHJvZDsKKwljb25zID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfY29uczsKKwlwcm9kID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfcHJvZDsKIAl4ZW5fbWIoKTsKIAlpZiAoIChwcm9kIC0gY29u cykgPj0gWEVOU1RPUkVfUklOR19TSVpFICkKIAkJcmV0dXJuIDA7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Fri Feb 15 11:45:21 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 15 Feb 2013 11:45:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U6Jgx-0005x8-3r; Fri, 15 Feb 2013 11:42:59 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U6Jgv-0005ww-Av; Fri, 15 Feb 2013 11:42:57 +0000 Received: from [85.158.138.51:23424] by server-3.bemta-3.messagelabs.com id CF/2C-31070-04F1E115; Fri, 15 Feb 2013 11:42:56 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-174.messagelabs.com!1360928487!19616301!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.8.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10916 invoked from network); 15 Feb 2013 11:41:30 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 15 Feb 2013 11:41:30 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U6JfM-0001hk-PT; Fri, 15 Feb 2013 11:41:20 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U6JfM-0003Qu-0l; Fri, 15 Feb 2013 11:41:20 +0000 Date: Fri, 15 Feb 2013 11:41:20 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0215 / XSA-38 version 3 oxenstored incorrect handling of certain Xenbus ring states UPDATES IN VERSION 3 ==================== The patch supplied contained an error which would cause a failure when the ring became full. An updated patch is attached. The incremental fix can be found at: http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/759574df84a6 ISSUE DESCRIPTION ================= The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting domain control and management functions. In more detail: A malicious guest administrator can cause oxenstored to crash; after this many host control operations (for example, starting and stopping domains, device hotplug, and some monitoring functions), will be unavailable. Domains which are already running are not directly affected. Such an attacker can also cause a memory exhaustion in the domain running oxenstored; often this will make the host's management functions unavailable. Information leak of control plane data is also theoretically possible. VULNERABLE SYSTEMS ================== Any system running oxenstored is vulnerable. oxenstored was introduced in Xen version 4.1. oxenstored was made the default in Xen 4.2.if a suitable ocaml toolchain was installed at build time. Systems running a 32-bit oxenstored are vulnerable only to the crash and not to the large memory allocation issue. MITIGATION ========== Running the C version of xenstored will avoid this issue. RESOLUTION ========== Applying the attached patch resolves this issue. xsa38.patch Xen 4.1.x, Xen 4.2.x, xen-unstable $ sha256sum xsa38*.patch 9912d3239a6f784418fcec53fad7c316588a421e352462f661cd1070fcf21d4b xsa38.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRHh6yAAoJEIP+FMlX6CvZekUH/AsBw9dg8t2QLsPd391zxX6C XUJGW616979+tVCGVr+ahyRKnE2T598LBD+Vojvi7/jL+k59/j48jOkJIen9NfV6 aawnCrDWICa1Hq4/7xoj1ZagmdQuRuESbdsV6VbzF7v6eBybzKHjhFLNg2cSw6YB Zhay6tqpQGQIZrqWZla0OzNf34gWFZAnD4SL3CzlQaMlUb4gab1qprb2kOHttfcK wlPxy+U3CPppiRHR5Zs9RmGqnRCA9YpZF2JjxuunrZhFtvY1v+udLCiMkdUGblss tKimBDyxC1Qlthye6MTVftvRSsmBmhRJV7R9Wia3s7iAW4KASeobxS+4wicbcHM= =GBLo -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa38.patch" Content-Disposition: attachment; filename="xsa38.patch" Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbCBi L3Rvb2xzL29jYW1sL2xpYnMveGIvcGFydGlhbC5tbAppbmRleCAzNTU4ODg5 Li5kNGQxYzdiIDEwMDY0NAotLS0gYS90b29scy9vY2FtbC9saWJzL3hiL3Bh cnRpYWwubWwKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi9wYXJ0aWFsLm1s CkBAIC0yNyw4ICsyNywxNSBAQCBleHRlcm5hbCBoZWFkZXJfc2l6ZTogdW5p dCAtPiBpbnQgPSAic3R1Yl9oZWFkZXJfc2l6ZSIKIGV4dGVybmFsIGhlYWRl cl9vZl9zdHJpbmdfaW50ZXJuYWw6IHN0cmluZyAtPiBpbnQgKiBpbnQgKiBp bnQgKiBpbnQKICAgICAgICAgID0gInN0dWJfaGVhZGVyX29mX3N0cmluZyIK IAorbGV0IHhlbnN0b3JlX3BheWxvYWRfbWF4ID0gNDA5NiAoKiB4ZW4vaW5j bHVkZS9wdWJsaWMvaW8veHNfd2lyZS5oICopCisKIGxldCBvZl9zdHJpbmcg cyA9CiAJbGV0IHRpZCwgcmlkLCBvcGludCwgZGxlbiA9IGhlYWRlcl9vZl9z dHJpbmdfaW50ZXJuYWwgcyBpbgorCSgqIEEgcGFja2V0IHdoaWNoIGlzIGJp Z2dlciB0aGFuIHhlbnN0b3JlX3BheWxvYWRfbWF4IGlzIGlsbGVnYWwuCisJ ICAgVGhpcyB3aWxsIGxlYXZlIHRoZSBndWVzdCBjb25uZWN0aW9uIGlzIGEg YmFkIHN0YXRlIGFuZCB3aWxsCisJICAgYmUgaGFyZCB0byByZWNvdmVyIGZy b20gd2l0aG91dCByZXN0YXJ0aW5nIHRoZSBjb25uZWN0aW9uCisJICAgKGll IHJlYm9vdGluZyB0aGUgZ3Vlc3QpICopCisJbGV0IGRsZW4gPSBtaW4geGVu c3RvcmVfcGF5bG9hZF9tYXggZGxlbiBpbgogCXsKIAkJdGlkID0gdGlkOwog CQlyaWQgPSByaWQ7CkBAIC0zOCw2ICs0NSw3IEBAIGxldCBvZl9zdHJpbmcg cyA9CiAJfQogCiBsZXQgYXBwZW5kIHBrdCBzIHN6ID0KKwlpZiBwa3QubGVu ID4gNDA5NiB0aGVuIGZhaWx3aXRoICJCdWZmZXIuYWRkOiBjYW5ub3QgZ3Jv dyBidWZmZXIiOwogCUJ1ZmZlci5hZGRfc3RyaW5nIHBrdC5idWYgKFN0cmlu Zy5zdWIgcyAwIHN6KQogCiBsZXQgdG9fY29tcGxldGUgcGt0ID0KZGlmZiAt LWdpdCBhL3Rvb2xzL29jYW1sL2xpYnMveGIveHNfcmluZ19zdHVicy5jIGIv dG9vbHMvb2NhbWwvbGlicy94Yi94c19yaW5nX3N0dWJzLmMKaW5kZXggMDA0 MTRjNS4uNDg4OGFjNSAxMDA2NDQKLS0tIGEvdG9vbHMvb2NhbWwvbGlicy94 Yi94c19yaW5nX3N0dWJzLmMKKysrIGIvdG9vbHMvb2NhbWwvbGlicy94Yi94 c19yaW5nX3N0dWJzLmMKQEAgLTM5LDIxICszOSwyMyBAQCBzdGF0aWMgaW50 IHhzX3JpbmdfcmVhZChzdHJ1Y3QgbW1hcF9pbnRlcmZhY2UgKmludGVyZmFj ZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2hhciAqYnVmZmVy LCBpbnQgbGVuKQogewogCXN0cnVjdCB4ZW5zdG9yZV9kb21haW5faW50ZXJm YWNlICppbnRmID0gaW50ZXJmYWNlLT5hZGRyOwotCVhFTlNUT1JFX1JJTkdf SURYIGNvbnMsIHByb2Q7CisJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJv ZDsgLyogb2Zmc2V0cyBvbmx5ICovCiAJaW50IHRvX3JlYWQ7CiAKLQljb25z ID0gaW50Zi0+cmVxX2NvbnM7Ci0JcHJvZCA9IGludGYtPnJlcV9wcm9kOwor CWNvbnMgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9jb25zOwor CXByb2QgPSAqKHZvbGF0aWxlIHVpbnQzMiopJmludGYtPnJlcV9wcm9kOwog CXhlbl9tYigpOwogCWlmIChwcm9kID09IGNvbnMpCiAJCXJldHVybiAwOwot CWlmIChNQVNLX1hFTlNUT1JFX0lEWChwcm9kKSA+IE1BU0tfWEVOU1RPUkVf SURYKGNvbnMpKSAKKwljb25zID0gTUFTS19YRU5TVE9SRV9JRFgoY29ucyk7 CisJcHJvZCA9IE1BU0tfWEVOU1RPUkVfSURYKHByb2QpOworCWlmIChwcm9k ID4gY29ucykKIAkJdG9fcmVhZCA9IHByb2QgLSBjb25zOwogCWVsc2UKLQkJ dG9fcmVhZCA9IFhFTlNUT1JFX1JJTkdfU0laRSAtIE1BU0tfWEVOU1RPUkVf SURYKGNvbnMpOworCQl0b19yZWFkID0gWEVOU1RPUkVfUklOR19TSVpFIC0g Y29uczsKIAlpZiAodG9fcmVhZCA8IGxlbikKIAkJbGVuID0gdG9fcmVhZDsK LQltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBNQVNLX1hFTlNUT1JFX0lE WChjb25zKSwgbGVuKTsKKwltZW1jcHkoYnVmZmVyLCBpbnRmLT5yZXEgKyBj b25zLCBsZW4pOwogCXhlbl9tYigpOwogCWludGYtPnJlcV9jb25zICs9IGxl bjsKIAlyZXR1cm4gbGVuOwpAQCAtNjYsOCArNjgsOCBAQCBzdGF0aWMgaW50 IHhzX3Jpbmdfd3JpdGUoc3RydWN0IG1tYXBfaW50ZXJmYWNlICppbnRlcmZh Y2UsCiAJWEVOU1RPUkVfUklOR19JRFggY29ucywgcHJvZDsKIAlpbnQgY2Fu X3dyaXRlOwogCi0JY29ucyA9IGludGYtPnJzcF9jb25zOwotCXByb2QgPSBp bnRmLT5yc3BfcHJvZDsKKwljb25zID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfY29uczsKKwlwcm9kID0gKih2b2xhdGlsZSB1aW50MzIqKSZp bnRmLT5yc3BfcHJvZDsKIAl4ZW5fbWIoKTsKIAlpZiAoIChwcm9kIC0gY29u cykgPj0gWEVOU1RPUkVfUklOR19TSVpFICkKIAkJcmV0dXJuIDA7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Feb 21 14:26:06 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Feb 2013 14:26:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U8X3t-00042c-P9; Thu, 21 Feb 2013 14:23:49 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U8X3s-00042E-6w; Thu, 21 Feb 2013 14:23:48 +0000 Received: from [85.158.139.211:17022] by server-3.bemta-5.messagelabs.com id 9E/AD-07037-3FD26215; Thu, 21 Feb 2013 14:23:47 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-14.tower-206.messagelabs.com!1361456621!18549606!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.8.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30770 invoked from network); 21 Feb 2013 14:23:42 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-14.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 21 Feb 2013 14:23:42 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U8X3c-000207-Ah; Thu, 21 Feb 2013 14:23:32 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U8X3b-0007ni-Cw; Thu, 21 Feb 2013 14:23:31 +0000 Date: Thu, 21 Feb 2013 14:23:31 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0153 / XSA-36 version 4 interrupt remap entries shared and old ones not cleared on AMD IOMMUs UPDATES IN VERSION 4 ==================== Updated patches, to deal with a boot time crash resulting from the earlier changes on systems with firmware broken in a way not previously accounted for. ISSUE DESCRIPTION ================= To avoid an erratum in early hardware, the Xen AMD IOMMU code by default chooses to use a single interrupt remapping table for the whole system. This sharing implies that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. Furthermore, regardless of whether a shared interrupt remapping table is in use, old entries are not always cleared, providing opportunities (which accumulate over time) for guests to inject interrupts into other guests, again including domain 0. In a typical Xen system many devices are owned by domain 0 or driver domains, leaving them vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system. IMPACT ====== A malicious domain which is given access to a physical PCI device can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Xen versions 3.3 onwards are vulnerable. Earlier Xen versions do not implement interrupt remapping, and hence do not support secure AMD-Vi PCI passthrough in any case. Only systems using AMD-Vi for PCI passthrough are vulnerable. Any domain which is given access to a PCI device can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. In Xen versions 4.1.3 and above the sharing of the interrupt remapping table (and hence the more severe part of this problem) can be avoided by passing "iommu=amd-iommu-perdev-intremap" as a command line option to the hypervisor. This option is not fully functional on earlier hypervisors. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that on certain systems (SP5100 chipsets with erratum 28 present, or such with broken IVRS ACPI table) these patches will result in the IOMMU not being enabled anymore. This should be dealt with by a BIOS update, if available. Alternatively the check can be overridden by specifying "iommu=no-amd-iommu-perdev-intremap" on the Xen command line ("iommu=amd-iommu-global-intremap" on 4.1.x), at the price of re-opening the security hole addressed by these patches. xsa36-unstable.patch Xen unstable xsa36-4.2.patch Xen 4.2.x xsa36-4.1.patch Xen 4.1.x $ sha256sum xsa36*.patch 4bdc0f1f94f82c6bc6c777971f22ef915215b72b98b29f9064e4df65c0efc6f4 xsa36-4.1.patch dd32ecaa84edbf6d11241045f40ba53ec4a3bc6c24f719bc21204067c4eb8964 xsa36-4.2.patch 7c0b3a1b332a24a830c7a436b065943f60c54cd5b7e746c440e2992a7b5cfe41 xsa36-unstable.patch $ Incremental patches on top of what was provided in version 3 can also be taken from the respective mercurial trees: http://xenbits.xen.org/hg/xen-unstable.hg/rev/e68f14b9e739 http://xenbits.xen.org/hg/staging/xen-4.2-testing.hg/rev/6a03b38b9cd6 http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/4d522221fa77 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRJf98AAoJEIP+FMlX6CvZ5ocH/jNY92kLw7BOencxa9R3TGTn 20O0+j1id+xi2vjVVF2xm2SJ7g/6Egx5WURUfy2cu+I8GdDHKmRrp3Vkazltzcnd 6AlI5aiPC2H1rFkU0FpneRk3mrluABLZO8Q5YcSJs24hwqded0W+SivH63aInki/ PsDGoBu8HUjYMWjXyqCJVJIGToLS9ApaQ8+iTylWb1ZocRm2VcPS8yJI7z82kj3A zRNADG36oAFawSJsE9z3ykVoYv9UYckOaWkaXh7jZPHAvIjvP2wLb9gmMkMXbIOP ICpJJFf0w7oW6KTY3g9n8CxUMBMoUw/9Fv+CQBzOf0ZZY/vIE8q65A0NhCcWixo= =vmpB -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa36-4.1.patch" Content-Disposition: attachment; filename="xsa36-4.1.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgpBTUQg SU9NTVU6IGFsc28gc3BvdCBtaXNzaW5nIElPLUFQSUMgZW50cmllcyBpbiBJ VlJTIHRhYmxlCgpBcGFydCBmcm9tIGRlYWxpbmcgZHVwbGljYXRlIGNvbmZs aWN0aW5nIGVudHJpZXMsIHdlIGFsc28gaGF2ZSB0bwpoYW5kbGUgZmlybXdh cmUgb21pdHRpbmcgSU8tQVBJQyBlbnRyaWVzIGluIElWUlMgYWx0b2dldGhl ci4gTm90IGRvaW5nCnNvIGhhcyByZXN1bHRlZCBpbiBjL3MgMjY1MTc6NjAx MTM5ZTJiMGRiIHRvIGNyYXNoIHN1Y2ggc3lzdGVtcyBkdXJpbmcKYm9vdCAo d2hlcmVhcyB3aXRoIHRoZSBjaGFuZ2UgaGVyZSB0aGUgSU9NTVUgZ2V0cyBk aXNhYmxlZCBqdXN0IGFzIGlzCmJlaW5nIGRvbmUgaW4gdGhlIG90aGVyIGNh c2VzLCBpLmUuIHVubGVzcyBnbG9iYWwgdGFibGVzIGFyZSBiZWluZwp1c2Vk KS4KCkRlYnVnZ2luZyB0aGlzIGlzc3VlIGhhcyBhbHNvIHBvaW50ZWQgb3V0 IHRoYXQgdGhlIGRlYnVnIGxvZyBvdXRwdXQgaXMKcHJldHR5IHVnbHkgdG8g bG9vayBhdCAtIGNvbnNvbGlkYXRlIHRoZSBvdXRwdXQsIGFuZCBhZGQgb25l IGV4dHJhCml0ZW0gZm9yIHRoZSBJVkhEIHNwZWNpYWwgZW50cmllcywgc28g dGhhdCBmdXR1cmUgaXNzdWVzIGFyZSBlYXNpZXIKdG8gYW5hbHl6ZS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K VGVzdGVkLWJ5OiBTYW5kZXIgRWlrZWxlbmJvb20gPGxpbnV4QGVpa2VsZW5i b29tLml0PgoKLS0tIGEveGVuL2FyY2gveDg2L2lycS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9pcnEuYwpAQCAtMTY3Nyw5ICsxNjc3LDYgQEAgaW50IG1hcF9k b21haW5fcGlycSgKICAgICAgICAgZC0+YXJjaC5waXJxX2lycVtwaXJxXSA9 IGlycTsKICAgICAgICAgZC0+YXJjaC5pcnFfcGlycVtpcnFdID0gcGlycTsK ICAgICAgICAgc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgmZGVzYy0+bG9jaywg ZmxhZ3MpOwotCi0gICAgICAgIGlmICggb3B0X2lycV92ZWN0b3JfbWFwID09 IE9QVF9JUlFfVkVDVE9SX01BUF9QRVJERVYgKQotICAgICAgICAgICAgcHJp bnRrKFhFTkxPR19JTkZPICJQZXItZGV2aWNlIHZlY3RvciBtYXBzIGZvciBH U0lzIG5vdCBpbXBsZW1lbnRlZCB5ZXQuXG4iKTsKICAgICB9CiAKIGRvbmU6 Ci0tLSBhL3hlbi9kcml2ZXJzL2FjcGkvdGFibGVzLmMKKysrIGIveGVuL2Ry aXZlcnMvYWNwaS90YWJsZXMuYwpAQCAtMjY3LDcgKzI2Nyw3IEBAIGFjcGlf dGFibGVfcGFyc2VfbWFkdChlbnVtIGFjcGlfbWFkdF90eXAKICAqIEBoYW5k bGVyOiBoYW5kbGVyIHRvIHJ1bgogICoKICAqIFNjYW4gdGhlIEFDUEkgU3lz dGVtIERlc2NyaXB0b3IgVGFibGUgKFNURCkgZm9yIGEgdGFibGUgbWF0Y2hp bmcgQGlkLAotICogcnVuIEBoYW5kbGVyIG9uIGl0LiAgUmV0dXJuIDAgaWYg dGFibGUgZm91bmQsIHJldHVybiBvbiBpZiBub3QuCisgKiBydW4gQGhhbmRs ZXIgb24gaXQuCiAgKi8KIGludCBhY3BpX3RhYmxlX3BhcnNlKGNoYXIgKmlk LCBhY3BpX3RhYmxlX2hhbmRsZXIgaGFuZGxlcikKIHsKQEAgLTI4Miw4ICsy ODIsNyBAQCBpbnQgYWNwaV90YWJsZV9wYXJzZShjaGFyICppZCwgYWNwaV90 YWJsCiAJCWFjcGlfZ2V0X3RhYmxlKGlkLCAwLCAmdGFibGUpOwogCiAJaWYg KHRhYmxlKSB7Ci0JCWhhbmRsZXIodGFibGUpOwotCQlyZXR1cm4gMDsKKwkJ cmV0dXJuIGhhbmRsZXIodGFibGUpOwogCX0gZWxzZQogCQlyZXR1cm4gMTsK IH0KLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X2Fj cGkuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVf YWNwaS5jCkBAIC0yMSw2ICsyMSw3IEBACiAjaW5jbHVkZSA8eGVuL2NvbmZp Zy5oPgogI2luY2x1ZGUgPHhlbi9lcnJuby5oPgogI2luY2x1ZGUgPGFzbS9h cGljZGVmLmg+CisjaW5jbHVkZSA8YXNtL2lvX2FwaWMuaD4KICNpbmNsdWRl IDxhc20vYW1kLWlvbW11Lmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9zdm0vYW1k LWlvbW11LXByb3RvLmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9zdm0vYW1kLWlv bW11LWFjcGkuaD4KQEAgLTI5LDcgKzMwLDYgQEAgZXh0ZXJuIHVuc2lnbmVk IGxvbmcgYW1kX2lvbW11X3BhZ2VfZW50cgogZXh0ZXJuIHVuc2lnbmVkIHNo b3J0IGl2cnNfYmRmX2VudHJpZXM7CiBleHRlcm4gc3RydWN0IGl2cnNfbWFw cGluZ3MgKml2cnNfbWFwcGluZ3M7CiBleHRlcm4gdW5zaWduZWQgc2hvcnQg bGFzdF9iZGY7Ci1leHRlcm4gaW50IGlvYXBpY19iZGZbTUFYX0lPX0FQSUNT XTsKIGV4dGVybiB2b2lkICpzaGFyZWRfaW50cmVtYXBfdGFibGU7CiAKIHN0 YXRpYyB2b2lkIGFkZF9pdnJzX21hcHBpbmdfZW50cnkoCkBAIC02MzYsNiAr NjM2LDcgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZpY2Vf c3BlYwogICAgIHUxNiBoZWFkZXJfbGVuZ3RoLCB1MTYgYmxvY2tfbGVuZ3Ro LCBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSkKIHsKICAgICB1MTYgZGV2X2xl bmd0aCwgYmRmOworICAgIGludCBhcGljOwogCiAgICAgZGV2X2xlbmd0aCA9 IHNpemVvZihzdHJ1Y3QgYWNwaV9pdmhkX2RldmljZV9zcGVjaWFsKTsKICAg ICBpZiAoIGhlYWRlcl9sZW5ndGggPCAoYmxvY2tfbGVuZ3RoICsgZGV2X2xl bmd0aCkgKQpAQCAtNjUyLDkgKzY1Myw1OCBAQCBzdGF0aWMgdTE2IF9faW5p dCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAgfQogCiAgICAgYWRkX2l2 cnNfbWFwcGluZ19lbnRyeShiZGYsIGJkZiwgaXZoZF9kZXZpY2UtPmhlYWRl ci5mbGFncywgaW9tbXUpOwotICAgIC8qIHNldCBkZXZpY2UgaWQgb2YgaW9h cGljICovCi0gICAgaW9hcGljX2JkZltpdmhkX2RldmljZS0+c3BlY2lhbC5o YW5kbGVdID0gYmRmOwotICAgIHJldHVybiBkZXZfbGVuZ3RoOworCisgICAg aWYgKCBpdmhkX2RldmljZS0+c3BlY2lhbC52YXJpZXR5ICE9IDEgLyogQUNQ SV9JVkhEX0lPQVBJQyAqLyApCisgICAgeworICAgICAgICBpZiAoIGl2aGRf ZGV2aWNlLT5zcGVjaWFsLnZhcmlldHkgIT0gMiAvKiBBQ1BJX0lWSERfSFBF VCAqLyApCisgICAgICAgICAgICBwcmludGsoWEVOTE9HX0VSUiAiVW5yZWNv Z25pemVkIElWSEQgc3BlY2lhbCB2YXJpZXR5ICUjeFxuIiwKKyAgICAgICAg ICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lhbC52YXJpZXR5KTsKKyAg ICAgICAgcmV0dXJuIGRldl9sZW5ndGg7CisgICAgfQorCisgICAgLyoKKyAg ICAgKiBTb21lIEJJT1NlcyBoYXZlIElPQVBJQyBicm9rZW4gZW50cmllcyBz byB3ZSBjaGVjayBmb3IgSVZSUworICAgICAqIGNvbnNpc3RlbmN5IGhlcmUg LS0tIHdoZXRoZXIgZW50cnkncyBJT0FQSUMgSUQgaXMgdmFsaWQgYW5kCisg ICAgICogd2hldGhlciB0aGVyZSBhcmUgY29uZmxpY3RpbmcvZHVwbGljYXRl ZCBlbnRyaWVzLgorICAgICAqLworICAgIGZvciAoIGFwaWMgPSAwOyBhcGlj IDwgbnJfaW9hcGljczsgYXBpYysrICkKKyAgICB7CisgICAgICAgIGlmICgg SU9fQVBJQ19JRChhcGljKSAhPSBpdmhkX2RldmljZS0+c3BlY2lhbC5oYW5k bGUgKQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgaWYgKCBp b2FwaWNfYmRmW2l2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZV0ucGluX3Nl dHVwICkKKyAgICAgICAgeworICAgICAgICAgICAgaWYgKCBpb2FwaWNfYmRm W2l2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZV0uYmRmID09IGJkZiApCisg ICAgICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJVkhEIFdhcm5pbmc6 IER1cGxpY2F0ZSBJTy1BUElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lhbC5o YW5kbGUpOworICAgICAgICAgICAgZWxzZQorICAgICAgICAgICAgeworICAg ICAgICAgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBD b25mbGljdGluZyBJTy1BUElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAg ICAgICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lhbC5oYW5kbGUpOwor ICAgICAgICAgICAgICAgIGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRyZW1h cCApCisgICAgICAgICAgICAgICAgICAgIHJldHVybiAwOworICAgICAgICAg ICAgfQorICAgICAgICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAg ICAgICAgICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMgKi8KKyAgICAg ICAgICAgIGlvYXBpY19iZGZbaXZoZF9kZXZpY2UtPnNwZWNpYWwuaGFuZGxl XS5iZGYgPSBiZGY7CisKKyAgICAgICAgICAgIGlvYXBpY19iZGZbaXZoZF9k ZXZpY2UtPnNwZWNpYWwuaGFuZGxlXS5waW5fc2V0dXAgPSB4emFsbG9jX2Fy cmF5KAorICAgICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcsIEJJVFNfVE9f TE9OR1MobnJfaW9hcGljX3JlZ2lzdGVyc1thcGljXSkpOworICAgICAgICAg ICAgaWYgKCBucl9pb2FwaWNfcmVnaXN0ZXJzW2FwaWNdICYmCisgICAgICAg ICAgICAgICAgICFpb2FwaWNfYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9z ZXR1cCApCisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgcHJpbnRr KFhFTkxPR19FUlIgIklWSEQgRXJyb3I6IE91dCBvZiBtZW1vcnlcbiIpOwor ICAgICAgICAgICAgICAgIHJldHVybiAwOworICAgICAgICAgICAgfQorICAg ICAgICB9CisgICAgICAgIHJldHVybiBkZXZfbGVuZ3RoOworICAgIH0KKwor ICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBJbnZhbGlkIElP LUFQSUMgJSN4XG4iLAorICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lh bC5oYW5kbGUpOworICAgIHJldHVybiAwOwogfQogCiBzdGF0aWMgaW50IF9f aW5pdCBwYXJzZV9pdmhkX2Jsb2NrKHN0cnVjdCBhY3BpX2l2aGRfYmxvY2tf aGVhZGVyICppdmhkX2Jsb2NrKQpAQCAtODE3LDYgKzg2Nyw3IEBAIHN0YXRp YyBpbnQgX19pbml0IHBhcnNlX2l2cnNfdGFibGUoc3RydWMKIHsKICAgICBz dHJ1Y3QgYWNwaV9pdnJzX2Jsb2NrX2hlYWRlciAqaXZyc19ibG9jazsKICAg ICB1bnNpZ25lZCBsb25nIGxlbmd0aDsKKyAgICB1bnNpZ25lZCBpbnQgYXBp YzsKICAgICBpbnQgZXJyb3IgPSAwOwogICAgIHN0cnVjdCBhY3BpX3RhYmxl X2hlYWRlciAqdGFibGUgPSAoc3RydWN0IGFjcGlfdGFibGVfaGVhZGVyICop X3RhYmxlOwogCkBAIC04NTEsNiArOTAyLDI5IEBAIHN0YXRpYyBpbnQgX19p bml0IHBhcnNlX2l2cnNfdGFibGUoc3RydWMKICAgICAgICAgbGVuZ3RoICs9 IGl2cnNfYmxvY2stPmxlbmd0aDsKICAgICB9CiAKKyAgICAvKiBFYWNoIElP LUFQSUMgbXVzdCBoYXZlIGJlZW4gbWVudGlvbmVkIGluIHRoZSB0YWJsZS4g Ki8KKyAgICBmb3IgKCBhcGljID0gMDsgIWVycm9yICYmIGFwaWMgPCBucl9p b2FwaWNzOyArK2FwaWMgKQorICAgIHsKKyAgICAgICAgaWYgKCAhbnJfaW9h cGljX3JlZ2lzdGVyc1thcGljXSB8fAorICAgICAgICAgICAgIGlvYXBpY19i ZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3NldHVwICkKKyAgICAgICAgICAg IGNvbnRpbnVlOworCisgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhE IEVycm9yOiBubyBpbmZvcm1hdGlvbiBmb3IgSU8tQVBJQyAlI3hcbiIsCisg ICAgICAgICAgICAgICBJT19BUElDX0lEKGFwaWMpKTsKKyAgICAgICAgaWYg KCBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgICAgIGVy cm9yID0gLUVOWElPOworICAgICAgICBlbHNlCisgICAgICAgIHsKKyAgICAg ICAgICAgIGlvYXBpY19iZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3NldHVw ID0geHphbGxvY19hcnJheSgKKyAgICAgICAgICAgICAgICB1bnNpZ25lZCBs b25nLCBCSVRTX1RPX0xPTkdTKG5yX2lvYXBpY19yZWdpc3RlcnNbYXBpY10p KTsKKyAgICAgICAgICAgIGlmICggIWlvYXBpY19iZGZbSU9fQVBJQ19JRChh cGljKV0ucGluX3NldHVwICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAg ICAgICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogT3V0IG9mIG1l bW9yeVxuIik7CisgICAgICAgICAgICAgICAgZXJyb3IgPSAtRU5PTUVNOwor ICAgICAgICAgICAgfQorICAgICAgICB9CisgICAgfQorCiAgICAgcmV0dXJu IGVycm9yOwogfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9pbml0LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gv YW1kL2lvbW11X2luaXQuYwpAQCAtODk3LDEyICs4OTcsNDUgQEAgc3RhdGlj IGludCBfX2luaXQgYW1kX2lvbW11X3NldHVwX2RldmljZQogICAgIHJldHVy biAwOwogfQogCisvKiBDaGVjayB3aGV0aGVyIFNQNTEwMCBTQVRBIENvbWJp bmVkIG1vZGUgaXMgb24gKi8KK3N0YXRpYyBib29sX3QgX19pbml0IGFtZF9z cDUxMDBfZXJyYXR1bTI4KHZvaWQpCit7CisgICAgdTMyIGJ1cywgaWQ7Cisg ICAgdTE2IHZlbmRvcl9pZCwgZGV2X2lkOworICAgIHU4IGJ5dGU7CisKKyAg ICBmb3IgKGJ1cyA9IDA7IGJ1cyA8IDI1NjsgYnVzKyspCisgICAgeworICAg ICAgICBpZCA9IHBjaV9jb25mX3JlYWQzMihidXMsIDB4MTQsIDAsIFBDSV9W RU5ET1JfSUQpOworCisgICAgICAgIHZlbmRvcl9pZCA9IGlkICYgMHhmZmZm OworICAgICAgICBkZXZfaWQgPSAoaWQgPj4gMTYpICYgMHhmZmZmOworCisg ICAgICAgIC8qIFNQNTEwMCBTTUJ1cyBtb2R1bGUgc2V0cyBDb21iaW5lZCBt b2RlIG9uICovCisgICAgICAgIGlmICh2ZW5kb3JfaWQgIT0gMHgxMDAyIHx8 IGRldl9pZCAhPSAweDQzODUpCisgICAgICAgICAgICBjb250aW51ZTsKKwor ICAgICAgICBieXRlID0gcGNpX2NvbmZfcmVhZDgoYnVzLCAweDE0LCAwLCAw eGFkKTsKKyAgICAgICAgaWYgKCAoYnl0ZSA+PiAzKSAmIDEgKQorICAgICAg ICB7CisgICAgICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5JTkcgIkFNRC1W aTogU1A1MTAwIGVycmF0dW0gMjggZGV0ZWN0ZWQsIGRpc2FibGluZyBJT01N VS5cbiIKKyAgICAgICAgICAgICAgICAgICAiSWYgcG9zc2libGUsIGRpc2Fi bGUgU0FUQSBDb21iaW5lZCBtb2RlIGluIEJJT1Mgb3IgY29udGFjdCB5b3Vy IHZlbmRvciBmb3IgQklPUyB1cGRhdGUuXG4iKTsKKyAgICAgICAgICAgIHJl dHVybiAxOworICAgICAgICB9CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9 CisKIGludCBfX2luaXQgYW1kX2lvbW11X2luaXQodm9pZCkKIHsKICAgICBz dHJ1Y3QgYW1kX2lvbW11ICppb21tdTsKIAogICAgIEJVR19PTiggIWlvbW11 X2ZvdW5kKCkgKTsKIAorICAgIGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRy ZW1hcCAmJiBhbWRfc3A1MTAwX2VycmF0dW0yOCgpICkKKyAgICAgICAgZ290 byBlcnJvcl9vdXQ7CisKICAgICBpcnFfdG9faW9tbXUgPSB4bWFsbG9jX2Fy cmF5KHN0cnVjdCBhbWRfaW9tbXUgKiwgbnJfaXJxcyk7CiAgICAgaWYgKCBp cnFfdG9faW9tbXUgPT0gTlVMTCApCiAgICAgICAgIGdvdG8gZXJyb3Jfb3V0 OwotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW50 ci5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9p bnRyLmMKQEAgLTI3LDcgKzI3LDcgQEAKICNkZWZpbmUgSU5UUkVNQVBfTEVO R1RIIDB4QgogI2RlZmluZSBJTlRSRU1BUF9FTlRSSUVTICgxIDw8IElOVFJF TUFQX0xFTkdUSCkKIAotaW50IGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsK K3N0cnVjdCBpb2FwaWNfYmRmIGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsK IGV4dGVybiBzdHJ1Y3QgaXZyc19tYXBwaW5ncyAqaXZyc19tYXBwaW5nczsK IGV4dGVybiB1bnNpZ25lZCBzaG9ydCBpdnJzX2JkZl9lbnRyaWVzOwogdm9p ZCAqc2hhcmVkX2ludHJlbWFwX3RhYmxlOwpAQCAtMTE3LDEyICsxMTcsMTIg QEAgdm9pZCBpbnZhbGlkYXRlX2ludGVycnVwdF90YWJsZShzdHJ1Y3QgYQog c3RhdGljIHZvaWQgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGlj KAogICAgIGludCBiZGYsCiAgICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUs Ci0gICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKmlvYXBpY19ydGUp CisgICAgY29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSwK KyAgICBjb25zdCBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqb2xkX3J0 ZSkKIHsKICAgICB1bnNpZ25lZCBsb25nIGZsYWdzOwogICAgIHUzMiogZW50 cnk7CiAgICAgdTggZGVsaXZlcnlfbW9kZSwgZGVzdCwgdmVjdG9yLCBkZXN0 X21vZGU7Ci0gICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSA9 IGlvYXBpY19ydGU7CiAgICAgaW50IHJlcV9pZDsKICAgICBzcGlubG9ja190 ICpsb2NrOwogICAgIGludCBvZmZzZXQ7CkBAIC0xMzgsNiArMTM4LDE0IEBA IHN0YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2kKICAg ICBzcGluX2xvY2tfaXJxc2F2ZShsb2NrLCBmbGFncyk7CiAKICAgICBvZmZz ZXQgPSBnZXRfaW50cmVtYXBfb2Zmc2V0KHZlY3RvciwgZGVsaXZlcnlfbW9k ZSk7CisgICAgaWYgKCBvbGRfcnRlICkKKyAgICB7CisgICAgICAgIGludCBv bGRfb2Zmc2V0ID0gZ2V0X2ludHJlbWFwX29mZnNldChvbGRfcnRlLT52ZWN0 b3IsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBvbGRfcnRlLT5kZWxpdmVyeV9tb2RlKTsKKworICAgICAgICBpZiAo IG9mZnNldCAhPSBvbGRfb2Zmc2V0ICkKKyAgICAgICAgICAgIGZyZWVfaW50 cmVtYXBfZW50cnkoYmRmLCBvbGRfb2Zmc2V0KTsKKyAgICB9CiAgICAgZW50 cnkgPSAodTMyKilnZXRfaW50cmVtYXBfZW50cnkocmVxX2lkLCBvZmZzZXQp OwogICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeShlbnRyeSwgdmVjdG9yLCBk ZWxpdmVyeV9tb2RlLCBkZXN0X21vZGUsIGRlc3QpOwogCkBAIC0xNzYsNyAr MTg0LDcgQEAgaW50IF9faW5pdCBhbWRfaW9tbXVfc2V0dXBfaW9hcGljX3Jl bWFwcAogICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogCiAgICAgICAgICAg ICAvKiBnZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyBkZXZpY2VzICovCi0gICAg ICAgICAgICBiZGYgPSBpb2FwaWNfYmRmW0lPX0FQSUNfSUQoYXBpYyldOwor ICAgICAgICAgICAgYmRmID0gaW9hcGljX2JkZltJT19BUElDX0lEKGFwaWMp XS5iZGY7CiAgICAgICAgICAgICBpb21tdSA9IGZpbmRfaW9tbXVfZm9yX2Rl dmljZShiZGYpOwogICAgICAgICAgICAgaWYgKCAhaW9tbXUgKQogICAgICAg ICAgICAgewpAQCAtMjA3LDYgKzIxNSw3IEBAIGludCBfX2luaXQgYW1kX2lv bW11X3NldHVwX2lvYXBpY19yZW1hcHAKICAgICAgICAgICAgICAgICBmbHVz aF9jb21tYW5kX2J1ZmZlcihpb21tdSk7CiAgICAgICAgICAgICAgICAgc3Bp bl91bmxvY2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKICAg ICAgICAgICAgIH0KKyAgICAgICAgICAgIHNldF9iaXQocGluLCBpb2FwaWNf YmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCk7CiAgICAgICAgIH0K ICAgICB9CiAgICAgcmV0dXJuIDA7CkBAIC0yMTgsNiArMjI3LDcgQEAgdm9p ZCBhbWRfaW9tbXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAgICAgc3RydWN0IElP X0FQSUNfcm91dGVfZW50cnkgb2xkX3J0ZSA9IHsgMCB9OwogICAgIHN0cnVj dCBJT19BUElDX3JvdXRlX2VudHJ5IG5ld19ydGUgPSB7IDAgfTsKICAgICB1 bnNpZ25lZCBpbnQgcnRlX2xvID0gKHJlZyAmIDEpID8gcmVnIC0gMSA6IHJl ZzsKKyAgICB1bnNpZ25lZCBpbnQgcGluID0gKHJlZyAtIDB4MTApIC8gMjsK ICAgICBpbnQgc2F2ZWRfbWFzaywgYmRmOwogICAgIHN0cnVjdCBhbWRfaW9t bXUgKmlvbW11OwogCkBAIC0yMjgsNyArMjM4LDcgQEAgdm9pZCBhbWRfaW9t bXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAgICAgfQogCiAgICAgLyogZ2V0IGRl dmljZSBpZCBvZiBpb2FwaWMgZGV2aWNlcyAqLwotICAgIGJkZiA9IGlvYXBp Y19iZGZbSU9fQVBJQ19JRChhcGljKV07CisgICAgYmRmID0gaW9hcGljX2Jk ZltJT19BUElDX0lEKGFwaWMpXS5iZGY7CiAgICAgaW9tbXUgPSBmaW5kX2lv bW11X2Zvcl9kZXZpY2UoYmRmKTsKICAgICBpZiAoICFpb21tdSApCiAgICAg ewpAQCAtMjU0LDYgKzI2NCwxNCBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNf dXBkYXRlX2lyZSgKICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRlKSArIDEp ID0gdmFsdWU7CiAgICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1hc2sgJiYK KyAgICAgICAgICF0ZXN0X2JpdChwaW4sIGlvYXBpY19iZGZbSU9fQVBJQ19J RChhcGljKV0ucGluX3NldHVwKSApCisgICAgeworICAgICAgICBBU1NFUlQo c2F2ZWRfbWFzayk7CisgICAgICAgIF9faW9fYXBpY193cml0ZShhcGljLCBy ZWcsIHZhbHVlKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIC8q IG1hc2sgdGhlIGludGVycnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGludHJl bWFwIHRhYmxlICovCiAgICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAgewpA QCAtMjYyLDcgKzI4MCwxMSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBk YXRlX2lyZSgKICAgICB9CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0IHJl bWFwcGluZyBlbnRyeSAqLwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9m cm9tX2lvYXBpYyhiZGYsIGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBkYXRl X2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGljKAorICAgICAgICBiZGYsIGlv bW11LCAmbmV3X3J0ZSwKKyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChwaW4s CisgICAgICAgICAgICAgICAgICAgICAgICAgaW9hcGljX2JkZltJT19BUElD X0lEKGFwaWMpXS5waW5fc2V0dXApID8gJm9sZF9ydGUKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgOiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQgd3JpdGUgYWNj ZXNzIHRvIElPLUFQSUMgUlRFICovCiAgICAgX19pb19hcGljX3dyaXRlKGFw aWMsIHJlZywgdmFsdWUpOwpAQCAtMzczLDYgKzM5NSwxMiBAQCB2b2lkIGFt ZF9pb21tdV9tc2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAgIHJldHVybjsK ICAgICB9CiAKKyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9pbmRleCA+PSAw ICkKKyAgICAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21z Zyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIE5VTEwpOworCisgICAgaWYgKCAh bXNnICkKKyAgICAgICAgcmV0dXJuOworCiAgICAgdXBkYXRlX2ludHJlbWFw X2VudHJ5X2Zyb21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIG1z Zyk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3Bj aV9hbWRfaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9h bWQvcGNpX2FtZF9pb21tdS5jCkBAIC0xOTUsNiArMTk1LDggQEAgaW50IF9f aW5pdCBhbWRfaW92X2RldGVjdCh2b2lkKQogICAgIHsKICAgICAgICAgcHJp bnRrKCJBTUQtVmk6IE5vdCBvdmVycmlkaW5nIGlycV92ZWN0b3JfbWFwIHNl dHRpbmdcbiIpOwogICAgIH0KKyAgICBpZiAoICFhbWRfaW9tbXVfcGVyZGV2 X2ludHJlbWFwICkKKyAgICAgICAgcHJpbnRrKFhFTkxPR19XQVJOSU5HICJB TUQtVmk6IFVzaW5nIGdsb2JhbCBpbnRlcnJ1cHQgcmVtYXAgdGFibGUgaXMg bm90IHJlY29tbWVuZGVkIChzZWUgWFNBLTM2KSFcbiIpOwogICAgIHJldHVy biBzY2FuX3BjaV9kZXZpY2VzKCk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMv cGFzc3Rocm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhy b3VnaC9pb21tdS5jCkBAIC00OSw3ICs0OSw3IEBAIGJvb2xfdCBfX3JlYWRf bW9zdGx5IGlvbW11X3FpbnZhbCA9IDE7CiBib29sX3QgX19yZWFkX21vc3Rs eSBpb21tdV9pbnRyZW1hcCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBp b21tdV9oYXBfcHRfc2hhcmU7CiBib29sX3QgX19yZWFkX21vc3RseSBhbWRf aW9tbXVfZGVidWc7Ci1ib29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVf cGVyZGV2X2ludHJlbWFwOworYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lv bW11X3BlcmRldl9pbnRyZW1hcCA9IDE7CiAKIHN0YXRpYyB2b2lkIF9faW5p dCBwYXJzZV9pb21tdV9wYXJhbShjaGFyICpzKQogewpAQCAtNzgsNiArNzgs OCBAQCBzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfaW9tbXVfcGFyYW0oY2hh CiAgICAgICAgICAgICBhbWRfaW9tbXVfZGVidWcgPSAxOwogICAgICAgICBl bHNlIGlmICggIXN0cmNtcChzLCAiYW1kLWlvbW11LXBlcmRldi1pbnRyZW1h cCIpICkKICAgICAgICAgICAgIGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAg PSAxOworICAgICAgICBlbHNlIGlmICggIXN0cmNtcChzLCAiYW1kLWlvbW11 LWdsb2JhbC1pbnRyZW1hcCIpICkKKyAgICAgICAgICAgIGFtZF9pb21tdV9w ZXJkZXZfaW50cmVtYXAgPSAwOwogICAgICAgICBlbHNlIGlmICggIXN0cmNt cChzLCAiZG9tMC1wYXNzdGhyb3VnaCIpICkKICAgICAgICAgICAgIGlvbW11 X3Bhc3N0aHJvdWdoID0gMTsKICAgICAgICAgZWxzZSBpZiAoICFzdHJjbXAo cywgImRvbTAtc3RyaWN0IikgKQotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2 L2h2bS9zdm0vYW1kLWlvbW11LXByb3RvLmgKKysrIGIveGVuL2luY2x1ZGUv YXNtLXg4Ni9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oCkBAIC04OCw2ICs4 OCwxMSBAQCB2b2lkIGFtZF9pb21tdV9yZWFkX21zaV9mcm9tX2lyZSgKIHVu c2lnbmVkIGludCBhbWRfaW9tbXVfcmVhZF9pb2FwaWNfZnJvbV9pcmUoCiAg ICAgdW5zaWduZWQgaW50IGFwaWMsIHVuc2lnbmVkIGludCByZWcpOwogCitl eHRlcm4gc3RydWN0IGlvYXBpY19iZGYgeworICAgIHUxNiBiZGY7CisgICAg dW5zaWduZWQgbG9uZyAqcGluX3NldHVwOworfSBpb2FwaWNfYmRmW107CisK IC8qIHBvd2VyIG1hbmFnZW1lbnQgc3VwcG9ydCAqLwogdm9pZCBhbWRfaW9t bXVfcmVzdW1lKHZvaWQpOwogdm9pZCBhbWRfaW9tbXVfc3VzcGVuZCh2b2lk KTsK --=separator Content-Type: application/octet-stream; name="xsa36-4.2.patch" Content-Disposition: attachment; filename="xsa36-4.2.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgpBTUQg SU9NTVU6IGFsc28gc3BvdCBtaXNzaW5nIElPLUFQSUMgZW50cmllcyBpbiBJ VlJTIHRhYmxlCgpBcGFydCBmcm9tIGRlYWxpbmcgZHVwbGljYXRlIGNvbmZs aWN0aW5nIGVudHJpZXMsIHdlIGFsc28gaGF2ZSB0bwpoYW5kbGUgZmlybXdh cmUgb21pdHRpbmcgSU8tQVBJQyBlbnRyaWVzIGluIElWUlMgYWx0b2dldGhl ci4gTm90IGRvaW5nCnNvIGhhcyByZXN1bHRlZCBpbiBjL3MgMjY1MTc6NjAx MTM5ZTJiMGRiIHRvIGNyYXNoIHN1Y2ggc3lzdGVtcyBkdXJpbmcKYm9vdCAo d2hlcmVhcyB3aXRoIHRoZSBjaGFuZ2UgaGVyZSB0aGUgSU9NTVUgZ2V0cyBk aXNhYmxlZCBqdXN0IGFzIGlzCmJlaW5nIGRvbmUgaW4gdGhlIG90aGVyIGNh c2VzLCBpLmUuIHVubGVzcyBnbG9iYWwgdGFibGVzIGFyZSBiZWluZwp1c2Vk KS4KCkRlYnVnZ2luZyB0aGlzIGlzc3VlIGhhcyBhbHNvIHBvaW50ZWQgb3V0 IHRoYXQgdGhlIGRlYnVnIGxvZyBvdXRwdXQgaXMKcHJldHR5IHVnbHkgdG8g bG9vayBhdCAtIGNvbnNvbGlkYXRlIHRoZSBvdXRwdXQsIGFuZCBhZGQgb25l IGV4dHJhCml0ZW0gZm9yIHRoZSBJVkhEIHNwZWNpYWwgZW50cmllcywgc28g dGhhdCBmdXR1cmUgaXNzdWVzIGFyZSBlYXNpZXIKdG8gYW5hbHl6ZS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K VGVzdGVkLWJ5OiBTYW5kZXIgRWlrZWxlbmJvb20gPGxpbnV4QGVpa2VsZW5i b29tLml0PgoKLS0tIGEveGVuL2FyY2gveDg2L2lycS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9pcnEuYwpAQCAtMTk0Miw5ICsxOTQyLDYgQEAgaW50IG1hcF9k b21haW5fcGlycSgKICAgICAgICAgc3Bpbl9sb2NrX2lycXNhdmUoJmRlc2Mt PmxvY2ssIGZsYWdzKTsKICAgICAgICAgc2V0X2RvbWFpbl9pcnFfcGlycShk LCBpcnEsIGluZm8pOwogICAgICAgICBzcGluX3VubG9ja19pcnFyZXN0b3Jl KCZkZXNjLT5sb2NrLCBmbGFncyk7Ci0KLSAgICAgICAgaWYgKCBvcHRfaXJx X3ZlY3Rvcl9tYXAgPT0gT1BUX0lSUV9WRUNUT1JfTUFQX1BFUkRFViApCi0g ICAgICAgICAgICBwcmludGsoWEVOTE9HX0lORk8gIlBlci1kZXZpY2UgdmVj dG9yIG1hcHMgZm9yIEdTSXMgbm90IGltcGxlbWVudGVkIHlldC5cbiIpOwog ICAgIH0KIAogZG9uZToKLS0tIGEveGVuL2RyaXZlcnMvYWNwaS90YWJsZXMu YworKysgYi94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCkBAIC0yNjcsNyAr MjY3LDcgQEAgYWNwaV90YWJsZV9wYXJzZV9tYWR0KGVudW0gYWNwaV9tYWR0 X3R5cAogICogQGhhbmRsZXI6IGhhbmRsZXIgdG8gcnVuCiAgKgogICogU2Nh biB0aGUgQUNQSSBTeXN0ZW0gRGVzY3JpcHRvciBUYWJsZSAoU1REKSBmb3Ig YSB0YWJsZSBtYXRjaGluZyBAaWQsCi0gKiBydW4gQGhhbmRsZXIgb24gaXQu ICBSZXR1cm4gMCBpZiB0YWJsZSBmb3VuZCwgcmV0dXJuIG9uIGlmIG5vdC4K KyAqIHJ1biBAaGFuZGxlciBvbiBpdC4KICAqLwogaW50IF9faW5pdCBhY3Bp X3RhYmxlX3BhcnNlKGNoYXIgKmlkLCBhY3BpX3RhYmxlX2hhbmRsZXIgaGFu ZGxlcikKIHsKQEAgLTI4Miw4ICsyODIsNyBAQCBpbnQgX19pbml0IGFjcGlf dGFibGVfcGFyc2UoY2hhciAqaWQsIGFjCiAJCWFjcGlfZ2V0X3RhYmxlKGlk LCAwLCAmdGFibGUpOwogCiAJaWYgKHRhYmxlKSB7Ci0JCWhhbmRsZXIodGFi bGUpOwotCQlyZXR1cm4gMDsKKwkJcmV0dXJuIGhhbmRsZXIodGFibGUpOwog CX0gZWxzZQogCQlyZXR1cm4gMTsKIH0KLS0tIGEveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X2FjcGkuYworKysgYi94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvaW9tbXVfYWNwaS5jCkBAIC0yMiw2ICsyMiw3IEBA CiAjaW5jbHVkZSA8eGVuL2Vycm5vLmg+CiAjaW5jbHVkZSA8eGVuL2FjcGku aD4KICNpbmNsdWRlIDxhc20vYXBpY2RlZi5oPgorI2luY2x1ZGUgPGFzbS9p b19hcGljLmg+CiAjaW5jbHVkZSA8YXNtL2FtZC1pb21tdS5oPgogI2luY2x1 ZGUgPGFzbS9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oPgogCkBAIC02MzUs NiArNjM2LDcgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZp Y2Vfc3BlYwogICAgIHUxNiBoZWFkZXJfbGVuZ3RoLCB1MTYgYmxvY2tfbGVu Z3RoLCBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSkKIHsKICAgICB1MTYgZGV2 X2xlbmd0aCwgYmRmOworICAgIGludCBhcGljOwogCiAgICAgZGV2X2xlbmd0 aCA9IHNpemVvZigqc3BlY2lhbCk7CiAgICAgaWYgKCBoZWFkZXJfbGVuZ3Ro IDwgKGJsb2NrX2xlbmd0aCArIGRldl9sZW5ndGgpICkKQEAgLTY1MSwxMCAr NjUzLDU5IEBAIHN0YXRpYyB1MTYgX19pbml0IHBhcnNlX2l2aGRfZGV2aWNl X3NwZWMKICAgICB9CiAKICAgICBhZGRfaXZyc19tYXBwaW5nX2VudHJ5KGJk ZiwgYmRmLCBzcGVjaWFsLT5oZWFkZXIuZGF0YV9zZXR0aW5nLCBpb21tdSk7 Ci0gICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMgKi8KLSAgICBpb2Fw aWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLmJkZiA9IGJkZjsKLSAgICBpb2Fw aWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLnNlZyA9IHNlZzsKLSAgICByZXR1 cm4gZGV2X2xlbmd0aDsKKworICAgIGlmICggc3BlY2lhbC0+dmFyaWV0eSAh PSBBQ1BJX0lWSERfSU9BUElDICkKKyAgICB7CisgICAgICAgIGlmICggc3Bl Y2lhbC0+dmFyaWV0eSAhPSBBQ1BJX0lWSERfSFBFVCApCisgICAgICAgICAg ICBwcmludGsoWEVOTE9HX0VSUiAiVW5yZWNvZ25pemVkIElWSEQgc3BlY2lh bCB2YXJpZXR5ICUjeFxuIiwKKyAgICAgICAgICAgICAgICAgICBzcGVjaWFs LT52YXJpZXR5KTsKKyAgICAgICAgcmV0dXJuIGRldl9sZW5ndGg7CisgICAg fQorCisgICAgLyoKKyAgICAgKiBTb21lIEJJT1NlcyBoYXZlIElPQVBJQyBi cm9rZW4gZW50cmllcyBzbyB3ZSBjaGVjayBmb3IgSVZSUworICAgICAqIGNv bnNpc3RlbmN5IGhlcmUgLS0tIHdoZXRoZXIgZW50cnkncyBJT0FQSUMgSUQg aXMgdmFsaWQgYW5kCisgICAgICogd2hldGhlciB0aGVyZSBhcmUgY29uZmxp Y3RpbmcvZHVwbGljYXRlZCBlbnRyaWVzLgorICAgICAqLworICAgIGZvciAo IGFwaWMgPSAwOyBhcGljIDwgbnJfaW9hcGljczsgYXBpYysrICkKKyAgICB7 CisgICAgICAgIGlmICggSU9fQVBJQ19JRChhcGljKSAhPSBzcGVjaWFsLT5o YW5kbGUgKQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgaWYg KCBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLnBpbl9zZXR1cCApCisg ICAgICAgIHsKKyAgICAgICAgICAgIGlmICggaW9hcGljX3NiZGZbc3BlY2lh bC0+aGFuZGxlXS5iZGYgPT0gYmRmICYmCisgICAgICAgICAgICAgICAgIGlv YXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0uc2VnID09IHNlZyApCisgICAg ICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJVkhEIFdhcm5pbmc6IER1 cGxpY2F0ZSBJTy1BUElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBzcGVjaWFsLT5oYW5kbGUpOworICAgICAg ICAgICAgZWxzZQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBDb25mbGljdGluZyBJTy1B UElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAgICAgICAgICAgICAgICBz cGVjaWFsLT5oYW5kbGUpOworICAgICAgICAgICAgICAgIGlmICggYW1kX2lv bW11X3BlcmRldl9pbnRyZW1hcCApCisgICAgICAgICAgICAgICAgICAgIHJl dHVybiAwOworICAgICAgICAgICAgfQorICAgICAgICB9CisgICAgICAgIGVs c2UKKyAgICAgICAgeworICAgICAgICAgICAgLyogc2V0IGRldmljZSBpZCBv ZiBpb2FwaWMgKi8KKyAgICAgICAgICAgIGlvYXBpY19zYmRmW3NwZWNpYWwt PmhhbmRsZV0uYmRmID0gYmRmOworICAgICAgICAgICAgaW9hcGljX3NiZGZb c3BlY2lhbC0+aGFuZGxlXS5zZWcgPSBzZWc7CisKKyAgICAgICAgICAgIGlv YXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0ucGluX3NldHVwID0geHphbGxv Y19hcnJheSgKKyAgICAgICAgICAgICAgICB1bnNpZ25lZCBsb25nLCBCSVRT X1RPX0xPTkdTKG5yX2lvYXBpY19lbnRyaWVzW2FwaWNdKSk7CisgICAgICAg ICAgICBpZiAoIG5yX2lvYXBpY19lbnRyaWVzW2FwaWNdICYmCisgICAgICAg ICAgICAgICAgICFpb2FwaWNfc2JkZltJT19BUElDX0lEKGFwaWMpXS5waW5f c2V0dXAgKQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIHByaW50 ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBPdXQgb2YgbWVtb3J5XG4iKTsK KyAgICAgICAgICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgICAgIH0KKyAg ICAgICAgfQorICAgICAgICByZXR1cm4gZGV2X2xlbmd0aDsKKyAgICB9CisK KyAgICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogSW52YWxpZCBJ Ty1BUElDICUjeFxuIiwgc3BlY2lhbC0+aGFuZGxlKTsKKyAgICByZXR1cm4g MDsKIH0KIAogc3RhdGljIGludCBfX2luaXQgcGFyc2VfaXZoZF9ibG9jayhj b25zdCBzdHJ1Y3QgYWNwaV9pdnJzX2hhcmR3YXJlICppdmhkX2Jsb2NrKQpA QCAtODE4LDYgKzg2OSw3IEBAIHN0YXRpYyBpbnQgX19pbml0IHBhcnNlX2l2 cnNfdGFibGUoc3RydWMKIHsKICAgICBjb25zdCBzdHJ1Y3QgYWNwaV9pdnJz X2hlYWRlciAqaXZyc19ibG9jazsKICAgICB1bnNpZ25lZCBsb25nIGxlbmd0 aDsKKyAgICB1bnNpZ25lZCBpbnQgYXBpYzsKICAgICBpbnQgZXJyb3IgPSAw OwogCiAgICAgQlVHX09OKCF0YWJsZSk7CkBAIC04NTAsNiArOTAyLDI5IEBA IHN0YXRpYyBpbnQgX19pbml0IHBhcnNlX2l2cnNfdGFibGUoc3RydWMKICAg ICAgICAgbGVuZ3RoICs9IGl2cnNfYmxvY2stPmxlbmd0aDsKICAgICB9CiAK KyAgICAvKiBFYWNoIElPLUFQSUMgbXVzdCBoYXZlIGJlZW4gbWVudGlvbmVk IGluIHRoZSB0YWJsZS4gKi8KKyAgICBmb3IgKCBhcGljID0gMDsgIWVycm9y ICYmIGFwaWMgPCBucl9pb2FwaWNzOyArK2FwaWMgKQorICAgIHsKKyAgICAg ICAgaWYgKCAhbnJfaW9hcGljX2VudHJpZXNbYXBpY10gfHwKKyAgICAgICAg ICAgICBpb2FwaWNfc2JkZltJT19BUElDX0lEKGFwaWMpXS5waW5fc2V0dXAg KQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgcHJpbnRrKFhF TkxPR19FUlIgIklWSEQgRXJyb3I6IG5vIGluZm9ybWF0aW9uIGZvciBJTy1B UElDICUjeFxuIiwKKyAgICAgICAgICAgICAgIElPX0FQSUNfSUQoYXBpYykp OworICAgICAgICBpZiAoIGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAgKQor ICAgICAgICAgICAgZXJyb3IgPSAtRU5YSU87CisgICAgICAgIGVsc2UKKyAg ICAgICAgeworICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChh cGljKV0ucGluX3NldHVwID0geHphbGxvY19hcnJheSgKKyAgICAgICAgICAg ICAgICB1bnNpZ25lZCBsb25nLCBCSVRTX1RPX0xPTkdTKG5yX2lvYXBpY19l bnRyaWVzW2FwaWNdKSk7CisgICAgICAgICAgICBpZiAoICFpb2FwaWNfc2Jk ZltJT19BUElDX0lEKGFwaWMpXS5waW5fc2V0dXAgKQorICAgICAgICAgICAg eworICAgICAgICAgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVy cm9yOiBPdXQgb2YgbWVtb3J5XG4iKTsKKyAgICAgICAgICAgICAgICBlcnJv ciA9IC1FTk9NRU07CisgICAgICAgICAgICB9CisgICAgICAgIH0KKyAgICB9 CisKICAgICByZXR1cm4gZXJyb3I7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMv cGFzc3Rocm91Z2gvYW1kL2lvbW11X2luaXQuYworKysgYi94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW5pdC5jCkBAIC0xMTI2LDEyICsx MTI2LDQ1IEBAIHN0YXRpYyBpbnQgX19pbml0IGFtZF9pb21tdV9zZXR1cF9k ZXZpY2UKICAgICByZXR1cm4gMDsKIH0KIAorLyogQ2hlY2sgd2hldGhlciBT UDUxMDAgU0FUQSBDb21iaW5lZCBtb2RlIGlzIG9uICovCitzdGF0aWMgYm9v bF90IF9faW5pdCBhbWRfc3A1MTAwX2VycmF0dW0yOCh2b2lkKQoreworICAg IHUzMiBidXMsIGlkOworICAgIHUxNiB2ZW5kb3JfaWQsIGRldl9pZDsKKyAg ICB1OCBieXRlOworCisgICAgZm9yIChidXMgPSAwOyBidXMgPCAyNTY7IGJ1 cysrKQorICAgIHsKKyAgICAgICAgaWQgPSBwY2lfY29uZl9yZWFkMzIoMCwg YnVzLCAweDE0LCAwLCBQQ0lfVkVORE9SX0lEKTsKKworICAgICAgICB2ZW5k b3JfaWQgPSBpZCAmIDB4ZmZmZjsKKyAgICAgICAgZGV2X2lkID0gKGlkID4+ IDE2KSAmIDB4ZmZmZjsKKworICAgICAgICAvKiBTUDUxMDAgU01CdXMgbW9k dWxlIHNldHMgQ29tYmluZWQgbW9kZSBvbiAqLworICAgICAgICBpZiAodmVu ZG9yX2lkICE9IDB4MTAwMiB8fCBkZXZfaWQgIT0gMHg0Mzg1KQorICAgICAg ICAgICAgY29udGludWU7CisKKyAgICAgICAgYnl0ZSA9IHBjaV9jb25mX3Jl YWQ4KDAsIGJ1cywgMHgxNCwgMCwgMHhhZCk7CisgICAgICAgIGlmICggKGJ5 dGUgPj4gMykgJiAxICkKKyAgICAgICAgeworICAgICAgICAgICAgcHJpbnRr KFhFTkxPR19XQVJOSU5HICJBTUQtVmk6IFNQNTEwMCBlcnJhdHVtIDI4IGRl dGVjdGVkLCBkaXNhYmxpbmcgSU9NTVUuXG4iCisgICAgICAgICAgICAgICAg ICAgIklmIHBvc3NpYmxlLCBkaXNhYmxlIFNBVEEgQ29tYmluZWQgbW9kZSBp biBCSU9TIG9yIGNvbnRhY3QgeW91ciB2ZW5kb3IgZm9yIEJJT1MgdXBkYXRl LlxuIik7CisgICAgICAgICAgICByZXR1cm4gMTsKKyAgICAgICAgfQorICAg IH0KKworICAgIHJldHVybiAwOworfQorCiBpbnQgX19pbml0IGFtZF9pb21t dV9pbml0KHZvaWQpCiB7CiAgICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXU7 CiAKICAgICBCVUdfT04oICFpb21tdV9mb3VuZCgpICk7CiAKKyAgICBpZiAo IGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAgJiYgYW1kX3NwNTEwMF9lcnJh dHVtMjgoKSApCisgICAgICAgIGdvdG8gZXJyb3Jfb3V0OworCiAgICAgaXZy c19iZGZfZW50cmllcyA9IGFtZF9pb21tdV9nZXRfaXZyc19kZXZfZW50cmll cygpOwogCiAgICAgaWYgKCAhaXZyc19iZGZfZW50cmllcyApCi0tLSBhL3hl bi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbnRyLmMKKysrIGIv eGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X2ludHIuYwpAQCAt OTksMTIgKzk5LDEyIEBAIHN0YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9l bnRyeSh1MzIqIGUKIHN0YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRy eV9mcm9tX2lvYXBpYygKICAgICBpbnQgYmRmLAogICAgIHN0cnVjdCBhbWRf aW9tbXUgKmlvbW11LAotICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5 ICppb2FwaWNfcnRlKQorICAgIGNvbnN0IHN0cnVjdCBJT19BUElDX3JvdXRl X2VudHJ5ICpydGUsCisgICAgY29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVf ZW50cnkgKm9sZF9ydGUpCiB7CiAgICAgdW5zaWduZWQgbG9uZyBmbGFnczsK ICAgICB1MzIqIGVudHJ5OwogICAgIHU4IGRlbGl2ZXJ5X21vZGUsIGRlc3Qs IHZlY3RvciwgZGVzdF9tb2RlOwotICAgIHN0cnVjdCBJT19BUElDX3JvdXRl X2VudHJ5ICpydGUgPSBpb2FwaWNfcnRlOwogICAgIGludCByZXFfaWQ7CiAg ICAgc3BpbmxvY2tfdCAqbG9jazsKICAgICBpbnQgb2Zmc2V0OwpAQCAtMTIw LDYgKzEyMCwxNCBAQCBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50 cnlfZnJvbV9pCiAgICAgc3Bpbl9sb2NrX2lycXNhdmUobG9jaywgZmxhZ3Mp OwogCiAgICAgb2Zmc2V0ID0gZ2V0X2ludHJlbWFwX29mZnNldCh2ZWN0b3Is IGRlbGl2ZXJ5X21vZGUpOworICAgIGlmICggb2xkX3J0ZSApCisgICAgewor ICAgICAgICBpbnQgb2xkX29mZnNldCA9IGdldF9pbnRyZW1hcF9vZmZzZXQo b2xkX3J0ZS0+dmVjdG9yLAorICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgb2xkX3J0ZS0+ZGVsaXZlcnlfbW9kZSk7CisK KyAgICAgICAgaWYgKCBvZmZzZXQgIT0gb2xkX29mZnNldCApCisgICAgICAg ICAgICBmcmVlX2ludHJlbWFwX2VudHJ5KGlvbW11LT5zZWcsIGJkZiwgb2xk X29mZnNldCk7CisgICAgfQogICAgIGVudHJ5ID0gKHUzMiopZ2V0X2ludHJl bWFwX2VudHJ5KGlvbW11LT5zZWcsIHJlcV9pZCwgb2Zmc2V0KTsKICAgICB1 cGRhdGVfaW50cmVtYXBfZW50cnkoZW50cnksIHZlY3RvciwgZGVsaXZlcnlf bW9kZSwgZGVzdF9tb2RlLCBkZXN0KTsKIApAQCAtMTg4LDYgKzE5Niw3IEBA IGludCBfX2luaXQgYW1kX2lvbW11X3NldHVwX2lvYXBpY19yZW1hcHAKICAg ICAgICAgICAgICAgICBhbWRfaW9tbXVfZmx1c2hfaW50cmVtYXAoaW9tbXUs IHJlcV9pZCk7CiAgICAgICAgICAgICAgICAgc3Bpbl91bmxvY2tfaXJxcmVz dG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKICAgICAgICAgICAgIH0KKyAg ICAgICAgICAgIHNldF9iaXQocGluLCBpb2FwaWNfc2JkZltJT19BUElDX0lE KGFwaWMpXS5waW5fc2V0dXApOwogICAgICAgICB9CiAgICAgfQogICAgIHJl dHVybiAwOwpAQCAtMTk5LDYgKzIwOCw3IEBAIHZvaWQgYW1kX2lvbW11X2lv YXBpY191cGRhdGVfaXJlKAogICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2Vu dHJ5IG9sZF9ydGUgPSB7IDAgfTsKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0 ZV9lbnRyeSBuZXdfcnRlID0geyAwIH07CiAgICAgdW5zaWduZWQgaW50IHJ0 ZV9sbyA9IChyZWcgJiAxKSA/IHJlZyAtIDEgOiByZWc7CisgICAgdW5zaWdu ZWQgaW50IHBpbiA9IChyZWcgLSAweDEwKSAvIDI7CiAgICAgaW50IHNhdmVk X21hc2ssIHNlZywgYmRmOwogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11 OwogCkBAIC0yMzYsNiArMjQ2LDE0IEBAIHZvaWQgYW1kX2lvbW11X2lvYXBp Y191cGRhdGVfaXJlKAogICAgICAgICAqKCgodTMyICopJm5ld19ydGUpICsg MSkgPSB2YWx1ZTsKICAgICB9CiAKKyAgICBpZiAoIG5ld19ydGUubWFzayAm JgorICAgICAgICAgIXRlc3RfYml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJ Q19JRChhcGljKV0ucGluX3NldHVwKSApCisgICAgeworICAgICAgICBBU1NF UlQoc2F2ZWRfbWFzayk7CisgICAgICAgIF9faW9fYXBpY193cml0ZShhcGlj LCByZWcsIHZhbHVlKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAg IC8qIG1hc2sgdGhlIGludGVycnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGlu dHJlbWFwIHRhYmxlICovCiAgICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAg ewpAQCAtMjQ0LDcgKzI2MiwxMSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNf dXBkYXRlX2lyZSgKICAgICB9CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0 IHJlbWFwcGluZyBlbnRyeSAqLwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRy eV9mcm9tX2lvYXBpYyhiZGYsIGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBk YXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGljKAorICAgICAgICBiZGYs IGlvbW11LCAmbmV3X3J0ZSwKKyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChw aW4sCisgICAgICAgICAgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9f QVBJQ19JRChhcGljKV0ucGluX3NldHVwKSA/ICZvbGRfcnRlCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA6IE5VTEwpOwogCiAgICAgLyogRm9yd2FyZCB3cml0 ZSBhY2Nlc3MgdG8gSU8tQVBJQyBSVEUgKi8KICAgICBfX2lvX2FwaWNfd3Jp dGUoYXBpYywgcmVnLCB2YWx1ZSk7CkBAIC0zNTQsNiArMzc2LDEyIEBAIHZv aWQgYW1kX2lvbW11X21zaV9tc2dfdXBkYXRlX2lyZSgKICAgICAgICAgcmV0 dXJuOwogICAgIH0KIAorICAgIGlmICggbXNpX2Rlc2MtPnJlbWFwX2luZGV4 ID49IDAgKQorICAgICAgICB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9t c2lfbXNnKGlvbW11LCBwZGV2LCBtc2lfZGVzYywgTlVMTCk7CisKKyAgICBp ZiAoICFtc2cgKQorICAgICAgICByZXR1cm47CisKICAgICB1cGRhdGVfaW50 cmVtYXBfZW50cnlfZnJvbV9tc2lfbXNnKGlvbW11LCBwZGV2LCBtc2lfZGVz YywgbXNnKTsKIH0KIAotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9h bWQvcGNpX2FtZF9pb21tdS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJv dWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKQEAgLTIwNSw2ICsyMDUsOCBAQCBp bnQgX19pbml0IGFtZF9pb3ZfZGV0ZWN0KHZvaWQpCiAgICAgewogICAgICAg ICBwcmludGsoIkFNRC1WaTogTm90IG92ZXJyaWRpbmcgaXJxX3ZlY3Rvcl9t YXAgc2V0dGluZ1xuIik7CiAgICAgfQorICAgIGlmICggIWFtZF9pb21tdV9w ZXJkZXZfaW50cmVtYXAgKQorICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5J TkcgIkFNRC1WaTogVXNpbmcgZ2xvYmFsIGludGVycnVwdCByZW1hcCB0YWJs ZSBpcyBub3QgcmVjb21tZW5kZWQgKHNlZSBYU0EtMzYpIVxuIik7CiAgICAg cmV0dXJuIHNjYW5fcGNpX2RldmljZXMoKTsKIH0KIAotLS0gYS94ZW4vZHJp dmVycy9wYXNzdGhyb3VnaC9pb21tdS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bh c3N0aHJvdWdoL2lvbW11LmMKQEAgLTUyLDcgKzUyLDcgQEAgYm9vbF90IF9f cmVhZF9tb3N0bHkgaW9tbXVfcWludmFsID0gMTsKIGJvb2xfdCBfX3JlYWRf bW9zdGx5IGlvbW11X2ludHJlbWFwID0gMTsKIGJvb2xfdCBfX3JlYWRfbW9z dGx5IGlvbW11X2hhcF9wdF9zaGFyZSA9IDE7CiBib29sX3QgX19yZWFkX21v c3RseSBpb21tdV9kZWJ1ZzsKLWJvb2xfdCBfX3JlYWRfbW9zdGx5IGFtZF9p b21tdV9wZXJkZXZfaW50cmVtYXA7Citib29sX3QgX19yZWFkX21vc3RseSBh bWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwID0gMTsKIAogREVGSU5FX1BFUl9D UFUoYm9vbF90LCBpb21tdV9kb250X2ZsdXNoX2lvdGxiKTsKIAotLS0gYS94 ZW4vaW5jbHVkZS9hc20teDg2L2h2bS9zdm0vYW1kLWlvbW11LXByb3RvLmgK KysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9odm0vc3ZtL2FtZC1pb21tdS1w cm90by5oCkBAIC0xMDAsNiArMTAwLDcgQEAgdm9pZCBhbWRfaW9tbXVfcmVh ZF9tc2lfZnJvbV9pcmUoCiAKIGV4dGVybiBzdHJ1Y3QgaW9hcGljX3NiZGYg ewogICAgIHUxNiBiZGYsIHNlZzsKKyAgICB1bnNpZ25lZCBsb25nICpwaW5f c2V0dXA7CiB9IGlvYXBpY19zYmRmW01BWF9JT19BUElDU107CiBleHRlcm4g dm9pZCAqc2hhcmVkX2ludHJlbWFwX3RhYmxlOwogCg== --=separator Content-Type: application/octet-stream; name="xsa36-unstable.patch" Content-Disposition: attachment; filename="xsa36-unstable.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgpBTUQg SU9NTVU6IGFsc28gc3BvdCBtaXNzaW5nIElPLUFQSUMgZW50cmllcyBpbiBJ VlJTIHRhYmxlCgpBcGFydCBmcm9tIGRlYWxpbmcgZHVwbGljYXRlIGNvbmZs aWN0aW5nIGVudHJpZXMsIHdlIGFsc28gaGF2ZSB0bwpoYW5kbGUgZmlybXdh cmUgb21pdHRpbmcgSU8tQVBJQyBlbnRyaWVzIGluIElWUlMgYWx0b2dldGhl ci4gTm90IGRvaW5nCnNvIGhhcyByZXN1bHRlZCBpbiBjL3MgMjY1MTc6NjAx MTM5ZTJiMGRiIHRvIGNyYXNoIHN1Y2ggc3lzdGVtcyBkdXJpbmcKYm9vdCAo d2hlcmVhcyB3aXRoIHRoZSBjaGFuZ2UgaGVyZSB0aGUgSU9NTVUgZ2V0cyBk aXNhYmxlZCBqdXN0IGFzIGlzCmJlaW5nIGRvbmUgaW4gdGhlIG90aGVyIGNh c2VzLCBpLmUuIHVubGVzcyBnbG9iYWwgdGFibGVzIGFyZSBiZWluZwp1c2Vk KS4KCkRlYnVnZ2luZyB0aGlzIGlzc3VlIGhhcyBhbHNvIHBvaW50ZWQgb3V0 IHRoYXQgdGhlIGRlYnVnIGxvZyBvdXRwdXQgaXMKcHJldHR5IHVnbHkgdG8g bG9vayBhdCAtIGNvbnNvbGlkYXRlIHRoZSBvdXRwdXQsIGFuZCBhZGQgb25l IGV4dHJhCml0ZW0gZm9yIHRoZSBJVkhEIHNwZWNpYWwgZW50cmllcywgc28g dGhhdCBmdXR1cmUgaXNzdWVzIGFyZSBlYXNpZXIKdG8gYW5hbHl6ZS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K VGVzdGVkLWJ5OiBTYW5kZXIgRWlrZWxlbmJvb20gPGxpbnV4QGVpa2VsZW5i b29tLml0PgoKLS0tIGEveGVuL2FyY2gveDg2L2lycS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9pcnEuYwpAQCAtMTk0Myw5ICsxOTQzLDYgQEAgaW50IG1hcF9k b21haW5fcGlycSgKICAgICAgICAgc3Bpbl9sb2NrX2lycXNhdmUoJmRlc2Mt PmxvY2ssIGZsYWdzKTsKICAgICAgICAgc2V0X2RvbWFpbl9pcnFfcGlycShk LCBpcnEsIGluZm8pOwogICAgICAgICBzcGluX3VubG9ja19pcnFyZXN0b3Jl KCZkZXNjLT5sb2NrLCBmbGFncyk7Ci0KLSAgICAgICAgaWYgKCBvcHRfaXJx X3ZlY3Rvcl9tYXAgPT0gT1BUX0lSUV9WRUNUT1JfTUFQX1BFUkRFViApCi0g ICAgICAgICAgICBwcmludGsoWEVOTE9HX0lORk8gIlBlci1kZXZpY2UgdmVj dG9yIG1hcHMgZm9yIEdTSXMgbm90IGltcGxlbWVudGVkIHlldC5cbiIpOwog ICAgIH0KIAogZG9uZToKLS0tIGEveGVuL2RyaXZlcnMvYWNwaS90YWJsZXMu YworKysgYi94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCkBAIC0yNjUsNyAr MjY1LDcgQEAgYWNwaV90YWJsZV9wYXJzZV9tYWR0KGVudW0gYWNwaV9tYWR0 X3R5cAogICogQGhhbmRsZXI6IGhhbmRsZXIgdG8gcnVuCiAgKgogICogU2Nh biB0aGUgQUNQSSBTeXN0ZW0gRGVzY3JpcHRvciBUYWJsZSAoU1REKSBmb3Ig YSB0YWJsZSBtYXRjaGluZyBAaWQsCi0gKiBydW4gQGhhbmRsZXIgb24gaXQu ICBSZXR1cm4gMCBpZiB0YWJsZSBmb3VuZCwgcmV0dXJuIG9uIGlmIG5vdC4K KyAqIHJ1biBAaGFuZGxlciBvbiBpdC4KICAqLwogaW50IF9faW5pdCBhY3Bp X3RhYmxlX3BhcnNlKGNoYXIgKmlkLCBhY3BpX3RhYmxlX2hhbmRsZXIgaGFu ZGxlcikKIHsKQEAgLTI4MCw4ICsyODAsNyBAQCBpbnQgX19pbml0IGFjcGlf dGFibGVfcGFyc2UoY2hhciAqaWQsIGFjCiAJCWFjcGlfZ2V0X3RhYmxlKGlk LCAwLCAmdGFibGUpOwogCiAJaWYgKHRhYmxlKSB7Ci0JCWhhbmRsZXIodGFi bGUpOwotCQlyZXR1cm4gMDsKKwkJcmV0dXJuIGhhbmRsZXIodGFibGUpOwog CX0gZWxzZQogCQlyZXR1cm4gMTsKIH0KLS0tIGEveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X2FjcGkuYworKysgYi94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvaW9tbXVfYWNwaS5jCkBAIC0yMiw2ICsyMiw3IEBA CiAjaW5jbHVkZSA8eGVuL2Vycm5vLmg+CiAjaW5jbHVkZSA8eGVuL2FjcGku aD4KICNpbmNsdWRlIDxhc20vYXBpY2RlZi5oPgorI2luY2x1ZGUgPGFzbS9p b19hcGljLmg+CiAjaW5jbHVkZSA8YXNtL2FtZC1pb21tdS5oPgogI2luY2x1 ZGUgPGFzbS9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oPgogCkBAIC02Mzcs NiArNjM4LDcgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZp Y2Vfc3BlYwogICAgIHUxNiBoZWFkZXJfbGVuZ3RoLCB1MTYgYmxvY2tfbGVu Z3RoLCBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSkKIHsKICAgICB1MTYgZGV2 X2xlbmd0aCwgYmRmOworICAgIGludCBhcGljOwogCiAgICAgZGV2X2xlbmd0 aCA9IHNpemVvZigqc3BlY2lhbCk7CiAgICAgaWYgKCBoZWFkZXJfbGVuZ3Ro IDwgKGJsb2NrX2xlbmd0aCArIGRldl9sZW5ndGgpICkKQEAgLTY1Nyw5ICs2 NTksNTMgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZpY2Vf c3BlYwogICAgIHN3aXRjaCAoIHNwZWNpYWwtPnZhcmlldHkgKQogICAgIHsK ICAgICBjYXNlIEFDUElfSVZIRF9JT0FQSUM6Ci0gICAgLyogc2V0IGRldmlj ZSBpZCBvZiBpb2FwaWMgKi8KLSAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lh bC0+aGFuZGxlXS5iZGYgPSBiZGY7Ci0gICAgICAgIGlvYXBpY19zYmRmW3Nw ZWNpYWwtPmhhbmRsZV0uc2VnID0gc2VnOworICAgICAgICAvKgorICAgICAg ICAgKiBTb21lIEJJT1NlcyBoYXZlIElPQVBJQyBicm9rZW4gZW50cmllcyBz byB3ZSBjaGVjayBmb3IgSVZSUworICAgICAgICAgKiBjb25zaXN0ZW5jeSBo ZXJlIC0tLSB3aGV0aGVyIGVudHJ5J3MgSU9BUElDIElEIGlzIHZhbGlkIGFu ZAorICAgICAgICAgKiB3aGV0aGVyIHRoZXJlIGFyZSBjb25mbGljdGluZy9k dXBsaWNhdGVkIGVudHJpZXMuCisgICAgICAgICAqLworICAgICAgICBmb3Ig KCBhcGljID0gMDsgYXBpYyA8IG5yX2lvYXBpY3M7IGFwaWMrKyApCisgICAg ICAgIHsKKyAgICAgICAgICAgIGlmICggSU9fQVBJQ19JRChhcGljKSAhPSBz cGVjaWFsLT5oYW5kbGUgKQorICAgICAgICAgICAgICAgIGNvbnRpbnVlOwor CisgICAgICAgICAgICBpZiAoIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRs ZV0ucGluX3NldHVwICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAg ICBpZiAoIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0uYmRmID09IGJk ZiAmJgorICAgICAgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lh bC0+aGFuZGxlXS5zZWcgPT0gc2VnICkKKyAgICAgICAgICAgICAgICAgICAg QU1EX0lPTU1VX0RFQlVHKCJJVkhEIFdhcm5pbmc6IER1cGxpY2F0ZSBJTy1B UElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgc3BlY2lhbC0+aGFuZGxlKTsKKyAgICAgICAgICAgICAg ICBlbHNlCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAgICAg ICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogQ29uZmxpY3Rpbmcg SU8tQVBJQyAlI3ggZW50cmllc1xuIiwKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNwZWNpYWwtPmhhbmRsZSk7CisgICAgICAgICAgICAgICAgICAg IGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCApCisgICAgICAgICAg ICAgICAgICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgICAgICAgICB9Cisg ICAgICAgICAgICB9CisgICAgICAgICAgICBlbHNlCisgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMg Ki8KKyAgICAgICAgICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5k bGVdLmJkZiA9IGJkZjsKKyAgICAgICAgICAgICAgICBpb2FwaWNfc2JkZltz cGVjaWFsLT5oYW5kbGVdLnNlZyA9IHNlZzsKKworICAgICAgICAgICAgICAg IGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0ucGluX3NldHVwID0geHph bGxvY19hcnJheSgKKyAgICAgICAgICAgICAgICAgICAgdW5zaWduZWQgbG9u ZywgQklUU19UT19MT05HUyhucl9pb2FwaWNfZW50cmllc1thcGljXSkpOwor ICAgICAgICAgICAgICAgIGlmICggbnJfaW9hcGljX2VudHJpZXNbYXBpY10g JiYKKyAgICAgICAgICAgICAgICAgICAgICFpb2FwaWNfc2JkZltJT19BUElD X0lEKGFwaWMpXS5waW5fc2V0dXAgKQorICAgICAgICAgICAgICAgIHsKKyAg ICAgICAgICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19FUlIgIklWSEQgRXJy b3I6IE91dCBvZiBtZW1vcnlcbiIpOworICAgICAgICAgICAgICAgICAgICBy ZXR1cm4gMDsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICB9Cisg ICAgICAgICAgICBicmVhazsKKyAgICAgICAgfQorICAgICAgICBpZiAoIGFw aWMgPT0gbnJfaW9hcGljcyApCisgICAgICAgIHsKKyAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBJbnZhbGlkIElPLUFQSUMg JSN4XG4iLAorICAgICAgICAgICAgICAgICAgIHNwZWNpYWwtPmhhbmRsZSk7 CisgICAgICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgfQogICAgICAgICBi cmVhazsKICAgICBjYXNlIEFDUElfSVZIRF9IUEVUOgogICAgICAgICAvKiBz ZXQgZGV2aWNlIGlkIG9mIGhwZXQgKi8KQEAgLTg0NCw2ICs4OTAsNyBAQCBz dGF0aWMgaW50IF9faW5pdCBwYXJzZV9pdnJzX3RhYmxlKHN0cnVjCiB7CiAg ICAgY29uc3Qgc3RydWN0IGFjcGlfaXZyc19oZWFkZXIgKml2cnNfYmxvY2s7 CiAgICAgdW5zaWduZWQgbG9uZyBsZW5ndGg7CisgICAgdW5zaWduZWQgaW50 IGFwaWM7CiAgICAgaW50IGVycm9yID0gMDsKIAogICAgIEJVR19PTighdGFi bGUpOwpAQCAtODc2LDYgKzkyMywyOSBAQCBzdGF0aWMgaW50IF9faW5pdCBw YXJzZV9pdnJzX3RhYmxlKHN0cnVjCiAgICAgICAgIGxlbmd0aCArPSBpdnJz X2Jsb2NrLT5sZW5ndGg7CiAgICAgfQogCisgICAgLyogRWFjaCBJTy1BUElD IG11c3QgaGF2ZSBiZWVuIG1lbnRpb25lZCBpbiB0aGUgdGFibGUuICovCisg ICAgZm9yICggYXBpYyA9IDA7ICFlcnJvciAmJiBhcGljIDwgbnJfaW9hcGlj czsgKythcGljICkKKyAgICB7CisgICAgICAgIGlmICggIW5yX2lvYXBpY19l bnRyaWVzW2FwaWNdIHx8CisgICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9f QVBJQ19JRChhcGljKV0ucGluX3NldHVwICkKKyAgICAgICAgICAgIGNvbnRp bnVlOworCisgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9y OiBubyBpbmZvcm1hdGlvbiBmb3IgSU8tQVBJQyAlI3hcbiIsCisgICAgICAg ICAgICAgICBJT19BUElDX0lEKGFwaWMpKTsKKyAgICAgICAgaWYgKCBhbWRf aW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgICAgIGVycm9yID0g LUVOWElPOworICAgICAgICBlbHNlCisgICAgICAgIHsKKyAgICAgICAgICAg IGlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCA9IHh6 YWxsb2NfYXJyYXkoCisgICAgICAgICAgICAgICAgdW5zaWduZWQgbG9uZywg QklUU19UT19MT05HUyhucl9pb2FwaWNfZW50cmllc1thcGljXSkpOworICAg ICAgICAgICAgaWYgKCAhaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0u cGluX3NldHVwICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICBw cmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogT3V0IG9mIG1lbW9yeVxu Iik7CisgICAgICAgICAgICAgICAgZXJyb3IgPSAtRU5PTUVNOworICAgICAg ICAgICAgfQorICAgICAgICB9CisgICAgfQorCiAgICAgcmV0dXJuIGVycm9y OwogfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21t dV9pbml0LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lv bW11X2luaXQuYwpAQCAtMTEyMCwxMiArMTEyMCw0NSBAQCBzdGF0aWMgaW50 IF9faW5pdCBhbWRfaW9tbXVfc2V0dXBfZGV2aWNlCiAgICAgcmV0dXJuIDA7 CiB9CiAKKy8qIENoZWNrIHdoZXRoZXIgU1A1MTAwIFNBVEEgQ29tYmluZWQg bW9kZSBpcyBvbiAqLworc3RhdGljIGJvb2xfdCBfX2luaXQgYW1kX3NwNTEw MF9lcnJhdHVtMjgodm9pZCkKK3sKKyAgICB1MzIgYnVzLCBpZDsKKyAgICB1 MTYgdmVuZG9yX2lkLCBkZXZfaWQ7CisgICAgdTggYnl0ZTsKKworICAgIGZv ciAoYnVzID0gMDsgYnVzIDwgMjU2OyBidXMrKykKKyAgICB7CisgICAgICAg IGlkID0gcGNpX2NvbmZfcmVhZDMyKDAsIGJ1cywgMHgxNCwgMCwgUENJX1ZF TkRPUl9JRCk7CisKKyAgICAgICAgdmVuZG9yX2lkID0gaWQgJiAweGZmZmY7 CisgICAgICAgIGRldl9pZCA9IChpZCA+PiAxNikgJiAweGZmZmY7CisKKyAg ICAgICAgLyogU1A1MTAwIFNNQnVzIG1vZHVsZSBzZXRzIENvbWJpbmVkIG1v ZGUgb24gKi8KKyAgICAgICAgaWYgKHZlbmRvcl9pZCAhPSAweDEwMDIgfHwg ZGV2X2lkICE9IDB4NDM4NSkKKyAgICAgICAgICAgIGNvbnRpbnVlOworCisg ICAgICAgIGJ5dGUgPSBwY2lfY29uZl9yZWFkOCgwLCBidXMsIDB4MTQsIDAs IDB4YWQpOworICAgICAgICBpZiAoIChieXRlID4+IDMpICYgMSApCisgICAg ICAgIHsKKyAgICAgICAgICAgIHByaW50ayhYRU5MT0dfV0FSTklORyAiQU1E LVZpOiBTUDUxMDAgZXJyYXR1bSAyOCBkZXRlY3RlZCwgZGlzYWJsaW5nIElP TU1VLlxuIgorICAgICAgICAgICAgICAgICAgICJJZiBwb3NzaWJsZSwgZGlz YWJsZSBTQVRBIENvbWJpbmVkIG1vZGUgaW4gQklPUyBvciBjb250YWN0IHlv dXIgdmVuZG9yIGZvciBCSU9TIHVwZGF0ZS5cbiIpOworICAgICAgICAgICAg cmV0dXJuIDE7CisgICAgICAgIH0KKyAgICB9CisKKyAgICByZXR1cm4gMDsK K30KKwogaW50IF9faW5pdCBhbWRfaW9tbXVfaW5pdCh2b2lkKQogewogICAg IHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11OwogCiAgICAgQlVHX09OKCAhaW9t bXVfZm91bmQoKSApOwogCisgICAgaWYgKCBhbWRfaW9tbXVfcGVyZGV2X2lu dHJlbWFwICYmIGFtZF9zcDUxMDBfZXJyYXR1bTI4KCkgKQorICAgICAgICBn b3RvIGVycm9yX291dDsKKwogICAgIGl2cnNfYmRmX2VudHJpZXMgPSBhbWRf aW9tbXVfZ2V0X2l2cnNfZGV2X2VudHJpZXMoKTsKIAogICAgIGlmICggIWl2 cnNfYmRmX2VudHJpZXMgKQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3Vn aC9hbWQvaW9tbXVfaW50ci5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJv dWdoL2FtZC9pb21tdV9pbnRyLmMKQEAgLTEwMCwxMiArMTAwLDEyIEBAIHN0 YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeSh1MzIqIGUKIHN0YXRp YyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lvYXBpYygKICAg ICBpbnQgYmRmLAogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11LAotICAg IHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICppb2FwaWNfcnRlKQorICAg IGNvbnN0IHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICpydGUsCisgICAg Y29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKm9sZF9ydGUpCiB7 CiAgICAgdW5zaWduZWQgbG9uZyBmbGFnczsKICAgICB1MzIqIGVudHJ5Owog ICAgIHU4IGRlbGl2ZXJ5X21vZGUsIGRlc3QsIHZlY3RvciwgZGVzdF9tb2Rl OwotICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICpydGUgPSBpb2Fw aWNfcnRlOwogICAgIGludCByZXFfaWQ7CiAgICAgc3BpbmxvY2tfdCAqbG9j azsKICAgICBpbnQgb2Zmc2V0OwpAQCAtMTIxLDYgKzEyMSwxNCBAQCBzdGF0 aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9pCiAgICAgc3Bp bl9sb2NrX2lycXNhdmUobG9jaywgZmxhZ3MpOwogCiAgICAgb2Zmc2V0ID0g Z2V0X2ludHJlbWFwX29mZnNldCh2ZWN0b3IsIGRlbGl2ZXJ5X21vZGUpOwor ICAgIGlmICggb2xkX3J0ZSApCisgICAgeworICAgICAgICBpbnQgb2xkX29m ZnNldCA9IGdldF9pbnRyZW1hcF9vZmZzZXQob2xkX3J0ZS0+dmVjdG9yLAor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg b2xkX3J0ZS0+ZGVsaXZlcnlfbW9kZSk7CisKKyAgICAgICAgaWYgKCBvZmZz ZXQgIT0gb2xkX29mZnNldCApCisgICAgICAgICAgICBmcmVlX2ludHJlbWFw X2VudHJ5KGlvbW11LT5zZWcsIGJkZiwgb2xkX29mZnNldCk7CisgICAgfQog ICAgIGVudHJ5ID0gKHUzMiopZ2V0X2ludHJlbWFwX2VudHJ5KGlvbW11LT5z ZWcsIHJlcV9pZCwgb2Zmc2V0KTsKICAgICB1cGRhdGVfaW50cmVtYXBfZW50 cnkoZW50cnksIHZlY3RvciwgZGVsaXZlcnlfbW9kZSwgZGVzdF9tb2RlLCBk ZXN0KTsKIApAQCAtMTg5LDYgKzE5Nyw3IEBAIGludCBfX2luaXQgYW1kX2lv bW11X3NldHVwX2lvYXBpY19yZW1hcHAKICAgICAgICAgICAgICAgICBhbWRf aW9tbXVfZmx1c2hfaW50cmVtYXAoaW9tbXUsIHJlcV9pZCk7CiAgICAgICAg ICAgICAgICAgc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ss IGZsYWdzKTsKICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIHNldF9iaXQo cGluLCBpb2FwaWNfc2JkZltJT19BUElDX0lEKGFwaWMpXS5waW5fc2V0dXAp OwogICAgICAgICB9CiAgICAgfQogICAgIHJldHVybiAwOwpAQCAtMjAwLDYg KzIwOSw3IEBAIHZvaWQgYW1kX2lvbW11X2lvYXBpY191cGRhdGVfaXJlKAog ICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5IG9sZF9ydGUgPSB7IDAg fTsKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSBuZXdfcnRlID0g eyAwIH07CiAgICAgdW5zaWduZWQgaW50IHJ0ZV9sbyA9IChyZWcgJiAxKSA/ IHJlZyAtIDEgOiByZWc7CisgICAgdW5zaWduZWQgaW50IHBpbiA9IChyZWcg LSAweDEwKSAvIDI7CiAgICAgaW50IHNhdmVkX21hc2ssIHNlZywgYmRmOwog ICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11OwogCkBAIC0yMzcsNiArMjQ3 LDE0IEBAIHZvaWQgYW1kX2lvbW11X2lvYXBpY191cGRhdGVfaXJlKAogICAg ICAgICAqKCgodTMyICopJm5ld19ydGUpICsgMSkgPSB2YWx1ZTsKICAgICB9 CiAKKyAgICBpZiAoIG5ld19ydGUubWFzayAmJgorICAgICAgICAgIXRlc3Rf Yml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3Nl dHVwKSApCisgICAgeworICAgICAgICBBU1NFUlQoc2F2ZWRfbWFzayk7Cisg ICAgICAgIF9faW9fYXBpY193cml0ZShhcGljLCByZWcsIHZhbHVlKTsKKyAg ICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIC8qIG1hc2sgdGhlIGludGVy cnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGludHJlbWFwIHRhYmxlICovCiAg ICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAgewpAQCAtMjQ1LDcgKzI2Mywx MSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2lyZSgKICAgICB9 CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0IHJlbWFwcGluZyBlbnRyeSAq LwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lvYXBpYyhiZGYs IGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5 X2Zyb21faW9hcGljKAorICAgICAgICBiZGYsIGlvbW11LCAmbmV3X3J0ZSwK KyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChwaW4sCisgICAgICAgICAgICAg ICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0ucGlu X3NldHVwKSA/ICZvbGRfcnRlCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6IE5V TEwpOwogCiAgICAgLyogRm9yd2FyZCB3cml0ZSBhY2Nlc3MgdG8gSU8tQVBJ QyBSVEUgKi8KICAgICBfX2lvX2FwaWNfd3JpdGUoYXBpYywgcmVnLCB2YWx1 ZSk7CkBAIC0zNTYsNiArMzc4LDEyIEBAIHZvaWQgYW1kX2lvbW11X21zaV9t c2dfdXBkYXRlX2lyZSgKICAgICAgICAgcmV0dXJuOwogICAgIH0KIAorICAg IGlmICggbXNpX2Rlc2MtPnJlbWFwX2luZGV4ID49IDAgKQorICAgICAgICB1 cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9tc2lfbXNnKGlvbW11LCBiZGYs IG1zaV9kZXNjLCBOVUxMKTsKKworICAgIGlmICggIW1zZyApCisgICAgICAg IHJldHVybjsKKwogICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX21z aV9tc2coaW9tbXUsIGJkZiwgbXNpX2Rlc2MsIG1zZyk7CiB9CiAKLS0tIGEv eGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYwor KysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21t dS5jCkBAIC0yMDgsNiArMjA4LDggQEAgaW50IF9faW5pdCBhbWRfaW92X2Rl dGVjdCh2b2lkKQogICAgIHsKICAgICAgICAgcHJpbnRrKCJBTUQtVmk6IE5v dCBvdmVycmlkaW5nIGlycV92ZWN0b3JfbWFwIHNldHRpbmdcbiIpOwogICAg IH0KKyAgICBpZiAoICFhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAg ICAgICAgcHJpbnRrKFhFTkxPR19XQVJOSU5HICJBTUQtVmk6IFVzaW5nIGds b2JhbCBpbnRlcnJ1cHQgcmVtYXAgdGFibGUgaXMgbm90IHJlY29tbWVuZGVk IChzZWUgWFNBLTM2KSFcbiIpOwogICAgIHJldHVybiBzY2FuX3BjaV9kZXZp Y2VzKCk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvaW9t bXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9pb21tdS5jCkBA IC01Myw3ICs1Myw3IEBAIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlvbW11X3Fp bnZhbCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9pbnRyZW1h cCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9oYXBfcHRfc2hh cmUgPSAxOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfZGVidWc7Ci1i b29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFw OworYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lvbW11X3BlcmRldl9pbnRy ZW1hcCA9IDE7CiAKIERFRklORV9QRVJfQ1BVKGJvb2xfdCwgaW9tbXVfZG9u dF9mbHVzaF9pb3RsYik7CiAKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9o dm0vc3ZtL2FtZC1pb21tdS1wcm90by5oCisrKyBiL3hlbi9pbmNsdWRlL2Fz bS14ODYvaHZtL3N2bS9hbWQtaW9tbXUtcHJvdG8uaApAQCAtMTAxLDYgKzEw MSw3IEBAIGludCBhbWRfc2V0dXBfaHBldF9tc2koc3RydWN0IG1zaV9kZXNj ICoKIAogZXh0ZXJuIHN0cnVjdCBpb2FwaWNfc2JkZiB7CiAgICAgdTE2IGJk Ziwgc2VnOworICAgIHVuc2lnbmVkIGxvbmcgKnBpbl9zZXR1cDsKIH0gaW9h cGljX3NiZGZbTUFYX0lPX0FQSUNTXTsKIGV4dGVybiB2b2lkICpzaGFyZWRf aW50cmVtYXBfdGFibGU7CiAK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Feb 21 14:26:06 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 21 Feb 2013 14:26:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U8X3t-00042c-P9; Thu, 21 Feb 2013 14:23:49 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U8X3s-00042E-6w; Thu, 21 Feb 2013 14:23:48 +0000 Received: from [85.158.139.211:17022] by server-3.bemta-5.messagelabs.com id 9E/AD-07037-3FD26215; Thu, 21 Feb 2013 14:23:47 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-14.tower-206.messagelabs.com!1361456621!18549606!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.8.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30770 invoked from network); 21 Feb 2013 14:23:42 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-14.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 21 Feb 2013 14:23:42 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1U8X3c-000207-Ah; Thu, 21 Feb 2013 14:23:32 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1U8X3b-0007ni-Cw; Thu, 21 Feb 2013 14:23:31 +0000 Date: Thu, 21 Feb 2013 14:23:31 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0153 / XSA-36 version 4 interrupt remap entries shared and old ones not cleared on AMD IOMMUs UPDATES IN VERSION 4 ==================== Updated patches, to deal with a boot time crash resulting from the earlier changes on systems with firmware broken in a way not previously accounted for. ISSUE DESCRIPTION ================= To avoid an erratum in early hardware, the Xen AMD IOMMU code by default chooses to use a single interrupt remapping table for the whole system. This sharing implies that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. Furthermore, regardless of whether a shared interrupt remapping table is in use, old entries are not always cleared, providing opportunities (which accumulate over time) for guests to inject interrupts into other guests, again including domain 0. In a typical Xen system many devices are owned by domain 0 or driver domains, leaving them vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system. IMPACT ====== A malicious domain which is given access to a physical PCI device can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Xen versions 3.3 onwards are vulnerable. Earlier Xen versions do not implement interrupt remapping, and hence do not support secure AMD-Vi PCI passthrough in any case. Only systems using AMD-Vi for PCI passthrough are vulnerable. Any domain which is given access to a PCI device can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. In Xen versions 4.1.3 and above the sharing of the interrupt remapping table (and hence the more severe part of this problem) can be avoided by passing "iommu=amd-iommu-perdev-intremap" as a command line option to the hypervisor. This option is not fully functional on earlier hypervisors. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that on certain systems (SP5100 chipsets with erratum 28 present, or such with broken IVRS ACPI table) these patches will result in the IOMMU not being enabled anymore. This should be dealt with by a BIOS update, if available. Alternatively the check can be overridden by specifying "iommu=no-amd-iommu-perdev-intremap" on the Xen command line ("iommu=amd-iommu-global-intremap" on 4.1.x), at the price of re-opening the security hole addressed by these patches. xsa36-unstable.patch Xen unstable xsa36-4.2.patch Xen 4.2.x xsa36-4.1.patch Xen 4.1.x $ sha256sum xsa36*.patch 4bdc0f1f94f82c6bc6c777971f22ef915215b72b98b29f9064e4df65c0efc6f4 xsa36-4.1.patch dd32ecaa84edbf6d11241045f40ba53ec4a3bc6c24f719bc21204067c4eb8964 xsa36-4.2.patch 7c0b3a1b332a24a830c7a436b065943f60c54cd5b7e746c440e2992a7b5cfe41 xsa36-unstable.patch $ Incremental patches on top of what was provided in version 3 can also be taken from the respective mercurial trees: http://xenbits.xen.org/hg/xen-unstable.hg/rev/e68f14b9e739 http://xenbits.xen.org/hg/staging/xen-4.2-testing.hg/rev/6a03b38b9cd6 http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/4d522221fa77 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRJf98AAoJEIP+FMlX6CvZ5ocH/jNY92kLw7BOencxa9R3TGTn 20O0+j1id+xi2vjVVF2xm2SJ7g/6Egx5WURUfy2cu+I8GdDHKmRrp3Vkazltzcnd 6AlI5aiPC2H1rFkU0FpneRk3mrluABLZO8Q5YcSJs24hwqded0W+SivH63aInki/ PsDGoBu8HUjYMWjXyqCJVJIGToLS9ApaQ8+iTylWb1ZocRm2VcPS8yJI7z82kj3A zRNADG36oAFawSJsE9z3ykVoYv9UYckOaWkaXh7jZPHAvIjvP2wLb9gmMkMXbIOP ICpJJFf0w7oW6KTY3g9n8CxUMBMoUw/9Fv+CQBzOf0ZZY/vIE8q65A0NhCcWixo= =vmpB -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa36-4.1.patch" Content-Disposition: attachment; filename="xsa36-4.1.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgpBTUQg SU9NTVU6IGFsc28gc3BvdCBtaXNzaW5nIElPLUFQSUMgZW50cmllcyBpbiBJ VlJTIHRhYmxlCgpBcGFydCBmcm9tIGRlYWxpbmcgZHVwbGljYXRlIGNvbmZs aWN0aW5nIGVudHJpZXMsIHdlIGFsc28gaGF2ZSB0bwpoYW5kbGUgZmlybXdh cmUgb21pdHRpbmcgSU8tQVBJQyBlbnRyaWVzIGluIElWUlMgYWx0b2dldGhl ci4gTm90IGRvaW5nCnNvIGhhcyByZXN1bHRlZCBpbiBjL3MgMjY1MTc6NjAx MTM5ZTJiMGRiIHRvIGNyYXNoIHN1Y2ggc3lzdGVtcyBkdXJpbmcKYm9vdCAo d2hlcmVhcyB3aXRoIHRoZSBjaGFuZ2UgaGVyZSB0aGUgSU9NTVUgZ2V0cyBk aXNhYmxlZCBqdXN0IGFzIGlzCmJlaW5nIGRvbmUgaW4gdGhlIG90aGVyIGNh c2VzLCBpLmUuIHVubGVzcyBnbG9iYWwgdGFibGVzIGFyZSBiZWluZwp1c2Vk KS4KCkRlYnVnZ2luZyB0aGlzIGlzc3VlIGhhcyBhbHNvIHBvaW50ZWQgb3V0 IHRoYXQgdGhlIGRlYnVnIGxvZyBvdXRwdXQgaXMKcHJldHR5IHVnbHkgdG8g bG9vayBhdCAtIGNvbnNvbGlkYXRlIHRoZSBvdXRwdXQsIGFuZCBhZGQgb25l IGV4dHJhCml0ZW0gZm9yIHRoZSBJVkhEIHNwZWNpYWwgZW50cmllcywgc28g dGhhdCBmdXR1cmUgaXNzdWVzIGFyZSBlYXNpZXIKdG8gYW5hbHl6ZS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K VGVzdGVkLWJ5OiBTYW5kZXIgRWlrZWxlbmJvb20gPGxpbnV4QGVpa2VsZW5i b29tLml0PgoKLS0tIGEveGVuL2FyY2gveDg2L2lycS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9pcnEuYwpAQCAtMTY3Nyw5ICsxNjc3LDYgQEAgaW50IG1hcF9k b21haW5fcGlycSgKICAgICAgICAgZC0+YXJjaC5waXJxX2lycVtwaXJxXSA9 IGlycTsKICAgICAgICAgZC0+YXJjaC5pcnFfcGlycVtpcnFdID0gcGlycTsK ICAgICAgICAgc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgmZGVzYy0+bG9jaywg ZmxhZ3MpOwotCi0gICAgICAgIGlmICggb3B0X2lycV92ZWN0b3JfbWFwID09 IE9QVF9JUlFfVkVDVE9SX01BUF9QRVJERVYgKQotICAgICAgICAgICAgcHJp bnRrKFhFTkxPR19JTkZPICJQZXItZGV2aWNlIHZlY3RvciBtYXBzIGZvciBH U0lzIG5vdCBpbXBsZW1lbnRlZCB5ZXQuXG4iKTsKICAgICB9CiAKIGRvbmU6 Ci0tLSBhL3hlbi9kcml2ZXJzL2FjcGkvdGFibGVzLmMKKysrIGIveGVuL2Ry aXZlcnMvYWNwaS90YWJsZXMuYwpAQCAtMjY3LDcgKzI2Nyw3IEBAIGFjcGlf dGFibGVfcGFyc2VfbWFkdChlbnVtIGFjcGlfbWFkdF90eXAKICAqIEBoYW5k bGVyOiBoYW5kbGVyIHRvIHJ1bgogICoKICAqIFNjYW4gdGhlIEFDUEkgU3lz dGVtIERlc2NyaXB0b3IgVGFibGUgKFNURCkgZm9yIGEgdGFibGUgbWF0Y2hp bmcgQGlkLAotICogcnVuIEBoYW5kbGVyIG9uIGl0LiAgUmV0dXJuIDAgaWYg dGFibGUgZm91bmQsIHJldHVybiBvbiBpZiBub3QuCisgKiBydW4gQGhhbmRs ZXIgb24gaXQuCiAgKi8KIGludCBhY3BpX3RhYmxlX3BhcnNlKGNoYXIgKmlk LCBhY3BpX3RhYmxlX2hhbmRsZXIgaGFuZGxlcikKIHsKQEAgLTI4Miw4ICsy ODIsNyBAQCBpbnQgYWNwaV90YWJsZV9wYXJzZShjaGFyICppZCwgYWNwaV90 YWJsCiAJCWFjcGlfZ2V0X3RhYmxlKGlkLCAwLCAmdGFibGUpOwogCiAJaWYg KHRhYmxlKSB7Ci0JCWhhbmRsZXIodGFibGUpOwotCQlyZXR1cm4gMDsKKwkJ cmV0dXJuIGhhbmRsZXIodGFibGUpOwogCX0gZWxzZQogCQlyZXR1cm4gMTsK IH0KLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X2Fj cGkuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVf YWNwaS5jCkBAIC0yMSw2ICsyMSw3IEBACiAjaW5jbHVkZSA8eGVuL2NvbmZp Zy5oPgogI2luY2x1ZGUgPHhlbi9lcnJuby5oPgogI2luY2x1ZGUgPGFzbS9h cGljZGVmLmg+CisjaW5jbHVkZSA8YXNtL2lvX2FwaWMuaD4KICNpbmNsdWRl IDxhc20vYW1kLWlvbW11Lmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9zdm0vYW1k LWlvbW11LXByb3RvLmg+CiAjaW5jbHVkZSA8YXNtL2h2bS9zdm0vYW1kLWlv bW11LWFjcGkuaD4KQEAgLTI5LDcgKzMwLDYgQEAgZXh0ZXJuIHVuc2lnbmVk IGxvbmcgYW1kX2lvbW11X3BhZ2VfZW50cgogZXh0ZXJuIHVuc2lnbmVkIHNo b3J0IGl2cnNfYmRmX2VudHJpZXM7CiBleHRlcm4gc3RydWN0IGl2cnNfbWFw cGluZ3MgKml2cnNfbWFwcGluZ3M7CiBleHRlcm4gdW5zaWduZWQgc2hvcnQg bGFzdF9iZGY7Ci1leHRlcm4gaW50IGlvYXBpY19iZGZbTUFYX0lPX0FQSUNT XTsKIGV4dGVybiB2b2lkICpzaGFyZWRfaW50cmVtYXBfdGFibGU7CiAKIHN0 YXRpYyB2b2lkIGFkZF9pdnJzX21hcHBpbmdfZW50cnkoCkBAIC02MzYsNiAr NjM2LDcgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZpY2Vf c3BlYwogICAgIHUxNiBoZWFkZXJfbGVuZ3RoLCB1MTYgYmxvY2tfbGVuZ3Ro LCBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSkKIHsKICAgICB1MTYgZGV2X2xl bmd0aCwgYmRmOworICAgIGludCBhcGljOwogCiAgICAgZGV2X2xlbmd0aCA9 IHNpemVvZihzdHJ1Y3QgYWNwaV9pdmhkX2RldmljZV9zcGVjaWFsKTsKICAg ICBpZiAoIGhlYWRlcl9sZW5ndGggPCAoYmxvY2tfbGVuZ3RoICsgZGV2X2xl bmd0aCkgKQpAQCAtNjUyLDkgKzY1Myw1OCBAQCBzdGF0aWMgdTE2IF9faW5p dCBwYXJzZV9pdmhkX2RldmljZV9zcGVjCiAgICAgfQogCiAgICAgYWRkX2l2 cnNfbWFwcGluZ19lbnRyeShiZGYsIGJkZiwgaXZoZF9kZXZpY2UtPmhlYWRl ci5mbGFncywgaW9tbXUpOwotICAgIC8qIHNldCBkZXZpY2UgaWQgb2YgaW9h cGljICovCi0gICAgaW9hcGljX2JkZltpdmhkX2RldmljZS0+c3BlY2lhbC5o YW5kbGVdID0gYmRmOwotICAgIHJldHVybiBkZXZfbGVuZ3RoOworCisgICAg aWYgKCBpdmhkX2RldmljZS0+c3BlY2lhbC52YXJpZXR5ICE9IDEgLyogQUNQ SV9JVkhEX0lPQVBJQyAqLyApCisgICAgeworICAgICAgICBpZiAoIGl2aGRf ZGV2aWNlLT5zcGVjaWFsLnZhcmlldHkgIT0gMiAvKiBBQ1BJX0lWSERfSFBF VCAqLyApCisgICAgICAgICAgICBwcmludGsoWEVOTE9HX0VSUiAiVW5yZWNv Z25pemVkIElWSEQgc3BlY2lhbCB2YXJpZXR5ICUjeFxuIiwKKyAgICAgICAg ICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lhbC52YXJpZXR5KTsKKyAg ICAgICAgcmV0dXJuIGRldl9sZW5ndGg7CisgICAgfQorCisgICAgLyoKKyAg ICAgKiBTb21lIEJJT1NlcyBoYXZlIElPQVBJQyBicm9rZW4gZW50cmllcyBz byB3ZSBjaGVjayBmb3IgSVZSUworICAgICAqIGNvbnNpc3RlbmN5IGhlcmUg LS0tIHdoZXRoZXIgZW50cnkncyBJT0FQSUMgSUQgaXMgdmFsaWQgYW5kCisg ICAgICogd2hldGhlciB0aGVyZSBhcmUgY29uZmxpY3RpbmcvZHVwbGljYXRl ZCBlbnRyaWVzLgorICAgICAqLworICAgIGZvciAoIGFwaWMgPSAwOyBhcGlj IDwgbnJfaW9hcGljczsgYXBpYysrICkKKyAgICB7CisgICAgICAgIGlmICgg SU9fQVBJQ19JRChhcGljKSAhPSBpdmhkX2RldmljZS0+c3BlY2lhbC5oYW5k bGUgKQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgaWYgKCBp b2FwaWNfYmRmW2l2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZV0ucGluX3Nl dHVwICkKKyAgICAgICAgeworICAgICAgICAgICAgaWYgKCBpb2FwaWNfYmRm W2l2aGRfZGV2aWNlLT5zcGVjaWFsLmhhbmRsZV0uYmRmID09IGJkZiApCisg ICAgICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJVkhEIFdhcm5pbmc6 IER1cGxpY2F0ZSBJTy1BUElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lhbC5o YW5kbGUpOworICAgICAgICAgICAgZWxzZQorICAgICAgICAgICAgeworICAg ICAgICAgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBD b25mbGljdGluZyBJTy1BUElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAg ICAgICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lhbC5oYW5kbGUpOwor ICAgICAgICAgICAgICAgIGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRyZW1h cCApCisgICAgICAgICAgICAgICAgICAgIHJldHVybiAwOworICAgICAgICAg ICAgfQorICAgICAgICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAg ICAgICAgICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMgKi8KKyAgICAg ICAgICAgIGlvYXBpY19iZGZbaXZoZF9kZXZpY2UtPnNwZWNpYWwuaGFuZGxl XS5iZGYgPSBiZGY7CisKKyAgICAgICAgICAgIGlvYXBpY19iZGZbaXZoZF9k ZXZpY2UtPnNwZWNpYWwuaGFuZGxlXS5waW5fc2V0dXAgPSB4emFsbG9jX2Fy cmF5KAorICAgICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcsIEJJVFNfVE9f TE9OR1MobnJfaW9hcGljX3JlZ2lzdGVyc1thcGljXSkpOworICAgICAgICAg ICAgaWYgKCBucl9pb2FwaWNfcmVnaXN0ZXJzW2FwaWNdICYmCisgICAgICAg ICAgICAgICAgICFpb2FwaWNfYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9z ZXR1cCApCisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgcHJpbnRr KFhFTkxPR19FUlIgIklWSEQgRXJyb3I6IE91dCBvZiBtZW1vcnlcbiIpOwor ICAgICAgICAgICAgICAgIHJldHVybiAwOworICAgICAgICAgICAgfQorICAg ICAgICB9CisgICAgICAgIHJldHVybiBkZXZfbGVuZ3RoOworICAgIH0KKwor ICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBJbnZhbGlkIElP LUFQSUMgJSN4XG4iLAorICAgICAgICAgICBpdmhkX2RldmljZS0+c3BlY2lh bC5oYW5kbGUpOworICAgIHJldHVybiAwOwogfQogCiBzdGF0aWMgaW50IF9f aW5pdCBwYXJzZV9pdmhkX2Jsb2NrKHN0cnVjdCBhY3BpX2l2aGRfYmxvY2tf aGVhZGVyICppdmhkX2Jsb2NrKQpAQCAtODE3LDYgKzg2Nyw3IEBAIHN0YXRp YyBpbnQgX19pbml0IHBhcnNlX2l2cnNfdGFibGUoc3RydWMKIHsKICAgICBz dHJ1Y3QgYWNwaV9pdnJzX2Jsb2NrX2hlYWRlciAqaXZyc19ibG9jazsKICAg ICB1bnNpZ25lZCBsb25nIGxlbmd0aDsKKyAgICB1bnNpZ25lZCBpbnQgYXBp YzsKICAgICBpbnQgZXJyb3IgPSAwOwogICAgIHN0cnVjdCBhY3BpX3RhYmxl X2hlYWRlciAqdGFibGUgPSAoc3RydWN0IGFjcGlfdGFibGVfaGVhZGVyICop X3RhYmxlOwogCkBAIC04NTEsNiArOTAyLDI5IEBAIHN0YXRpYyBpbnQgX19p bml0IHBhcnNlX2l2cnNfdGFibGUoc3RydWMKICAgICAgICAgbGVuZ3RoICs9 IGl2cnNfYmxvY2stPmxlbmd0aDsKICAgICB9CiAKKyAgICAvKiBFYWNoIElP LUFQSUMgbXVzdCBoYXZlIGJlZW4gbWVudGlvbmVkIGluIHRoZSB0YWJsZS4g Ki8KKyAgICBmb3IgKCBhcGljID0gMDsgIWVycm9yICYmIGFwaWMgPCBucl9p b2FwaWNzOyArK2FwaWMgKQorICAgIHsKKyAgICAgICAgaWYgKCAhbnJfaW9h cGljX3JlZ2lzdGVyc1thcGljXSB8fAorICAgICAgICAgICAgIGlvYXBpY19i ZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3NldHVwICkKKyAgICAgICAgICAg IGNvbnRpbnVlOworCisgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhE IEVycm9yOiBubyBpbmZvcm1hdGlvbiBmb3IgSU8tQVBJQyAlI3hcbiIsCisg ICAgICAgICAgICAgICBJT19BUElDX0lEKGFwaWMpKTsKKyAgICAgICAgaWYg KCBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgICAgIGVy cm9yID0gLUVOWElPOworICAgICAgICBlbHNlCisgICAgICAgIHsKKyAgICAg ICAgICAgIGlvYXBpY19iZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3NldHVw ID0geHphbGxvY19hcnJheSgKKyAgICAgICAgICAgICAgICB1bnNpZ25lZCBs b25nLCBCSVRTX1RPX0xPTkdTKG5yX2lvYXBpY19yZWdpc3RlcnNbYXBpY10p KTsKKyAgICAgICAgICAgIGlmICggIWlvYXBpY19iZGZbSU9fQVBJQ19JRChh cGljKV0ucGluX3NldHVwICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAg ICAgICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogT3V0IG9mIG1l bW9yeVxuIik7CisgICAgICAgICAgICAgICAgZXJyb3IgPSAtRU5PTUVNOwor ICAgICAgICAgICAgfQorICAgICAgICB9CisgICAgfQorCiAgICAgcmV0dXJu IGVycm9yOwogfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2Ft ZC9pb21tdV9pbml0LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gv YW1kL2lvbW11X2luaXQuYwpAQCAtODk3LDEyICs4OTcsNDUgQEAgc3RhdGlj IGludCBfX2luaXQgYW1kX2lvbW11X3NldHVwX2RldmljZQogICAgIHJldHVy biAwOwogfQogCisvKiBDaGVjayB3aGV0aGVyIFNQNTEwMCBTQVRBIENvbWJp bmVkIG1vZGUgaXMgb24gKi8KK3N0YXRpYyBib29sX3QgX19pbml0IGFtZF9z cDUxMDBfZXJyYXR1bTI4KHZvaWQpCit7CisgICAgdTMyIGJ1cywgaWQ7Cisg ICAgdTE2IHZlbmRvcl9pZCwgZGV2X2lkOworICAgIHU4IGJ5dGU7CisKKyAg ICBmb3IgKGJ1cyA9IDA7IGJ1cyA8IDI1NjsgYnVzKyspCisgICAgeworICAg ICAgICBpZCA9IHBjaV9jb25mX3JlYWQzMihidXMsIDB4MTQsIDAsIFBDSV9W RU5ET1JfSUQpOworCisgICAgICAgIHZlbmRvcl9pZCA9IGlkICYgMHhmZmZm OworICAgICAgICBkZXZfaWQgPSAoaWQgPj4gMTYpICYgMHhmZmZmOworCisg ICAgICAgIC8qIFNQNTEwMCBTTUJ1cyBtb2R1bGUgc2V0cyBDb21iaW5lZCBt b2RlIG9uICovCisgICAgICAgIGlmICh2ZW5kb3JfaWQgIT0gMHgxMDAyIHx8 IGRldl9pZCAhPSAweDQzODUpCisgICAgICAgICAgICBjb250aW51ZTsKKwor ICAgICAgICBieXRlID0gcGNpX2NvbmZfcmVhZDgoYnVzLCAweDE0LCAwLCAw eGFkKTsKKyAgICAgICAgaWYgKCAoYnl0ZSA+PiAzKSAmIDEgKQorICAgICAg ICB7CisgICAgICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5JTkcgIkFNRC1W aTogU1A1MTAwIGVycmF0dW0gMjggZGV0ZWN0ZWQsIGRpc2FibGluZyBJT01N VS5cbiIKKyAgICAgICAgICAgICAgICAgICAiSWYgcG9zc2libGUsIGRpc2Fi bGUgU0FUQSBDb21iaW5lZCBtb2RlIGluIEJJT1Mgb3IgY29udGFjdCB5b3Vy IHZlbmRvciBmb3IgQklPUyB1cGRhdGUuXG4iKTsKKyAgICAgICAgICAgIHJl dHVybiAxOworICAgICAgICB9CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9 CisKIGludCBfX2luaXQgYW1kX2lvbW11X2luaXQodm9pZCkKIHsKICAgICBz dHJ1Y3QgYW1kX2lvbW11ICppb21tdTsKIAogICAgIEJVR19PTiggIWlvbW11 X2ZvdW5kKCkgKTsKIAorICAgIGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRy ZW1hcCAmJiBhbWRfc3A1MTAwX2VycmF0dW0yOCgpICkKKyAgICAgICAgZ290 byBlcnJvcl9vdXQ7CisKICAgICBpcnFfdG9faW9tbXUgPSB4bWFsbG9jX2Fy cmF5KHN0cnVjdCBhbWRfaW9tbXUgKiwgbnJfaXJxcyk7CiAgICAgaWYgKCBp cnFfdG9faW9tbXUgPT0gTlVMTCApCiAgICAgICAgIGdvdG8gZXJyb3Jfb3V0 OwotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW50 ci5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9p bnRyLmMKQEAgLTI3LDcgKzI3LDcgQEAKICNkZWZpbmUgSU5UUkVNQVBfTEVO R1RIIDB4QgogI2RlZmluZSBJTlRSRU1BUF9FTlRSSUVTICgxIDw8IElOVFJF TUFQX0xFTkdUSCkKIAotaW50IGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsK K3N0cnVjdCBpb2FwaWNfYmRmIGlvYXBpY19iZGZbTUFYX0lPX0FQSUNTXTsK IGV4dGVybiBzdHJ1Y3QgaXZyc19tYXBwaW5ncyAqaXZyc19tYXBwaW5nczsK IGV4dGVybiB1bnNpZ25lZCBzaG9ydCBpdnJzX2JkZl9lbnRyaWVzOwogdm9p ZCAqc2hhcmVkX2ludHJlbWFwX3RhYmxlOwpAQCAtMTE3LDEyICsxMTcsMTIg QEAgdm9pZCBpbnZhbGlkYXRlX2ludGVycnVwdF90YWJsZShzdHJ1Y3QgYQog c3RhdGljIHZvaWQgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGlj KAogICAgIGludCBiZGYsCiAgICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUs Ci0gICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKmlvYXBpY19ydGUp CisgICAgY29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSwK KyAgICBjb25zdCBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSAqb2xkX3J0 ZSkKIHsKICAgICB1bnNpZ25lZCBsb25nIGZsYWdzOwogICAgIHUzMiogZW50 cnk7CiAgICAgdTggZGVsaXZlcnlfbW9kZSwgZGVzdCwgdmVjdG9yLCBkZXN0 X21vZGU7Ci0gICAgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKnJ0ZSA9 IGlvYXBpY19ydGU7CiAgICAgaW50IHJlcV9pZDsKICAgICBzcGlubG9ja190 ICpsb2NrOwogICAgIGludCBvZmZzZXQ7CkBAIC0xMzgsNiArMTM4LDE0IEBA IHN0YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2kKICAg ICBzcGluX2xvY2tfaXJxc2F2ZShsb2NrLCBmbGFncyk7CiAKICAgICBvZmZz ZXQgPSBnZXRfaW50cmVtYXBfb2Zmc2V0KHZlY3RvciwgZGVsaXZlcnlfbW9k ZSk7CisgICAgaWYgKCBvbGRfcnRlICkKKyAgICB7CisgICAgICAgIGludCBv bGRfb2Zmc2V0ID0gZ2V0X2ludHJlbWFwX29mZnNldChvbGRfcnRlLT52ZWN0 b3IsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBvbGRfcnRlLT5kZWxpdmVyeV9tb2RlKTsKKworICAgICAgICBpZiAo IG9mZnNldCAhPSBvbGRfb2Zmc2V0ICkKKyAgICAgICAgICAgIGZyZWVfaW50 cmVtYXBfZW50cnkoYmRmLCBvbGRfb2Zmc2V0KTsKKyAgICB9CiAgICAgZW50 cnkgPSAodTMyKilnZXRfaW50cmVtYXBfZW50cnkocmVxX2lkLCBvZmZzZXQp OwogICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeShlbnRyeSwgdmVjdG9yLCBk ZWxpdmVyeV9tb2RlLCBkZXN0X21vZGUsIGRlc3QpOwogCkBAIC0xNzYsNyAr MTg0LDcgQEAgaW50IF9faW5pdCBhbWRfaW9tbXVfc2V0dXBfaW9hcGljX3Jl bWFwcAogICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogCiAgICAgICAgICAg ICAvKiBnZXQgZGV2aWNlIGlkIG9mIGlvYXBpYyBkZXZpY2VzICovCi0gICAg ICAgICAgICBiZGYgPSBpb2FwaWNfYmRmW0lPX0FQSUNfSUQoYXBpYyldOwor ICAgICAgICAgICAgYmRmID0gaW9hcGljX2JkZltJT19BUElDX0lEKGFwaWMp XS5iZGY7CiAgICAgICAgICAgICBpb21tdSA9IGZpbmRfaW9tbXVfZm9yX2Rl dmljZShiZGYpOwogICAgICAgICAgICAgaWYgKCAhaW9tbXUgKQogICAgICAg ICAgICAgewpAQCAtMjA3LDYgKzIxNSw3IEBAIGludCBfX2luaXQgYW1kX2lv bW11X3NldHVwX2lvYXBpY19yZW1hcHAKICAgICAgICAgICAgICAgICBmbHVz aF9jb21tYW5kX2J1ZmZlcihpb21tdSk7CiAgICAgICAgICAgICAgICAgc3Bp bl91bmxvY2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKICAg ICAgICAgICAgIH0KKyAgICAgICAgICAgIHNldF9iaXQocGluLCBpb2FwaWNf YmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCk7CiAgICAgICAgIH0K ICAgICB9CiAgICAgcmV0dXJuIDA7CkBAIC0yMTgsNiArMjI3LDcgQEAgdm9p ZCBhbWRfaW9tbXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAgICAgc3RydWN0IElP X0FQSUNfcm91dGVfZW50cnkgb2xkX3J0ZSA9IHsgMCB9OwogICAgIHN0cnVj dCBJT19BUElDX3JvdXRlX2VudHJ5IG5ld19ydGUgPSB7IDAgfTsKICAgICB1 bnNpZ25lZCBpbnQgcnRlX2xvID0gKHJlZyAmIDEpID8gcmVnIC0gMSA6IHJl ZzsKKyAgICB1bnNpZ25lZCBpbnQgcGluID0gKHJlZyAtIDB4MTApIC8gMjsK ICAgICBpbnQgc2F2ZWRfbWFzaywgYmRmOwogICAgIHN0cnVjdCBhbWRfaW9t bXUgKmlvbW11OwogCkBAIC0yMjgsNyArMjM4LDcgQEAgdm9pZCBhbWRfaW9t bXVfaW9hcGljX3VwZGF0ZV9pcmUoCiAgICAgfQogCiAgICAgLyogZ2V0IGRl dmljZSBpZCBvZiBpb2FwaWMgZGV2aWNlcyAqLwotICAgIGJkZiA9IGlvYXBp Y19iZGZbSU9fQVBJQ19JRChhcGljKV07CisgICAgYmRmID0gaW9hcGljX2Jk ZltJT19BUElDX0lEKGFwaWMpXS5iZGY7CiAgICAgaW9tbXUgPSBmaW5kX2lv bW11X2Zvcl9kZXZpY2UoYmRmKTsKICAgICBpZiAoICFpb21tdSApCiAgICAg ewpAQCAtMjU0LDYgKzI2NCwxNCBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNf dXBkYXRlX2lyZSgKICAgICAgICAgKigoKHUzMiAqKSZuZXdfcnRlKSArIDEp ID0gdmFsdWU7CiAgICAgfQogCisgICAgaWYgKCBuZXdfcnRlLm1hc2sgJiYK KyAgICAgICAgICF0ZXN0X2JpdChwaW4sIGlvYXBpY19iZGZbSU9fQVBJQ19J RChhcGljKV0ucGluX3NldHVwKSApCisgICAgeworICAgICAgICBBU1NFUlQo c2F2ZWRfbWFzayk7CisgICAgICAgIF9faW9fYXBpY193cml0ZShhcGljLCBy ZWcsIHZhbHVlKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIC8q IG1hc2sgdGhlIGludGVycnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGludHJl bWFwIHRhYmxlICovCiAgICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAgewpA QCAtMjYyLDcgKzI4MCwxMSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBk YXRlX2lyZSgKICAgICB9CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0IHJl bWFwcGluZyBlbnRyeSAqLwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9m cm9tX2lvYXBpYyhiZGYsIGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBkYXRl X2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGljKAorICAgICAgICBiZGYsIGlv bW11LCAmbmV3X3J0ZSwKKyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChwaW4s CisgICAgICAgICAgICAgICAgICAgICAgICAgaW9hcGljX2JkZltJT19BUElD X0lEKGFwaWMpXS5waW5fc2V0dXApID8gJm9sZF9ydGUKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgOiBOVUxMKTsKIAogICAgIC8qIEZvcndhcmQgd3JpdGUgYWNj ZXNzIHRvIElPLUFQSUMgUlRFICovCiAgICAgX19pb19hcGljX3dyaXRlKGFw aWMsIHJlZywgdmFsdWUpOwpAQCAtMzczLDYgKzM5NSwxMiBAQCB2b2lkIGFt ZF9pb21tdV9tc2lfbXNnX3VwZGF0ZV9pcmUoCiAgICAgICAgIHJldHVybjsK ICAgICB9CiAKKyAgICBpZiAoIG1zaV9kZXNjLT5yZW1hcF9pbmRleCA+PSAw ICkKKyAgICAgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5X2Zyb21fbXNpX21z Zyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIE5VTEwpOworCisgICAgaWYgKCAh bXNnICkKKyAgICAgICAgcmV0dXJuOworCiAgICAgdXBkYXRlX2ludHJlbWFw X2VudHJ5X2Zyb21fbXNpX21zZyhpb21tdSwgcGRldiwgbXNpX2Rlc2MsIG1z Zyk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3Bj aV9hbWRfaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9h bWQvcGNpX2FtZF9pb21tdS5jCkBAIC0xOTUsNiArMTk1LDggQEAgaW50IF9f aW5pdCBhbWRfaW92X2RldGVjdCh2b2lkKQogICAgIHsKICAgICAgICAgcHJp bnRrKCJBTUQtVmk6IE5vdCBvdmVycmlkaW5nIGlycV92ZWN0b3JfbWFwIHNl dHRpbmdcbiIpOwogICAgIH0KKyAgICBpZiAoICFhbWRfaW9tbXVfcGVyZGV2 X2ludHJlbWFwICkKKyAgICAgICAgcHJpbnRrKFhFTkxPR19XQVJOSU5HICJB TUQtVmk6IFVzaW5nIGdsb2JhbCBpbnRlcnJ1cHQgcmVtYXAgdGFibGUgaXMg bm90IHJlY29tbWVuZGVkIChzZWUgWFNBLTM2KSFcbiIpOwogICAgIHJldHVy biBzY2FuX3BjaV9kZXZpY2VzKCk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMv cGFzc3Rocm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhy b3VnaC9pb21tdS5jCkBAIC00OSw3ICs0OSw3IEBAIGJvb2xfdCBfX3JlYWRf bW9zdGx5IGlvbW11X3FpbnZhbCA9IDE7CiBib29sX3QgX19yZWFkX21vc3Rs eSBpb21tdV9pbnRyZW1hcCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBp b21tdV9oYXBfcHRfc2hhcmU7CiBib29sX3QgX19yZWFkX21vc3RseSBhbWRf aW9tbXVfZGVidWc7Ci1ib29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVf cGVyZGV2X2ludHJlbWFwOworYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lv bW11X3BlcmRldl9pbnRyZW1hcCA9IDE7CiAKIHN0YXRpYyB2b2lkIF9faW5p dCBwYXJzZV9pb21tdV9wYXJhbShjaGFyICpzKQogewpAQCAtNzgsNiArNzgs OCBAQCBzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfaW9tbXVfcGFyYW0oY2hh CiAgICAgICAgICAgICBhbWRfaW9tbXVfZGVidWcgPSAxOwogICAgICAgICBl bHNlIGlmICggIXN0cmNtcChzLCAiYW1kLWlvbW11LXBlcmRldi1pbnRyZW1h cCIpICkKICAgICAgICAgICAgIGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAg PSAxOworICAgICAgICBlbHNlIGlmICggIXN0cmNtcChzLCAiYW1kLWlvbW11 LWdsb2JhbC1pbnRyZW1hcCIpICkKKyAgICAgICAgICAgIGFtZF9pb21tdV9w ZXJkZXZfaW50cmVtYXAgPSAwOwogICAgICAgICBlbHNlIGlmICggIXN0cmNt cChzLCAiZG9tMC1wYXNzdGhyb3VnaCIpICkKICAgICAgICAgICAgIGlvbW11 X3Bhc3N0aHJvdWdoID0gMTsKICAgICAgICAgZWxzZSBpZiAoICFzdHJjbXAo cywgImRvbTAtc3RyaWN0IikgKQotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2 L2h2bS9zdm0vYW1kLWlvbW11LXByb3RvLmgKKysrIGIveGVuL2luY2x1ZGUv YXNtLXg4Ni9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oCkBAIC04OCw2ICs4 OCwxMSBAQCB2b2lkIGFtZF9pb21tdV9yZWFkX21zaV9mcm9tX2lyZSgKIHVu c2lnbmVkIGludCBhbWRfaW9tbXVfcmVhZF9pb2FwaWNfZnJvbV9pcmUoCiAg ICAgdW5zaWduZWQgaW50IGFwaWMsIHVuc2lnbmVkIGludCByZWcpOwogCitl eHRlcm4gc3RydWN0IGlvYXBpY19iZGYgeworICAgIHUxNiBiZGY7CisgICAg dW5zaWduZWQgbG9uZyAqcGluX3NldHVwOworfSBpb2FwaWNfYmRmW107CisK IC8qIHBvd2VyIG1hbmFnZW1lbnQgc3VwcG9ydCAqLwogdm9pZCBhbWRfaW9t bXVfcmVzdW1lKHZvaWQpOwogdm9pZCBhbWRfaW9tbXVfc3VzcGVuZCh2b2lk KTsK --=separator Content-Type: application/octet-stream; name="xsa36-4.2.patch" Content-Disposition: attachment; filename="xsa36-4.2.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgpBTUQg SU9NTVU6IGFsc28gc3BvdCBtaXNzaW5nIElPLUFQSUMgZW50cmllcyBpbiBJ VlJTIHRhYmxlCgpBcGFydCBmcm9tIGRlYWxpbmcgZHVwbGljYXRlIGNvbmZs aWN0aW5nIGVudHJpZXMsIHdlIGFsc28gaGF2ZSB0bwpoYW5kbGUgZmlybXdh cmUgb21pdHRpbmcgSU8tQVBJQyBlbnRyaWVzIGluIElWUlMgYWx0b2dldGhl ci4gTm90IGRvaW5nCnNvIGhhcyByZXN1bHRlZCBpbiBjL3MgMjY1MTc6NjAx MTM5ZTJiMGRiIHRvIGNyYXNoIHN1Y2ggc3lzdGVtcyBkdXJpbmcKYm9vdCAo d2hlcmVhcyB3aXRoIHRoZSBjaGFuZ2UgaGVyZSB0aGUgSU9NTVUgZ2V0cyBk aXNhYmxlZCBqdXN0IGFzIGlzCmJlaW5nIGRvbmUgaW4gdGhlIG90aGVyIGNh c2VzLCBpLmUuIHVubGVzcyBnbG9iYWwgdGFibGVzIGFyZSBiZWluZwp1c2Vk KS4KCkRlYnVnZ2luZyB0aGlzIGlzc3VlIGhhcyBhbHNvIHBvaW50ZWQgb3V0 IHRoYXQgdGhlIGRlYnVnIGxvZyBvdXRwdXQgaXMKcHJldHR5IHVnbHkgdG8g bG9vayBhdCAtIGNvbnNvbGlkYXRlIHRoZSBvdXRwdXQsIGFuZCBhZGQgb25l IGV4dHJhCml0ZW0gZm9yIHRoZSBJVkhEIHNwZWNpYWwgZW50cmllcywgc28g dGhhdCBmdXR1cmUgaXNzdWVzIGFyZSBlYXNpZXIKdG8gYW5hbHl6ZS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K VGVzdGVkLWJ5OiBTYW5kZXIgRWlrZWxlbmJvb20gPGxpbnV4QGVpa2VsZW5i b29tLml0PgoKLS0tIGEveGVuL2FyY2gveDg2L2lycS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9pcnEuYwpAQCAtMTk0Miw5ICsxOTQyLDYgQEAgaW50IG1hcF9k b21haW5fcGlycSgKICAgICAgICAgc3Bpbl9sb2NrX2lycXNhdmUoJmRlc2Mt PmxvY2ssIGZsYWdzKTsKICAgICAgICAgc2V0X2RvbWFpbl9pcnFfcGlycShk LCBpcnEsIGluZm8pOwogICAgICAgICBzcGluX3VubG9ja19pcnFyZXN0b3Jl KCZkZXNjLT5sb2NrLCBmbGFncyk7Ci0KLSAgICAgICAgaWYgKCBvcHRfaXJx X3ZlY3Rvcl9tYXAgPT0gT1BUX0lSUV9WRUNUT1JfTUFQX1BFUkRFViApCi0g ICAgICAgICAgICBwcmludGsoWEVOTE9HX0lORk8gIlBlci1kZXZpY2UgdmVj dG9yIG1hcHMgZm9yIEdTSXMgbm90IGltcGxlbWVudGVkIHlldC5cbiIpOwog ICAgIH0KIAogZG9uZToKLS0tIGEveGVuL2RyaXZlcnMvYWNwaS90YWJsZXMu YworKysgYi94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCkBAIC0yNjcsNyAr MjY3LDcgQEAgYWNwaV90YWJsZV9wYXJzZV9tYWR0KGVudW0gYWNwaV9tYWR0 X3R5cAogICogQGhhbmRsZXI6IGhhbmRsZXIgdG8gcnVuCiAgKgogICogU2Nh biB0aGUgQUNQSSBTeXN0ZW0gRGVzY3JpcHRvciBUYWJsZSAoU1REKSBmb3Ig YSB0YWJsZSBtYXRjaGluZyBAaWQsCi0gKiBydW4gQGhhbmRsZXIgb24gaXQu ICBSZXR1cm4gMCBpZiB0YWJsZSBmb3VuZCwgcmV0dXJuIG9uIGlmIG5vdC4K KyAqIHJ1biBAaGFuZGxlciBvbiBpdC4KICAqLwogaW50IF9faW5pdCBhY3Bp X3RhYmxlX3BhcnNlKGNoYXIgKmlkLCBhY3BpX3RhYmxlX2hhbmRsZXIgaGFu ZGxlcikKIHsKQEAgLTI4Miw4ICsyODIsNyBAQCBpbnQgX19pbml0IGFjcGlf dGFibGVfcGFyc2UoY2hhciAqaWQsIGFjCiAJCWFjcGlfZ2V0X3RhYmxlKGlk LCAwLCAmdGFibGUpOwogCiAJaWYgKHRhYmxlKSB7Ci0JCWhhbmRsZXIodGFi bGUpOwotCQlyZXR1cm4gMDsKKwkJcmV0dXJuIGhhbmRsZXIodGFibGUpOwog CX0gZWxzZQogCQlyZXR1cm4gMTsKIH0KLS0tIGEveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X2FjcGkuYworKysgYi94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvaW9tbXVfYWNwaS5jCkBAIC0yMiw2ICsyMiw3IEBA CiAjaW5jbHVkZSA8eGVuL2Vycm5vLmg+CiAjaW5jbHVkZSA8eGVuL2FjcGku aD4KICNpbmNsdWRlIDxhc20vYXBpY2RlZi5oPgorI2luY2x1ZGUgPGFzbS9p b19hcGljLmg+CiAjaW5jbHVkZSA8YXNtL2FtZC1pb21tdS5oPgogI2luY2x1 ZGUgPGFzbS9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oPgogCkBAIC02MzUs NiArNjM2LDcgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZp Y2Vfc3BlYwogICAgIHUxNiBoZWFkZXJfbGVuZ3RoLCB1MTYgYmxvY2tfbGVu Z3RoLCBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSkKIHsKICAgICB1MTYgZGV2 X2xlbmd0aCwgYmRmOworICAgIGludCBhcGljOwogCiAgICAgZGV2X2xlbmd0 aCA9IHNpemVvZigqc3BlY2lhbCk7CiAgICAgaWYgKCBoZWFkZXJfbGVuZ3Ro IDwgKGJsb2NrX2xlbmd0aCArIGRldl9sZW5ndGgpICkKQEAgLTY1MSwxMCAr NjUzLDU5IEBAIHN0YXRpYyB1MTYgX19pbml0IHBhcnNlX2l2aGRfZGV2aWNl X3NwZWMKICAgICB9CiAKICAgICBhZGRfaXZyc19tYXBwaW5nX2VudHJ5KGJk ZiwgYmRmLCBzcGVjaWFsLT5oZWFkZXIuZGF0YV9zZXR0aW5nLCBpb21tdSk7 Ci0gICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMgKi8KLSAgICBpb2Fw aWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLmJkZiA9IGJkZjsKLSAgICBpb2Fw aWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLnNlZyA9IHNlZzsKLSAgICByZXR1 cm4gZGV2X2xlbmd0aDsKKworICAgIGlmICggc3BlY2lhbC0+dmFyaWV0eSAh PSBBQ1BJX0lWSERfSU9BUElDICkKKyAgICB7CisgICAgICAgIGlmICggc3Bl Y2lhbC0+dmFyaWV0eSAhPSBBQ1BJX0lWSERfSFBFVCApCisgICAgICAgICAg ICBwcmludGsoWEVOTE9HX0VSUiAiVW5yZWNvZ25pemVkIElWSEQgc3BlY2lh bCB2YXJpZXR5ICUjeFxuIiwKKyAgICAgICAgICAgICAgICAgICBzcGVjaWFs LT52YXJpZXR5KTsKKyAgICAgICAgcmV0dXJuIGRldl9sZW5ndGg7CisgICAg fQorCisgICAgLyoKKyAgICAgKiBTb21lIEJJT1NlcyBoYXZlIElPQVBJQyBi cm9rZW4gZW50cmllcyBzbyB3ZSBjaGVjayBmb3IgSVZSUworICAgICAqIGNv bnNpc3RlbmN5IGhlcmUgLS0tIHdoZXRoZXIgZW50cnkncyBJT0FQSUMgSUQg aXMgdmFsaWQgYW5kCisgICAgICogd2hldGhlciB0aGVyZSBhcmUgY29uZmxp Y3RpbmcvZHVwbGljYXRlZCBlbnRyaWVzLgorICAgICAqLworICAgIGZvciAo IGFwaWMgPSAwOyBhcGljIDwgbnJfaW9hcGljczsgYXBpYysrICkKKyAgICB7 CisgICAgICAgIGlmICggSU9fQVBJQ19JRChhcGljKSAhPSBzcGVjaWFsLT5o YW5kbGUgKQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgaWYg KCBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5kbGVdLnBpbl9zZXR1cCApCisg ICAgICAgIHsKKyAgICAgICAgICAgIGlmICggaW9hcGljX3NiZGZbc3BlY2lh bC0+aGFuZGxlXS5iZGYgPT0gYmRmICYmCisgICAgICAgICAgICAgICAgIGlv YXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0uc2VnID09IHNlZyApCisgICAg ICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJVkhEIFdhcm5pbmc6IER1 cGxpY2F0ZSBJTy1BUElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBzcGVjaWFsLT5oYW5kbGUpOworICAgICAg ICAgICAgZWxzZQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBDb25mbGljdGluZyBJTy1B UElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAgICAgICAgICAgICAgICBz cGVjaWFsLT5oYW5kbGUpOworICAgICAgICAgICAgICAgIGlmICggYW1kX2lv bW11X3BlcmRldl9pbnRyZW1hcCApCisgICAgICAgICAgICAgICAgICAgIHJl dHVybiAwOworICAgICAgICAgICAgfQorICAgICAgICB9CisgICAgICAgIGVs c2UKKyAgICAgICAgeworICAgICAgICAgICAgLyogc2V0IGRldmljZSBpZCBv ZiBpb2FwaWMgKi8KKyAgICAgICAgICAgIGlvYXBpY19zYmRmW3NwZWNpYWwt PmhhbmRsZV0uYmRmID0gYmRmOworICAgICAgICAgICAgaW9hcGljX3NiZGZb c3BlY2lhbC0+aGFuZGxlXS5zZWcgPSBzZWc7CisKKyAgICAgICAgICAgIGlv YXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0ucGluX3NldHVwID0geHphbGxv Y19hcnJheSgKKyAgICAgICAgICAgICAgICB1bnNpZ25lZCBsb25nLCBCSVRT X1RPX0xPTkdTKG5yX2lvYXBpY19lbnRyaWVzW2FwaWNdKSk7CisgICAgICAg ICAgICBpZiAoIG5yX2lvYXBpY19lbnRyaWVzW2FwaWNdICYmCisgICAgICAg ICAgICAgICAgICFpb2FwaWNfc2JkZltJT19BUElDX0lEKGFwaWMpXS5waW5f c2V0dXAgKQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIHByaW50 ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBPdXQgb2YgbWVtb3J5XG4iKTsK KyAgICAgICAgICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgICAgIH0KKyAg ICAgICAgfQorICAgICAgICByZXR1cm4gZGV2X2xlbmd0aDsKKyAgICB9CisK KyAgICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogSW52YWxpZCBJ Ty1BUElDICUjeFxuIiwgc3BlY2lhbC0+aGFuZGxlKTsKKyAgICByZXR1cm4g MDsKIH0KIAogc3RhdGljIGludCBfX2luaXQgcGFyc2VfaXZoZF9ibG9jayhj b25zdCBzdHJ1Y3QgYWNwaV9pdnJzX2hhcmR3YXJlICppdmhkX2Jsb2NrKQpA QCAtODE4LDYgKzg2OSw3IEBAIHN0YXRpYyBpbnQgX19pbml0IHBhcnNlX2l2 cnNfdGFibGUoc3RydWMKIHsKICAgICBjb25zdCBzdHJ1Y3QgYWNwaV9pdnJz X2hlYWRlciAqaXZyc19ibG9jazsKICAgICB1bnNpZ25lZCBsb25nIGxlbmd0 aDsKKyAgICB1bnNpZ25lZCBpbnQgYXBpYzsKICAgICBpbnQgZXJyb3IgPSAw OwogCiAgICAgQlVHX09OKCF0YWJsZSk7CkBAIC04NTAsNiArOTAyLDI5IEBA IHN0YXRpYyBpbnQgX19pbml0IHBhcnNlX2l2cnNfdGFibGUoc3RydWMKICAg ICAgICAgbGVuZ3RoICs9IGl2cnNfYmxvY2stPmxlbmd0aDsKICAgICB9CiAK KyAgICAvKiBFYWNoIElPLUFQSUMgbXVzdCBoYXZlIGJlZW4gbWVudGlvbmVk IGluIHRoZSB0YWJsZS4gKi8KKyAgICBmb3IgKCBhcGljID0gMDsgIWVycm9y ICYmIGFwaWMgPCBucl9pb2FwaWNzOyArK2FwaWMgKQorICAgIHsKKyAgICAg ICAgaWYgKCAhbnJfaW9hcGljX2VudHJpZXNbYXBpY10gfHwKKyAgICAgICAg ICAgICBpb2FwaWNfc2JkZltJT19BUElDX0lEKGFwaWMpXS5waW5fc2V0dXAg KQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgcHJpbnRrKFhF TkxPR19FUlIgIklWSEQgRXJyb3I6IG5vIGluZm9ybWF0aW9uIGZvciBJTy1B UElDICUjeFxuIiwKKyAgICAgICAgICAgICAgIElPX0FQSUNfSUQoYXBpYykp OworICAgICAgICBpZiAoIGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAgKQor ICAgICAgICAgICAgZXJyb3IgPSAtRU5YSU87CisgICAgICAgIGVsc2UKKyAg ICAgICAgeworICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChh cGljKV0ucGluX3NldHVwID0geHphbGxvY19hcnJheSgKKyAgICAgICAgICAg ICAgICB1bnNpZ25lZCBsb25nLCBCSVRTX1RPX0xPTkdTKG5yX2lvYXBpY19l bnRyaWVzW2FwaWNdKSk7CisgICAgICAgICAgICBpZiAoICFpb2FwaWNfc2Jk ZltJT19BUElDX0lEKGFwaWMpXS5waW5fc2V0dXAgKQorICAgICAgICAgICAg eworICAgICAgICAgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVy cm9yOiBPdXQgb2YgbWVtb3J5XG4iKTsKKyAgICAgICAgICAgICAgICBlcnJv ciA9IC1FTk9NRU07CisgICAgICAgICAgICB9CisgICAgICAgIH0KKyAgICB9 CisKICAgICByZXR1cm4gZXJyb3I7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMv cGFzc3Rocm91Z2gvYW1kL2lvbW11X2luaXQuYworKysgYi94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfaW5pdC5jCkBAIC0xMTI2LDEyICsx MTI2LDQ1IEBAIHN0YXRpYyBpbnQgX19pbml0IGFtZF9pb21tdV9zZXR1cF9k ZXZpY2UKICAgICByZXR1cm4gMDsKIH0KIAorLyogQ2hlY2sgd2hldGhlciBT UDUxMDAgU0FUQSBDb21iaW5lZCBtb2RlIGlzIG9uICovCitzdGF0aWMgYm9v bF90IF9faW5pdCBhbWRfc3A1MTAwX2VycmF0dW0yOCh2b2lkKQoreworICAg IHUzMiBidXMsIGlkOworICAgIHUxNiB2ZW5kb3JfaWQsIGRldl9pZDsKKyAg ICB1OCBieXRlOworCisgICAgZm9yIChidXMgPSAwOyBidXMgPCAyNTY7IGJ1 cysrKQorICAgIHsKKyAgICAgICAgaWQgPSBwY2lfY29uZl9yZWFkMzIoMCwg YnVzLCAweDE0LCAwLCBQQ0lfVkVORE9SX0lEKTsKKworICAgICAgICB2ZW5k b3JfaWQgPSBpZCAmIDB4ZmZmZjsKKyAgICAgICAgZGV2X2lkID0gKGlkID4+ IDE2KSAmIDB4ZmZmZjsKKworICAgICAgICAvKiBTUDUxMDAgU01CdXMgbW9k dWxlIHNldHMgQ29tYmluZWQgbW9kZSBvbiAqLworICAgICAgICBpZiAodmVu ZG9yX2lkICE9IDB4MTAwMiB8fCBkZXZfaWQgIT0gMHg0Mzg1KQorICAgICAg ICAgICAgY29udGludWU7CisKKyAgICAgICAgYnl0ZSA9IHBjaV9jb25mX3Jl YWQ4KDAsIGJ1cywgMHgxNCwgMCwgMHhhZCk7CisgICAgICAgIGlmICggKGJ5 dGUgPj4gMykgJiAxICkKKyAgICAgICAgeworICAgICAgICAgICAgcHJpbnRr KFhFTkxPR19XQVJOSU5HICJBTUQtVmk6IFNQNTEwMCBlcnJhdHVtIDI4IGRl dGVjdGVkLCBkaXNhYmxpbmcgSU9NTVUuXG4iCisgICAgICAgICAgICAgICAg ICAgIklmIHBvc3NpYmxlLCBkaXNhYmxlIFNBVEEgQ29tYmluZWQgbW9kZSBp biBCSU9TIG9yIGNvbnRhY3QgeW91ciB2ZW5kb3IgZm9yIEJJT1MgdXBkYXRl LlxuIik7CisgICAgICAgICAgICByZXR1cm4gMTsKKyAgICAgICAgfQorICAg IH0KKworICAgIHJldHVybiAwOworfQorCiBpbnQgX19pbml0IGFtZF9pb21t dV9pbml0KHZvaWQpCiB7CiAgICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXU7 CiAKICAgICBCVUdfT04oICFpb21tdV9mb3VuZCgpICk7CiAKKyAgICBpZiAo IGFtZF9pb21tdV9wZXJkZXZfaW50cmVtYXAgJiYgYW1kX3NwNTEwMF9lcnJh dHVtMjgoKSApCisgICAgICAgIGdvdG8gZXJyb3Jfb3V0OworCiAgICAgaXZy c19iZGZfZW50cmllcyA9IGFtZF9pb21tdV9nZXRfaXZyc19kZXZfZW50cmll cygpOwogCiAgICAgaWYgKCAhaXZyc19iZGZfZW50cmllcyApCi0tLSBhL3hl bi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9pbnRyLmMKKysrIGIv eGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X2ludHIuYwpAQCAt OTksMTIgKzk5LDEyIEBAIHN0YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9l bnRyeSh1MzIqIGUKIHN0YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRy eV9mcm9tX2lvYXBpYygKICAgICBpbnQgYmRmLAogICAgIHN0cnVjdCBhbWRf aW9tbXUgKmlvbW11LAotICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5 ICppb2FwaWNfcnRlKQorICAgIGNvbnN0IHN0cnVjdCBJT19BUElDX3JvdXRl X2VudHJ5ICpydGUsCisgICAgY29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVf ZW50cnkgKm9sZF9ydGUpCiB7CiAgICAgdW5zaWduZWQgbG9uZyBmbGFnczsK ICAgICB1MzIqIGVudHJ5OwogICAgIHU4IGRlbGl2ZXJ5X21vZGUsIGRlc3Qs IHZlY3RvciwgZGVzdF9tb2RlOwotICAgIHN0cnVjdCBJT19BUElDX3JvdXRl X2VudHJ5ICpydGUgPSBpb2FwaWNfcnRlOwogICAgIGludCByZXFfaWQ7CiAg ICAgc3BpbmxvY2tfdCAqbG9jazsKICAgICBpbnQgb2Zmc2V0OwpAQCAtMTIw LDYgKzEyMCwxNCBAQCBzdGF0aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50 cnlfZnJvbV9pCiAgICAgc3Bpbl9sb2NrX2lycXNhdmUobG9jaywgZmxhZ3Mp OwogCiAgICAgb2Zmc2V0ID0gZ2V0X2ludHJlbWFwX29mZnNldCh2ZWN0b3Is IGRlbGl2ZXJ5X21vZGUpOworICAgIGlmICggb2xkX3J0ZSApCisgICAgewor ICAgICAgICBpbnQgb2xkX29mZnNldCA9IGdldF9pbnRyZW1hcF9vZmZzZXQo b2xkX3J0ZS0+dmVjdG9yLAorICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgb2xkX3J0ZS0+ZGVsaXZlcnlfbW9kZSk7CisK KyAgICAgICAgaWYgKCBvZmZzZXQgIT0gb2xkX29mZnNldCApCisgICAgICAg ICAgICBmcmVlX2ludHJlbWFwX2VudHJ5KGlvbW11LT5zZWcsIGJkZiwgb2xk X29mZnNldCk7CisgICAgfQogICAgIGVudHJ5ID0gKHUzMiopZ2V0X2ludHJl bWFwX2VudHJ5KGlvbW11LT5zZWcsIHJlcV9pZCwgb2Zmc2V0KTsKICAgICB1 cGRhdGVfaW50cmVtYXBfZW50cnkoZW50cnksIHZlY3RvciwgZGVsaXZlcnlf bW9kZSwgZGVzdF9tb2RlLCBkZXN0KTsKIApAQCAtMTg4LDYgKzE5Niw3IEBA IGludCBfX2luaXQgYW1kX2lvbW11X3NldHVwX2lvYXBpY19yZW1hcHAKICAg ICAgICAgICAgICAgICBhbWRfaW9tbXVfZmx1c2hfaW50cmVtYXAoaW9tbXUs IHJlcV9pZCk7CiAgICAgICAgICAgICAgICAgc3Bpbl91bmxvY2tfaXJxcmVz dG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKICAgICAgICAgICAgIH0KKyAg ICAgICAgICAgIHNldF9iaXQocGluLCBpb2FwaWNfc2JkZltJT19BUElDX0lE KGFwaWMpXS5waW5fc2V0dXApOwogICAgICAgICB9CiAgICAgfQogICAgIHJl dHVybiAwOwpAQCAtMTk5LDYgKzIwOCw3IEBAIHZvaWQgYW1kX2lvbW11X2lv YXBpY191cGRhdGVfaXJlKAogICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2Vu dHJ5IG9sZF9ydGUgPSB7IDAgfTsKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0 ZV9lbnRyeSBuZXdfcnRlID0geyAwIH07CiAgICAgdW5zaWduZWQgaW50IHJ0 ZV9sbyA9IChyZWcgJiAxKSA/IHJlZyAtIDEgOiByZWc7CisgICAgdW5zaWdu ZWQgaW50IHBpbiA9IChyZWcgLSAweDEwKSAvIDI7CiAgICAgaW50IHNhdmVk X21hc2ssIHNlZywgYmRmOwogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11 OwogCkBAIC0yMzYsNiArMjQ2LDE0IEBAIHZvaWQgYW1kX2lvbW11X2lvYXBp Y191cGRhdGVfaXJlKAogICAgICAgICAqKCgodTMyICopJm5ld19ydGUpICsg MSkgPSB2YWx1ZTsKICAgICB9CiAKKyAgICBpZiAoIG5ld19ydGUubWFzayAm JgorICAgICAgICAgIXRlc3RfYml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJ Q19JRChhcGljKV0ucGluX3NldHVwKSApCisgICAgeworICAgICAgICBBU1NF UlQoc2F2ZWRfbWFzayk7CisgICAgICAgIF9faW9fYXBpY193cml0ZShhcGlj LCByZWcsIHZhbHVlKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAg IC8qIG1hc2sgdGhlIGludGVycnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGlu dHJlbWFwIHRhYmxlICovCiAgICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAg ewpAQCAtMjQ0LDcgKzI2MiwxMSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNf dXBkYXRlX2lyZSgKICAgICB9CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0 IHJlbWFwcGluZyBlbnRyeSAqLwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRy eV9mcm9tX2lvYXBpYyhiZGYsIGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBk YXRlX2ludHJlbWFwX2VudHJ5X2Zyb21faW9hcGljKAorICAgICAgICBiZGYs IGlvbW11LCAmbmV3X3J0ZSwKKyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChw aW4sCisgICAgICAgICAgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9f QVBJQ19JRChhcGljKV0ucGluX3NldHVwKSA/ICZvbGRfcnRlCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA6IE5VTEwpOwogCiAgICAgLyogRm9yd2FyZCB3cml0 ZSBhY2Nlc3MgdG8gSU8tQVBJQyBSVEUgKi8KICAgICBfX2lvX2FwaWNfd3Jp dGUoYXBpYywgcmVnLCB2YWx1ZSk7CkBAIC0zNTQsNiArMzc2LDEyIEBAIHZv aWQgYW1kX2lvbW11X21zaV9tc2dfdXBkYXRlX2lyZSgKICAgICAgICAgcmV0 dXJuOwogICAgIH0KIAorICAgIGlmICggbXNpX2Rlc2MtPnJlbWFwX2luZGV4 ID49IDAgKQorICAgICAgICB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9t c2lfbXNnKGlvbW11LCBwZGV2LCBtc2lfZGVzYywgTlVMTCk7CisKKyAgICBp ZiAoICFtc2cgKQorICAgICAgICByZXR1cm47CisKICAgICB1cGRhdGVfaW50 cmVtYXBfZW50cnlfZnJvbV9tc2lfbXNnKGlvbW11LCBwZGV2LCBtc2lfZGVz YywgbXNnKTsKIH0KIAotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9h bWQvcGNpX2FtZF9pb21tdS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJv dWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKQEAgLTIwNSw2ICsyMDUsOCBAQCBp bnQgX19pbml0IGFtZF9pb3ZfZGV0ZWN0KHZvaWQpCiAgICAgewogICAgICAg ICBwcmludGsoIkFNRC1WaTogTm90IG92ZXJyaWRpbmcgaXJxX3ZlY3Rvcl9t YXAgc2V0dGluZ1xuIik7CiAgICAgfQorICAgIGlmICggIWFtZF9pb21tdV9w ZXJkZXZfaW50cmVtYXAgKQorICAgICAgICBwcmludGsoWEVOTE9HX1dBUk5J TkcgIkFNRC1WaTogVXNpbmcgZ2xvYmFsIGludGVycnVwdCByZW1hcCB0YWJs ZSBpcyBub3QgcmVjb21tZW5kZWQgKHNlZSBYU0EtMzYpIVxuIik7CiAgICAg cmV0dXJuIHNjYW5fcGNpX2RldmljZXMoKTsKIH0KIAotLS0gYS94ZW4vZHJp dmVycy9wYXNzdGhyb3VnaC9pb21tdS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bh c3N0aHJvdWdoL2lvbW11LmMKQEAgLTUyLDcgKzUyLDcgQEAgYm9vbF90IF9f cmVhZF9tb3N0bHkgaW9tbXVfcWludmFsID0gMTsKIGJvb2xfdCBfX3JlYWRf bW9zdGx5IGlvbW11X2ludHJlbWFwID0gMTsKIGJvb2xfdCBfX3JlYWRfbW9z dGx5IGlvbW11X2hhcF9wdF9zaGFyZSA9IDE7CiBib29sX3QgX19yZWFkX21v c3RseSBpb21tdV9kZWJ1ZzsKLWJvb2xfdCBfX3JlYWRfbW9zdGx5IGFtZF9p b21tdV9wZXJkZXZfaW50cmVtYXA7Citib29sX3QgX19yZWFkX21vc3RseSBh bWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwID0gMTsKIAogREVGSU5FX1BFUl9D UFUoYm9vbF90LCBpb21tdV9kb250X2ZsdXNoX2lvdGxiKTsKIAotLS0gYS94 ZW4vaW5jbHVkZS9hc20teDg2L2h2bS9zdm0vYW1kLWlvbW11LXByb3RvLmgK KysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9odm0vc3ZtL2FtZC1pb21tdS1w cm90by5oCkBAIC0xMDAsNiArMTAwLDcgQEAgdm9pZCBhbWRfaW9tbXVfcmVh ZF9tc2lfZnJvbV9pcmUoCiAKIGV4dGVybiBzdHJ1Y3QgaW9hcGljX3NiZGYg ewogICAgIHUxNiBiZGYsIHNlZzsKKyAgICB1bnNpZ25lZCBsb25nICpwaW5f c2V0dXA7CiB9IGlvYXBpY19zYmRmW01BWF9JT19BUElDU107CiBleHRlcm4g dm9pZCAqc2hhcmVkX2ludHJlbWFwX3RhYmxlOwogCg== --=separator Content-Type: application/octet-stream; name="xsa36-unstable.patch" Content-Disposition: attachment; filename="xsa36-unstable.patch" Content-Transfer-Encoding: base64 QUNQSTogYWNwaV90YWJsZV9wYXJzZSgpIHNob3VsZCByZXR1cm4gaGFuZGxl cidzIGVycm9yIGNvZGUKCkN1cnJlbnRseSwgdGhlIGVycm9yIGNvZGUgcmV0 dXJuZWQgYnkgYWNwaV90YWJsZV9wYXJzZSgpJ3MgaGFuZGxlcgppcyBpZ25v cmVkLiBUaGlzIHBhdGNoIHdpbGwgcHJvcGFnYXRlIGhhbmRsZXIncyByZXR1 cm4gdmFsdWUgdG8KYWNwaV90YWJsZV9wYXJzZSgpJ3MgY2FsbGVyLgoKQU1E LElPTU1VOiBDbGVhbiB1cCBvbGQgZW50cmllcyBpbiByZW1hcHBpbmcgdGFi bGVzIHdoZW4gY3JlYXRpbmcgbmV3CmludGVycnVwdCBtYXBwaW5nLgoKV2hl biBjaGFuZ2luZyB0aGUgYWZmaW5pdHkgb2YgYW4gSVJRIGFzc29jaWF0ZWQg d2l0aCBhIHBhc3NlZAp0aHJvdWdoIFBDSSBkZXZpY2UsIGNsZWFyIHByZXZp b3VzIG1hcHBpbmcuCgpJbiBhZGRpdGlvbiwgYmVjYXVzZSBzb21lIEJJT1Nl cyBtYXkgaW5jb3JyZWN0bHkgcHJvZ3JhbSBJVlJTCmVudHJpZXMgZm9yIElP QVBJQyB0cnkgdG8gY2hlY2sgZm9yIGVudHJ5J3MgY29uc2lzdGVuY3kuIFNw ZWNpZmljYWxseSwKaWYgY29uZmxpY3RpbmcgZW50cmllcyBhcmUgZm91bmQg ZGlzYWJsZSBJT01NVSBpZiBwZXItZGV2aWNlCnJlbWFwcGluZyB0YWJsZSBp cyB1c2VkLiBJZiBlbnRyaWVzIHJlZmVyIHRvIGJvZ3VzIElPQVBJQyBJRHMK ZGlzYWJsZSBJT01NVSB1bmNvbmRpdGlvbmFsbHkKCkFNRCxJT01NVTogRGlz YWJsZSBJT01NVSBpZiBTQVRBIENvbWJpbmVkIG1vZGUgaXMgb24KCkFNRCdz IFNQNTEwMCBjaGlwc2V0IGNhbiBiZSBwbGFjZWQgaW50byBTQVRBIENvbWJp bmVkIG1vZGUKdGhhdCBtYXkgY2F1c2UgcHJldmVudCBkb20wIGZyb20gYm9v dGluZyB3aGVuIElPTU1VIGlzCmVuYWJsZWQgYW5kIHBlci1kZXZpY2UgaW50 ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBpcyB1c2VkLgpXaGlsZSBTUDUxMDAg ZXJyYXR1bSAyOCByZXF1aXJlcyBCSU9TZXMgdG8gZGlzYWJsZSB0aGlzIG1v ZGUsCnNvbWUgbWF5IHN0aWxsIHVzZSBpdC4KClRoaXMgcGF0Y2ggY2hlY2tz IHdoZXRoZXIgdGhpcyBtb2RlIGlzIG9uIGFuZCwgaWYgcGVyLWRldmljZQp0 YWJsZSBpcyBpbiB1c2UsIGRpc2FibGVzIElPTU1VLgoKQU1ELElPTU1VOiBN YWtlIHBlci1kZXZpY2UgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBkZWZh dWx0CgpVc2luZyBnbG9iYWwgaW50ZXJydXB0IHJlbWFwcGluZyB0YWJsZSBt YXkgYmUgaW5zZWN1cmUsIGFzCmRlc2NyaWJlZCBieSBYU0EtMzYuIFRoaXMg cGF0Y2ggbWFrZXMgcGVyLWRldmljZSBtb2RlIGRlZmF1bHQuCgpUaGlzIGlz IFhTQS0zNiAvIENWRS0yMDEzLTAxNTMuCgpTaWduZWQtb2ZmLWJ5OiBKYW4g QmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEJv cmlzIE9zdHJvdnNreSA8Ym9yaXMub3N0cm92c2t5QGFtZC5jb20+CgpBTUQg SU9NTVU6IGFsc28gc3BvdCBtaXNzaW5nIElPLUFQSUMgZW50cmllcyBpbiBJ VlJTIHRhYmxlCgpBcGFydCBmcm9tIGRlYWxpbmcgZHVwbGljYXRlIGNvbmZs aWN0aW5nIGVudHJpZXMsIHdlIGFsc28gaGF2ZSB0bwpoYW5kbGUgZmlybXdh cmUgb21pdHRpbmcgSU8tQVBJQyBlbnRyaWVzIGluIElWUlMgYWx0b2dldGhl ci4gTm90IGRvaW5nCnNvIGhhcyByZXN1bHRlZCBpbiBjL3MgMjY1MTc6NjAx MTM5ZTJiMGRiIHRvIGNyYXNoIHN1Y2ggc3lzdGVtcyBkdXJpbmcKYm9vdCAo d2hlcmVhcyB3aXRoIHRoZSBjaGFuZ2UgaGVyZSB0aGUgSU9NTVUgZ2V0cyBk aXNhYmxlZCBqdXN0IGFzIGlzCmJlaW5nIGRvbmUgaW4gdGhlIG90aGVyIGNh c2VzLCBpLmUuIHVubGVzcyBnbG9iYWwgdGFibGVzIGFyZSBiZWluZwp1c2Vk KS4KCkRlYnVnZ2luZyB0aGlzIGlzc3VlIGhhcyBhbHNvIHBvaW50ZWQgb3V0 IHRoYXQgdGhlIGRlYnVnIGxvZyBvdXRwdXQgaXMKcHJldHR5IHVnbHkgdG8g bG9vayBhdCAtIGNvbnNvbGlkYXRlIHRoZSBvdXRwdXQsIGFuZCBhZGQgb25l IGV4dHJhCml0ZW0gZm9yIHRoZSBJVkhEIHNwZWNpYWwgZW50cmllcywgc28g dGhhdCBmdXR1cmUgaXNzdWVzIGFyZSBlYXNpZXIKdG8gYW5hbHl6ZS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K VGVzdGVkLWJ5OiBTYW5kZXIgRWlrZWxlbmJvb20gPGxpbnV4QGVpa2VsZW5i b29tLml0PgoKLS0tIGEveGVuL2FyY2gveDg2L2lycS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9pcnEuYwpAQCAtMTk0Myw5ICsxOTQzLDYgQEAgaW50IG1hcF9k b21haW5fcGlycSgKICAgICAgICAgc3Bpbl9sb2NrX2lycXNhdmUoJmRlc2Mt PmxvY2ssIGZsYWdzKTsKICAgICAgICAgc2V0X2RvbWFpbl9pcnFfcGlycShk LCBpcnEsIGluZm8pOwogICAgICAgICBzcGluX3VubG9ja19pcnFyZXN0b3Jl KCZkZXNjLT5sb2NrLCBmbGFncyk7Ci0KLSAgICAgICAgaWYgKCBvcHRfaXJx X3ZlY3Rvcl9tYXAgPT0gT1BUX0lSUV9WRUNUT1JfTUFQX1BFUkRFViApCi0g ICAgICAgICAgICBwcmludGsoWEVOTE9HX0lORk8gIlBlci1kZXZpY2UgdmVj dG9yIG1hcHMgZm9yIEdTSXMgbm90IGltcGxlbWVudGVkIHlldC5cbiIpOwog ICAgIH0KIAogZG9uZToKLS0tIGEveGVuL2RyaXZlcnMvYWNwaS90YWJsZXMu YworKysgYi94ZW4vZHJpdmVycy9hY3BpL3RhYmxlcy5jCkBAIC0yNjUsNyAr MjY1LDcgQEAgYWNwaV90YWJsZV9wYXJzZV9tYWR0KGVudW0gYWNwaV9tYWR0 X3R5cAogICogQGhhbmRsZXI6IGhhbmRsZXIgdG8gcnVuCiAgKgogICogU2Nh biB0aGUgQUNQSSBTeXN0ZW0gRGVzY3JpcHRvciBUYWJsZSAoU1REKSBmb3Ig YSB0YWJsZSBtYXRjaGluZyBAaWQsCi0gKiBydW4gQGhhbmRsZXIgb24gaXQu ICBSZXR1cm4gMCBpZiB0YWJsZSBmb3VuZCwgcmV0dXJuIG9uIGlmIG5vdC4K KyAqIHJ1biBAaGFuZGxlciBvbiBpdC4KICAqLwogaW50IF9faW5pdCBhY3Bp X3RhYmxlX3BhcnNlKGNoYXIgKmlkLCBhY3BpX3RhYmxlX2hhbmRsZXIgaGFu ZGxlcikKIHsKQEAgLTI4MCw4ICsyODAsNyBAQCBpbnQgX19pbml0IGFjcGlf dGFibGVfcGFyc2UoY2hhciAqaWQsIGFjCiAJCWFjcGlfZ2V0X3RhYmxlKGlk LCAwLCAmdGFibGUpOwogCiAJaWYgKHRhYmxlKSB7Ci0JCWhhbmRsZXIodGFi bGUpOwotCQlyZXR1cm4gMDsKKwkJcmV0dXJuIGhhbmRsZXIodGFibGUpOwog CX0gZWxzZQogCQlyZXR1cm4gMTsKIH0KLS0tIGEveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X2FjcGkuYworKysgYi94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvaW9tbXVfYWNwaS5jCkBAIC0yMiw2ICsyMiw3IEBA CiAjaW5jbHVkZSA8eGVuL2Vycm5vLmg+CiAjaW5jbHVkZSA8eGVuL2FjcGku aD4KICNpbmNsdWRlIDxhc20vYXBpY2RlZi5oPgorI2luY2x1ZGUgPGFzbS9p b19hcGljLmg+CiAjaW5jbHVkZSA8YXNtL2FtZC1pb21tdS5oPgogI2luY2x1 ZGUgPGFzbS9odm0vc3ZtL2FtZC1pb21tdS1wcm90by5oPgogCkBAIC02Mzcs NiArNjM4LDcgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZp Y2Vfc3BlYwogICAgIHUxNiBoZWFkZXJfbGVuZ3RoLCB1MTYgYmxvY2tfbGVu Z3RoLCBzdHJ1Y3QgYW1kX2lvbW11ICppb21tdSkKIHsKICAgICB1MTYgZGV2 X2xlbmd0aCwgYmRmOworICAgIGludCBhcGljOwogCiAgICAgZGV2X2xlbmd0 aCA9IHNpemVvZigqc3BlY2lhbCk7CiAgICAgaWYgKCBoZWFkZXJfbGVuZ3Ro IDwgKGJsb2NrX2xlbmd0aCArIGRldl9sZW5ndGgpICkKQEAgLTY1Nyw5ICs2 NTksNTMgQEAgc3RhdGljIHUxNiBfX2luaXQgcGFyc2VfaXZoZF9kZXZpY2Vf c3BlYwogICAgIHN3aXRjaCAoIHNwZWNpYWwtPnZhcmlldHkgKQogICAgIHsK ICAgICBjYXNlIEFDUElfSVZIRF9JT0FQSUM6Ci0gICAgLyogc2V0IGRldmlj ZSBpZCBvZiBpb2FwaWMgKi8KLSAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lh bC0+aGFuZGxlXS5iZGYgPSBiZGY7Ci0gICAgICAgIGlvYXBpY19zYmRmW3Nw ZWNpYWwtPmhhbmRsZV0uc2VnID0gc2VnOworICAgICAgICAvKgorICAgICAg ICAgKiBTb21lIEJJT1NlcyBoYXZlIElPQVBJQyBicm9rZW4gZW50cmllcyBz byB3ZSBjaGVjayBmb3IgSVZSUworICAgICAgICAgKiBjb25zaXN0ZW5jeSBo ZXJlIC0tLSB3aGV0aGVyIGVudHJ5J3MgSU9BUElDIElEIGlzIHZhbGlkIGFu ZAorICAgICAgICAgKiB3aGV0aGVyIHRoZXJlIGFyZSBjb25mbGljdGluZy9k dXBsaWNhdGVkIGVudHJpZXMuCisgICAgICAgICAqLworICAgICAgICBmb3Ig KCBhcGljID0gMDsgYXBpYyA8IG5yX2lvYXBpY3M7IGFwaWMrKyApCisgICAg ICAgIHsKKyAgICAgICAgICAgIGlmICggSU9fQVBJQ19JRChhcGljKSAhPSBz cGVjaWFsLT5oYW5kbGUgKQorICAgICAgICAgICAgICAgIGNvbnRpbnVlOwor CisgICAgICAgICAgICBpZiAoIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRs ZV0ucGluX3NldHVwICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAg ICBpZiAoIGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0uYmRmID09IGJk ZiAmJgorICAgICAgICAgICAgICAgICAgICAgaW9hcGljX3NiZGZbc3BlY2lh bC0+aGFuZGxlXS5zZWcgPT0gc2VnICkKKyAgICAgICAgICAgICAgICAgICAg QU1EX0lPTU1VX0RFQlVHKCJJVkhEIFdhcm5pbmc6IER1cGxpY2F0ZSBJTy1B UElDICUjeCBlbnRyaWVzXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgc3BlY2lhbC0+aGFuZGxlKTsKKyAgICAgICAgICAgICAg ICBlbHNlCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAgICAg ICBwcmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogQ29uZmxpY3Rpbmcg SU8tQVBJQyAlI3ggZW50cmllc1xuIiwKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNwZWNpYWwtPmhhbmRsZSk7CisgICAgICAgICAgICAgICAgICAg IGlmICggYW1kX2lvbW11X3BlcmRldl9pbnRyZW1hcCApCisgICAgICAgICAg ICAgICAgICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgICAgICAgICB9Cisg ICAgICAgICAgICB9CisgICAgICAgICAgICBlbHNlCisgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgLyogc2V0IGRldmljZSBpZCBvZiBpb2FwaWMg Ki8KKyAgICAgICAgICAgICAgICBpb2FwaWNfc2JkZltzcGVjaWFsLT5oYW5k bGVdLmJkZiA9IGJkZjsKKyAgICAgICAgICAgICAgICBpb2FwaWNfc2JkZltz cGVjaWFsLT5oYW5kbGVdLnNlZyA9IHNlZzsKKworICAgICAgICAgICAgICAg IGlvYXBpY19zYmRmW3NwZWNpYWwtPmhhbmRsZV0ucGluX3NldHVwID0geHph bGxvY19hcnJheSgKKyAgICAgICAgICAgICAgICAgICAgdW5zaWduZWQgbG9u ZywgQklUU19UT19MT05HUyhucl9pb2FwaWNfZW50cmllc1thcGljXSkpOwor ICAgICAgICAgICAgICAgIGlmICggbnJfaW9hcGljX2VudHJpZXNbYXBpY10g JiYKKyAgICAgICAgICAgICAgICAgICAgICFpb2FwaWNfc2JkZltJT19BUElD X0lEKGFwaWMpXS5waW5fc2V0dXAgKQorICAgICAgICAgICAgICAgIHsKKyAg ICAgICAgICAgICAgICAgICAgcHJpbnRrKFhFTkxPR19FUlIgIklWSEQgRXJy b3I6IE91dCBvZiBtZW1vcnlcbiIpOworICAgICAgICAgICAgICAgICAgICBy ZXR1cm4gMDsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICB9Cisg ICAgICAgICAgICBicmVhazsKKyAgICAgICAgfQorICAgICAgICBpZiAoIGFw aWMgPT0gbnJfaW9hcGljcyApCisgICAgICAgIHsKKyAgICAgICAgICAgIHBy aW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9yOiBJbnZhbGlkIElPLUFQSUMg JSN4XG4iLAorICAgICAgICAgICAgICAgICAgIHNwZWNpYWwtPmhhbmRsZSk7 CisgICAgICAgICAgICByZXR1cm4gMDsKKyAgICAgICAgfQogICAgICAgICBi cmVhazsKICAgICBjYXNlIEFDUElfSVZIRF9IUEVUOgogICAgICAgICAvKiBz ZXQgZGV2aWNlIGlkIG9mIGhwZXQgKi8KQEAgLTg0NCw2ICs4OTAsNyBAQCBz dGF0aWMgaW50IF9faW5pdCBwYXJzZV9pdnJzX3RhYmxlKHN0cnVjCiB7CiAg ICAgY29uc3Qgc3RydWN0IGFjcGlfaXZyc19oZWFkZXIgKml2cnNfYmxvY2s7 CiAgICAgdW5zaWduZWQgbG9uZyBsZW5ndGg7CisgICAgdW5zaWduZWQgaW50 IGFwaWM7CiAgICAgaW50IGVycm9yID0gMDsKIAogICAgIEJVR19PTighdGFi bGUpOwpAQCAtODc2LDYgKzkyMywyOSBAQCBzdGF0aWMgaW50IF9faW5pdCBw YXJzZV9pdnJzX3RhYmxlKHN0cnVjCiAgICAgICAgIGxlbmd0aCArPSBpdnJz X2Jsb2NrLT5sZW5ndGg7CiAgICAgfQogCisgICAgLyogRWFjaCBJTy1BUElD IG11c3QgaGF2ZSBiZWVuIG1lbnRpb25lZCBpbiB0aGUgdGFibGUuICovCisg ICAgZm9yICggYXBpYyA9IDA7ICFlcnJvciAmJiBhcGljIDwgbnJfaW9hcGlj czsgKythcGljICkKKyAgICB7CisgICAgICAgIGlmICggIW5yX2lvYXBpY19l bnRyaWVzW2FwaWNdIHx8CisgICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9f QVBJQ19JRChhcGljKV0ucGluX3NldHVwICkKKyAgICAgICAgICAgIGNvbnRp bnVlOworCisgICAgICAgIHByaW50ayhYRU5MT0dfRVJSICJJVkhEIEVycm9y OiBubyBpbmZvcm1hdGlvbiBmb3IgSU8tQVBJQyAlI3hcbiIsCisgICAgICAg ICAgICAgICBJT19BUElDX0lEKGFwaWMpKTsKKyAgICAgICAgaWYgKCBhbWRf aW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAgICAgICAgICAgIGVycm9yID0g LUVOWElPOworICAgICAgICBlbHNlCisgICAgICAgIHsKKyAgICAgICAgICAg IGlvYXBpY19zYmRmW0lPX0FQSUNfSUQoYXBpYyldLnBpbl9zZXR1cCA9IHh6 YWxsb2NfYXJyYXkoCisgICAgICAgICAgICAgICAgdW5zaWduZWQgbG9uZywg QklUU19UT19MT05HUyhucl9pb2FwaWNfZW50cmllc1thcGljXSkpOworICAg ICAgICAgICAgaWYgKCAhaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0u cGluX3NldHVwICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICBw cmludGsoWEVOTE9HX0VSUiAiSVZIRCBFcnJvcjogT3V0IG9mIG1lbW9yeVxu Iik7CisgICAgICAgICAgICAgICAgZXJyb3IgPSAtRU5PTUVNOworICAgICAg ICAgICAgfQorICAgICAgICB9CisgICAgfQorCiAgICAgcmV0dXJuIGVycm9y OwogfQogCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21t dV9pbml0LmMKKysrIGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lv bW11X2luaXQuYwpAQCAtMTEyMCwxMiArMTEyMCw0NSBAQCBzdGF0aWMgaW50 IF9faW5pdCBhbWRfaW9tbXVfc2V0dXBfZGV2aWNlCiAgICAgcmV0dXJuIDA7 CiB9CiAKKy8qIENoZWNrIHdoZXRoZXIgU1A1MTAwIFNBVEEgQ29tYmluZWQg bW9kZSBpcyBvbiAqLworc3RhdGljIGJvb2xfdCBfX2luaXQgYW1kX3NwNTEw MF9lcnJhdHVtMjgodm9pZCkKK3sKKyAgICB1MzIgYnVzLCBpZDsKKyAgICB1 MTYgdmVuZG9yX2lkLCBkZXZfaWQ7CisgICAgdTggYnl0ZTsKKworICAgIGZv ciAoYnVzID0gMDsgYnVzIDwgMjU2OyBidXMrKykKKyAgICB7CisgICAgICAg IGlkID0gcGNpX2NvbmZfcmVhZDMyKDAsIGJ1cywgMHgxNCwgMCwgUENJX1ZF TkRPUl9JRCk7CisKKyAgICAgICAgdmVuZG9yX2lkID0gaWQgJiAweGZmZmY7 CisgICAgICAgIGRldl9pZCA9IChpZCA+PiAxNikgJiAweGZmZmY7CisKKyAg ICAgICAgLyogU1A1MTAwIFNNQnVzIG1vZHVsZSBzZXRzIENvbWJpbmVkIG1v ZGUgb24gKi8KKyAgICAgICAgaWYgKHZlbmRvcl9pZCAhPSAweDEwMDIgfHwg ZGV2X2lkICE9IDB4NDM4NSkKKyAgICAgICAgICAgIGNvbnRpbnVlOworCisg ICAgICAgIGJ5dGUgPSBwY2lfY29uZl9yZWFkOCgwLCBidXMsIDB4MTQsIDAs IDB4YWQpOworICAgICAgICBpZiAoIChieXRlID4+IDMpICYgMSApCisgICAg ICAgIHsKKyAgICAgICAgICAgIHByaW50ayhYRU5MT0dfV0FSTklORyAiQU1E LVZpOiBTUDUxMDAgZXJyYXR1bSAyOCBkZXRlY3RlZCwgZGlzYWJsaW5nIElP TU1VLlxuIgorICAgICAgICAgICAgICAgICAgICJJZiBwb3NzaWJsZSwgZGlz YWJsZSBTQVRBIENvbWJpbmVkIG1vZGUgaW4gQklPUyBvciBjb250YWN0IHlv dXIgdmVuZG9yIGZvciBCSU9TIHVwZGF0ZS5cbiIpOworICAgICAgICAgICAg cmV0dXJuIDE7CisgICAgICAgIH0KKyAgICB9CisKKyAgICByZXR1cm4gMDsK K30KKwogaW50IF9faW5pdCBhbWRfaW9tbXVfaW5pdCh2b2lkKQogewogICAg IHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11OwogCiAgICAgQlVHX09OKCAhaW9t bXVfZm91bmQoKSApOwogCisgICAgaWYgKCBhbWRfaW9tbXVfcGVyZGV2X2lu dHJlbWFwICYmIGFtZF9zcDUxMDBfZXJyYXR1bTI4KCkgKQorICAgICAgICBn b3RvIGVycm9yX291dDsKKwogICAgIGl2cnNfYmRmX2VudHJpZXMgPSBhbWRf aW9tbXVfZ2V0X2l2cnNfZGV2X2VudHJpZXMoKTsKIAogICAgIGlmICggIWl2 cnNfYmRmX2VudHJpZXMgKQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3Vn aC9hbWQvaW9tbXVfaW50ci5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJv dWdoL2FtZC9pb21tdV9pbnRyLmMKQEAgLTEwMCwxMiArMTAwLDEyIEBAIHN0 YXRpYyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeSh1MzIqIGUKIHN0YXRp YyB2b2lkIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lvYXBpYygKICAg ICBpbnQgYmRmLAogICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11LAotICAg IHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICppb2FwaWNfcnRlKQorICAg IGNvbnN0IHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICpydGUsCisgICAg Y29uc3Qgc3RydWN0IElPX0FQSUNfcm91dGVfZW50cnkgKm9sZF9ydGUpCiB7 CiAgICAgdW5zaWduZWQgbG9uZyBmbGFnczsKICAgICB1MzIqIGVudHJ5Owog ICAgIHU4IGRlbGl2ZXJ5X21vZGUsIGRlc3QsIHZlY3RvciwgZGVzdF9tb2Rl OwotICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5ICpydGUgPSBpb2Fw aWNfcnRlOwogICAgIGludCByZXFfaWQ7CiAgICAgc3BpbmxvY2tfdCAqbG9j azsKICAgICBpbnQgb2Zmc2V0OwpAQCAtMTIxLDYgKzEyMSwxNCBAQCBzdGF0 aWMgdm9pZCB1cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9pCiAgICAgc3Bp bl9sb2NrX2lycXNhdmUobG9jaywgZmxhZ3MpOwogCiAgICAgb2Zmc2V0ID0g Z2V0X2ludHJlbWFwX29mZnNldCh2ZWN0b3IsIGRlbGl2ZXJ5X21vZGUpOwor ICAgIGlmICggb2xkX3J0ZSApCisgICAgeworICAgICAgICBpbnQgb2xkX29m ZnNldCA9IGdldF9pbnRyZW1hcF9vZmZzZXQob2xkX3J0ZS0+dmVjdG9yLAor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg b2xkX3J0ZS0+ZGVsaXZlcnlfbW9kZSk7CisKKyAgICAgICAgaWYgKCBvZmZz ZXQgIT0gb2xkX29mZnNldCApCisgICAgICAgICAgICBmcmVlX2ludHJlbWFw X2VudHJ5KGlvbW11LT5zZWcsIGJkZiwgb2xkX29mZnNldCk7CisgICAgfQog ICAgIGVudHJ5ID0gKHUzMiopZ2V0X2ludHJlbWFwX2VudHJ5KGlvbW11LT5z ZWcsIHJlcV9pZCwgb2Zmc2V0KTsKICAgICB1cGRhdGVfaW50cmVtYXBfZW50 cnkoZW50cnksIHZlY3RvciwgZGVsaXZlcnlfbW9kZSwgZGVzdF9tb2RlLCBk ZXN0KTsKIApAQCAtMTg5LDYgKzE5Nyw3IEBAIGludCBfX2luaXQgYW1kX2lv bW11X3NldHVwX2lvYXBpY19yZW1hcHAKICAgICAgICAgICAgICAgICBhbWRf aW9tbXVfZmx1c2hfaW50cmVtYXAoaW9tbXUsIHJlcV9pZCk7CiAgICAgICAg ICAgICAgICAgc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ss IGZsYWdzKTsKICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIHNldF9iaXQo cGluLCBpb2FwaWNfc2JkZltJT19BUElDX0lEKGFwaWMpXS5waW5fc2V0dXAp OwogICAgICAgICB9CiAgICAgfQogICAgIHJldHVybiAwOwpAQCAtMjAwLDYg KzIwOSw3IEBAIHZvaWQgYW1kX2lvbW11X2lvYXBpY191cGRhdGVfaXJlKAog ICAgIHN0cnVjdCBJT19BUElDX3JvdXRlX2VudHJ5IG9sZF9ydGUgPSB7IDAg fTsKICAgICBzdHJ1Y3QgSU9fQVBJQ19yb3V0ZV9lbnRyeSBuZXdfcnRlID0g eyAwIH07CiAgICAgdW5zaWduZWQgaW50IHJ0ZV9sbyA9IChyZWcgJiAxKSA/ IHJlZyAtIDEgOiByZWc7CisgICAgdW5zaWduZWQgaW50IHBpbiA9IChyZWcg LSAweDEwKSAvIDI7CiAgICAgaW50IHNhdmVkX21hc2ssIHNlZywgYmRmOwog ICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11OwogCkBAIC0yMzcsNiArMjQ3 LDE0IEBAIHZvaWQgYW1kX2lvbW11X2lvYXBpY191cGRhdGVfaXJlKAogICAg ICAgICAqKCgodTMyICopJm5ld19ydGUpICsgMSkgPSB2YWx1ZTsKICAgICB9 CiAKKyAgICBpZiAoIG5ld19ydGUubWFzayAmJgorICAgICAgICAgIXRlc3Rf Yml0KHBpbiwgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0ucGluX3Nl dHVwKSApCisgICAgeworICAgICAgICBBU1NFUlQoc2F2ZWRfbWFzayk7Cisg ICAgICAgIF9faW9fYXBpY193cml0ZShhcGljLCByZWcsIHZhbHVlKTsKKyAg ICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIC8qIG1hc2sgdGhlIGludGVy cnVwdCB3aGlsZSB3ZSBjaGFuZ2UgdGhlIGludHJlbWFwIHRhYmxlICovCiAg ICAgaWYgKCAhc2F2ZWRfbWFzayApCiAgICAgewpAQCAtMjQ1LDcgKzI2Mywx MSBAQCB2b2lkIGFtZF9pb21tdV9pb2FwaWNfdXBkYXRlX2lyZSgKICAgICB9 CiAKICAgICAvKiBVcGRhdGUgaW50ZXJydXB0IHJlbWFwcGluZyBlbnRyeSAq LwotICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX2lvYXBpYyhiZGYs IGlvbW11LCAmbmV3X3J0ZSk7CisgICAgdXBkYXRlX2ludHJlbWFwX2VudHJ5 X2Zyb21faW9hcGljKAorICAgICAgICBiZGYsIGlvbW11LCAmbmV3X3J0ZSwK KyAgICAgICAgdGVzdF9hbmRfc2V0X2JpdChwaW4sCisgICAgICAgICAgICAg ICAgICAgICAgICAgaW9hcGljX3NiZGZbSU9fQVBJQ19JRChhcGljKV0ucGlu X3NldHVwKSA/ICZvbGRfcnRlCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6IE5V TEwpOwogCiAgICAgLyogRm9yd2FyZCB3cml0ZSBhY2Nlc3MgdG8gSU8tQVBJ QyBSVEUgKi8KICAgICBfX2lvX2FwaWNfd3JpdGUoYXBpYywgcmVnLCB2YWx1 ZSk7CkBAIC0zNTYsNiArMzc4LDEyIEBAIHZvaWQgYW1kX2lvbW11X21zaV9t c2dfdXBkYXRlX2lyZSgKICAgICAgICAgcmV0dXJuOwogICAgIH0KIAorICAg IGlmICggbXNpX2Rlc2MtPnJlbWFwX2luZGV4ID49IDAgKQorICAgICAgICB1 cGRhdGVfaW50cmVtYXBfZW50cnlfZnJvbV9tc2lfbXNnKGlvbW11LCBiZGYs IG1zaV9kZXNjLCBOVUxMKTsKKworICAgIGlmICggIW1zZyApCisgICAgICAg IHJldHVybjsKKwogICAgIHVwZGF0ZV9pbnRyZW1hcF9lbnRyeV9mcm9tX21z aV9tc2coaW9tbXUsIGJkZiwgbXNpX2Rlc2MsIG1zZyk7CiB9CiAKLS0tIGEv eGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYwor KysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21t dS5jCkBAIC0yMDgsNiArMjA4LDggQEAgaW50IF9faW5pdCBhbWRfaW92X2Rl dGVjdCh2b2lkKQogICAgIHsKICAgICAgICAgcHJpbnRrKCJBTUQtVmk6IE5v dCBvdmVycmlkaW5nIGlycV92ZWN0b3JfbWFwIHNldHRpbmdcbiIpOwogICAg IH0KKyAgICBpZiAoICFhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFwICkKKyAg ICAgICAgcHJpbnRrKFhFTkxPR19XQVJOSU5HICJBTUQtVmk6IFVzaW5nIGds b2JhbCBpbnRlcnJ1cHQgcmVtYXAgdGFibGUgaXMgbm90IHJlY29tbWVuZGVk IChzZWUgWFNBLTM2KSFcbiIpOwogICAgIHJldHVybiBzY2FuX3BjaV9kZXZp Y2VzKCk7CiB9CiAKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvaW9t bXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9pb21tdS5jCkBA IC01Myw3ICs1Myw3IEBAIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlvbW11X3Fp bnZhbCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9pbnRyZW1h cCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9oYXBfcHRfc2hh cmUgPSAxOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfZGVidWc7Ci1i b29sX3QgX19yZWFkX21vc3RseSBhbWRfaW9tbXVfcGVyZGV2X2ludHJlbWFw OworYm9vbF90IF9fcmVhZF9tb3N0bHkgYW1kX2lvbW11X3BlcmRldl9pbnRy ZW1hcCA9IDE7CiAKIERFRklORV9QRVJfQ1BVKGJvb2xfdCwgaW9tbXVfZG9u dF9mbHVzaF9pb3RsYik7CiAKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9o dm0vc3ZtL2FtZC1pb21tdS1wcm90by5oCisrKyBiL3hlbi9pbmNsdWRlL2Fz bS14ODYvaHZtL3N2bS9hbWQtaW9tbXUtcHJvdG8uaApAQCAtMTAxLDYgKzEw MSw3IEBAIGludCBhbWRfc2V0dXBfaHBldF9tc2koc3RydWN0IG1zaV9kZXNj ICoKIAogZXh0ZXJuIHN0cnVjdCBpb2FwaWNfc2JkZiB7CiAgICAgdTE2IGJk Ziwgc2VnOworICAgIHVuc2lnbmVkIGxvbmcgKnBpbl9zZXR1cDsKIH0gaW9h cGljX3NiZGZbTUFYX0lPX0FQSUNTXTsKIGV4dGVybiB2b2lkICpzaGFyZWRf aW50cmVtYXBfdGFibGU7CiAK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator--