From xen-announce-bounces@lists.xen.org Tue Jan 06 12:42:03 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 06 Jan 2015 12:42:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y8TRN-0003xh-EA; Tue, 06 Jan 2015 12:40:53 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y8TRM-0003xM-Ct; Tue, 06 Jan 2015 12:40:52 +0000 Received: from [193.109.254.147] by server-9.bemta-14.messagelabs.com id D9/B3-02712-3D7DBA45; Tue, 06 Jan 2015 12:40:51 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-27.messagelabs.com!1420548049!18800269!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 11846 invoked from network); 6 Jan 2015 12:40:50 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 6 Jan 2015 12:40:50 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y8TRB-0003Hh-D4; Tue, 06 Jan 2015 12:40:41 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Y8TRA-0002IN-Up; Tue, 06 Jan 2015 12:40:41 +0000 Date: Tue, 06 Jan 2015 12:40:41 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 116 (CVE-2015-0361) - xen crash due to use after free on hvm guest teardown X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-0361 / XSA-116 version 3 xen crash due to use after free on hvm guest teardown UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Certain data accessible (via hypercalls) by the domain controlling the execution of a HVM domain is being freed prematurely, leading to the respective memory regions to possibly be read from and written to in ways unexpected by their new owner(s). IMPACT ====== Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.) VULNERABLE SYSTEMS ================== Xen versions from 4.2 onwards are vulnerable on x86 systems. ARM systems are not vulnerable. This vulnerability is only applicable to Xen systems using stub domains or other forms of disaggregation of control domains for HVM guests. MITIGATION ========== Running only PV guests will avoid this issue. (The security of a Xen system using stub domains is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm.) CREDITS ======= The issue was discovered by Mihai Donțu from Bitdefender who also supplied the fix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa116.patch xen-unstable, Xen 4.4.x xsa116-4.3-4.2.patch Xen 4.3.x, Xen 4.2.x $ sha256sum xsa116*.patch 84b5a7bb2386e3d95d9d836a4a2504870723694ddaf537f1b59db75b7c63e9bd xsa116.patch 3aed6d157f62343a806347ea7c37bb8cdf50ee68002449bded9c7c1712810201 xsa116-4.3-4.2.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUq9eeAAoJEIP+FMlX6CvZZx8H/0jivCICcJ7SLhIJsAZAVwA4 gLpVaWk9qFMSUeYaccLG3naEHk/S5X8154J+VTb7cXDRFWI7lFAodUOhd0MRKzKc ZrauMNZDuUnjyJxQZEjreGQW/pfUO6IIsR/MOAPRoiyKOmOmSDoRTo7UJucZUgfr HtA5A58Fwiaw5t7LVXzxMI3EAR+ZL4M/e8Vv/F9sKfMSsGSfxPuTHVVoA1k9iUOF 6yq8pEX+BAZfZSVd2GokD0DipZwvULSlJNMlTBBhK7RGiUgzn6HaxLHvGxEg7JhC 0n97mVCJ8WIAwoqpEBU0E9xhN5Xxv4gTH5Dqhruw94X8gMhLe/BueYMXfYWIC18= =Z+TF -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa116.patch" Content-Disposition: attachment; filename="xsa116.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogcHJldmVudCB1c2UtYWZ0ZXItZnJlZSB3aGVuIGRlc3Ryb3lp bmcgYSBkb21haW4KCmh2bV9kb21haW5fcmVsaW5xdWlzaF9yZXNvdXJjZXMo KSBjYW4gZnJlZSBjZXJ0YWluIGRvbWFpbiByZXNvdXJjZXMKd2hpY2ggY2Fu IHN0aWxsIGJlIGFjY2Vzc2VkLCBlLmcuIGJ5IEhWTU9QX3NldF9wYXJhbSwg d2hpbGUgdGhlIGRvbWFpbgppcyBiZWluZyBjbGVhbmVkIHVwLgoKU2lnbmVk LW9mZi1ieTogTWloYWkgRG9uyJt1IDxtZG9udHVAYml0ZGVmZW5kZXIuY29t PgpUZXN0ZWQtYnk6IFLEg3p2YW4gQ29qb2NhcnUgPHJjb2pvY2FydUBiaXRk ZWZlbmRlci5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L2h2 bS9odm0uYworKysgYi94ZW4vYXJjaC94ODYvaHZtL2h2bS5jCkBAIC0xNDg3 LDkgKzE0ODcsNiBAQCBpbnQgaHZtX2RvbWFpbl9pbml0aWFsaXNlKHN0cnVj dCBkb21haW4gCiAKIHZvaWQgaHZtX2RvbWFpbl9yZWxpbnF1aXNoX3Jlc291 cmNlcyhzdHJ1Y3QgZG9tYWluICpkKQogewotICAgIHhmcmVlKGQtPmFyY2gu aHZtX2RvbWFpbi5pb19oYW5kbGVyKTsKLSAgICB4ZnJlZShkLT5hcmNoLmh2 bV9kb21haW4ucGFyYW1zKTsKLQogICAgIGlmICggaXNfcHZoX2RvbWFpbihk KSApCiAgICAgICAgIHJldHVybjsKIApAQCAtMTUxMSw2ICsxNTA4LDkgQEAg dm9pZCBodm1fZG9tYWluX3JlbGlucXVpc2hfcmVzb3VyY2VzKHN0cgogCiB2 b2lkIGh2bV9kb21haW5fZGVzdHJveShzdHJ1Y3QgZG9tYWluICpkKQogewor ICAgIHhmcmVlKGQtPmFyY2guaHZtX2RvbWFpbi5pb19oYW5kbGVyKTsKKyAg ICB4ZnJlZShkLT5hcmNoLmh2bV9kb21haW4ucGFyYW1zKTsKKwogICAgIGh2 bV9kZXN0cm95X2NhY2hlYXR0cl9yZWdpb25fbGlzdChkKTsKIAogICAgIGlm ICggaXNfcHZoX2RvbWFpbihkKSApCg== --=separator Content-Type: application/octet-stream; name="xsa116-4.3-4.2.patch" Content-Disposition: attachment; filename="xsa116-4.3-4.2.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogcHJldmVudCB1c2UtYWZ0ZXItZnJlZSB3aGVuIGRlc3Ryb3lp bmcgYSBkb21haW4KCmh2bV9kb21haW5fcmVsaW5xdWlzaF9yZXNvdXJjZXMo KSBjYW4gZnJlZSBjZXJ0YWluIGRvbWFpbiByZXNvdXJjZXMKd2hpY2ggY2Fu IHN0aWxsIGJlIGFjY2Vzc2VkLCBlLmcuIGJ5IEhWTU9QX3NldF9wYXJhbSwg d2hpbGUgdGhlIGRvbWFpbgppcyBiZWluZyBjbGVhbmVkIHVwLgoKU2lnbmVk LW9mZi1ieTogTWloYWkgRG9uyJt1IDxtZG9udHVAYml0ZGVmZW5kZXIuY29t PgpUZXN0ZWQtYnk6IFLEg3p2YW4gQ29qb2NhcnUgPHJjb2pvY2FydUBiaXRk ZWZlbmRlci5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L2h2 bS9odm0uYworKysgYi94ZW4vYXJjaC94ODYvaHZtL2h2bS5jCkBAIC02MDIs MTMgKzYwMiwxMyBAQCB2b2lkIGh2bV9kb21haW5fcmVsaW5xdWlzaF9yZXNv dXJjZXMoc3RyCiAgICAgICAgIGhwZXRfZGVpbml0KGQpOwogICAgIH0KIAot ICAgIHhmcmVlKGQtPmFyY2guaHZtX2RvbWFpbi5pb19oYW5kbGVyKTsKLSAg ICB4ZnJlZShkLT5hcmNoLmh2bV9kb21haW4ucGFyYW1zKTsKICAgICB4ZnJl ZShkLT5hcmNoLmh2bV9kb21haW4ucGJ1Zik7CiB9CiAKIHZvaWQgaHZtX2Rv bWFpbl9kZXN0cm95KHN0cnVjdCBkb21haW4gKmQpCiB7CisgICAgeGZyZWUo ZC0+YXJjaC5odm1fZG9tYWluLmlvX2hhbmRsZXIpOworICAgIHhmcmVlKGQt PmFyY2guaHZtX2RvbWFpbi5wYXJhbXMpOwogICAgIGh2bV9mdW5jcy5kb21h aW5fZGVzdHJveShkKTsKICAgICBydGNfZGVpbml0KGQpOwogICAgIHN0ZHZn YV9kZWluaXQoZCk7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jan 06 12:42:03 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 06 Jan 2015 12:42:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y8TRN-0003xh-EA; Tue, 06 Jan 2015 12:40:53 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y8TRM-0003xM-Ct; Tue, 06 Jan 2015 12:40:52 +0000 Received: from [193.109.254.147] by server-9.bemta-14.messagelabs.com id D9/B3-02712-3D7DBA45; Tue, 06 Jan 2015 12:40:51 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-27.messagelabs.com!1420548049!18800269!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 11846 invoked from network); 6 Jan 2015 12:40:50 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 6 Jan 2015 12:40:50 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Y8TRB-0003Hh-D4; Tue, 06 Jan 2015 12:40:41 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Y8TRA-0002IN-Up; Tue, 06 Jan 2015 12:40:41 +0000 Date: Tue, 06 Jan 2015 12:40:41 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 116 (CVE-2015-0361) - xen crash due to use after free on hvm guest teardown X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-0361 / XSA-116 version 3 xen crash due to use after free on hvm guest teardown UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Certain data accessible (via hypercalls) by the domain controlling the execution of a HVM domain is being freed prematurely, leading to the respective memory regions to possibly be read from and written to in ways unexpected by their new owner(s). IMPACT ====== Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.) VULNERABLE SYSTEMS ================== Xen versions from 4.2 onwards are vulnerable on x86 systems. ARM systems are not vulnerable. This vulnerability is only applicable to Xen systems using stub domains or other forms of disaggregation of control domains for HVM guests. MITIGATION ========== Running only PV guests will avoid this issue. (The security of a Xen system using stub domains is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm.) CREDITS ======= The issue was discovered by Mihai Donțu from Bitdefender who also supplied the fix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa116.patch xen-unstable, Xen 4.4.x xsa116-4.3-4.2.patch Xen 4.3.x, Xen 4.2.x $ sha256sum xsa116*.patch 84b5a7bb2386e3d95d9d836a4a2504870723694ddaf537f1b59db75b7c63e9bd xsa116.patch 3aed6d157f62343a806347ea7c37bb8cdf50ee68002449bded9c7c1712810201 xsa116-4.3-4.2.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUq9eeAAoJEIP+FMlX6CvZZx8H/0jivCICcJ7SLhIJsAZAVwA4 gLpVaWk9qFMSUeYaccLG3naEHk/S5X8154J+VTb7cXDRFWI7lFAodUOhd0MRKzKc ZrauMNZDuUnjyJxQZEjreGQW/pfUO6IIsR/MOAPRoiyKOmOmSDoRTo7UJucZUgfr HtA5A58Fwiaw5t7LVXzxMI3EAR+ZL4M/e8Vv/F9sKfMSsGSfxPuTHVVoA1k9iUOF 6yq8pEX+BAZfZSVd2GokD0DipZwvULSlJNMlTBBhK7RGiUgzn6HaxLHvGxEg7JhC 0n97mVCJ8WIAwoqpEBU0E9xhN5Xxv4gTH5Dqhruw94X8gMhLe/BueYMXfYWIC18= =Z+TF -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa116.patch" Content-Disposition: attachment; filename="xsa116.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogcHJldmVudCB1c2UtYWZ0ZXItZnJlZSB3aGVuIGRlc3Ryb3lp bmcgYSBkb21haW4KCmh2bV9kb21haW5fcmVsaW5xdWlzaF9yZXNvdXJjZXMo KSBjYW4gZnJlZSBjZXJ0YWluIGRvbWFpbiByZXNvdXJjZXMKd2hpY2ggY2Fu IHN0aWxsIGJlIGFjY2Vzc2VkLCBlLmcuIGJ5IEhWTU9QX3NldF9wYXJhbSwg d2hpbGUgdGhlIGRvbWFpbgppcyBiZWluZyBjbGVhbmVkIHVwLgoKU2lnbmVk LW9mZi1ieTogTWloYWkgRG9uyJt1IDxtZG9udHVAYml0ZGVmZW5kZXIuY29t PgpUZXN0ZWQtYnk6IFLEg3p2YW4gQ29qb2NhcnUgPHJjb2pvY2FydUBiaXRk ZWZlbmRlci5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L2h2 bS9odm0uYworKysgYi94ZW4vYXJjaC94ODYvaHZtL2h2bS5jCkBAIC0xNDg3 LDkgKzE0ODcsNiBAQCBpbnQgaHZtX2RvbWFpbl9pbml0aWFsaXNlKHN0cnVj dCBkb21haW4gCiAKIHZvaWQgaHZtX2RvbWFpbl9yZWxpbnF1aXNoX3Jlc291 cmNlcyhzdHJ1Y3QgZG9tYWluICpkKQogewotICAgIHhmcmVlKGQtPmFyY2gu aHZtX2RvbWFpbi5pb19oYW5kbGVyKTsKLSAgICB4ZnJlZShkLT5hcmNoLmh2 bV9kb21haW4ucGFyYW1zKTsKLQogICAgIGlmICggaXNfcHZoX2RvbWFpbihk KSApCiAgICAgICAgIHJldHVybjsKIApAQCAtMTUxMSw2ICsxNTA4LDkgQEAg dm9pZCBodm1fZG9tYWluX3JlbGlucXVpc2hfcmVzb3VyY2VzKHN0cgogCiB2 b2lkIGh2bV9kb21haW5fZGVzdHJveShzdHJ1Y3QgZG9tYWluICpkKQogewor ICAgIHhmcmVlKGQtPmFyY2guaHZtX2RvbWFpbi5pb19oYW5kbGVyKTsKKyAg ICB4ZnJlZShkLT5hcmNoLmh2bV9kb21haW4ucGFyYW1zKTsKKwogICAgIGh2 bV9kZXN0cm95X2NhY2hlYXR0cl9yZWdpb25fbGlzdChkKTsKIAogICAgIGlm ICggaXNfcHZoX2RvbWFpbihkKSApCg== --=separator Content-Type: application/octet-stream; name="xsa116-4.3-4.2.patch" Content-Disposition: attachment; filename="xsa116-4.3-4.2.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogcHJldmVudCB1c2UtYWZ0ZXItZnJlZSB3aGVuIGRlc3Ryb3lp bmcgYSBkb21haW4KCmh2bV9kb21haW5fcmVsaW5xdWlzaF9yZXNvdXJjZXMo KSBjYW4gZnJlZSBjZXJ0YWluIGRvbWFpbiByZXNvdXJjZXMKd2hpY2ggY2Fu IHN0aWxsIGJlIGFjY2Vzc2VkLCBlLmcuIGJ5IEhWTU9QX3NldF9wYXJhbSwg d2hpbGUgdGhlIGRvbWFpbgppcyBiZWluZyBjbGVhbmVkIHVwLgoKU2lnbmVk LW9mZi1ieTogTWloYWkgRG9uyJt1IDxtZG9udHVAYml0ZGVmZW5kZXIuY29t PgpUZXN0ZWQtYnk6IFLEg3p2YW4gQ29qb2NhcnUgPHJjb2pvY2FydUBiaXRk ZWZlbmRlci5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L2h2 bS9odm0uYworKysgYi94ZW4vYXJjaC94ODYvaHZtL2h2bS5jCkBAIC02MDIs MTMgKzYwMiwxMyBAQCB2b2lkIGh2bV9kb21haW5fcmVsaW5xdWlzaF9yZXNv dXJjZXMoc3RyCiAgICAgICAgIGhwZXRfZGVpbml0KGQpOwogICAgIH0KIAot ICAgIHhmcmVlKGQtPmFyY2guaHZtX2RvbWFpbi5pb19oYW5kbGVyKTsKLSAg ICB4ZnJlZShkLT5hcmNoLmh2bV9kb21haW4ucGFyYW1zKTsKICAgICB4ZnJl ZShkLT5hcmNoLmh2bV9kb21haW4ucGJ1Zik7CiB9CiAKIHZvaWQgaHZtX2Rv bWFpbl9kZXN0cm95KHN0cnVjdCBkb21haW4gKmQpCiB7CisgICAgeGZyZWUo ZC0+YXJjaC5odm1fZG9tYWluLmlvX2hhbmRsZXIpOworICAgIHhmcmVlKGQt PmFyY2guaHZtX2RvbWFpbi5wYXJhbXMpOwogICAgIGh2bV9mdW5jcy5kb21h aW5fZGVzdHJveShkKTsKICAgICBydGNfZGVpbml0KGQpOwogICAgIHN0ZHZn YV9kZWluaXQoZCk7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jan 15 14:00:38 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 15 Jan 2015 14:00:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YBkxA-0004rn-PX; Thu, 15 Jan 2015 13:59:16 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YBkvk-0004oU-A5; Thu, 15 Jan 2015 13:57:48 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id 25/F1-09842-B57C7B45; Thu, 15 Jan 2015 13:57:47 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-2.tower-21.messagelabs.com!1421330256!13639522!1 X-Originating-IP: [209.85.212.173] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG, HTML_MESSAGE,ML_RADAR_SPEW_LINKS_8,spamassassin: ,async_handler: YXN5bmNfZGVsYXk6IDcwNTA0NjMgKHRpbWVvdXQp\n X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 25986 invoked from network); 15 Jan 2015 13:57:36 -0000 Received: from mail-wi0-f173.google.com (HELO mail-wi0-f173.google.com) (209.85.212.173) by server-2.tower-21.messagelabs.com with RC4-SHA encrypted SMTP; 15 Jan 2015 13:57:36 -0000 Received: by mail-wi0-f173.google.com with SMTP id hi2so12427060wib.0; Thu, 15 Jan 2015 05:57:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=5ue8ODbclklqeyGcoqpJ/nzxMnTr4OGlv9Zz7tLOVe4=; b=IWsPVsM6cfLAxc5ad8pR7jwSt7AN5JtceqZlWzaMmmu2v5SKD+xKLB/hZ07mALjO+4 7zq9PfNXVAD7gJQ1gvM/xvxxIhZt4Vze5ZJdKR7w07Ql6dzcfZ9cv4kSt9Zea6Jj+TM7 8JxDyQmLrbZ5XvjSFq+hnHtNxvlny0b+aD+AB40/1f7fQwMe0yXMtUprOFzmQsi5I9hO LByLGo3UYB9rYFjByymH3IVjKQxQhTmP9ahnr2EEc3TPkipRGrkx3FhprGMC+LSURYHy u+Nru2r9WwO0immdVAxdnbNJP92wGMZxygoky96PyAlfcJV494meWbR4SZU0x95h+FuI 97YA== X-Received: by 10.180.36.226 with SMTP id t2mr61517344wij.16.1421330255971; Thu, 15 Jan 2015 05:57:35 -0800 (PST) Received: from [192.168.0.25] (97e5a0c2.skybroadband.com. [151.229.160.194]) by mx.google.com with ESMTPSA id q10sm2179930wjx.34.2015.01.15.05.57.33 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 15 Jan 2015 05:57:34 -0800 (PST) From: Lars Kurth Message-Id: <7523CCA8-DD1D-472F-9CEB-104284D98708@gmail.com> Date: Thu, 15 Jan 2015 13:57:31 +0000 To: xen-users@lists.xenproject.org, xen-announce@lists.xenproject.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-Mailman-Approved-At: Thu, 15 Jan 2015 13:59:15 +0000 Subject: [Xen-announce] New Xen Project 4.5 Release X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3732010888943653825==" Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --===============3732010888943653825== Content-Type: multipart/alternative; boundary="Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E" --Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 If we used code-names, the Xen 4.5 release should be called Panda on = Diet! We have 78K new code with 141K deleted. In effect this release has = -63KLOC code than the previous one. The net effect of a skinnier Xen Project Hypervisor code base is = increased usability, simplicity and innovation. This is all by design = and one of many steps we=92ll continue to take to fine-tune our = development and release cycle. For example, we shed the Python toolstack =96 including xend which we = deprecated in 4.3. This comprised the majority of the code deleted in = today=92s release, which is a big boon for developers who now have less = code to maintain and can spend more time on new features. And 4.5 is more feature-rich than any release in Xen Project=92s = history. Today we are announcing specific patches in Xen Project Hypervisor 4.5 = that span from architecture (x86 and ARM), platforms (different ARM, AMD = or Intel boards), to generic code. The release also creates new = opportunity to incorporate Xen virtualization into software stacks in = markets like embedded computing, automotive, drones, avionics and more. Virtualization and open source are more relevant than ever in today=92s = evolving, more software-centric data center too. New developments with = hyper scale-out computing, Internet of Things, NFV/SDN, and = next-generation ARM-based products are driving increased demand for = better resource sharing and utilization with enough flexibility to = efficiently grow well into the future. What isn=92t likely to change = anytime soon is the diversity of OSes, multi-tenant architectures, = security concerns and storage and network challenges that cloud = providers and enterprises must contend with to run their applications. = Undeniably, abstraction at the VM level is necessary for superior = performance and security in these environments. Despite these impressive and rapid changes, or perhaps because of them, = Xen Project developers are motivated to continually stay ahead of the = market with performance, speed, agility and security improvements. Our = traditional customers also inspire us; organizations such as Alibaba, = Amazon Web Services, IBM Softlayer, Rackspace, Oracle and others are = some of the most savvy and innovative users around. To learn more about the release and for ease of reading, I=92ve grouped = the summary of updates into four major categories: Hypervisor specific Toolstack External users of toolstack Linux, FreeBSD, and other OSes that can utilize the new features. x86 Hypervisor-Specific Updates On the x86 side, development has focused on improving performance on = various fronts: The HPET has been modified to provide faster and better resolution = values. Memory is scrubbed in parallel on bootup, giving a huge time boost for = large-scale machines (1TB or more). PVH initial domain support for Intel has been added and now supports = running as dom0 and FreeBSD with Linux platforms. PVH is an extension to = the classic Xen Project Paravirtualization (PV) that uses the hardware = virtualization extensions available on modern x86 processor servers. = Requiring no additional support other than the hypervisor, PVH boots as = the first guest and takes on the responsibilities of the initial domain = known as dom0. This means Xen Project Hypervisor is able to take = advantage of contemporary hardware features like virtual machine = extensions (VMX) to significantly expedite execution of the initial = domain. Instead of asking the hypervisor to handle certain operations, = the dom0 can execute operations natively without compromising security. = For more background, Virtualization Spectrum is an excellent = introduction to PVH. Lower interrupt latency for PCI passthrough on large-scale machines = (more than 2 sockets). Multiple IO-REQ services for guests, which is a technique to have many = QEMUs assigned for one domain. This allows speed up of guests operation = by having multiple backends (QEMUs) deal with different emulations. We also expanded support for: Soft affinity for vCPUs: Xen has had NUMA- aware scheduling = (http://wiki.xen.org/wiki/Xen_on_NUMA_Machines) since 4.3. In Xen 4.5, = we build on that to make it more general and useful on non-NUMA systems. = In fact, it is now possible for the sysadmin to define an arbitrary set = of physical CPUs on which vCPUs prefer to run on, and Xen will try as = hard as possible to follow this indication. Security improvements =96 guest introspection expansion: VM = introspection using Intel EPT / AMD RVI hardware virtualization = functionality builds on Xen Project Hypervisor Memory Inspection APIs = introduced in 2011. This addresses a number of security issues from = outside the guest OS, without relying on functionality that can be = rendered unreliable by advanced malware. The approach works by auditing = access of sensitive memory areas using HW support in guests with minimal = overhead and allows control software running within a dedicated VM to = allow or deny attempts to access sensitive memory based on policy and = security heuristics. You can find an excellent introduction on the topic = of VM introspection here and a video on Youtube (a recording of this = presentation) explaining the new functionality in Xen 4.5. Serial support for debug purposes. This covers PCIe cards (Oxford ones) = and newer Broadcom ones found on blades. Experimental support for Real-Time Scheduling: a new, multicore-enabled, = real-time scheduler, called RTDS is part of Xen 4.5 as an experimental = feature. Virtualization will soon become the norm rather than the = exception in automotive, avionics, mobile and multimedia, and other = fields where predictability and high-end, real-time support are = critical. Xen wants to play a big role in this, and this new scheduler = will allow for such, which is why we introduced it in 4.5 while still = under development. More information here: Youtube video, Linux = Foundation presentation and related blog. Intel Hypervisor-Specific Updates Broadwell Supervisor Mode Access Prevention. This LWN article has an = excellent explanation of it =96 but a short summary is that it restricts = the kernel from accessing the user-space pages. This feature in Xen also = added alternative assembler support to patch the hypervisor during = run-time (so that we won=92t be running these operations on older = hardware). Haswell Server Cache QoS Monitoring, aka Intel Resource Director = Technology, is a =93new area of architecture extension that seeks to = provide better information and control of applications running on Intel = processors. The feature, =94 =85 documented in the Software Developers=92 = Manual, relates to monitoring application thread LLC usage, to provide a = means of directing such usage and provide more information on the amount = of memory traffic out of the LLC,=94 according to xen-devel. SandyBridge (vAPIC) extensions. Xen 4.3 added support for VT-d Posted = Interrupts, and in Xen 4.5 we added extensions for PVHVM guests to take = advantage of VT-d Posted Interrupts. Instead of using vector callback, = the guest can utilize the vAPIC to lower its VMEXIT overhead, leading to = lower interrupt latency and performance improvements for I/O intensive = workloads in PVHMM guests. AMD Hypervisor-Specific Updates Fixes in the microcode loading. Data Breakpoint Extensions and further MSR masking support for Kabini, = Kaveri and newer. This allows =93.. to specify cpuid masks to help with = cpuid levelling across a pool of hosts,=94 from the xen-command-line = manual. ARM Hypervisor-Specific Updates The ARM ecosystem operates differently than the x86 architecture =96 in = which ARM licensees design new chipsets and features and OEMs = manufacture platforms based on these specifications. OEMs designing = ARM-based platforms determine what they need on the SoC =96 that is the = System On Chip. As such, they can selectively enable or disable certain = functionality that they consider important (or unimportant). ARM = provides the Intellectual Property (IP) and standards from which OEMs = can further specialize and optimize. Therefore the features Xen Project = Hypervisor supports on ARM are not for a specific platform =96 but = rather for functionality SoCs provide. New updates include: Support for up to 1TB for guests. The Generic Interrupt Controller (GIC) v3 is supported in Xen 4.5. v3 is = very important because it introduces support for Message Signaled = Interrupts (MSI), emulation of GICv3 for guests =96 and most importantly = =96 for more than 8 CPUS. Many of the new features are not used by Xen = yet but the driver is on par with v2. Power State Coordination Interface 0.2 (PSCI) is important in embedded = environments where power consumption needs to be kept to the absolute = minimum. It allows us to power down/up CPUS, suspend them, etc. UEFI booting. On ARM64 servers both U-Boot and UEFI can be used to boot = the OS. IOMMU support (SMMUv1). For isolation between guests, ARM platforms can = come with an IOMMU chipset based on the SMMU specification. Super Pages (2MB) support in Xen. Using super pages for the guest = pseudo-physical to physical translation tables significantly improves = overall guest performance. Passthrough =96 the PCI passthrough features did not make it on time, = but doing passthrough of MMIO regions did. In the ARM world, it is quite = common to have no PCIe devices and to only access devices using MMIO = regions. As such this feature allows us to have driver domains be in = charge of network or storage devices. Interrupt latency reduction: By removing maintenance interrupts, we get = rid of an expensive trap into Xen for each interrupt EOI. Please see = Stefano=92s slides. With these new features, the following motherboards are now supported in = Xen Project Hypervisor 4.5: AMD Seattle Broadcom 7445D0 A15 Midway (Calxeda) Vexpress (ARM Ltd.) OMAP5, DRA7 (Texas Instrument) Exynos5250 (Exynos 5 Dual), Odroid-Xu, and Exynos 5420 (Exynos Octa) = (Samsung SoC for Arndale and various smartphones and tablets) SunXI (AllWinner), aka A20/A21, CubieTruck, CubieBoard Mustang (Applied Micro-X-Gene, the ARMv8 SoC) McDivitt aka HP Moonshot cartridge (Applied Micro X-Gene) The Xen Project also maintains this list of ARM boards that work with = Xen Project software. Toolstack Updates Xen Project software is now using a C-based toolstack called xl or = libxl, replacing the obsolete Python toolstack called xend. This more = modern architecture is easier to easier maintain, and users will not be = affected by the move since xm and xl offer feature parity. In fact, the = switch greatly simplifies managing Xen instances as other toolstack, = such as libvirt are C based and less complex. libvirt and XAPI are now = using libxl as well. For more background, check out our new hands-on = tutorial =93XM to XL: A Short, but Necessary, Journey.=94 Additional toolstack changes include: VM Generation ID. This allows Windows 2012 Server and later active = directory domain controllers to be migrated. Remus initial support provides high availability by check pointing = guests states at high frequency. Libxenlight (libxl) JSON infrastructure support. This allows libxenlight = to use JSON to communicate with other toolstacks. Libxenlight to keep track of domain configuration. It now uses the JSON = infrastructure to keep track of domain configuration. The is feature = parity with Xend. Systemd support. This allows one source base to contain the systemd = files, which can be used by various distributions instead of them having = to generate them. vNUMA,while still in progress, is coming along nicely thanks to = sponsorship from . Virtual NUMA allows Xen to expose to the guest the = NUMA topology (either based on the host or made-up) for the guest. On the libvirt side, changes include: PCI/SR-IOV passthrough, including hot{un}plug Migration support Improved concurrency through job support in the libxl driver =96 no more = locking entire driver when modifying a domain Improved domxml-{to,from}-native support, e.g. for converting between xl = config and libvirt domXML and vise-versa PV console support Improved qdisk support Support for =96 allows using = libvirt-managed networks in the libxl driver Support PARAVIRT and ACPI shutdown flags Support PARAVIRT reboot flag Support for domain lifecycle event configuration, e.g. on_crash, = on_reboot, etc A few improvements for ARM Lots of bug fixes QEMU Updates Xen Project 4.5 will ship with QEMU v2.0 and SeaBIOS v1.7.5 with the = following updates: Bigger PCI hole in QEMU via the mmio_hole parameter in guest config. = This allows users to pack more legacy PCI devices for passthrough in an = guest. QEMU is now built for ARM providing backend support for framebuffer = (VNC). OSes The 4.5 release also takes advantage of new features in Linux and = FreeBSD such as PVH support (which is considered experimental) Summary With 43 major new features, 4.5 includes the most updates in our = project=92s history. That=92s not even counting 22 new enablers in = up-streams (Linux and QEMU). The Project is also taking a more holistic, = proactive approach to managing dependencies such as Linux and QEMU, as = well as downstream functionality such as libvirt. In 2015, we plan to = build on this even further up the stack to include OpenStack and other = key projects. For the first time, our Project=92s development process is = robust, active and mature enough to systematically focus on these = strategic growth opportunities. It also reflects enhanced responsiveness = to community feedback; for example, we=92re improving usability and = performing broader testing for specific use cases with new releases. During this development and release we=92ve seen a steady influx of = folks helping, contributing, testing and reporting. As the Release = Manager, I would like to thank everybody and call out major = contributions coming from AMD, Bitdefender, Citrix, Fujitsu, = GlobalLogic, Intel, Linaro, Oracle, SuSE and Cavium, as well as several = individual and academic institutions. The sources are located in the git tree or one can download the tarball: xen: with a recent enough git (>=3D 1.7.8.2) just pull from the proper = tag (RELEASE-4.5.0) from the main repo directly: git clone -b RELEASE-4.5.0 git://xenbits.xen.org/xen.git With an older git version (and/or if that does not work, e.g., = complaining with a message like this: Remote branch RELEASE-4.5.0 not = found in upstream origin, using HEAD instead), do the following: git clone git://xenbits.xen.org/xen.git ; cd xen ; git checkout = RELEASE-4.5.0 tarball: here it is a 4.5.0 and its signature. Release Documentation can be found on our wiki.= --Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252

If we used code-names, the Xen 4.5 release should be called Panda = on Diet! We have 78K new code with 141K deleted. In effect this release = has -63KLOC code than the = previous one.

The net effect of a skinnier Xen = Project Hypervisor code base is increased usability, simplicity and = innovation. This is all by design and one of many steps we=92ll continue = to take to fine-tune our development and release cycle.

For example, we shed the Python toolstack =96 including xend = which we deprecated in 4.3. This comprised the majority of the code = deleted in today=92s release, which is a big boon for developers who now = have less code to maintain and can spend more time on new = features.

And = 4.5 is more feature-rich than any release in Xen Project=92s = history.

Today we are announcing specific = patches in Xen Project Hypervisor 4.5 that span from architecture (x86 = and ARM), platforms (different ARM, AMD or Intel boards), to generic = code. The release also creates new opportunity to incorporate Xen = virtualization into software stacks in markets like embedded computing, = automotive, drones, avionics and more.

Virtualization and open source = are more relevant than ever in today=92s evolving, more software-centric = data center too. New developments with hyper scale-out computing, = Internet of Things, NFV/SDN, and next-generation ARM-based products are = driving increased demand for better resource sharing and utilization = with enough flexibility to efficiently grow well into the future. What = isn=92t likely to change anytime soon is the diversity of OSes, = multi-tenant architectures, security concerns and storage and network = challenges that cloud providers and enterprises must contend with to run = their applications. Undeniably, abstraction at the VM level is necessary = for superior performance and security in these environments.

Despite these impressive and = rapid changes, or perhaps because of them, Xen Project developers are = motivated to continually stay ahead of the market with performance, = speed, agility and security improvements. Our traditional customers also = inspire us; organizations such as Alibaba, Amazon Web Services, IBM = Softlayer, Rackspace, Oracle and others are some of the most savvy and = innovative users around.

To = learn more about the release and for ease of reading, I=92ve grouped the = summary of updates into four major categories:

  • Hypervisor specific

  • Toolstack

  • External users of toolstack

  • Linux, FreeBSD, and other OSes that can = utilize the new features.

x86 Hypervisor-Specific Updates

On the x86 side, development has focused on = improving performance on various fronts:

  • The HPET has = been modified to provide faster and better resolution = values.

  • Memory = is scrubbed in parallel on bootup, giving a huge time boost for = large-scale machines (1TB or more).

  • PVH initial domain support for Intel has been = added and now supports running as dom0 and FreeBSD with Linux platforms. = PVH is an extension to the classic Xen Project Paravirtualization (PV) = that uses the hardware virtualization extensions available on modern x86 = processor servers. Requiring no additional support other than the = hypervisor, PVH boots as the first guest and takes on the = responsibilities of the initial domain known as dom0. This means Xen = Project Hypervisor is able to take advantage of contemporary hardware = features like virtual machine extensions (VMX) to significantly expedite = execution of the initial domain. Instead of asking the hypervisor to = handle certain operations, the dom0 can execute operations natively = without compromising security. For more background, Virtualization = Spectrum is an excellent introduction to PVH.

  • Lower interrupt latency for PCI passthrough on large-scale = machines (more than 2 sockets).

  • Multiple IO-REQ services for guests, which is a technique = to have many QEMUs assigned for one domain. This allows speed up of = guests operation by having multiple backends (QEMUs) deal with different = emulations.

We also expanded support = for:

  • Soft affinity for vCPUs: Xen has had NUMA- = aware scheduling (http://wiki.xen.org/wiki/Xen_on_NUMA_Machines) since 4.3. In = Xen 4.5, we build on that to make it more general and useful on non-NUMA = systems. In fact, it is now possible for the sysadmin to define an = arbitrary set of physical CPUs on which vCPUs prefer to run on, and Xen = will try as hard as possible to follow this indication.

  • Security improvements =96 guest introspection expansion: = VM introspection using Intel EPT / AMD RVI hardware virtualization = functionality builds on Xen Project Hypervisor Memory Inspection APIs = introduced in 2011. This addresses a number of security issues from = outside the guest OS, without relying on functionality that can be = rendered unreliable by advanced malware. The approach works by auditing = access of sensitive memory areas using HW support in guests with minimal = overhead and allows control software running within a dedicated VM to = allow or deny attempts to access sensitive memory based on policy and = security heuristics. You can find an excellent introduction on the topic = of VM introspection here and a video on Youtube (a recording of = this presentation) = explaining the new functionality in Xen 4.5.

  • Serial support for debug purposes. This = covers PCIe cards (Oxford ones) and newer Broadcom ones found on = blades.

  • Experimental support for Real-Time = Scheduling: a new, multicore-enabled, real-time scheduler, called = RTDS is part of Xen 4.5 as an experimental feature. Virtualization will = soon become the norm rather than the exception in automotive, avionics, = mobile and multimedia, and other fields where predictability and = high-end, real-time support are critical. Xen wants to play a big role = in this, and this new scheduler will allow for such, which is why we = introduced it in 4.5 while still under development. More information = here: Youtube video, Linux Foundation presentation and related blog.

Intel = Hypervisor-Specific Updates

  • Broadwell Supervisor Mode Access Prevention. This LWN article has an excellent explanation = of it =96 but a short summary is that it restricts the kernel from = accessing the user-space pages. This feature in Xen also added = alternative assembler support to patch the hypervisor during run-time = (so that we won=92t be running these operations on older = hardware).

  • Haswell Server Cache QoS Monitoring, aka Intel Resource = Director Technology, is a =93new area of architecture extension that = seeks to provide better information and control of applications running = on Intel processors. The feature, =94 =85 documented in the Software = Developers=92 Manual, relates to monitoring application thread LLC = usage, to provide a means of directing such usage and provide more = information on the amount of memory traffic out of the LLC,=94 according = to xen-devel.

  • SandyBridge (vAPIC) extensions.  Xen 4.3 added = support for VT-d Posted Interrupts, and  in Xen 4.5 we added = extensions for PVHVM guests to take advantage of VT-d Posted Interrupts. = Instead of using vector callback, the guest can utilize the vAPIC to = lower its VMEXIT overhead, leading to lower interrupt latency and = performance improvements for I/O intensive workloads in PVHMM = guests.

AMD Hypervisor-Specific Updates

  • Fixes in the microcode loading.

  • Data Breakpoint Extensions and further MSR = masking support for Kabini, Kaveri and newer. This allows =93.. to = specify cpuid masks to help with cpuid levelling across a pool of = hosts,=94 from the xen-command-line manual.

ARM Hypervisor-Specific Updates

The ARM ecosystem operates = differently than the x86 architecture =96 in which ARM licensees design = new chipsets and features and OEMs manufacture platforms based on these = specifications. OEMs designing ARM-based platforms determine what they = need on the SoC =96 that is the System On Chip. As such, they can = selectively enable or disable certain functionality that they consider = important (or unimportant). ARM provides the Intellectual Property (IP) = and standards from which OEMs can further specialize and optimize. = Therefore the features Xen Project Hypervisor supports on ARM are not = for a specific platform =96 but rather for functionality SoCs provide. = New updates include:

  • Support for up to 1TB for guests.

  • The Generic Interrupt Controller = (GIC) v3 is supported in Xen 4.5. v3 is very important because it = introduces support for Message Signaled Interrupts (MSI), emulation of = GICv3 for guests =96 and most importantly =96 for more than 8 CPUS. Many = of the new features are not used by Xen yet but the driver is on par = with v2.

  • Power = State Coordination Interface 0.2 (PSCI) is important in embedded = environments where power consumption needs to be kept to the absolute = minimum. It allows us to power down/up CPUS, suspend them, = etc.

  • UEFI = booting. On ARM64 servers both U-Boot and UEFI can be used to boot the = OS.

  • IOMMU support = (SMMUv1). For isolation between guests, ARM platforms can come with an = IOMMU chipset based on the SMMU specification.

  • Super Pages (2MB) support in Xen. Using super = pages for the guest pseudo-physical to physical translation tables = significantly improves overall guest performance.

  • Passthrough =96 the PCI passthrough features = did not make it on time, but doing passthrough of MMIO regions did. In = the ARM world, it is quite common to have no PCIe devices and to only = access devices using MMIO regions. As such this feature allows us to = have driver domains be in charge of network or storage = devices.

  • Interrupt latency reduction: By removing maintenance = interrupts, we get rid of an expensive trap into Xen for each interrupt = EOI. Please see Stefano=92s slides.

With these new features, = the following = motherboards are now supported in Xen Project Hypervisor = 4.5:

  • AMD Seattle

  • Broadcom 7445D0 A15

  • Midway (Calxeda)

  • Vexpress (ARM Ltd.)

  • OMAP5, DRA7 (Texas Instrument)

  • Exynos5250 (Exynos 5 Dual), = Odroid-Xu, and Exynos 5420 (Exynos Octa) (Samsung SoC for Arndale and = various smartphones and tablets)

  • SunXI (AllWinner), aka A20/A21, CubieTruck, = CubieBoard

  • Mustang (Applied Micro-X-Gene, the ARMv8 SoC)

  • McDivitt aka HP Moonshot cartridge = (Applied Micro X-Gene)

  • The Xen Project also maintains this list of ARM boards = that work with Xen Project software.

Toolstack Updates

Xen Project software is now using = a C-based toolstack called xl or libxl, replacing the obsolete Python = toolstack called xend.  This more modern architecture is easier to = easier maintain, and users will not be affected by the move since xm and = xl offer feature parity. In fact, the switch greatly simplifies managing = Xen instances as other toolstack, such as libvirt are C based and less = complex. libvirt and XAPI are now using libxl as well. For more = background, check out our new hands-on tutorial =93XM to XL: A = Short, but Necessary, Journey.=94

Additional toolstack changes = include:

  • VM Generation ID. This allows Windows 2012 = Server and later active directory domain controllers to be = migrated.

  • Remus initial support provides high = availability by check pointing guests states at high = frequency.

  • Libxenlight (libxl) JSON infrastructure support. This = allows libxenlight to use JSON to communicate with other = toolstacks.

  • Libxenlight to keep track of domain configuration. It now = uses the JSON infrastructure to keep track of domain configuration. The = is feature parity with Xend.

  • Systemd support. This allows one source base to contain = the systemd files, which can be used by various distributions instead of = them having to generate them.

  • vNUMA,while still in progress,  is coming along = nicely thanks to sponsorship from . Virtual NUMA = allows Xen to expose to the guest the NUMA topology (either based on the = host or made-up) for the guest.

On the libvirt side, changes = include:

  • PCI/SR-IOV passthrough, including = hot{un}plug

  • Migration support

  • Improved concurrency through job support in the libxl = driver =96 no more locking entire driver when modifying a = domain

  • Improved domxml-{to,from}-native support, e.g. for = converting between xl config and libvirt domXML and = vise-versa

  • PV = console support

  • Improved qdisk support

  • Support for <interface type=3D=92network=92&= gt; =96 allows using libvirt-managed networks in the libxl = driver

  • Support PARAVIRT and ACPI shutdown flags

  • Support PARAVIRT reboot = flag

  • Support for domain lifecycle event configuration, e.g. = on_crash, on_reboot, etc

  • A few improvements for ARM

  • Lots of bug fixes

QEMU Updates

Xen Project 4.5 will ship = with QEMU = v2.0 and SeaBIOS v1.7.5 with the following updates:

  • Bigger PCI hole in QEMU via the mmio_hole parameter in guest config. This allows users = to pack more legacy PCI devices for passthrough in an guest.

  • QEMU is now built for ARM providing = backend support for framebuffer (VNC).

OSes

The 4.5 release also takes = advantage of new features in Linux and FreeBSD such as PVH support = (which is considered experimental)

Summary

With 43 major new features, 4.5 = includes the most updates in our project=92s history. That=92s not even = counting 22 new enablers in up-streams (Linux and QEMU). The Project is = also taking a more holistic, proactive approach to managing dependencies = such as Linux and QEMU, as well as downstream functionality such as = libvirt. In 2015, we plan to build on this even further up the stack to = include OpenStack and other key projects. For the first time, our = Project=92s development process is robust, active and mature enough to = systematically focus on these strategic growth opportunities. It also = reflects enhanced responsiveness to community feedback; for example, = we=92re improving usability and performing broader testing for specific = use cases with new releases.

During this development and = release we=92ve seen a steady influx of folks helping, contributing, = testing and reporting. As the Release Manager, I would like to thank = everybody and call out major contributions coming from AMD, Bitdefender, = Citrix, Fujitsu, GlobalLogic, Intel, Linaro, Oracle, SuSE and = Cavium, as well as several individual and academic institutions.

The sources are located in the = git tree or one can download the tarball:

  • xen: with a recent enough git (>=3D 1.7.8.2) just pull = from the proper tag (RELEASE-4.5.0) from the main repo = directly:

  • git = clone -b RELEASE-4.5.0 git://xenbits.xen.org/xen.git

  • With an older git version (and/or if that = does not work, e.g., complaining with a message like this: Remote branch = RELEASE-4.5.0 not found in upstream origin, using HEAD instead), do the = following:

  • git = clone git://xenbits.xen.org/xen.git ; cd xen ; = git checkout RELEASE-4.5.0

  • tarball: here it is a 4.5.0 and = its signature.

Release Documentation can be found on our wiki.

= --Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E-- --===============3732010888943653825== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --===============3732010888943653825==-- From xen-announce-bounces@lists.xen.org Thu Jan 15 14:00:38 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 15 Jan 2015 14:00:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YBkxA-0004rn-PX; Thu, 15 Jan 2015 13:59:16 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YBkvk-0004oU-A5; Thu, 15 Jan 2015 13:57:48 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id 25/F1-09842-B57C7B45; Thu, 15 Jan 2015 13:57:47 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-2.tower-21.messagelabs.com!1421330256!13639522!1 X-Originating-IP: [209.85.212.173] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG, HTML_MESSAGE,ML_RADAR_SPEW_LINKS_8,spamassassin: ,async_handler: YXN5bmNfZGVsYXk6IDcwNTA0NjMgKHRpbWVvdXQp\n X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 25986 invoked from network); 15 Jan 2015 13:57:36 -0000 Received: from mail-wi0-f173.google.com (HELO mail-wi0-f173.google.com) (209.85.212.173) by server-2.tower-21.messagelabs.com with RC4-SHA encrypted SMTP; 15 Jan 2015 13:57:36 -0000 Received: by mail-wi0-f173.google.com with SMTP id hi2so12427060wib.0; Thu, 15 Jan 2015 05:57:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=5ue8ODbclklqeyGcoqpJ/nzxMnTr4OGlv9Zz7tLOVe4=; b=IWsPVsM6cfLAxc5ad8pR7jwSt7AN5JtceqZlWzaMmmu2v5SKD+xKLB/hZ07mALjO+4 7zq9PfNXVAD7gJQ1gvM/xvxxIhZt4Vze5ZJdKR7w07Ql6dzcfZ9cv4kSt9Zea6Jj+TM7 8JxDyQmLrbZ5XvjSFq+hnHtNxvlny0b+aD+AB40/1f7fQwMe0yXMtUprOFzmQsi5I9hO LByLGo3UYB9rYFjByymH3IVjKQxQhTmP9ahnr2EEc3TPkipRGrkx3FhprGMC+LSURYHy u+Nru2r9WwO0immdVAxdnbNJP92wGMZxygoky96PyAlfcJV494meWbR4SZU0x95h+FuI 97YA== X-Received: by 10.180.36.226 with SMTP id t2mr61517344wij.16.1421330255971; Thu, 15 Jan 2015 05:57:35 -0800 (PST) Received: from [192.168.0.25] (97e5a0c2.skybroadband.com. [151.229.160.194]) by mx.google.com with ESMTPSA id q10sm2179930wjx.34.2015.01.15.05.57.33 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 15 Jan 2015 05:57:34 -0800 (PST) From: Lars Kurth Message-Id: <7523CCA8-DD1D-472F-9CEB-104284D98708@gmail.com> Date: Thu, 15 Jan 2015 13:57:31 +0000 To: xen-users@lists.xenproject.org, xen-announce@lists.xenproject.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-Mailman-Approved-At: Thu, 15 Jan 2015 13:59:15 +0000 Subject: [Xen-announce] New Xen Project 4.5 Release X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3732010888943653825==" Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --===============3732010888943653825== Content-Type: multipart/alternative; boundary="Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E" --Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 If we used code-names, the Xen 4.5 release should be called Panda on = Diet! We have 78K new code with 141K deleted. In effect this release has = -63KLOC code than the previous one. The net effect of a skinnier Xen Project Hypervisor code base is = increased usability, simplicity and innovation. This is all by design = and one of many steps we=92ll continue to take to fine-tune our = development and release cycle. For example, we shed the Python toolstack =96 including xend which we = deprecated in 4.3. This comprised the majority of the code deleted in = today=92s release, which is a big boon for developers who now have less = code to maintain and can spend more time on new features. And 4.5 is more feature-rich than any release in Xen Project=92s = history. Today we are announcing specific patches in Xen Project Hypervisor 4.5 = that span from architecture (x86 and ARM), platforms (different ARM, AMD = or Intel boards), to generic code. The release also creates new = opportunity to incorporate Xen virtualization into software stacks in = markets like embedded computing, automotive, drones, avionics and more. Virtualization and open source are more relevant than ever in today=92s = evolving, more software-centric data center too. New developments with = hyper scale-out computing, Internet of Things, NFV/SDN, and = next-generation ARM-based products are driving increased demand for = better resource sharing and utilization with enough flexibility to = efficiently grow well into the future. What isn=92t likely to change = anytime soon is the diversity of OSes, multi-tenant architectures, = security concerns and storage and network challenges that cloud = providers and enterprises must contend with to run their applications. = Undeniably, abstraction at the VM level is necessary for superior = performance and security in these environments. Despite these impressive and rapid changes, or perhaps because of them, = Xen Project developers are motivated to continually stay ahead of the = market with performance, speed, agility and security improvements. Our = traditional customers also inspire us; organizations such as Alibaba, = Amazon Web Services, IBM Softlayer, Rackspace, Oracle and others are = some of the most savvy and innovative users around. To learn more about the release and for ease of reading, I=92ve grouped = the summary of updates into four major categories: Hypervisor specific Toolstack External users of toolstack Linux, FreeBSD, and other OSes that can utilize the new features. x86 Hypervisor-Specific Updates On the x86 side, development has focused on improving performance on = various fronts: The HPET has been modified to provide faster and better resolution = values. Memory is scrubbed in parallel on bootup, giving a huge time boost for = large-scale machines (1TB or more). PVH initial domain support for Intel has been added and now supports = running as dom0 and FreeBSD with Linux platforms. PVH is an extension to = the classic Xen Project Paravirtualization (PV) that uses the hardware = virtualization extensions available on modern x86 processor servers. = Requiring no additional support other than the hypervisor, PVH boots as = the first guest and takes on the responsibilities of the initial domain = known as dom0. This means Xen Project Hypervisor is able to take = advantage of contemporary hardware features like virtual machine = extensions (VMX) to significantly expedite execution of the initial = domain. Instead of asking the hypervisor to handle certain operations, = the dom0 can execute operations natively without compromising security. = For more background, Virtualization Spectrum is an excellent = introduction to PVH. Lower interrupt latency for PCI passthrough on large-scale machines = (more than 2 sockets). Multiple IO-REQ services for guests, which is a technique to have many = QEMUs assigned for one domain. This allows speed up of guests operation = by having multiple backends (QEMUs) deal with different emulations. We also expanded support for: Soft affinity for vCPUs: Xen has had NUMA- aware scheduling = (http://wiki.xen.org/wiki/Xen_on_NUMA_Machines) since 4.3. In Xen 4.5, = we build on that to make it more general and useful on non-NUMA systems. = In fact, it is now possible for the sysadmin to define an arbitrary set = of physical CPUs on which vCPUs prefer to run on, and Xen will try as = hard as possible to follow this indication. Security improvements =96 guest introspection expansion: VM = introspection using Intel EPT / AMD RVI hardware virtualization = functionality builds on Xen Project Hypervisor Memory Inspection APIs = introduced in 2011. This addresses a number of security issues from = outside the guest OS, without relying on functionality that can be = rendered unreliable by advanced malware. The approach works by auditing = access of sensitive memory areas using HW support in guests with minimal = overhead and allows control software running within a dedicated VM to = allow or deny attempts to access sensitive memory based on policy and = security heuristics. You can find an excellent introduction on the topic = of VM introspection here and a video on Youtube (a recording of this = presentation) explaining the new functionality in Xen 4.5. Serial support for debug purposes. This covers PCIe cards (Oxford ones) = and newer Broadcom ones found on blades. Experimental support for Real-Time Scheduling: a new, multicore-enabled, = real-time scheduler, called RTDS is part of Xen 4.5 as an experimental = feature. Virtualization will soon become the norm rather than the = exception in automotive, avionics, mobile and multimedia, and other = fields where predictability and high-end, real-time support are = critical. Xen wants to play a big role in this, and this new scheduler = will allow for such, which is why we introduced it in 4.5 while still = under development. More information here: Youtube video, Linux = Foundation presentation and related blog. Intel Hypervisor-Specific Updates Broadwell Supervisor Mode Access Prevention. This LWN article has an = excellent explanation of it =96 but a short summary is that it restricts = the kernel from accessing the user-space pages. This feature in Xen also = added alternative assembler support to patch the hypervisor during = run-time (so that we won=92t be running these operations on older = hardware). Haswell Server Cache QoS Monitoring, aka Intel Resource Director = Technology, is a =93new area of architecture extension that seeks to = provide better information and control of applications running on Intel = processors. The feature, =94 =85 documented in the Software Developers=92 = Manual, relates to monitoring application thread LLC usage, to provide a = means of directing such usage and provide more information on the amount = of memory traffic out of the LLC,=94 according to xen-devel. SandyBridge (vAPIC) extensions. Xen 4.3 added support for VT-d Posted = Interrupts, and in Xen 4.5 we added extensions for PVHVM guests to take = advantage of VT-d Posted Interrupts. Instead of using vector callback, = the guest can utilize the vAPIC to lower its VMEXIT overhead, leading to = lower interrupt latency and performance improvements for I/O intensive = workloads in PVHMM guests. AMD Hypervisor-Specific Updates Fixes in the microcode loading. Data Breakpoint Extensions and further MSR masking support for Kabini, = Kaveri and newer. This allows =93.. to specify cpuid masks to help with = cpuid levelling across a pool of hosts,=94 from the xen-command-line = manual. ARM Hypervisor-Specific Updates The ARM ecosystem operates differently than the x86 architecture =96 in = which ARM licensees design new chipsets and features and OEMs = manufacture platforms based on these specifications. OEMs designing = ARM-based platforms determine what they need on the SoC =96 that is the = System On Chip. As such, they can selectively enable or disable certain = functionality that they consider important (or unimportant). ARM = provides the Intellectual Property (IP) and standards from which OEMs = can further specialize and optimize. Therefore the features Xen Project = Hypervisor supports on ARM are not for a specific platform =96 but = rather for functionality SoCs provide. New updates include: Support for up to 1TB for guests. The Generic Interrupt Controller (GIC) v3 is supported in Xen 4.5. v3 is = very important because it introduces support for Message Signaled = Interrupts (MSI), emulation of GICv3 for guests =96 and most importantly = =96 for more than 8 CPUS. Many of the new features are not used by Xen = yet but the driver is on par with v2. Power State Coordination Interface 0.2 (PSCI) is important in embedded = environments where power consumption needs to be kept to the absolute = minimum. It allows us to power down/up CPUS, suspend them, etc. UEFI booting. On ARM64 servers both U-Boot and UEFI can be used to boot = the OS. IOMMU support (SMMUv1). For isolation between guests, ARM platforms can = come with an IOMMU chipset based on the SMMU specification. Super Pages (2MB) support in Xen. Using super pages for the guest = pseudo-physical to physical translation tables significantly improves = overall guest performance. Passthrough =96 the PCI passthrough features did not make it on time, = but doing passthrough of MMIO regions did. In the ARM world, it is quite = common to have no PCIe devices and to only access devices using MMIO = regions. As such this feature allows us to have driver domains be in = charge of network or storage devices. Interrupt latency reduction: By removing maintenance interrupts, we get = rid of an expensive trap into Xen for each interrupt EOI. Please see = Stefano=92s slides. With these new features, the following motherboards are now supported in = Xen Project Hypervisor 4.5: AMD Seattle Broadcom 7445D0 A15 Midway (Calxeda) Vexpress (ARM Ltd.) OMAP5, DRA7 (Texas Instrument) Exynos5250 (Exynos 5 Dual), Odroid-Xu, and Exynos 5420 (Exynos Octa) = (Samsung SoC for Arndale and various smartphones and tablets) SunXI (AllWinner), aka A20/A21, CubieTruck, CubieBoard Mustang (Applied Micro-X-Gene, the ARMv8 SoC) McDivitt aka HP Moonshot cartridge (Applied Micro X-Gene) The Xen Project also maintains this list of ARM boards that work with = Xen Project software. Toolstack Updates Xen Project software is now using a C-based toolstack called xl or = libxl, replacing the obsolete Python toolstack called xend. This more = modern architecture is easier to easier maintain, and users will not be = affected by the move since xm and xl offer feature parity. In fact, the = switch greatly simplifies managing Xen instances as other toolstack, = such as libvirt are C based and less complex. libvirt and XAPI are now = using libxl as well. For more background, check out our new hands-on = tutorial =93XM to XL: A Short, but Necessary, Journey.=94 Additional toolstack changes include: VM Generation ID. This allows Windows 2012 Server and later active = directory domain controllers to be migrated. Remus initial support provides high availability by check pointing = guests states at high frequency. Libxenlight (libxl) JSON infrastructure support. This allows libxenlight = to use JSON to communicate with other toolstacks. Libxenlight to keep track of domain configuration. It now uses the JSON = infrastructure to keep track of domain configuration. The is feature = parity with Xend. Systemd support. This allows one source base to contain the systemd = files, which can be used by various distributions instead of them having = to generate them. vNUMA,while still in progress, is coming along nicely thanks to = sponsorship from . Virtual NUMA allows Xen to expose to the guest the = NUMA topology (either based on the host or made-up) for the guest. On the libvirt side, changes include: PCI/SR-IOV passthrough, including hot{un}plug Migration support Improved concurrency through job support in the libxl driver =96 no more = locking entire driver when modifying a domain Improved domxml-{to,from}-native support, e.g. for converting between xl = config and libvirt domXML and vise-versa PV console support Improved qdisk support Support for =96 allows using = libvirt-managed networks in the libxl driver Support PARAVIRT and ACPI shutdown flags Support PARAVIRT reboot flag Support for domain lifecycle event configuration, e.g. on_crash, = on_reboot, etc A few improvements for ARM Lots of bug fixes QEMU Updates Xen Project 4.5 will ship with QEMU v2.0 and SeaBIOS v1.7.5 with the = following updates: Bigger PCI hole in QEMU via the mmio_hole parameter in guest config. = This allows users to pack more legacy PCI devices for passthrough in an = guest. QEMU is now built for ARM providing backend support for framebuffer = (VNC). OSes The 4.5 release also takes advantage of new features in Linux and = FreeBSD such as PVH support (which is considered experimental) Summary With 43 major new features, 4.5 includes the most updates in our = project=92s history. That=92s not even counting 22 new enablers in = up-streams (Linux and QEMU). The Project is also taking a more holistic, = proactive approach to managing dependencies such as Linux and QEMU, as = well as downstream functionality such as libvirt. In 2015, we plan to = build on this even further up the stack to include OpenStack and other = key projects. For the first time, our Project=92s development process is = robust, active and mature enough to systematically focus on these = strategic growth opportunities. It also reflects enhanced responsiveness = to community feedback; for example, we=92re improving usability and = performing broader testing for specific use cases with new releases. During this development and release we=92ve seen a steady influx of = folks helping, contributing, testing and reporting. As the Release = Manager, I would like to thank everybody and call out major = contributions coming from AMD, Bitdefender, Citrix, Fujitsu, = GlobalLogic, Intel, Linaro, Oracle, SuSE and Cavium, as well as several = individual and academic institutions. The sources are located in the git tree or one can download the tarball: xen: with a recent enough git (>=3D 1.7.8.2) just pull from the proper = tag (RELEASE-4.5.0) from the main repo directly: git clone -b RELEASE-4.5.0 git://xenbits.xen.org/xen.git With an older git version (and/or if that does not work, e.g., = complaining with a message like this: Remote branch RELEASE-4.5.0 not = found in upstream origin, using HEAD instead), do the following: git clone git://xenbits.xen.org/xen.git ; cd xen ; git checkout = RELEASE-4.5.0 tarball: here it is a 4.5.0 and its signature. Release Documentation can be found on our wiki.= --Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252

If we used code-names, the Xen 4.5 release should be called Panda = on Diet! We have 78K new code with 141K deleted. In effect this release = has -63KLOC code than the = previous one.

The net effect of a skinnier Xen = Project Hypervisor code base is increased usability, simplicity and = innovation. This is all by design and one of many steps we=92ll continue = to take to fine-tune our development and release cycle.

For example, we shed the Python toolstack =96 including xend = which we deprecated in 4.3. This comprised the majority of the code = deleted in today=92s release, which is a big boon for developers who now = have less code to maintain and can spend more time on new = features.

And = 4.5 is more feature-rich than any release in Xen Project=92s = history.

Today we are announcing specific = patches in Xen Project Hypervisor 4.5 that span from architecture (x86 = and ARM), platforms (different ARM, AMD or Intel boards), to generic = code. The release also creates new opportunity to incorporate Xen = virtualization into software stacks in markets like embedded computing, = automotive, drones, avionics and more.

Virtualization and open source = are more relevant than ever in today=92s evolving, more software-centric = data center too. New developments with hyper scale-out computing, = Internet of Things, NFV/SDN, and next-generation ARM-based products are = driving increased demand for better resource sharing and utilization = with enough flexibility to efficiently grow well into the future. What = isn=92t likely to change anytime soon is the diversity of OSes, = multi-tenant architectures, security concerns and storage and network = challenges that cloud providers and enterprises must contend with to run = their applications. Undeniably, abstraction at the VM level is necessary = for superior performance and security in these environments.

Despite these impressive and = rapid changes, or perhaps because of them, Xen Project developers are = motivated to continually stay ahead of the market with performance, = speed, agility and security improvements. Our traditional customers also = inspire us; organizations such as Alibaba, Amazon Web Services, IBM = Softlayer, Rackspace, Oracle and others are some of the most savvy and = innovative users around.

To = learn more about the release and for ease of reading, I=92ve grouped the = summary of updates into four major categories:

  • Hypervisor specific

  • Toolstack

  • External users of toolstack

  • Linux, FreeBSD, and other OSes that can = utilize the new features.

x86 Hypervisor-Specific Updates

On the x86 side, development has focused on = improving performance on various fronts:

  • The HPET has = been modified to provide faster and better resolution = values.

  • Memory = is scrubbed in parallel on bootup, giving a huge time boost for = large-scale machines (1TB or more).

  • PVH initial domain support for Intel has been = added and now supports running as dom0 and FreeBSD with Linux platforms. = PVH is an extension to the classic Xen Project Paravirtualization (PV) = that uses the hardware virtualization extensions available on modern x86 = processor servers. Requiring no additional support other than the = hypervisor, PVH boots as the first guest and takes on the = responsibilities of the initial domain known as dom0. This means Xen = Project Hypervisor is able to take advantage of contemporary hardware = features like virtual machine extensions (VMX) to significantly expedite = execution of the initial domain. Instead of asking the hypervisor to = handle certain operations, the dom0 can execute operations natively = without compromising security. For more background, Virtualization = Spectrum is an excellent introduction to PVH.

  • Lower interrupt latency for PCI passthrough on large-scale = machines (more than 2 sockets).

  • Multiple IO-REQ services for guests, which is a technique = to have many QEMUs assigned for one domain. This allows speed up of = guests operation by having multiple backends (QEMUs) deal with different = emulations.

We also expanded support = for:

  • Soft affinity for vCPUs: Xen has had NUMA- = aware scheduling (http://wiki.xen.org/wiki/Xen_on_NUMA_Machines) since 4.3. In = Xen 4.5, we build on that to make it more general and useful on non-NUMA = systems. In fact, it is now possible for the sysadmin to define an = arbitrary set of physical CPUs on which vCPUs prefer to run on, and Xen = will try as hard as possible to follow this indication.

  • Security improvements =96 guest introspection expansion: = VM introspection using Intel EPT / AMD RVI hardware virtualization = functionality builds on Xen Project Hypervisor Memory Inspection APIs = introduced in 2011. This addresses a number of security issues from = outside the guest OS, without relying on functionality that can be = rendered unreliable by advanced malware. The approach works by auditing = access of sensitive memory areas using HW support in guests with minimal = overhead and allows control software running within a dedicated VM to = allow or deny attempts to access sensitive memory based on policy and = security heuristics. You can find an excellent introduction on the topic = of VM introspection here and a video on Youtube (a recording of = this presentation) = explaining the new functionality in Xen 4.5.

  • Serial support for debug purposes. This = covers PCIe cards (Oxford ones) and newer Broadcom ones found on = blades.

  • Experimental support for Real-Time = Scheduling: a new, multicore-enabled, real-time scheduler, called = RTDS is part of Xen 4.5 as an experimental feature. Virtualization will = soon become the norm rather than the exception in automotive, avionics, = mobile and multimedia, and other fields where predictability and = high-end, real-time support are critical. Xen wants to play a big role = in this, and this new scheduler will allow for such, which is why we = introduced it in 4.5 while still under development. More information = here: Youtube video, Linux Foundation presentation and related blog.

Intel = Hypervisor-Specific Updates

  • Broadwell Supervisor Mode Access Prevention. This LWN article has an excellent explanation = of it =96 but a short summary is that it restricts the kernel from = accessing the user-space pages. This feature in Xen also added = alternative assembler support to patch the hypervisor during run-time = (so that we won=92t be running these operations on older = hardware).

  • Haswell Server Cache QoS Monitoring, aka Intel Resource = Director Technology, is a =93new area of architecture extension that = seeks to provide better information and control of applications running = on Intel processors. The feature, =94 =85 documented in the Software = Developers=92 Manual, relates to monitoring application thread LLC = usage, to provide a means of directing such usage and provide more = information on the amount of memory traffic out of the LLC,=94 according = to xen-devel.

  • SandyBridge (vAPIC) extensions.  Xen 4.3 added = support for VT-d Posted Interrupts, and  in Xen 4.5 we added = extensions for PVHVM guests to take advantage of VT-d Posted Interrupts. = Instead of using vector callback, the guest can utilize the vAPIC to = lower its VMEXIT overhead, leading to lower interrupt latency and = performance improvements for I/O intensive workloads in PVHMM = guests.

AMD Hypervisor-Specific Updates

  • Fixes in the microcode loading.

  • Data Breakpoint Extensions and further MSR = masking support for Kabini, Kaveri and newer. This allows =93.. to = specify cpuid masks to help with cpuid levelling across a pool of = hosts,=94 from the xen-command-line manual.

ARM Hypervisor-Specific Updates

The ARM ecosystem operates = differently than the x86 architecture =96 in which ARM licensees design = new chipsets and features and OEMs manufacture platforms based on these = specifications. OEMs designing ARM-based platforms determine what they = need on the SoC =96 that is the System On Chip. As such, they can = selectively enable or disable certain functionality that they consider = important (or unimportant). ARM provides the Intellectual Property (IP) = and standards from which OEMs can further specialize and optimize. = Therefore the features Xen Project Hypervisor supports on ARM are not = for a specific platform =96 but rather for functionality SoCs provide. = New updates include:

  • Support for up to 1TB for guests.

  • The Generic Interrupt Controller = (GIC) v3 is supported in Xen 4.5. v3 is very important because it = introduces support for Message Signaled Interrupts (MSI), emulation of = GICv3 for guests =96 and most importantly =96 for more than 8 CPUS. Many = of the new features are not used by Xen yet but the driver is on par = with v2.

  • Power = State Coordination Interface 0.2 (PSCI) is important in embedded = environments where power consumption needs to be kept to the absolute = minimum. It allows us to power down/up CPUS, suspend them, = etc.

  • UEFI = booting. On ARM64 servers both U-Boot and UEFI can be used to boot the = OS.

  • IOMMU support = (SMMUv1). For isolation between guests, ARM platforms can come with an = IOMMU chipset based on the SMMU specification.

  • Super Pages (2MB) support in Xen. Using super = pages for the guest pseudo-physical to physical translation tables = significantly improves overall guest performance.

  • Passthrough =96 the PCI passthrough features = did not make it on time, but doing passthrough of MMIO regions did. In = the ARM world, it is quite common to have no PCIe devices and to only = access devices using MMIO regions. As such this feature allows us to = have driver domains be in charge of network or storage = devices.

  • Interrupt latency reduction: By removing maintenance = interrupts, we get rid of an expensive trap into Xen for each interrupt = EOI. Please see Stefano=92s slides.

With these new features, = the following = motherboards are now supported in Xen Project Hypervisor = 4.5:

  • AMD Seattle

  • Broadcom 7445D0 A15

  • Midway (Calxeda)

  • Vexpress (ARM Ltd.)

  • OMAP5, DRA7 (Texas Instrument)

  • Exynos5250 (Exynos 5 Dual), = Odroid-Xu, and Exynos 5420 (Exynos Octa) (Samsung SoC for Arndale and = various smartphones and tablets)

  • SunXI (AllWinner), aka A20/A21, CubieTruck, = CubieBoard

  • Mustang (Applied Micro-X-Gene, the ARMv8 SoC)

  • McDivitt aka HP Moonshot cartridge = (Applied Micro X-Gene)

  • The Xen Project also maintains this list of ARM boards = that work with Xen Project software.

Toolstack Updates

Xen Project software is now using = a C-based toolstack called xl or libxl, replacing the obsolete Python = toolstack called xend.  This more modern architecture is easier to = easier maintain, and users will not be affected by the move since xm and = xl offer feature parity. In fact, the switch greatly simplifies managing = Xen instances as other toolstack, such as libvirt are C based and less = complex. libvirt and XAPI are now using libxl as well. For more = background, check out our new hands-on tutorial =93XM to XL: A = Short, but Necessary, Journey.=94

Additional toolstack changes = include:

  • VM Generation ID. This allows Windows 2012 = Server and later active directory domain controllers to be = migrated.

  • Remus initial support provides high = availability by check pointing guests states at high = frequency.

  • Libxenlight (libxl) JSON infrastructure support. This = allows libxenlight to use JSON to communicate with other = toolstacks.

  • Libxenlight to keep track of domain configuration. It now = uses the JSON infrastructure to keep track of domain configuration. The = is feature parity with Xend.

  • Systemd support. This allows one source base to contain = the systemd files, which can be used by various distributions instead of = them having to generate them.

  • vNUMA,while still in progress,  is coming along = nicely thanks to sponsorship from . Virtual NUMA = allows Xen to expose to the guest the NUMA topology (either based on the = host or made-up) for the guest.

On the libvirt side, changes = include:

  • PCI/SR-IOV passthrough, including = hot{un}plug

  • Migration support

  • Improved concurrency through job support in the libxl = driver =96 no more locking entire driver when modifying a = domain

  • Improved domxml-{to,from}-native support, e.g. for = converting between xl config and libvirt domXML and = vise-versa

  • PV = console support

  • Improved qdisk support

  • Support for <interface type=3D=92network=92&= gt; =96 allows using libvirt-managed networks in the libxl = driver

  • Support PARAVIRT and ACPI shutdown flags

  • Support PARAVIRT reboot = flag

  • Support for domain lifecycle event configuration, e.g. = on_crash, on_reboot, etc

  • A few improvements for ARM

  • Lots of bug fixes

QEMU Updates

Xen Project 4.5 will ship = with QEMU = v2.0 and SeaBIOS v1.7.5 with the following updates:

  • Bigger PCI hole in QEMU via the mmio_hole parameter in guest config. This allows users = to pack more legacy PCI devices for passthrough in an guest.

  • QEMU is now built for ARM providing = backend support for framebuffer (VNC).

OSes

The 4.5 release also takes = advantage of new features in Linux and FreeBSD such as PVH support = (which is considered experimental)

Summary

With 43 major new features, 4.5 = includes the most updates in our project=92s history. That=92s not even = counting 22 new enablers in up-streams (Linux and QEMU). The Project is = also taking a more holistic, proactive approach to managing dependencies = such as Linux and QEMU, as well as downstream functionality such as = libvirt. In 2015, we plan to build on this even further up the stack to = include OpenStack and other key projects. For the first time, our = Project=92s development process is robust, active and mature enough to = systematically focus on these strategic growth opportunities. It also = reflects enhanced responsiveness to community feedback; for example, = we=92re improving usability and performing broader testing for specific = use cases with new releases.

During this development and = release we=92ve seen a steady influx of folks helping, contributing, = testing and reporting. As the Release Manager, I would like to thank = everybody and call out major contributions coming from AMD, Bitdefender, = Citrix, Fujitsu, GlobalLogic, Intel, Linaro, Oracle, SuSE and = Cavium, as well as several individual and academic institutions.

The sources are located in the = git tree or one can download the tarball:

  • xen: with a recent enough git (>=3D 1.7.8.2) just pull = from the proper tag (RELEASE-4.5.0) from the main repo = directly:

  • git = clone -b RELEASE-4.5.0 git://xenbits.xen.org/xen.git

  • With an older git version (and/or if that = does not work, e.g., complaining with a message like this: Remote branch = RELEASE-4.5.0 not found in upstream origin, using HEAD instead), do the = following:

  • git = clone git://xenbits.xen.org/xen.git ; cd xen ; = git checkout RELEASE-4.5.0

  • tarball: here it is a 4.5.0 and = its signature.

Release Documentation can be found on our wiki.

= --Apple-Mail=_3828C3CB-3DCE-41B1-90F0-D5C2CDF21D2E-- --===============3732010888943653825== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --===============3732010888943653825==-- From xen-announce-bounces@lists.xen.org Tue Jan 20 18:15:51 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Jan 2015 18:15:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YDdK9-0001aD-LH; Tue, 20 Jan 2015 18:14:45 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YDdK7-0001Zn-Gl; Tue, 20 Jan 2015 18:14:43 +0000 Received: from [85.158.137.68] by server-3.bemta-3.messagelabs.com id 1C/02-16982-21B9EB45; Tue, 20 Jan 2015 18:14:42 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-14.tower-31.messagelabs.com!1421777680!18565327!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 8895 invoked from network); 20 Jan 2015 18:14:41 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-14.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 20 Jan 2015 18:14:41 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YDdJy-0005V4-Nl; Tue, 20 Jan 2015 18:14:34 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YDdJy-00044x-Dz; Tue, 20 Jan 2015 18:14:34 +0000 Date: Tue, 20 Jan 2015 18:14:34 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-8594 / XSA-109 version 4 Insufficient restrictions on certain MMU update hypercalls UPDATES IN VERSION 4 ==================== Impact on applicable affected systems is a privilege escalation, not just a denial of service. (Because a PV guest can map something at 0, and its address space is visible while Xen is running, so a NULL pointer dereference can be made to do more than just crash.) Also add a caveat to the comments in Mitigation about restricted service domain images in radically disaggregated systems. ISSUE DESCRIPTION ================= MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging (HAP). IMPACT ====== Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service or privilege escalation attack which, if successful, can affect the whole system. Only PV domains with privilege over other guests can exploit this vulnerability; and only when those other guests are HVM using HAP, or PVH. The vulnerability is therefore exposed to PV domains providing hardware emulation services to HVM guests. VULNERABLE SYSTEMS ================== Xen 4.0 and onward are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. The vulnerability is only exposed to PV service domains for HVM or PVH guests which have privilege over the guest. In a usual configuration that means only device model emulators (qemu-dm). In the case of HVM guests whose device model is running in an unrestricted dom0 process, qemu-dm already has the ability to cause problems for the whole system. So in that case the vulnerability is not applicable. The situation is more subtle for an HVM guest with a stub qemu-dm. That is, where the device model runs in a separate domain (in the case of xl, as requested by "device_model_stubdomain_override=1" in the xl domain configuration file). The same applies with a qemu-dm in a dom0 process subjected to some kind kernel-based process privilege limitation (eg the chroot technique as found in some versions of XCP/XenServer). In those latter situations this issue means that the extra isolation does not provide as good a defence as intended. That is the essence of this vulnerability. However, the security is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm. Finally, in a radically disaggregated system: where the HVM or PVH service domain software (probably, the device model domain image in the HVM case) is not always supplied by the host administrator, a malicious service domain administrator can exercise this vulnerability. MITIGATION ========== Running only PV guests or HVM guests with shadow paging enabled will avoid this issue. In a radically disaggregated system, restricting HVM service domains to software images approved by the host administrator will avoid the vulnerability (so long as there isn't also a vulnerability in the service domain). CREDITS ======= This issue was discovered by Roger Pau Monné of Citrix and Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa109.patch xen-unstable, Xen 4.4.x, Xen 4.3.x xsa109-4.2.patch Xen 4.2.x $ sha256sum xsa109*.patch 759d1b8cb8c17e53d17ad045ab89c5aaf52cb85fd93eef07e7acbe230365c56d xsa109-4.2.patch 729b87c2b9979fbda47c96e934db6fcfaeb10e07b4cfd66bb1e9f746a908576b xsa109.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUvpr0AAoJEIP+FMlX6CvZt4EIAMcSuRwP8++fs8QxhZ+pPqPk MDyFmZ0NmFu7j7qiPVWeRr66VoXU6oQzWXVKv0Gx3uxJLgmWNK13DKYdJc2xeBuF zUMZJimnCmpf7WTZjS6WHjNB5ei3+u5TGKhcLjH2E3iIsEmzLR6ckFVYeYopGHqu mWLi6nGVO6VkJ1OMGz4WvPCOYXHpZANIc00JhZot8VpULe6VktgnU0Uh/EgkayN/ 1rTAybiNB/b9vboVOWxsDbhbQgXhG9HuD/FFLTZ61zDIaIRAHf2xM/bfH05t1kk7 9r4JHw70dKo37QH1LeRbla0xrCojaUiKWOglIsslmqGAD+qkUOJZ6D+KcEo8Fp0= =F4yJ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa109-4.2.patch" Content-Disposition: attachment; filename="xsa109-4.2.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBhbGxvdyBwYWdlIHRhYmxlIHVwZGF0ZXMgb24gbm9uLVBW IHBhZ2UgdGFibGVzIGluIGRvX21tdV91cGRhdGUoKQoKcGFnaW5nX3dyaXRl X2d1ZXN0X2VudHJ5KCkgYW5kIHBhZ2luZ19jbXB4Y2hnX2d1ZXN0X2VudHJ5 KCkgYXJlbid0CmNvbnNpc3RlbnRseSBzdXBwb3J0ZWQgZm9yIG5vbi1QViBn dWVzdHMgKHRoZXknZCBkZXJlZiBOVUxMIGZvciBQVkggb3IKbm9uLUhBUCBI Vk0gb25lcykuIERvbid0IGFsbG93IHJlc3BlY3RpdmUgTU1VXyogb3BlcmF0 aW9ucyBvbiB0aGUKcGFnZSB0YWJsZXMgb2Ygc3VjaCBkb21haW5zLgoKVGhp cyBpcyBYU0EtMTA5LgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpi ZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogVGltIERlZWdhbiA8dGltQHhl bi5vcmc+CgotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJj aC94ODYvbW0uYwpAQCAtMzgwMCw2ICszODAwLDEwIEBAIGxvbmcgZG9fbW11 X3VwZGF0ZSgKICAgICAgICAgewogICAgICAgICAgICAgcDJtX3R5cGVfdCBw Mm10OwogCisgICAgICAgICAgICByYyA9IC1FT1BOT1RTVVBQOworICAgICAg ICAgICAgaWYgKCB1bmxpa2VseShwYWdpbmdfbW9kZV9yZWZjb3VudHMocHRf b3duZXIpKSApCisgICAgICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAg ICAgIHJjID0geHNtX21tdV9ub3JtYWxfdXBkYXRlKGQsIHB0X293bmVyLCBw Z19vd25lciwgcmVxLnZhbCk7CiAgICAgICAgICAgICBpZiAoIHJjICkKICAg ICAgICAgICAgICAgICBicmVhazsK --=separator Content-Type: application/octet-stream; name="xsa109.patch" Content-Disposition: attachment; filename="xsa109.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBhbGxvdyBwYWdlIHRhYmxlIHVwZGF0ZXMgb24gbm9uLVBW IHBhZ2UgdGFibGVzIGluIGRvX21tdV91cGRhdGUoKQoKcGFnaW5nX3dyaXRl X2d1ZXN0X2VudHJ5KCkgYW5kIHBhZ2luZ19jbXB4Y2hnX2d1ZXN0X2VudHJ5 KCkgYXJlbid0CmNvbnNpc3RlbnRseSBzdXBwb3J0ZWQgZm9yIG5vbi1QViBn dWVzdHMgKHRoZXknZCBkZXJlZiBOVUxMIGZvciBQVkggb3IKbm9uLUhBUCBI Vk0gb25lcykuIERvbid0IGFsbG93IHJlc3BlY3RpdmUgTU1VXyogb3BlcmF0 aW9ucyBvbiB0aGUKcGFnZSB0YWJsZXMgb2Ygc3VjaCBkb21haW5zLgoKVGhp cyBpcyBYU0EtMTA5LgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpi ZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogVGltIERlZWdhbiA8dGltQHhl bi5vcmc+CgotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJj aC94ODYvbW0uYwpAQCAtMzQ5Myw2ICszNDkzLDEwIEBAIGxvbmcgZG9fbW11 X3VwZGF0ZSgKICAgICAgICAgewogICAgICAgICAgICAgcDJtX3R5cGVfdCBw Mm10OwogCisgICAgICAgICAgICByYyA9IC1FT1BOT1RTVVBQOworICAgICAg ICAgICAgaWYgKCB1bmxpa2VseShwYWdpbmdfbW9kZV9yZWZjb3VudHMocHRf b3duZXIpKSApCisgICAgICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAg ICAgIHhzbV9uZWVkZWQgfD0gWFNNX01NVV9OT1JNQUxfVVBEQVRFOwogICAg ICAgICAgICAgaWYgKCBnZXRfcHRlX2ZsYWdzKHJlcS52YWwpICYgX1BBR0Vf UFJFU0VOVCApCiAgICAgICAgICAgICB7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jan 20 18:15:51 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Jan 2015 18:15:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YDdK9-0001aD-LH; Tue, 20 Jan 2015 18:14:45 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YDdK7-0001Zn-Gl; Tue, 20 Jan 2015 18:14:43 +0000 Received: from [85.158.137.68] by server-3.bemta-3.messagelabs.com id 1C/02-16982-21B9EB45; Tue, 20 Jan 2015 18:14:42 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-14.tower-31.messagelabs.com!1421777680!18565327!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 8895 invoked from network); 20 Jan 2015 18:14:41 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-14.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 20 Jan 2015 18:14:41 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YDdJy-0005V4-Nl; Tue, 20 Jan 2015 18:14:34 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YDdJy-00044x-Dz; Tue, 20 Jan 2015 18:14:34 +0000 Date: Tue, 20 Jan 2015 18:14:34 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-8594 / XSA-109 version 4 Insufficient restrictions on certain MMU update hypercalls UPDATES IN VERSION 4 ==================== Impact on applicable affected systems is a privilege escalation, not just a denial of service. (Because a PV guest can map something at 0, and its address space is visible while Xen is running, so a NULL pointer dereference can be made to do more than just crash.) Also add a caveat to the comments in Mitigation about restricted service domain images in radically disaggregated systems. ISSUE DESCRIPTION ================= MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging (HAP). IMPACT ====== Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service or privilege escalation attack which, if successful, can affect the whole system. Only PV domains with privilege over other guests can exploit this vulnerability; and only when those other guests are HVM using HAP, or PVH. The vulnerability is therefore exposed to PV domains providing hardware emulation services to HVM guests. VULNERABLE SYSTEMS ================== Xen 4.0 and onward are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. The vulnerability is only exposed to PV service domains for HVM or PVH guests which have privilege over the guest. In a usual configuration that means only device model emulators (qemu-dm). In the case of HVM guests whose device model is running in an unrestricted dom0 process, qemu-dm already has the ability to cause problems for the whole system. So in that case the vulnerability is not applicable. The situation is more subtle for an HVM guest with a stub qemu-dm. That is, where the device model runs in a separate domain (in the case of xl, as requested by "device_model_stubdomain_override=1" in the xl domain configuration file). The same applies with a qemu-dm in a dom0 process subjected to some kind kernel-based process privilege limitation (eg the chroot technique as found in some versions of XCP/XenServer). In those latter situations this issue means that the extra isolation does not provide as good a defence as intended. That is the essence of this vulnerability. However, the security is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm. Finally, in a radically disaggregated system: where the HVM or PVH service domain software (probably, the device model domain image in the HVM case) is not always supplied by the host administrator, a malicious service domain administrator can exercise this vulnerability. MITIGATION ========== Running only PV guests or HVM guests with shadow paging enabled will avoid this issue. In a radically disaggregated system, restricting HVM service domains to software images approved by the host administrator will avoid the vulnerability (so long as there isn't also a vulnerability in the service domain). CREDITS ======= This issue was discovered by Roger Pau Monné of Citrix and Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa109.patch xen-unstable, Xen 4.4.x, Xen 4.3.x xsa109-4.2.patch Xen 4.2.x $ sha256sum xsa109*.patch 759d1b8cb8c17e53d17ad045ab89c5aaf52cb85fd93eef07e7acbe230365c56d xsa109-4.2.patch 729b87c2b9979fbda47c96e934db6fcfaeb10e07b4cfd66bb1e9f746a908576b xsa109.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUvpr0AAoJEIP+FMlX6CvZt4EIAMcSuRwP8++fs8QxhZ+pPqPk MDyFmZ0NmFu7j7qiPVWeRr66VoXU6oQzWXVKv0Gx3uxJLgmWNK13DKYdJc2xeBuF zUMZJimnCmpf7WTZjS6WHjNB5ei3+u5TGKhcLjH2E3iIsEmzLR6ckFVYeYopGHqu mWLi6nGVO6VkJ1OMGz4WvPCOYXHpZANIc00JhZot8VpULe6VktgnU0Uh/EgkayN/ 1rTAybiNB/b9vboVOWxsDbhbQgXhG9HuD/FFLTZ61zDIaIRAHf2xM/bfH05t1kk7 9r4JHw70dKo37QH1LeRbla0xrCojaUiKWOglIsslmqGAD+qkUOJZ6D+KcEo8Fp0= =F4yJ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa109-4.2.patch" Content-Disposition: attachment; filename="xsa109-4.2.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBhbGxvdyBwYWdlIHRhYmxlIHVwZGF0ZXMgb24gbm9uLVBW IHBhZ2UgdGFibGVzIGluIGRvX21tdV91cGRhdGUoKQoKcGFnaW5nX3dyaXRl X2d1ZXN0X2VudHJ5KCkgYW5kIHBhZ2luZ19jbXB4Y2hnX2d1ZXN0X2VudHJ5 KCkgYXJlbid0CmNvbnNpc3RlbnRseSBzdXBwb3J0ZWQgZm9yIG5vbi1QViBn dWVzdHMgKHRoZXknZCBkZXJlZiBOVUxMIGZvciBQVkggb3IKbm9uLUhBUCBI Vk0gb25lcykuIERvbid0IGFsbG93IHJlc3BlY3RpdmUgTU1VXyogb3BlcmF0 aW9ucyBvbiB0aGUKcGFnZSB0YWJsZXMgb2Ygc3VjaCBkb21haW5zLgoKVGhp cyBpcyBYU0EtMTA5LgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpi ZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogVGltIERlZWdhbiA8dGltQHhl bi5vcmc+CgotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJj aC94ODYvbW0uYwpAQCAtMzgwMCw2ICszODAwLDEwIEBAIGxvbmcgZG9fbW11 X3VwZGF0ZSgKICAgICAgICAgewogICAgICAgICAgICAgcDJtX3R5cGVfdCBw Mm10OwogCisgICAgICAgICAgICByYyA9IC1FT1BOT1RTVVBQOworICAgICAg ICAgICAgaWYgKCB1bmxpa2VseShwYWdpbmdfbW9kZV9yZWZjb3VudHMocHRf b3duZXIpKSApCisgICAgICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAg ICAgIHJjID0geHNtX21tdV9ub3JtYWxfdXBkYXRlKGQsIHB0X293bmVyLCBw Z19vd25lciwgcmVxLnZhbCk7CiAgICAgICAgICAgICBpZiAoIHJjICkKICAg ICAgICAgICAgICAgICBicmVhazsK --=separator Content-Type: application/octet-stream; name="xsa109.patch" Content-Disposition: attachment; filename="xsa109.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBhbGxvdyBwYWdlIHRhYmxlIHVwZGF0ZXMgb24gbm9uLVBW IHBhZ2UgdGFibGVzIGluIGRvX21tdV91cGRhdGUoKQoKcGFnaW5nX3dyaXRl X2d1ZXN0X2VudHJ5KCkgYW5kIHBhZ2luZ19jbXB4Y2hnX2d1ZXN0X2VudHJ5 KCkgYXJlbid0CmNvbnNpc3RlbnRseSBzdXBwb3J0ZWQgZm9yIG5vbi1QViBn dWVzdHMgKHRoZXknZCBkZXJlZiBOVUxMIGZvciBQVkggb3IKbm9uLUhBUCBI Vk0gb25lcykuIERvbid0IGFsbG93IHJlc3BlY3RpdmUgTU1VXyogb3BlcmF0 aW9ucyBvbiB0aGUKcGFnZSB0YWJsZXMgb2Ygc3VjaCBkb21haW5zLgoKVGhp cyBpcyBYU0EtMTA5LgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpi ZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogVGltIERlZWdhbiA8dGltQHhl bi5vcmc+CgotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJj aC94ODYvbW0uYwpAQCAtMzQ5Myw2ICszNDkzLDEwIEBAIGxvbmcgZG9fbW11 X3VwZGF0ZSgKICAgICAgICAgewogICAgICAgICAgICAgcDJtX3R5cGVfdCBw Mm10OwogCisgICAgICAgICAgICByYyA9IC1FT1BOT1RTVVBQOworICAgICAg ICAgICAgaWYgKCB1bmxpa2VseShwYWdpbmdfbW9kZV9yZWZjb3VudHMocHRf b3duZXIpKSApCisgICAgICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAg ICAgIHhzbV9uZWVkZWQgfD0gWFNNX01NVV9OT1JNQUxfVVBEQVRFOwogICAg ICAgICAgICAgaWYgKCBnZXRfcHRlX2ZsYWdzKHJlcS52YWwpICYgX1BBR0Vf UFJFU0VOVCApCiAgICAgICAgICAgICB7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jan 29 11:16:33 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 29 Jan 2015 11:16:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YGn4J-0000Jq-TW; Thu, 29 Jan 2015 11:15:27 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YGn4I-0000JK-5p; Thu, 29 Jan 2015 11:15:26 +0000 Received: from [85.158.137.68] by server-15.bemta-3.messagelabs.com id DA/E9-02884-D461AC45; Thu, 29 Jan 2015 11:15:25 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-31.messagelabs.com!1422530123!23172584!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 20978 invoked from network); 29 Jan 2015 11:15:24 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 29 Jan 2015 11:15:24 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YGn47-0005Mv-Qr; Thu, 29 Jan 2015 11:15:15 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YGn47-0001DT-OP; Thu, 29 Jan 2015 11:15:15 +0000 Date: Thu, 29 Jan 2015 11:15:15 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 118 - arm: vgic: incorrect rate limiting of guest triggered logging X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-118 arm: vgic: incorrect rate limiting of guest triggered logging ISSUE DESCRIPTION ================= On ARM systems the code which deals with virtualising the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen 4.4 and later systems running on ARM hardware are vulnerable. x86 systems are not affected. MITIGATION ========== The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". NOTE REGARDING LACK OF EMBARGO ============================== This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= This issue was discovered by Julien Grall. RESOLUTION ========== Applying the appropriate attached patch(es) resolves this issue. xsa118-unstable-4.5-{1,2}.patch xen-unstable, Xen 4.5.x xsa118-4.4.patch Xen 4.4.x $ sha256sum xsa118*.patch 5741cfe408273bd80e1a03c21a5650f963d7103fd022c688730f55dcf5373433 xsa118-4.4.patch ee24a4c5e12b67d7539f08b644080c87797f31b4402215cd4efbbc6114bffc25 xsa118-4.5-unstable-1.patch bd532e3cd535fcdea51f43631a519012baff068cb62d2205fc25f2c823f031eb xsa118-4.5-unstable-2.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUyhXoAAoJEIP+FMlX6CvZIWsH/2cK4jijgzepEboZAyIl2E8f wWMaF6Jr28YfQz8Zcpwi4GY9BecBjm2ZUuvuHS/yPGBIvriOiZXjMtlchd3FBhjw CTvCasqFX6DYizduAPBcph/vY2LoiYn/i74+M55I6u5g8WL/o7p3Ea3UXKg8ZdgB PdQnLJSi4iqbO6mfdgw3lb5gfVk/DUh0rW87CoOhdPNJrQWlw9zTpfjIvrGzIDXJ jV5eW8mBhfTE8TfuJ2cFgMZgoob709EduJ8wgLqOPMAmn1HCC/MNNtEiZhliw2yD WQePLlXXvwXxNhHP6Ge/698unV4zPDvlCxTYjBOsZWPC1ITVhMHZ1+j3z0mXO0U= =2kMW -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa118-4.4.patch" Content-Disposition: attachment; filename="xsa118-4.4.patch" Content-Transfer-Encoding: base64 RnJvbSAxNzJjZjA0ODliNTA0YjM1YzdjMTY2NmZiN2QwMTUwMDY5NzZjNGU3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBsaW5hcm8ub3JnPgpEYXRlOiBNb24sIDE5IEphbiAy MDE1IDEyOjU5OjQyICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuL2FybTog dmdpYzogbWVzc2FnZSBpbiB0aGUgZW11bGF0aW9uIGNvZGUgc2hvdWxkIGJl CiByYXRlLWxpbWl0ZWQKCnByaW50ayBpcyBub3QgcmF0ZWQtbGltaXRlZCBi eSBkZWZhdWx0LiBUaGVyZWZvcmUgYSBtYWxpY2lvdXMgZ3Vlc3QgbWF5CmJl IGFibGUgdG8gZmxvb2QgdGhlIFhlbiBjb25zb2xlLgoKSWYgd2UgdXNlIGdk cHJpbnRrLCB1bmVjZXNzYXJ5IGluZm9ybWF0aW9uIHdpbGwgYmUgcHJpbnRl ZCBzdWNoIGFzIHRoZQpmaWxlbmFtZSBhbmQgdGhlIGxpbmUuIEluc3RlYWQg dXNlIFhFTkxPR19HX0VSUiBjb21iaW5lIHdpdGggJXB2LgoKU2lnbmVkLW9m Zi1ieTogSnVsaWVuIEdyYWxsIDxqdWxpZW4uZ3JhbGxAbGluYXJvLm9yZz4K LS0tCiB4ZW4vYXJjaC9hcm0vdmdpYy5jIHwgNDAgKysrKysrKysrKysrKysr KysrKysrKystLS0tLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDIz IGluc2VydGlvbnMoKyksIDE3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L3hlbi9hcmNoL2FybS92Z2ljLmMgYi94ZW4vYXJjaC9hcm0vdmdpYy5jCmlu ZGV4IDhkMWI3OWUuLmIyMjYyYzYgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL2Fy bS92Z2ljLmMKKysrIGIveGVuL2FyY2gvYXJtL3ZnaWMuYwpAQCAtMzMyLDcg KzMzMiw3IEBAIHN0YXRpYyBpbnQgdmdpY19kaXN0cl9tbWlvX3JlYWQoc3Ry dWN0IHZjcHUgKnYsIG1taW9faW5mb190ICppbmZvKQogCiAgICAgY2FzZSBH SUNEX0lDUElEUjI6CiAgICAgICAgIGlmICggZGFidC5zaXplICE9IDIgKSBn b3RvIGJhZF93aWR0aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5k bGVkIHJlYWQgZnJvbSBJQ1BJRFIyXG4iKTsKKyAgICAgICAgcHJpbnRrKFhF TkxPR19HX0VSUiAiJXB2OiB2R0lDRDogdW5oYW5kbGVkIHJlYWQgZnJvbSBJ Q1BJRFIyXG4iLCB2KTsKICAgICAgICAgcmV0dXJuIDA7CiAKICAgICAvKiBJ bXBsZW1lbnRhdGlvbiBkZWZpbmVkIC0tIHJlYWQgYXMgemVybyAqLwpAQCAt MzQ5LDE0ICszNDksMTQgQEAgc3RhdGljIGludCB2Z2ljX2Rpc3RyX21taW9f cmVhZChzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAg ICAgIGdvdG8gcmVhZF9hc196ZXJvOwogCiAgICAgZGVmYXVsdDoKLSAgICAg ICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkIHJlYWQgciVkIG9mZnNldCAl IzA4eFxuIiwKLSAgICAgICAgICAgICAgIGRhYnQucmVnLCBvZmZzZXQpOwor ICAgICAgICBwcmludGsoWEVOTE9HX0dfRVJSICIlcHY6IHZHSUNEOiB1bmhh bmRsZWQgcmVhZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICAg ICAgdiwgZGFidC5yZWcsIG9mZnNldCk7CiAgICAgICAgIHJldHVybiAwOwog ICAgIH0KIAogYmFkX3dpZHRoOgotICAgIHByaW50aygidkdJQ0Q6IGJhZCBy ZWFkIHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAg IGRhYnQuc2l6ZSwgZGFidC5yZWcsIG9mZnNldCk7CisgICAgcHJpbnRrKFhF TkxPR19HX0VSUiAiJXB2OiB2R0lDRDogYmFkIHJlYWQgd2lkdGggJWQgciVk IG9mZnNldCAlIzA4eFxuIiwKKyAgICAgICAgICAgdiwgZGFidC5zaXplLCBk YWJ0LnJlZywgb2Zmc2V0KTsKICAgICBkb21haW5fY3Jhc2hfc3luY2hyb25v dXMoKTsKICAgICByZXR1cm4gMDsKIApAQCAtNTIzLDE0ICs1MjMsMTYgQEAg c3RhdGljIGludCB2Z2ljX2Rpc3RyX21taW9fd3JpdGUoc3RydWN0IHZjcHUg KnYsIG1taW9faW5mb190ICppbmZvKQogCiAgICAgY2FzZSBHSUNEX0lTUEVO RFIgLi4uIEdJQ0RfSVNQRU5EUk46CiAgICAgICAgIGlmICggZGFidC5zaXpl ICE9IDAgJiYgZGFidC5zaXplICE9IDIgKSBnb3RvIGJhZF93aWR0aDsKLSAg ICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRlICUjIlBS SXJlZ2lzdGVyIiB0byBJU1BFTkRSJWRcbiIsCi0gICAgICAgICAgICAgICBk YWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBnaWNkX3JlZyAtIEdJ Q0RfSVNQRU5EUik7CisgICAgICAgIHByaW50ayhYRU5MT0dfR19FUlIKKyAg ICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQgJXMgd3JpdGUg JSMiUFJJcmVnaXN0ZXIiIHRvIElTUEVORFIlZFxuIiwKKyAgICAgICAgICAg ICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwgKnIsIGdpY2Rf cmVnIC0gR0lDRF9JU1BFTkRSKTsKICAgICAgICAgcmV0dXJuIDA7CiAKICAg ICBjYXNlIEdJQ0RfSUNQRU5EUiAuLi4gR0lDRF9JQ1BFTkRSTjoKICAgICAg ICAgaWYgKCBkYWJ0LnNpemUgIT0gMCAmJiBkYWJ0LnNpemUgIT0gMiApIGdv dG8gYmFkX3dpZHRoOwotICAgICAgICBwcmludGsoInZHSUNEOiB1bmhhbmRs ZWQgJXMgd3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElDUEVORFIlZFxuIiwK LSAgICAgICAgICAgICAgIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwg KnIsIGdpY2RfcmVnIC0gR0lDRF9JQ1BFTkRSKTsKKyAgICAgICAgcHJpbnRr KFhFTkxPR19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6IHVu aGFuZGxlZCAlcyB3cml0ZSAlIyJQUklyZWdpc3RlciIgdG8gSUNQRU5EUiVk XG4iLAorICAgICAgICAgICAgICAgdiwgZGFidC5zaXplID8gIndvcmQiIDog ImJ5dGUiLCAqciwgZ2ljZF9yZWcgLSBHSUNEX0lDUEVORFIpOwogICAgICAg ICByZXR1cm4gMDsKIAogICAgIGNhc2UgR0lDRF9JU0FDVElWRVIgLi4uIEdJ Q0RfSVNBQ1RJVkVSTjoKQEAgLTYwNiwxNCArNjA4LDE2IEBAIHN0YXRpYyBp bnQgdmdpY19kaXN0cl9tbWlvX3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBtbWlv X2luZm9fdCAqaW5mbykKIAogICAgIGNhc2UgR0lDRF9DUEVORFNHSVIgLi4u IEdJQ0RfQ1BFTkRTR0lSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0g MCAmJiBkYWJ0LnNpemUgIT0gMiApIGdvdG8gYmFkX3dpZHRoOwotICAgICAg ICBwcmludGsoInZHSUNEOiB1bmhhbmRsZWQgJXMgd3JpdGUgJSMiUFJJcmVn aXN0ZXIiIHRvIElDUEVORFNHSVIlZFxuIiwKLSAgICAgICAgICAgICAgIGRh YnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwgKnIsIGdpY2RfcmVnIC0gR0lD RF9DUEVORFNHSVIpOworICAgICAgICBwcmludGsoWEVOTE9HX0dfRVJSCisg ICAgICAgICAgICAgICAiJXB2OiB2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRl ICUjIlBSSXJlZ2lzdGVyIiB0byBJQ1BFTkRTR0lSJWRcbiIsCisgICAgICAg ICAgICAgICB2LCBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBn aWNkX3JlZyAtIEdJQ0RfQ1BFTkRTR0lSKTsKICAgICAgICAgcmV0dXJuIDA7 CiAKICAgICBjYXNlIEdJQ0RfU1BFTkRTR0lSIC4uLiBHSUNEX1NQRU5EU0dJ Uk46CiAgICAgICAgIGlmICggZGFidC5zaXplICE9IDAgJiYgZGFidC5zaXpl ICE9IDIgKSBnb3RvIGJhZF93aWR0aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lD RDogdW5oYW5kbGVkICVzIHdyaXRlICUjIlBSSXJlZ2lzdGVyIiB0byBJU1BF TkRTR0lSJWRcbiIsCi0gICAgICAgICAgICAgICBkYWJ0LnNpemUgPyAid29y ZCIgOiAiYnl0ZSIsICpyLCBnaWNkX3JlZyAtIEdJQ0RfU1BFTkRTR0lSKTsK KyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAgICAg IiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCAlcyB3cml0ZSAlIyJQUklyZWdpc3Rl ciIgdG8gSVNQRU5EU0dJUiVkXG4iLAorICAgICAgICAgICAgICAgdiwgZGFi dC5zaXplID8gIndvcmQiIDogImJ5dGUiLCAqciwgZ2ljZF9yZWcgLSBHSUNE X1NQRU5EU0dJUik7CiAgICAgICAgIHJldHVybiAwOwogCiAgICAgLyogSW1w bGVtZW50YXRpb24gZGVmaW5lZCAtLSB3cml0ZSBpZ25vcmVkICovCkBAIC02 MzgsMTQgKzY0MiwxNiBAQCBzdGF0aWMgaW50IHZnaWNfZGlzdHJfbW1pb193 cml0ZShzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAg ICAgIGdvdG8gd3JpdGVfaWdub3JlOwogCiAgICAgZGVmYXVsdDoKLSAgICAg ICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkIHdyaXRlIHIlZD0lIlBSSXJl Z2lzdGVyIiBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAgICAgICBkYWJ0 LnJlZywgKnIsIG9mZnNldCk7CisgICAgICAgIHByaW50ayhYRU5MT0dfR19F UlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQgd3Jp dGUgciVkPSUiUFJJcmVnaXN0ZXIiIG9mZnNldCAlIzA4eFxuIiwKKyAgICAg ICAgICAgICAgIHYsIGRhYnQucmVnLCAqciwgb2Zmc2V0KTsKICAgICAgICAg cmV0dXJuIDA7CiAgICAgfQogCiBiYWRfd2lkdGg6Ci0gICAgcHJpbnRrKCJ2 R0lDRDogYmFkIHdyaXRlIHdpZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBv ZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAgIGRhYnQuc2l6ZSwgZGFidC5y ZWcsICpyLCBvZmZzZXQpOworICAgIHByaW50ayhYRU5MT0dfR19FUlIKKyAg ICAgICAgICAgIiVwdjogdkdJQ0Q6IGJhZCB3cml0ZSB3aWR0aCAlZCByJWQ9 JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICB2 LCBkYWJ0LnNpemUsIGRhYnQucmVnLCAqciwgb2Zmc2V0KTsKICAgICBkb21h aW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4gMDsKIAotLSAK Mi4xLjQKCg== --=separator Content-Type: application/octet-stream; name="xsa118-4.5-unstable-1.patch" Content-Disposition: attachment; filename="xsa118-4.5-unstable-1.patch" Content-Transfer-Encoding: base64 RnJvbSBlNjk4ZjRhYjA1YTcxMGU0NDYzMzE3ZWE5NzhkNDI2ZDQzMTA3ZTI3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBsaW5hcm8ub3JnPgpEYXRlOiBNb24sIDE5IEphbiAy MDE1IDE0OjAxOjA5ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzJdIHhlbi9h cm06IHZnaWMtdjM6IG1lc3NhZ2UgaW4gdGhlIGVtdWxhdGlvbiBjb2RlIHNo b3VsZCBiZQogcmF0ZS1saW1pdGVkCgpwcmludGsgYnkgZGVmYXVsdCBpcyBu b3QgcmF0ZS1saW1pdGVkIGJ5IGRlZmF1bHQuIFRoZXJlZm9yZSBhIG1hbGlj aW91cyBndWVzdAptYXkgYmUgYWJsZSB0byBmbG9vZCB0aGUgWGVuIGNvbnNv bGUuCgpJZiB3ZSB1c2UgZ2RwcmludGssIHVubmVjZXNzYXJ5IGluZm9ybWF0 aW9uIHdpbGwgYmUgcHJpbnRlZCBzdWNoIGFzIHRoZQpmaWxlbmFtZSBhbmQg dGhlIGxpbmUuIEluc3RlYWQgdXNlIFhFTkxPR19HX3tFUlIsREVCVUd9IGNv bWJpbmUgd2l0aCAlcHYuCgpBbHNvIHJlbW92ZSB0aGUgdkdJQ3YzIHByZWZp eCB3aGljaCBpcyBub3QgbmVjY2Vzc2FyeSBhbmQgdXBkYXRlIHNvbWUKbWVz c2FnZSB3aGljaCB3ZXJlIHdyb25nLgoKU2lnbmVkLW9mZi1ieTogSnVsaWVu IEdyYWxsIDxqdWxpZW4uZ3JhbGxAbGluYXJvLm9yZz4KLS0tCiB4ZW4vYXJj aC9hcm0vdmdpYy12My5jIHwgMTA5ICsrKysrKysrKysrKysrKysrKysrKysr KysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCA2 MSBpbnNlcnRpb25zKCspLCA0OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQg YS94ZW4vYXJjaC9hcm0vdmdpYy12My5jIGIveGVuL2FyY2gvYXJtL3ZnaWMt djMuYwppbmRleCBhZTQ0ODJjLi5iZWNlMTg5IDEwMDY0NAotLS0gYS94ZW4v YXJjaC9hcm0vdmdpYy12My5jCisrKyBiL3hlbi9hcmNoL2FybS92Z2ljLXYz LmMKQEAgLTE2OCwxMyArMTY4LDE0IEBAIHN0YXRpYyBpbnQgX192Z2ljX3Yz X3JkaXN0cl9yZF9tbWlvX3JlYWQoc3RydWN0IHZjcHUgKnYsIG1taW9faW5m b190ICppbmZvLAogICAgICAgICAvKiBSZXNlcnZlZDAgKi8KICAgICAgICAg Z290byByZWFkX2FzX3plcm87CiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJp bnRrKCJ2R0lDdjM6IHZHSUNSOiByZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiBu b3QgZm91bmQiLAotICAgICAgICAgICAgICAgZGFidC5yZWcsIGdpY3JfcmVn KTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAg ICAgIiVwdjogdkdJQ1I6IHJlYWQgciVkIG9mZnNldCAlIzA4eFxuIG5vdCBm b3VuZCIsCisgICAgICAgICAgICAgICB2LCBkYWJ0LnJlZywgZ2ljcl9yZWcp OwogICAgICAgICByZXR1cm4gMDsKICAgICB9CiBiYWRfd2lkdGg6Ci0gICAg cHJpbnRrKCJ2R0lDdjM6IHZHSUNSOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQg b2Zmc2V0ICUjMDh4XG4iLAotICAgICAgICAgICBkYWJ0LnNpemUsIGRhYnQu cmVnLCBnaWNyX3JlZyk7CisgICAgcHJpbnRrKFhFTkxPR19HX0VSUiAiJXB2 IHZHSUNSOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4i LAorICAgICAgICAgICB2LCBkYWJ0LnNpemUsIGRhYnQucmVnLCBnaWNyX3Jl Zyk7CiAgICAgZG9tYWluX2NyYXNoX3N5bmNocm9ub3VzKCk7CiAgICAgcmV0 dXJuIDA7CiAKQEAgLTI0NCwxMiArMjQ1LDE0IEBAIHN0YXRpYyBpbnQgX192 Z2ljX3YzX3JkaXN0cl9yZF9tbWlvX3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBt bWlvX2luZm9fdCAqaW5mbywKICAgICAgICAgLyogUk8gKi8KICAgICAgICAg Z290byB3cml0ZV9pZ25vcmU7CiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJp bnRrKCJ2R0lDUjogd3JpdGUgciVkIG9mZnNldCAlIzA4eFxuIG5vdCBmb3Vu ZCIsIGRhYnQucmVnLCBnaWNyX3JlZyk7CisgICAgICAgIHByaW50ayhYRU5M T0dfR19FUlIgIiVwdjogdkdJQ1I6IHdyaXRlIHIlZCBvZmZzZXQgJSMwOHhc biBub3QgZm91bmQiLAorICAgICAgICAgICAgICAgdiwgZGFidC5yZWcsIGdp Y3JfcmVnKTsKICAgICAgICAgcmV0dXJuIDA7CiAgICAgfQogYmFkX3dpZHRo OgotICAgIHByaW50aygidkdJQ1I6IGJhZCB3cml0ZSB3aWR0aCAlZCByJWQ9 JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4iLAotICAgICAgICAgICBk YWJ0LnNpemUsIGRhYnQucmVnLCAqciwgZ2ljcl9yZWcpOworICAgIHByaW50 ayhYRU5MT0dfR19FUlIKKyAgICAgICAgICAiJXB2OiB2R0lDUjogYmFkIHdy aXRlIHdpZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMwOHhc biIsCisgICAgICAgICAgdiwgZGFidC5zaXplLCBkYWJ0LnJlZywgKnIsIGdp Y3JfcmVnKTsKICAgICBkb21haW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAg ICByZXR1cm4gMDsKIApAQCAtMzQ1LDE1ICszNDgsMTYgQEAgc3RhdGljIGlu dCBfX3ZnaWNfdjNfZGlzdHJfY29tbW9uX21taW9fcmVhZChzdHJ1Y3QgdmNw dSAqdiwgbW1pb19pbmZvX3QgKmluZm8sCiAgICAgICAgIHZnaWNfdW5sb2Nr X3JhbmsodiwgcmFuaywgZmxhZ3MpOwogICAgICAgICByZXR1cm4gMTsKICAg ICBkZWZhdWx0OgotICAgICAgICBwcmludGsoInZHSUN2MzogdkdJQ0QvdkdJ Q1I6IHVuaGFuZGxlZCByZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAg ICAgICAgICAgICBkYWJ0LnJlZywgcmVnKTsKKyAgICAgICAgcHJpbnRrKFhF TkxPR19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0QvdkdJQ1I6 IHVuaGFuZGxlZCByZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAg ICAgICAgICB2LCBkYWJ0LnJlZywgcmVnKTsKICAgICAgICAgcmV0dXJuIDA7 CiAgICAgfQogCiBiYWRfd2lkdGg6Ci0gICAgZHByaW50ayhYRU5MT0dfRVJS LAotICAgICAgICAgICAgInZHSUN2MzogdkdJQ0QvdkdJQ1I6IGJhZCByZWFk IHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAgICBk YWJ0LnNpemUsIGRhYnQucmVnLCByZWcpOworICAgIHByaW50ayhYRU5MT0df R19FUlIKKyAgICAgICAgICAgIiVwdjogdkdJQ0QvdkdJQ1I6IGJhZCByZWFk IHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAgIHYs IGRhYnQuc2l6ZSwgZGFidC5yZWcsIHJlZyk7CiAgICAgZG9tYWluX2NyYXNo X3N5bmNocm9ub3VzKCk7CiAgICAgcmV0dXJuIDA7CiAKQEAgLTQ1OCwxNSAr NDYyLDE2IEBAIHN0YXRpYyBpbnQgX192Z2ljX3YzX2Rpc3RyX2NvbW1vbl9t bWlvX3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2luZm9fdCAqaW5mbywK ICAgICAgICAgdmdpY191bmxvY2tfcmFuayh2LCByYW5rLCBmbGFncyk7CiAg ICAgICAgIHJldHVybiAxOwogICAgIGRlZmF1bHQ6Ci0gICAgICAgIHByaW50 aygidkdJQ3YzOiB2R0lDRC92R0lDUjogdW5oYW5kbGVkIHdyaXRlIHIlZCAi Ci0gICAgICAgICAgICAgICAiPSUiUFJJcmVnaXN0ZXIiIG9mZnNldCAlIzA4 eFxuIiwgZGFidC5yZWcsICpyLCByZWcpOworICAgICAgICBwcmludGsoWEVO TE9HX0dfRVJSCisgICAgICAgICAgICAgICAiJXB2OiB2R0lDRC92R0lDUjog dW5oYW5kbGVkIHdyaXRlIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMw OHhcbiIsCisgICAgICAgICAgICAgICB2LCBkYWJ0LnJlZywgKnIsIHJlZyk7 CiAgICAgICAgIHJldHVybiAwOwogICAgIH0KIAogYmFkX3dpZHRoOgotICAg IGRwcmludGsoWEVOTE9HX0VSUiwKLSAgICAgICAgICAgICJ2R0lDdjM6IHZH SUNEL3ZHSUNSOiBiYWQgd3JpdGUgd2lkdGggJWQgciVkPSUiUFJJcmVnaXN0 ZXIiICIKLSAgICAgICAgICAgICJvZmZzZXQgJSMwOHhcbiIsIGRhYnQuc2l6 ZSwgZGFidC5yZWcsICpyLCByZWcpOworICAgIHByaW50ayhYRU5MT0dfR19F UlIKKyAgICAgICAgICAgIiVwdjogdkdJQ0QvdkdJQ1I6IGJhZCB3cml0ZSB3 aWR0aCAlZCByJWQ9JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4iLAor ICAgICAgICAgICB2LCBkYWJ0LnNpemUsIGRhYnQucmVnLCAqciwgcmVnKTsK ICAgICBkb21haW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4g MDsKIApAQCAtNTIxLDEzICs1MjYsMTQgQEAgc3RhdGljIGludCB2Z2ljX3Yz X3JkaXN0cl9zZ2lfbW1pb19yZWFkKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2lu Zm9fdCAqaW5mbywKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0gREFCVF9X T1JEICkgZ290byBiYWRfd2lkdGg7CiAgICAgICAgIHJldHVybiAxOwogICAg IGRlZmF1bHQ6Ci0gICAgICAgIHByaW50aygidkdJQ3YzOiB2R0lDUjogcmVh ZCByJWQgb2Zmc2V0ICUjMDh4XG4gbm90IGZvdW5kIiwKLSAgICAgICAgICAg ICAgIGRhYnQucmVnLCBnaWNyX3JlZyk7CisgICAgICAgIHByaW50ayhYRU5M T0dfR19FUlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNSOiBTR0k6IHJl YWQgciVkIG9mZnNldCAlIzA4eFxuIG5vdCBmb3VuZCIsCisgICAgICAgICAg ICAgICB2LCBkYWJ0LnJlZywgZ2ljcl9yZWcpOwogICAgICAgICByZXR1cm4g MDsKICAgICB9CiBiYWRfd2lkdGg6Ci0gICAgcHJpbnRrKCJ2R0lDdjM6IHZH SUNSOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAot ICAgICAgICAgICBkYWJ0LnNpemUsIGRhYnQucmVnLCBnaWNyX3JlZyk7Cisg ICAgcHJpbnRrKFhFTkxPR19HX0VSUiAiJXB2OiB2R0lDUjogU0dJOiBiYWQg cmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAg ICB2LCBkYWJ0LnNpemUsIGRhYnQucmVnLCBnaWNyX3JlZyk7CiAgICAgZG9t YWluX2NyYXNoX3N5bmNocm9ub3VzKCk7CiAgICAgcmV0dXJuIDA7CiAKQEAg LTU4NSwxNCArNTkxLDE2IEBAIHN0YXRpYyBpbnQgdmdpY192M19yZGlzdHJf c2dpX21taW9fd3JpdGUoc3RydWN0IHZjcHUgKnYsIG1taW9faW5mb190ICpp bmZvLAogICAgICAgICAvKiBXZSBkbyBub3QgaW1wbGVtZW50IHNlY3VyaXR5 IGV4dGVuc2lvbnMgZm9yIGd1ZXN0cywgd3JpdGUgaWdub3JlICovCiAgICAg ICAgIGdvdG8gd3JpdGVfaWdub3JlOwogICAgIGRlZmF1bHQ6Ci0gICAgICAg IHByaW50aygidkdJQ3YzOiB2R0lDUiBTR0k6IHdyaXRlIHIlZCBvZmZzZXQg JSMwOHhcbiBub3QgZm91bmQiLAotICAgICAgICAgICAgICAgZGFidC5yZWcs IGdpY3JfcmVnKTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAg ICAgICAgICAgICAgIiVwdjogdkdJQ1I6IFNHSTogd3JpdGUgciVkIG9mZnNl dCAlIzA4eFxuIG5vdCBmb3VuZCIsCisgICAgICAgICAgICAgICB2LCBkYWJ0 LnJlZywgZ2ljcl9yZWcpOwogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAK IGJhZF93aWR0aDoKLSAgICBwcmludGsoInZHSUNSIFNHSTogYmFkIHdyaXRl IHdpZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMwOHhcbiIs Ci0gICAgICAgICAgIGRhYnQuc2l6ZSwgZGFidC5yZWcsICpyLCBnaWNyX3Jl Zyk7CisgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAiJXB2 OiB2R0lDUjogU0dJOiBiYWQgd3JpdGUgd2lkdGggJWQgciVkPSUiUFJJcmVn aXN0ZXIiIG9mZnNldCAlIzA4eFxuIiwKKyAgICAgICAgICAgdiwgZGFidC5z aXplLCBkYWJ0LnJlZywgKnIsIGdpY3JfcmVnKTsKICAgICBkb21haW5fY3Jh c2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4gMDsKIApAQCAtNjE4LDkg KzYyNiw5IEBAIHN0YXRpYyBpbnQgdmdpY192M19yZGlzdHJfbW1pb19yZWFk KHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2luZm9fdCAqaW5mbykKICAgICBlbHNl ICBpZiAoIChvZmZzZXQgPj0gU1pfNjRLKSAmJiAob2Zmc2V0IDwgMiAqIFNa XzY0SykgKQogICAgICAgICByZXR1cm4gdmdpY192M19yZGlzdHJfc2dpX21t aW9fcmVhZCh2LCBpbmZvLCAob2Zmc2V0IC0gU1pfNjRLKSk7CiAgICAgZWxz ZQotICAgICAgICBnZHByaW50ayhYRU5MT0dfV0FSTklORywKLSAgICAgICAg ICAgICAgICAgInZHSUN2MzogdkdJQ1I6IHVua25vd24gZ3BhIHJlYWQgYWRk cmVzcyAlIlBSSXBhZGRyIlxuIiwKLSAgICAgICAgICAgICAgICAgaW5mby0+ Z3BhKTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX1dBUk5JTkcKKyAgICAg ICAgICAgICAgICIlcHY6IHZHSUNSOiB1bmtub3duIGdwYSByZWFkIGFkZHJl c3MgJSJQUklwYWRkciJcbiIsCisgICAgICAgICAgICAgICAgdiwgaW5mby0+ Z3BhKTsKIAogICAgIHJldHVybiAwOwogfQpAQCAtNjQyLDkgKzY1MCw5IEBA IHN0YXRpYyBpbnQgdmdpY192M19yZGlzdHJfbW1pb193cml0ZShzdHJ1Y3Qg dmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgZWxzZSAgaWYgKCAo b2Zmc2V0ID49IFNaXzY0SykgJiYgKG9mZnNldCA8IDIgKiBTWl82NEspICkK ICAgICAgICAgcmV0dXJuIHZnaWNfdjNfcmRpc3RyX3NnaV9tbWlvX3dyaXRl KHYsIGluZm8sIChvZmZzZXQgLSBTWl82NEspKTsKICAgICBlbHNlCi0gICAg ICAgIGdkcHJpbnRrKFhFTkxPR19XQVJOSU5HLAotICAgICAgICAgICAgICAg ICAidkdJQ1YzOiB2R0lDUjogdW5rbm93biBncGEgd3JpdGUgYWRkcmVzcyAl IlBSSXBhZGRyIlxuIiwKLSAgICAgICAgICAgICAgICAgaW5mby0+Z3BhKTsK KyAgICAgICAgcHJpbnRrKFhFTkxPR19HX1dBUk5JTkcKKyAgICAgICAgICAg ICAgICIlcHY6IHZHSUNSOiB1bmtub3duIGdwYSB3cml0ZSBhZGRyZXNzICUi UFJJcGFkZHIiXG4iLAorICAgICAgICAgICAgICAgdiwgaW5mby0+Z3BhKTsK IAogICAgIHJldHVybiAwOwogfQpAQCAtNzcwLDE4ICs3NzgsMTkgQEAgc3Rh dGljIGludCB2Z2ljX3YzX2Rpc3RyX21taW9fcmVhZChzdHJ1Y3QgdmNwdSAq diwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgY2FzZSAweGYzMCAuLi4gMHg1 ZmNjOgogICAgIGNhc2UgMHg4MDAwIC4uLiAweGJmY2M6CiAgICAgICAgIC8q IFRoZXNlIGFyZSByZXNlcnZlZCByZWdpc3RlciBhZGRyZXNzZXMgKi8KLSAg ICAgICAgcHJpbnRrKCJ2R0lDdjM6IHZHSUNEOiByZWFkIHVua25vd24gMHgw MGMgLi4gMHhmY2MgciVkIG9mZnNldCAlIzA4eFxuIiwKLSAgICAgICAgICAg ICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgICAgIHByaW50ayhYRU5M T0dfR19ERUJVRworICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6IFJBWiBv biByZXNlcnZlZCByZWdpc3RlciBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAg ICAgICAgICB2LCBnaWNkX3JlZyk7CiAgICAgICAgIGdvdG8gcmVhZF9hc196 ZXJvOwogICAgIGRlZmF1bHQ6Ci0gICAgICAgIHByaW50aygidkdJQ3YzOiB2 R0lDRDogdW5oYW5kbGVkIHJlYWQgciVkIG9mZnNldCAlIzA4eFxuIiwKLSAg ICAgICAgICAgICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgICAgIHBy aW50ayhYRU5MT0dfR19FUlIgIiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCByZWFk IHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAgICAgICB2LCBkYWJ0 LnJlZywgZ2ljZF9yZWcpOwogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAK IGJhZF93aWR0aDoKLSAgICBkcHJpbnRrKFhFTkxPR19FUlIsICJ2R0lDdjM6 IHZHSUNEOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4i LAotICAgICAgICAgICAgZGFidC5zaXplLCBkYWJ0LnJlZywgZ2ljZF9yZWcp OworICAgIHByaW50ayhYRU5MT0dfR19FUlIgIiVwdjogdkdJQ0Q6IGJhZCBy ZWFkIHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAg IHYsIGRhYnQuc2l6ZSwgZGFidC5yZWcsIGdpY2RfcmVnKTsKICAgICBkb21h aW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4gMDsKIApAQCAt ODQwLDggKzg0OSw5IEBAIHN0YXRpYyBpbnQgdmdpY192M19kaXN0cl9tbWlv X3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2luZm9fdCAqaW5mbykKICAg ICBjYXNlIDB4MDIwIC4uLiAweDAzYzoKICAgICBjYXNlIDB4YzAwMCAuLi4g MHhmZmNjOgogICAgICAgICAvKiBJbXBsZW1lbnRhdGlvbiBkZWZpbmVkIC0t IHdyaXRlIGlnbm9yZWQgKi8KLSAgICAgICAgcHJpbnRrKCJ2R0lDdjM6IHZH SUNEOiB3cml0ZSB1bmtub3duIDB4MDIwIC0gMHgwM2MgciVkIG9mZnNldCAl IzA4eFxuIiwKLSAgICAgICAgICAgICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7 CisgICAgICAgIHByaW50ayhYRU5MT0dfR19ERUJVRworICAgICAgICAgICAg ICAgIiVwdjogdkdJQ0Q6IFdJIG9uIGltcGxlbWVudGF0aW9uIGRlZmluZWQg cmVnaXN0ZXIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICAgICAgdiwg Z2ljZF9yZWcpOwogICAgICAgICBnb3RvIHdyaXRlX2lnbm9yZTsKICAgICBj YXNlIEdJQ0RfSUdST1VQUiAuLi4gR0lDRF9JR1JPVVBSTjoKICAgICBjYXNl IEdJQ0RfSVNFTkFCTEVSIC4uLiBHSUNEX0lTRU5BQkxFUk46CkBAIC04ODUs OCArODk1LDkgQEAgc3RhdGljIGludCB2Z2ljX3YzX2Rpc3RyX21taW9fd3Jp dGUoc3RydWN0IHZjcHUgKnYsIG1taW9faW5mb190ICppbmZvKQogICAgICAg ICAgICAgbmV3X3RhcmdldCA9IG5ld19pcm91dGVyICYgTVBJRFJfQUZGMF9N QVNLOwogICAgICAgICAgICAgaWYgKCBuZXdfdGFyZ2V0ID49IHYtPmRvbWFp bi0+bWF4X3ZjcHVzICkKICAgICAgICAgICAgIHsKLSAgICAgICAgICAgICAg ICBwcmludGsoInZHSUN2MzogdkdJQ0Q6IHdyb25nIGlyb3V0ZXIgYXQgb2Zm c2V0ICUjMDh4XG4gdmFsIDB4JWx4IHZjcHUgJXgiLAotICAgICAgICAgICAg ICAgICAgICAgICBnaWNkX3JlZywgbmV3X3RhcmdldCwgdi0+ZG9tYWluLT5t YXhfdmNwdXMpOworICAgICAgICAgICAgICAgIHByaW50ayhYRU5MT0dfR19E RUJVRworICAgICAgICAgICAgICAgICAgICAgICAiJXB2OiB2R0lDRDogd3Jv bmcgaXJvdXRlciBhdCBvZmZzZXQgJSMwOHhcbiB2YWwgMHglbHggdmNwdSAl eCIsCisgICAgICAgICAgICAgICAgICAgICAgIHYsIGdpY2RfcmVnLCBuZXdf dGFyZ2V0LCB2LT5kb21haW4tPm1heF92Y3B1cyk7CiAgICAgICAgICAgICAg ICAgdmdpY191bmxvY2tfcmFuayh2LCByYW5rLCBmbGFncyk7CiAgICAgICAg ICAgICAgICAgcmV0dXJuIDA7CiAgICAgICAgICAgICB9CkBAIC05MjYsMTkg KzkzNywyMSBAQCBzdGF0aWMgaW50IHZnaWNfdjNfZGlzdHJfbW1pb193cml0 ZShzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgY2Fz ZSAweGYzMCAuLi4gMHg1ZmNjOgogICAgIGNhc2UgMHg4MDAwIC4uLiAweGJm Y2M6CiAgICAgICAgIC8qIFJlc2VydmVkIHJlZ2lzdGVyIGFkZHJlc3NlcyAq LwotICAgICAgICBwcmludGsoInZHSUN2MzogdkdJQ0Q6IHdyaXRlIHVua25v d24gMHgwMGMgMHhmY2MgIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAg ICAgICAgICAgZGFidC5yZWcsIGdpY2RfcmVnKTsKKyAgICAgICAgcHJpbnRr KFhFTkxPR19HX0RFQlVHCisgICAgICAgICAgICAgICAiJXB2OiB2R0lDRDog d3JpdGUgdW5rbm93biAweDAwYyAweGZjYyAgciVkIG9mZnNldCAlIzA4eFxu IiwKKyAgICAgICAgICAgICAgIHYsIGRhYnQucmVnLCBnaWNkX3JlZyk7CiAg ICAgICAgIGdvdG8gd3JpdGVfaWdub3JlOwogICAgIGRlZmF1bHQ6Ci0gICAg ICAgIHByaW50aygidkdJQ3YzOiB2R0lDRDogdW5oYW5kbGVkIHdyaXRlIHIl ZD0lIlBSSXJlZ2lzdGVyIiAiCi0gICAgICAgICAgICAgICAib2Zmc2V0ICUj MDh4XG4iLCBkYWJ0LnJlZywgKnIsIGdpY2RfcmVnKTsKKyAgICAgICAgcHJp bnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6 IHVuaGFuZGxlZCB3cml0ZSByJWQ9JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUj MDh4XG4iLAorICAgICAgICAgICAgICAgdiwgZGFidC5yZWcsICpyLCBnaWNk X3JlZyk7CiAgICAgICAgIHJldHVybiAwOwogICAgIH0KIAogYmFkX3dpZHRo OgotICAgIGRwcmludGsoWEVOTE9HX0VSUiwKLSAgICAgICAgICAgICJWR0lD djM6IHZHSUNEOiBiYWQgd3JpdGUgd2lkdGggJWQgciVkPSUiUFJJcmVnaXN0 ZXIiICIKLSAgICAgICAgICAgICJvZmZzZXQgJSMwOHhcbiIsIGRhYnQuc2l6 ZSwgZGFidC5yZWcsICpyLCBnaWNkX3JlZyk7CisgICAgcHJpbnRrKFhFTkxP R19HX0VSUgorICAgICAgICAgICAiJXB2OiB2R0lDRDogYmFkIHdyaXRlIHdp ZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMwOHhcbiIsCisg ICAgICAgICAgIHYsIGRhYnQuc2l6ZSwgZGFidC5yZWcsICpyLCBnaWNkX3Jl Zyk7CiAgICAgZG9tYWluX2NyYXNoX3N5bmNocm9ub3VzKCk7CiAgICAgcmV0 dXJuIDA7CiAKLS0gCjIuMS40Cgo= --=separator Content-Type: application/octet-stream; name="xsa118-4.5-unstable-2.patch" Content-Disposition: attachment; filename="xsa118-4.5-unstable-2.patch" Content-Transfer-Encoding: base64 RnJvbSBlOGZhNDY5NTk1ZTI5YjJkYmU2ZGRlM2E3N2VlMmVhMmQ5ZTkzMjgz IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBsaW5hcm8ub3JnPgpEYXRlOiBNb24sIDE5IEphbiAy MDE1IDEyOjU5OjQyICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzJdIHhlbi9h cm06IHZnaWMtdjI6IG1lc3NhZ2UgaW4gdGhlIGVtdWxhdGlvbiBjb2RlIHNo b3VsZCBiZQogcmF0ZS1saW1pdGVkCgpwcmludGsgaXMgbm90IHJhdGVkLWxp bWl0ZWQgYnkgZGVmYXVsdC4gVGhlcmVmb3JlIGEgbWFsaWNpb3VzIGd1ZXN0 IG1heQpiZSBhYmxlIHRvIGZsb29kIHRoZSBYZW4gY29uc29sZS4KCklmIHdl IHVzZSBnZHByaW50aywgdW5lY2Vzc2FyeSBpbmZvcm1hdGlvbiB3aWxsIGJl IHByaW50ZWQgc3VjaCBhcyB0aGUKZmlsZW5hbWUgYW5kIHRoZSBsaW5lLiBJ bnN0ZWFkIHVzZSBYRU5MT0dfR19FUlIgY29tYmluZSB3aXRoICVwdi4KClNp Z25lZC1vZmYtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGxpbmFy by5vcmc+Ci0tLQogeGVuL2FyY2gvYXJtL3ZnaWMtdjIuYyB8IDQwICsrKysr KysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0tLS0tLS0KIDEgZmlsZSBj aGFuZ2VkLCAyMyBpbnNlcnRpb25zKCspLCAxNyBkZWxldGlvbnMoLSkKCmRp ZmYgLS1naXQgYS94ZW4vYXJjaC9hcm0vdmdpYy12Mi5jIGIveGVuL2FyY2gv YXJtL3ZnaWMtdjIuYwppbmRleCA5ZGM5YTIwLi4zYjg3ZjU0IDEwMDY0NAot LS0gYS94ZW4vYXJjaC9hcm0vdmdpYy12Mi5jCisrKyBiL3hlbi9hcmNoL2Fy bS92Z2ljLXYyLmMKQEAgLTE5OCw3ICsxOTgsNyBAQCBzdGF0aWMgaW50IHZn aWNfdjJfZGlzdHJfbW1pb19yZWFkKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2lu Zm9fdCAqaW5mbykKIAogICAgIGNhc2UgR0lDRF9JQ1BJRFIyOgogICAgICAg ICBpZiAoIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBnb3RvIGJhZF93aWR0 aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkIHJlYWQgZnJv bSBJQ1BJRFIyXG4iKTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUiAi JXB2OiB2R0lDRDogdW5oYW5kbGVkIHJlYWQgZnJvbSBJQ1BJRFIyXG4iLCB2 KTsKICAgICAgICAgcmV0dXJuIDA7CiAKICAgICAvKiBJbXBsZW1lbnRhdGlv biBkZWZpbmVkIC0tIHJlYWQgYXMgemVybyAqLwpAQCAtMjE1LDE0ICsyMTUs MTQgQEAgc3RhdGljIGludCB2Z2ljX3YyX2Rpc3RyX21taW9fcmVhZChzdHJ1 Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgICAgIGdvdG8g cmVhZF9hc196ZXJvOwogCiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJpbnRr KCJ2R0lDRDogdW5oYW5kbGVkIHJlYWQgciVkIG9mZnNldCAlIzA4eFxuIiwK LSAgICAgICAgICAgICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgICAg IHByaW50ayhYRU5MT0dfR19FUlIgIiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCBy ZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAgICAgICB2LCBk YWJ0LnJlZywgZ2ljZF9yZWcpOwogICAgICAgICByZXR1cm4gMDsKICAgICB9 CiAKIGJhZF93aWR0aDoKLSAgICBwcmludGsoInZHSUNEOiBiYWQgcmVhZCB3 aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAotICAgICAgICAgICBkYWJ0 LnNpemUsIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgcHJpbnRrKFhFTkxP R19HX0VSUiAiJXB2OiB2R0lDRDogYmFkIHJlYWQgd2lkdGggJWQgciVkIG9m ZnNldCAlIzA4eFxuIiwKKyAgICAgICAgICAgdiwgZGFidC5zaXplLCBkYWJ0 LnJlZywgZ2ljZF9yZWcpOwogICAgIGRvbWFpbl9jcmFzaF9zeW5jaHJvbm91 cygpOwogICAgIHJldHVybiAwOwogCkBAIC0zMzEsMTQgKzMzMSwxNiBAQCBz dGF0aWMgaW50IHZnaWNfdjJfZGlzdHJfbW1pb193cml0ZShzdHJ1Y3QgdmNw dSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAKICAgICBjYXNlIEdJQ0RfSVNQ RU5EUiAuLi4gR0lDRF9JU1BFTkRSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNp emUgIT0gREFCVF9CWVRFICYmIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBn b3RvIGJhZF93aWR0aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5k bGVkICVzIHdyaXRlICUjIlBSSXJlZ2lzdGVyIiB0byBJU1BFTkRSJWRcbiIs Ci0gICAgICAgICAgICAgICBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIs ICpyLCBnaWNkX3JlZyAtIEdJQ0RfSVNQRU5EUik7CisgICAgICAgIHByaW50 ayhYRU5MT0dfR19FUlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1 bmhhbmRsZWQgJXMgd3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElTUEVORFIl ZFxuIiwKKyAgICAgICAgICAgICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6 ICJieXRlIiwgKnIsIGdpY2RfcmVnIC0gR0lDRF9JU1BFTkRSKTsKICAgICAg ICAgcmV0dXJuIDA7CiAKICAgICBjYXNlIEdJQ0RfSUNQRU5EUiAuLi4gR0lD RF9JQ1BFTkRSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0gREFCVF9C WVRFICYmIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBnb3RvIGJhZF93aWR0 aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRl ICUjIlBSSXJlZ2lzdGVyIiB0byBJQ1BFTkRSJWRcbiIsCi0gICAgICAgICAg ICAgICBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBnaWNkX3Jl ZyAtIEdJQ0RfSUNQRU5EUik7CisgICAgICAgIHByaW50ayhYRU5MT0dfR19F UlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQgJXMg d3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElDUEVORFIlZFxuIiwKKyAgICAg ICAgICAgICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwgKnIs IGdpY2RfcmVnIC0gR0lDRF9JQ1BFTkRSKTsKICAgICAgICAgcmV0dXJuIDA7 CiAKICAgICBjYXNlIEdJQ0RfSVNBQ1RJVkVSIC4uLiBHSUNEX0lTQUNUSVZF Uk46CkBAIC00NTcsMTQgKzQ1OSwxNiBAQCBzdGF0aWMgaW50IHZnaWNfdjJf ZGlzdHJfbW1pb193cml0ZShzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3Qg KmluZm8pCiAKICAgICBjYXNlIEdJQ0RfQ1BFTkRTR0lSIC4uLiBHSUNEX0NQ RU5EU0dJUk46CiAgICAgICAgIGlmICggZGFidC5zaXplICE9IERBQlRfQllU RSAmJiBkYWJ0LnNpemUgIT0gREFCVF9XT1JEICkgZ290byBiYWRfd2lkdGg7 Ci0gICAgICAgIHByaW50aygidkdJQ0Q6IHVuaGFuZGxlZCAlcyB3cml0ZSAl IyJQUklyZWdpc3RlciIgdG8gSUNQRU5EU0dJUiVkXG4iLAotICAgICAgICAg ICAgICAgZGFidC5zaXplID8gIndvcmQiIDogImJ5dGUiLCAqciwgZ2ljZF9y ZWcgLSBHSUNEX0NQRU5EU0dJUik7CisgICAgICAgIHByaW50ayhYRU5MT0df R19FUlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQg JXMgd3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElDUEVORFNHSVIlZFxuIiwK KyAgICAgICAgICAgICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRl IiwgKnIsIGdpY2RfcmVnIC0gR0lDRF9DUEVORFNHSVIpOwogICAgICAgICBy ZXR1cm4gMDsKIAogICAgIGNhc2UgR0lDRF9TUEVORFNHSVIgLi4uIEdJQ0Rf U1BFTkRTR0lSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0gREFCVF9C WVRFICYmIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBnb3RvIGJhZF93aWR0 aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRl ICUjIlBSSXJlZ2lzdGVyIiB0byBJU1BFTkRTR0lSJWRcbiIsCi0gICAgICAg ICAgICAgICBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBnaWNk X3JlZyAtIEdJQ0RfU1BFTkRTR0lSKTsKKyAgICAgICAgcHJpbnRrKFhFTkxP R19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6IHVuaGFuZGxl ZCAlcyB3cml0ZSAlIyJQUklyZWdpc3RlciIgdG8gSVNQRU5EU0dJUiVkXG4i LAorICAgICAgICAgICAgICAgdiwgZGFidC5zaXplID8gIndvcmQiIDogImJ5 dGUiLCAqciwgZ2ljZF9yZWcgLSBHSUNEX1NQRU5EU0dJUik7CiAgICAgICAg IHJldHVybiAwOwogCiAgICAgLyogSW1wbGVtZW50YXRpb24gZGVmaW5lZCAt LSB3cml0ZSBpZ25vcmVkICovCkBAIC00ODksMTQgKzQ5MywxNiBAQCBzdGF0 aWMgaW50IHZnaWNfdjJfZGlzdHJfbW1pb193cml0ZShzdHJ1Y3QgdmNwdSAq diwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgICAgIGdvdG8gd3JpdGVfaWdu b3JlOwogCiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDog dW5oYW5kbGVkIHdyaXRlIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMw OHhcbiIsCi0gICAgICAgICAgICAgICBkYWJ0LnJlZywgKnIsIGdpY2RfcmVn KTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAg ICAgIiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCB3cml0ZSByJWQ9JSJQUklyZWdp c3RlciIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICAgICAgdiwgZGFi dC5yZWcsICpyLCBnaWNkX3JlZyk7CiAgICAgICAgIHJldHVybiAwOwogICAg IH0KIAogYmFkX3dpZHRoOgotICAgIHByaW50aygidkdJQ0Q6IGJhZCB3cml0 ZSB3aWR0aCAlZCByJWQ9JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4i LAotICAgICAgICAgICBkYWJ0LnNpemUsIGRhYnQucmVnLCAqciwgZ2ljZF9y ZWcpOworICAgIHByaW50ayhYRU5MT0dfR19FUlIKKyAgICAgICAgICAgIiVw djogdkdJQ0Q6IGJhZCB3cml0ZSB3aWR0aCAlZCByJWQ9JSJQUklyZWdpc3Rl ciIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICB2LCBkYWJ0LnNpemUs IGRhYnQucmVnLCAqciwgZ2ljZF9yZWcpOwogICAgIGRvbWFpbl9jcmFzaF9z eW5jaHJvbm91cygpOwogICAgIHJldHVybiAwOwogCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jan 29 11:16:33 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 29 Jan 2015 11:16:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YGn4J-0000Jq-TW; Thu, 29 Jan 2015 11:15:27 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YGn4I-0000JK-5p; Thu, 29 Jan 2015 11:15:26 +0000 Received: from [85.158.137.68] by server-15.bemta-3.messagelabs.com id DA/E9-02884-D461AC45; Thu, 29 Jan 2015 11:15:25 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-31.messagelabs.com!1422530123!23172584!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 20978 invoked from network); 29 Jan 2015 11:15:24 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 29 Jan 2015 11:15:24 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YGn47-0005Mv-Qr; Thu, 29 Jan 2015 11:15:15 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YGn47-0001DT-OP; Thu, 29 Jan 2015 11:15:15 +0000 Date: Thu, 29 Jan 2015 11:15:15 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 118 - arm: vgic: incorrect rate limiting of guest triggered logging X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-118 arm: vgic: incorrect rate limiting of guest triggered logging ISSUE DESCRIPTION ================= On ARM systems the code which deals with virtualising the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen 4.4 and later systems running on ARM hardware are vulnerable. x86 systems are not affected. MITIGATION ========== The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". NOTE REGARDING LACK OF EMBARGO ============================== This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= This issue was discovered by Julien Grall. RESOLUTION ========== Applying the appropriate attached patch(es) resolves this issue. xsa118-unstable-4.5-{1,2}.patch xen-unstable, Xen 4.5.x xsa118-4.4.patch Xen 4.4.x $ sha256sum xsa118*.patch 5741cfe408273bd80e1a03c21a5650f963d7103fd022c688730f55dcf5373433 xsa118-4.4.patch ee24a4c5e12b67d7539f08b644080c87797f31b4402215cd4efbbc6114bffc25 xsa118-4.5-unstable-1.patch bd532e3cd535fcdea51f43631a519012baff068cb62d2205fc25f2c823f031eb xsa118-4.5-unstable-2.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJUyhXoAAoJEIP+FMlX6CvZIWsH/2cK4jijgzepEboZAyIl2E8f wWMaF6Jr28YfQz8Zcpwi4GY9BecBjm2ZUuvuHS/yPGBIvriOiZXjMtlchd3FBhjw CTvCasqFX6DYizduAPBcph/vY2LoiYn/i74+M55I6u5g8WL/o7p3Ea3UXKg8ZdgB PdQnLJSi4iqbO6mfdgw3lb5gfVk/DUh0rW87CoOhdPNJrQWlw9zTpfjIvrGzIDXJ jV5eW8mBhfTE8TfuJ2cFgMZgoob709EduJ8wgLqOPMAmn1HCC/MNNtEiZhliw2yD WQePLlXXvwXxNhHP6Ge/698unV4zPDvlCxTYjBOsZWPC1ITVhMHZ1+j3z0mXO0U= =2kMW -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa118-4.4.patch" Content-Disposition: attachment; filename="xsa118-4.4.patch" Content-Transfer-Encoding: base64 RnJvbSAxNzJjZjA0ODliNTA0YjM1YzdjMTY2NmZiN2QwMTUwMDY5NzZjNGU3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBsaW5hcm8ub3JnPgpEYXRlOiBNb24sIDE5IEphbiAy MDE1IDEyOjU5OjQyICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuL2FybTog dmdpYzogbWVzc2FnZSBpbiB0aGUgZW11bGF0aW9uIGNvZGUgc2hvdWxkIGJl CiByYXRlLWxpbWl0ZWQKCnByaW50ayBpcyBub3QgcmF0ZWQtbGltaXRlZCBi eSBkZWZhdWx0LiBUaGVyZWZvcmUgYSBtYWxpY2lvdXMgZ3Vlc3QgbWF5CmJl IGFibGUgdG8gZmxvb2QgdGhlIFhlbiBjb25zb2xlLgoKSWYgd2UgdXNlIGdk cHJpbnRrLCB1bmVjZXNzYXJ5IGluZm9ybWF0aW9uIHdpbGwgYmUgcHJpbnRl ZCBzdWNoIGFzIHRoZQpmaWxlbmFtZSBhbmQgdGhlIGxpbmUuIEluc3RlYWQg dXNlIFhFTkxPR19HX0VSUiBjb21iaW5lIHdpdGggJXB2LgoKU2lnbmVkLW9m Zi1ieTogSnVsaWVuIEdyYWxsIDxqdWxpZW4uZ3JhbGxAbGluYXJvLm9yZz4K LS0tCiB4ZW4vYXJjaC9hcm0vdmdpYy5jIHwgNDAgKysrKysrKysrKysrKysr KysrKysrKystLS0tLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDIz IGluc2VydGlvbnMoKyksIDE3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L3hlbi9hcmNoL2FybS92Z2ljLmMgYi94ZW4vYXJjaC9hcm0vdmdpYy5jCmlu ZGV4IDhkMWI3OWUuLmIyMjYyYzYgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL2Fy bS92Z2ljLmMKKysrIGIveGVuL2FyY2gvYXJtL3ZnaWMuYwpAQCAtMzMyLDcg KzMzMiw3IEBAIHN0YXRpYyBpbnQgdmdpY19kaXN0cl9tbWlvX3JlYWQoc3Ry dWN0IHZjcHUgKnYsIG1taW9faW5mb190ICppbmZvKQogCiAgICAgY2FzZSBH SUNEX0lDUElEUjI6CiAgICAgICAgIGlmICggZGFidC5zaXplICE9IDIgKSBn b3RvIGJhZF93aWR0aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5k bGVkIHJlYWQgZnJvbSBJQ1BJRFIyXG4iKTsKKyAgICAgICAgcHJpbnRrKFhF TkxPR19HX0VSUiAiJXB2OiB2R0lDRDogdW5oYW5kbGVkIHJlYWQgZnJvbSBJ Q1BJRFIyXG4iLCB2KTsKICAgICAgICAgcmV0dXJuIDA7CiAKICAgICAvKiBJ bXBsZW1lbnRhdGlvbiBkZWZpbmVkIC0tIHJlYWQgYXMgemVybyAqLwpAQCAt MzQ5LDE0ICszNDksMTQgQEAgc3RhdGljIGludCB2Z2ljX2Rpc3RyX21taW9f cmVhZChzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAg ICAgIGdvdG8gcmVhZF9hc196ZXJvOwogCiAgICAgZGVmYXVsdDoKLSAgICAg ICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkIHJlYWQgciVkIG9mZnNldCAl IzA4eFxuIiwKLSAgICAgICAgICAgICAgIGRhYnQucmVnLCBvZmZzZXQpOwor ICAgICAgICBwcmludGsoWEVOTE9HX0dfRVJSICIlcHY6IHZHSUNEOiB1bmhh bmRsZWQgcmVhZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICAg ICAgdiwgZGFidC5yZWcsIG9mZnNldCk7CiAgICAgICAgIHJldHVybiAwOwog ICAgIH0KIAogYmFkX3dpZHRoOgotICAgIHByaW50aygidkdJQ0Q6IGJhZCBy ZWFkIHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAg IGRhYnQuc2l6ZSwgZGFidC5yZWcsIG9mZnNldCk7CisgICAgcHJpbnRrKFhF TkxPR19HX0VSUiAiJXB2OiB2R0lDRDogYmFkIHJlYWQgd2lkdGggJWQgciVk IG9mZnNldCAlIzA4eFxuIiwKKyAgICAgICAgICAgdiwgZGFidC5zaXplLCBk YWJ0LnJlZywgb2Zmc2V0KTsKICAgICBkb21haW5fY3Jhc2hfc3luY2hyb25v dXMoKTsKICAgICByZXR1cm4gMDsKIApAQCAtNTIzLDE0ICs1MjMsMTYgQEAg c3RhdGljIGludCB2Z2ljX2Rpc3RyX21taW9fd3JpdGUoc3RydWN0IHZjcHUg KnYsIG1taW9faW5mb190ICppbmZvKQogCiAgICAgY2FzZSBHSUNEX0lTUEVO RFIgLi4uIEdJQ0RfSVNQRU5EUk46CiAgICAgICAgIGlmICggZGFidC5zaXpl ICE9IDAgJiYgZGFidC5zaXplICE9IDIgKSBnb3RvIGJhZF93aWR0aDsKLSAg ICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRlICUjIlBS SXJlZ2lzdGVyIiB0byBJU1BFTkRSJWRcbiIsCi0gICAgICAgICAgICAgICBk YWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBnaWNkX3JlZyAtIEdJ Q0RfSVNQRU5EUik7CisgICAgICAgIHByaW50ayhYRU5MT0dfR19FUlIKKyAg ICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQgJXMgd3JpdGUg JSMiUFJJcmVnaXN0ZXIiIHRvIElTUEVORFIlZFxuIiwKKyAgICAgICAgICAg ICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwgKnIsIGdpY2Rf cmVnIC0gR0lDRF9JU1BFTkRSKTsKICAgICAgICAgcmV0dXJuIDA7CiAKICAg ICBjYXNlIEdJQ0RfSUNQRU5EUiAuLi4gR0lDRF9JQ1BFTkRSTjoKICAgICAg ICAgaWYgKCBkYWJ0LnNpemUgIT0gMCAmJiBkYWJ0LnNpemUgIT0gMiApIGdv dG8gYmFkX3dpZHRoOwotICAgICAgICBwcmludGsoInZHSUNEOiB1bmhhbmRs ZWQgJXMgd3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElDUEVORFIlZFxuIiwK LSAgICAgICAgICAgICAgIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwg KnIsIGdpY2RfcmVnIC0gR0lDRF9JQ1BFTkRSKTsKKyAgICAgICAgcHJpbnRr KFhFTkxPR19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6IHVu aGFuZGxlZCAlcyB3cml0ZSAlIyJQUklyZWdpc3RlciIgdG8gSUNQRU5EUiVk XG4iLAorICAgICAgICAgICAgICAgdiwgZGFidC5zaXplID8gIndvcmQiIDog ImJ5dGUiLCAqciwgZ2ljZF9yZWcgLSBHSUNEX0lDUEVORFIpOwogICAgICAg ICByZXR1cm4gMDsKIAogICAgIGNhc2UgR0lDRF9JU0FDVElWRVIgLi4uIEdJ Q0RfSVNBQ1RJVkVSTjoKQEAgLTYwNiwxNCArNjA4LDE2IEBAIHN0YXRpYyBp bnQgdmdpY19kaXN0cl9tbWlvX3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBtbWlv X2luZm9fdCAqaW5mbykKIAogICAgIGNhc2UgR0lDRF9DUEVORFNHSVIgLi4u IEdJQ0RfQ1BFTkRTR0lSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0g MCAmJiBkYWJ0LnNpemUgIT0gMiApIGdvdG8gYmFkX3dpZHRoOwotICAgICAg ICBwcmludGsoInZHSUNEOiB1bmhhbmRsZWQgJXMgd3JpdGUgJSMiUFJJcmVn aXN0ZXIiIHRvIElDUEVORFNHSVIlZFxuIiwKLSAgICAgICAgICAgICAgIGRh YnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwgKnIsIGdpY2RfcmVnIC0gR0lD RF9DUEVORFNHSVIpOworICAgICAgICBwcmludGsoWEVOTE9HX0dfRVJSCisg ICAgICAgICAgICAgICAiJXB2OiB2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRl ICUjIlBSSXJlZ2lzdGVyIiB0byBJQ1BFTkRTR0lSJWRcbiIsCisgICAgICAg ICAgICAgICB2LCBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBn aWNkX3JlZyAtIEdJQ0RfQ1BFTkRTR0lSKTsKICAgICAgICAgcmV0dXJuIDA7 CiAKICAgICBjYXNlIEdJQ0RfU1BFTkRTR0lSIC4uLiBHSUNEX1NQRU5EU0dJ Uk46CiAgICAgICAgIGlmICggZGFidC5zaXplICE9IDAgJiYgZGFidC5zaXpl ICE9IDIgKSBnb3RvIGJhZF93aWR0aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lD RDogdW5oYW5kbGVkICVzIHdyaXRlICUjIlBSSXJlZ2lzdGVyIiB0byBJU1BF TkRTR0lSJWRcbiIsCi0gICAgICAgICAgICAgICBkYWJ0LnNpemUgPyAid29y ZCIgOiAiYnl0ZSIsICpyLCBnaWNkX3JlZyAtIEdJQ0RfU1BFTkRTR0lSKTsK KyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAgICAg IiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCAlcyB3cml0ZSAlIyJQUklyZWdpc3Rl ciIgdG8gSVNQRU5EU0dJUiVkXG4iLAorICAgICAgICAgICAgICAgdiwgZGFi dC5zaXplID8gIndvcmQiIDogImJ5dGUiLCAqciwgZ2ljZF9yZWcgLSBHSUNE X1NQRU5EU0dJUik7CiAgICAgICAgIHJldHVybiAwOwogCiAgICAgLyogSW1w bGVtZW50YXRpb24gZGVmaW5lZCAtLSB3cml0ZSBpZ25vcmVkICovCkBAIC02 MzgsMTQgKzY0MiwxNiBAQCBzdGF0aWMgaW50IHZnaWNfZGlzdHJfbW1pb193 cml0ZShzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAg ICAgIGdvdG8gd3JpdGVfaWdub3JlOwogCiAgICAgZGVmYXVsdDoKLSAgICAg ICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkIHdyaXRlIHIlZD0lIlBSSXJl Z2lzdGVyIiBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAgICAgICBkYWJ0 LnJlZywgKnIsIG9mZnNldCk7CisgICAgICAgIHByaW50ayhYRU5MT0dfR19F UlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQgd3Jp dGUgciVkPSUiUFJJcmVnaXN0ZXIiIG9mZnNldCAlIzA4eFxuIiwKKyAgICAg ICAgICAgICAgIHYsIGRhYnQucmVnLCAqciwgb2Zmc2V0KTsKICAgICAgICAg cmV0dXJuIDA7CiAgICAgfQogCiBiYWRfd2lkdGg6Ci0gICAgcHJpbnRrKCJ2 R0lDRDogYmFkIHdyaXRlIHdpZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBv ZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAgIGRhYnQuc2l6ZSwgZGFidC5y ZWcsICpyLCBvZmZzZXQpOworICAgIHByaW50ayhYRU5MT0dfR19FUlIKKyAg ICAgICAgICAgIiVwdjogdkdJQ0Q6IGJhZCB3cml0ZSB3aWR0aCAlZCByJWQ9 JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICB2 LCBkYWJ0LnNpemUsIGRhYnQucmVnLCAqciwgb2Zmc2V0KTsKICAgICBkb21h aW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4gMDsKIAotLSAK Mi4xLjQKCg== --=separator Content-Type: application/octet-stream; name="xsa118-4.5-unstable-1.patch" Content-Disposition: attachment; filename="xsa118-4.5-unstable-1.patch" Content-Transfer-Encoding: base64 RnJvbSBlNjk4ZjRhYjA1YTcxMGU0NDYzMzE3ZWE5NzhkNDI2ZDQzMTA3ZTI3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBsaW5hcm8ub3JnPgpEYXRlOiBNb24sIDE5IEphbiAy MDE1IDE0OjAxOjA5ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzJdIHhlbi9h cm06IHZnaWMtdjM6IG1lc3NhZ2UgaW4gdGhlIGVtdWxhdGlvbiBjb2RlIHNo b3VsZCBiZQogcmF0ZS1saW1pdGVkCgpwcmludGsgYnkgZGVmYXVsdCBpcyBu b3QgcmF0ZS1saW1pdGVkIGJ5IGRlZmF1bHQuIFRoZXJlZm9yZSBhIG1hbGlj aW91cyBndWVzdAptYXkgYmUgYWJsZSB0byBmbG9vZCB0aGUgWGVuIGNvbnNv bGUuCgpJZiB3ZSB1c2UgZ2RwcmludGssIHVubmVjZXNzYXJ5IGluZm9ybWF0 aW9uIHdpbGwgYmUgcHJpbnRlZCBzdWNoIGFzIHRoZQpmaWxlbmFtZSBhbmQg dGhlIGxpbmUuIEluc3RlYWQgdXNlIFhFTkxPR19HX3tFUlIsREVCVUd9IGNv bWJpbmUgd2l0aCAlcHYuCgpBbHNvIHJlbW92ZSB0aGUgdkdJQ3YzIHByZWZp eCB3aGljaCBpcyBub3QgbmVjY2Vzc2FyeSBhbmQgdXBkYXRlIHNvbWUKbWVz c2FnZSB3aGljaCB3ZXJlIHdyb25nLgoKU2lnbmVkLW9mZi1ieTogSnVsaWVu IEdyYWxsIDxqdWxpZW4uZ3JhbGxAbGluYXJvLm9yZz4KLS0tCiB4ZW4vYXJj aC9hcm0vdmdpYy12My5jIHwgMTA5ICsrKysrKysrKysrKysrKysrKysrKysr KysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCA2 MSBpbnNlcnRpb25zKCspLCA0OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQg YS94ZW4vYXJjaC9hcm0vdmdpYy12My5jIGIveGVuL2FyY2gvYXJtL3ZnaWMt djMuYwppbmRleCBhZTQ0ODJjLi5iZWNlMTg5IDEwMDY0NAotLS0gYS94ZW4v YXJjaC9hcm0vdmdpYy12My5jCisrKyBiL3hlbi9hcmNoL2FybS92Z2ljLXYz LmMKQEAgLTE2OCwxMyArMTY4LDE0IEBAIHN0YXRpYyBpbnQgX192Z2ljX3Yz X3JkaXN0cl9yZF9tbWlvX3JlYWQoc3RydWN0IHZjcHUgKnYsIG1taW9faW5m b190ICppbmZvLAogICAgICAgICAvKiBSZXNlcnZlZDAgKi8KICAgICAgICAg Z290byByZWFkX2FzX3plcm87CiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJp bnRrKCJ2R0lDdjM6IHZHSUNSOiByZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiBu b3QgZm91bmQiLAotICAgICAgICAgICAgICAgZGFidC5yZWcsIGdpY3JfcmVn KTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAg ICAgIiVwdjogdkdJQ1I6IHJlYWQgciVkIG9mZnNldCAlIzA4eFxuIG5vdCBm b3VuZCIsCisgICAgICAgICAgICAgICB2LCBkYWJ0LnJlZywgZ2ljcl9yZWcp OwogICAgICAgICByZXR1cm4gMDsKICAgICB9CiBiYWRfd2lkdGg6Ci0gICAg cHJpbnRrKCJ2R0lDdjM6IHZHSUNSOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQg b2Zmc2V0ICUjMDh4XG4iLAotICAgICAgICAgICBkYWJ0LnNpemUsIGRhYnQu cmVnLCBnaWNyX3JlZyk7CisgICAgcHJpbnRrKFhFTkxPR19HX0VSUiAiJXB2 IHZHSUNSOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4i LAorICAgICAgICAgICB2LCBkYWJ0LnNpemUsIGRhYnQucmVnLCBnaWNyX3Jl Zyk7CiAgICAgZG9tYWluX2NyYXNoX3N5bmNocm9ub3VzKCk7CiAgICAgcmV0 dXJuIDA7CiAKQEAgLTI0NCwxMiArMjQ1LDE0IEBAIHN0YXRpYyBpbnQgX192 Z2ljX3YzX3JkaXN0cl9yZF9tbWlvX3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBt bWlvX2luZm9fdCAqaW5mbywKICAgICAgICAgLyogUk8gKi8KICAgICAgICAg Z290byB3cml0ZV9pZ25vcmU7CiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJp bnRrKCJ2R0lDUjogd3JpdGUgciVkIG9mZnNldCAlIzA4eFxuIG5vdCBmb3Vu ZCIsIGRhYnQucmVnLCBnaWNyX3JlZyk7CisgICAgICAgIHByaW50ayhYRU5M T0dfR19FUlIgIiVwdjogdkdJQ1I6IHdyaXRlIHIlZCBvZmZzZXQgJSMwOHhc biBub3QgZm91bmQiLAorICAgICAgICAgICAgICAgdiwgZGFidC5yZWcsIGdp Y3JfcmVnKTsKICAgICAgICAgcmV0dXJuIDA7CiAgICAgfQogYmFkX3dpZHRo OgotICAgIHByaW50aygidkdJQ1I6IGJhZCB3cml0ZSB3aWR0aCAlZCByJWQ9 JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4iLAotICAgICAgICAgICBk YWJ0LnNpemUsIGRhYnQucmVnLCAqciwgZ2ljcl9yZWcpOworICAgIHByaW50 ayhYRU5MT0dfR19FUlIKKyAgICAgICAgICAiJXB2OiB2R0lDUjogYmFkIHdy aXRlIHdpZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMwOHhc biIsCisgICAgICAgICAgdiwgZGFidC5zaXplLCBkYWJ0LnJlZywgKnIsIGdp Y3JfcmVnKTsKICAgICBkb21haW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAg ICByZXR1cm4gMDsKIApAQCAtMzQ1LDE1ICszNDgsMTYgQEAgc3RhdGljIGlu dCBfX3ZnaWNfdjNfZGlzdHJfY29tbW9uX21taW9fcmVhZChzdHJ1Y3QgdmNw dSAqdiwgbW1pb19pbmZvX3QgKmluZm8sCiAgICAgICAgIHZnaWNfdW5sb2Nr X3JhbmsodiwgcmFuaywgZmxhZ3MpOwogICAgICAgICByZXR1cm4gMTsKICAg ICBkZWZhdWx0OgotICAgICAgICBwcmludGsoInZHSUN2MzogdkdJQ0QvdkdJ Q1I6IHVuaGFuZGxlZCByZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAg ICAgICAgICAgICBkYWJ0LnJlZywgcmVnKTsKKyAgICAgICAgcHJpbnRrKFhF TkxPR19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0QvdkdJQ1I6 IHVuaGFuZGxlZCByZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAg ICAgICAgICB2LCBkYWJ0LnJlZywgcmVnKTsKICAgICAgICAgcmV0dXJuIDA7 CiAgICAgfQogCiBiYWRfd2lkdGg6Ci0gICAgZHByaW50ayhYRU5MT0dfRVJS LAotICAgICAgICAgICAgInZHSUN2MzogdkdJQ0QvdkdJQ1I6IGJhZCByZWFk IHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAgICAgICBk YWJ0LnNpemUsIGRhYnQucmVnLCByZWcpOworICAgIHByaW50ayhYRU5MT0df R19FUlIKKyAgICAgICAgICAgIiVwdjogdkdJQ0QvdkdJQ1I6IGJhZCByZWFk IHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAgIHYs IGRhYnQuc2l6ZSwgZGFidC5yZWcsIHJlZyk7CiAgICAgZG9tYWluX2NyYXNo X3N5bmNocm9ub3VzKCk7CiAgICAgcmV0dXJuIDA7CiAKQEAgLTQ1OCwxNSAr NDYyLDE2IEBAIHN0YXRpYyBpbnQgX192Z2ljX3YzX2Rpc3RyX2NvbW1vbl9t bWlvX3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2luZm9fdCAqaW5mbywK ICAgICAgICAgdmdpY191bmxvY2tfcmFuayh2LCByYW5rLCBmbGFncyk7CiAg ICAgICAgIHJldHVybiAxOwogICAgIGRlZmF1bHQ6Ci0gICAgICAgIHByaW50 aygidkdJQ3YzOiB2R0lDRC92R0lDUjogdW5oYW5kbGVkIHdyaXRlIHIlZCAi Ci0gICAgICAgICAgICAgICAiPSUiUFJJcmVnaXN0ZXIiIG9mZnNldCAlIzA4 eFxuIiwgZGFidC5yZWcsICpyLCByZWcpOworICAgICAgICBwcmludGsoWEVO TE9HX0dfRVJSCisgICAgICAgICAgICAgICAiJXB2OiB2R0lDRC92R0lDUjog dW5oYW5kbGVkIHdyaXRlIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMw OHhcbiIsCisgICAgICAgICAgICAgICB2LCBkYWJ0LnJlZywgKnIsIHJlZyk7 CiAgICAgICAgIHJldHVybiAwOwogICAgIH0KIAogYmFkX3dpZHRoOgotICAg IGRwcmludGsoWEVOTE9HX0VSUiwKLSAgICAgICAgICAgICJ2R0lDdjM6IHZH SUNEL3ZHSUNSOiBiYWQgd3JpdGUgd2lkdGggJWQgciVkPSUiUFJJcmVnaXN0 ZXIiICIKLSAgICAgICAgICAgICJvZmZzZXQgJSMwOHhcbiIsIGRhYnQuc2l6 ZSwgZGFidC5yZWcsICpyLCByZWcpOworICAgIHByaW50ayhYRU5MT0dfR19F UlIKKyAgICAgICAgICAgIiVwdjogdkdJQ0QvdkdJQ1I6IGJhZCB3cml0ZSB3 aWR0aCAlZCByJWQ9JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4iLAor ICAgICAgICAgICB2LCBkYWJ0LnNpemUsIGRhYnQucmVnLCAqciwgcmVnKTsK ICAgICBkb21haW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4g MDsKIApAQCAtNTIxLDEzICs1MjYsMTQgQEAgc3RhdGljIGludCB2Z2ljX3Yz X3JkaXN0cl9zZ2lfbW1pb19yZWFkKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2lu Zm9fdCAqaW5mbywKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0gREFCVF9X T1JEICkgZ290byBiYWRfd2lkdGg7CiAgICAgICAgIHJldHVybiAxOwogICAg IGRlZmF1bHQ6Ci0gICAgICAgIHByaW50aygidkdJQ3YzOiB2R0lDUjogcmVh ZCByJWQgb2Zmc2V0ICUjMDh4XG4gbm90IGZvdW5kIiwKLSAgICAgICAgICAg ICAgIGRhYnQucmVnLCBnaWNyX3JlZyk7CisgICAgICAgIHByaW50ayhYRU5M T0dfR19FUlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNSOiBTR0k6IHJl YWQgciVkIG9mZnNldCAlIzA4eFxuIG5vdCBmb3VuZCIsCisgICAgICAgICAg ICAgICB2LCBkYWJ0LnJlZywgZ2ljcl9yZWcpOwogICAgICAgICByZXR1cm4g MDsKICAgICB9CiBiYWRfd2lkdGg6Ci0gICAgcHJpbnRrKCJ2R0lDdjM6IHZH SUNSOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAot ICAgICAgICAgICBkYWJ0LnNpemUsIGRhYnQucmVnLCBnaWNyX3JlZyk7Cisg ICAgcHJpbnRrKFhFTkxPR19HX0VSUiAiJXB2OiB2R0lDUjogU0dJOiBiYWQg cmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAg ICB2LCBkYWJ0LnNpemUsIGRhYnQucmVnLCBnaWNyX3JlZyk7CiAgICAgZG9t YWluX2NyYXNoX3N5bmNocm9ub3VzKCk7CiAgICAgcmV0dXJuIDA7CiAKQEAg LTU4NSwxNCArNTkxLDE2IEBAIHN0YXRpYyBpbnQgdmdpY192M19yZGlzdHJf c2dpX21taW9fd3JpdGUoc3RydWN0IHZjcHUgKnYsIG1taW9faW5mb190ICpp bmZvLAogICAgICAgICAvKiBXZSBkbyBub3QgaW1wbGVtZW50IHNlY3VyaXR5 IGV4dGVuc2lvbnMgZm9yIGd1ZXN0cywgd3JpdGUgaWdub3JlICovCiAgICAg ICAgIGdvdG8gd3JpdGVfaWdub3JlOwogICAgIGRlZmF1bHQ6Ci0gICAgICAg IHByaW50aygidkdJQ3YzOiB2R0lDUiBTR0k6IHdyaXRlIHIlZCBvZmZzZXQg JSMwOHhcbiBub3QgZm91bmQiLAotICAgICAgICAgICAgICAgZGFidC5yZWcs IGdpY3JfcmVnKTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAg ICAgICAgICAgICAgIiVwdjogdkdJQ1I6IFNHSTogd3JpdGUgciVkIG9mZnNl dCAlIzA4eFxuIG5vdCBmb3VuZCIsCisgICAgICAgICAgICAgICB2LCBkYWJ0 LnJlZywgZ2ljcl9yZWcpOwogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAK IGJhZF93aWR0aDoKLSAgICBwcmludGsoInZHSUNSIFNHSTogYmFkIHdyaXRl IHdpZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMwOHhcbiIs Ci0gICAgICAgICAgIGRhYnQuc2l6ZSwgZGFidC5yZWcsICpyLCBnaWNyX3Jl Zyk7CisgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAiJXB2 OiB2R0lDUjogU0dJOiBiYWQgd3JpdGUgd2lkdGggJWQgciVkPSUiUFJJcmVn aXN0ZXIiIG9mZnNldCAlIzA4eFxuIiwKKyAgICAgICAgICAgdiwgZGFidC5z aXplLCBkYWJ0LnJlZywgKnIsIGdpY3JfcmVnKTsKICAgICBkb21haW5fY3Jh c2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4gMDsKIApAQCAtNjE4LDkg KzYyNiw5IEBAIHN0YXRpYyBpbnQgdmdpY192M19yZGlzdHJfbW1pb19yZWFk KHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2luZm9fdCAqaW5mbykKICAgICBlbHNl ICBpZiAoIChvZmZzZXQgPj0gU1pfNjRLKSAmJiAob2Zmc2V0IDwgMiAqIFNa XzY0SykgKQogICAgICAgICByZXR1cm4gdmdpY192M19yZGlzdHJfc2dpX21t aW9fcmVhZCh2LCBpbmZvLCAob2Zmc2V0IC0gU1pfNjRLKSk7CiAgICAgZWxz ZQotICAgICAgICBnZHByaW50ayhYRU5MT0dfV0FSTklORywKLSAgICAgICAg ICAgICAgICAgInZHSUN2MzogdkdJQ1I6IHVua25vd24gZ3BhIHJlYWQgYWRk cmVzcyAlIlBSSXBhZGRyIlxuIiwKLSAgICAgICAgICAgICAgICAgaW5mby0+ Z3BhKTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX1dBUk5JTkcKKyAgICAg ICAgICAgICAgICIlcHY6IHZHSUNSOiB1bmtub3duIGdwYSByZWFkIGFkZHJl c3MgJSJQUklwYWRkciJcbiIsCisgICAgICAgICAgICAgICAgdiwgaW5mby0+ Z3BhKTsKIAogICAgIHJldHVybiAwOwogfQpAQCAtNjQyLDkgKzY1MCw5IEBA IHN0YXRpYyBpbnQgdmdpY192M19yZGlzdHJfbW1pb193cml0ZShzdHJ1Y3Qg dmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgZWxzZSAgaWYgKCAo b2Zmc2V0ID49IFNaXzY0SykgJiYgKG9mZnNldCA8IDIgKiBTWl82NEspICkK ICAgICAgICAgcmV0dXJuIHZnaWNfdjNfcmRpc3RyX3NnaV9tbWlvX3dyaXRl KHYsIGluZm8sIChvZmZzZXQgLSBTWl82NEspKTsKICAgICBlbHNlCi0gICAg ICAgIGdkcHJpbnRrKFhFTkxPR19XQVJOSU5HLAotICAgICAgICAgICAgICAg ICAidkdJQ1YzOiB2R0lDUjogdW5rbm93biBncGEgd3JpdGUgYWRkcmVzcyAl IlBSSXBhZGRyIlxuIiwKLSAgICAgICAgICAgICAgICAgaW5mby0+Z3BhKTsK KyAgICAgICAgcHJpbnRrKFhFTkxPR19HX1dBUk5JTkcKKyAgICAgICAgICAg ICAgICIlcHY6IHZHSUNSOiB1bmtub3duIGdwYSB3cml0ZSBhZGRyZXNzICUi UFJJcGFkZHIiXG4iLAorICAgICAgICAgICAgICAgdiwgaW5mby0+Z3BhKTsK IAogICAgIHJldHVybiAwOwogfQpAQCAtNzcwLDE4ICs3NzgsMTkgQEAgc3Rh dGljIGludCB2Z2ljX3YzX2Rpc3RyX21taW9fcmVhZChzdHJ1Y3QgdmNwdSAq diwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgY2FzZSAweGYzMCAuLi4gMHg1 ZmNjOgogICAgIGNhc2UgMHg4MDAwIC4uLiAweGJmY2M6CiAgICAgICAgIC8q IFRoZXNlIGFyZSByZXNlcnZlZCByZWdpc3RlciBhZGRyZXNzZXMgKi8KLSAg ICAgICAgcHJpbnRrKCJ2R0lDdjM6IHZHSUNEOiByZWFkIHVua25vd24gMHgw MGMgLi4gMHhmY2MgciVkIG9mZnNldCAlIzA4eFxuIiwKLSAgICAgICAgICAg ICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgICAgIHByaW50ayhYRU5M T0dfR19ERUJVRworICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6IFJBWiBv biByZXNlcnZlZCByZWdpc3RlciBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAg ICAgICAgICB2LCBnaWNkX3JlZyk7CiAgICAgICAgIGdvdG8gcmVhZF9hc196 ZXJvOwogICAgIGRlZmF1bHQ6Ci0gICAgICAgIHByaW50aygidkdJQ3YzOiB2 R0lDRDogdW5oYW5kbGVkIHJlYWQgciVkIG9mZnNldCAlIzA4eFxuIiwKLSAg ICAgICAgICAgICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgICAgIHBy aW50ayhYRU5MT0dfR19FUlIgIiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCByZWFk IHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAgICAgICB2LCBkYWJ0 LnJlZywgZ2ljZF9yZWcpOwogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAK IGJhZF93aWR0aDoKLSAgICBkcHJpbnRrKFhFTkxPR19FUlIsICJ2R0lDdjM6 IHZHSUNEOiBiYWQgcmVhZCB3aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4i LAotICAgICAgICAgICAgZGFidC5zaXplLCBkYWJ0LnJlZywgZ2ljZF9yZWcp OworICAgIHByaW50ayhYRU5MT0dfR19FUlIgIiVwdjogdkdJQ0Q6IGJhZCBy ZWFkIHdpZHRoICVkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAg IHYsIGRhYnQuc2l6ZSwgZGFidC5yZWcsIGdpY2RfcmVnKTsKICAgICBkb21h aW5fY3Jhc2hfc3luY2hyb25vdXMoKTsKICAgICByZXR1cm4gMDsKIApAQCAt ODQwLDggKzg0OSw5IEBAIHN0YXRpYyBpbnQgdmdpY192M19kaXN0cl9tbWlv X3dyaXRlKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2luZm9fdCAqaW5mbykKICAg ICBjYXNlIDB4MDIwIC4uLiAweDAzYzoKICAgICBjYXNlIDB4YzAwMCAuLi4g MHhmZmNjOgogICAgICAgICAvKiBJbXBsZW1lbnRhdGlvbiBkZWZpbmVkIC0t IHdyaXRlIGlnbm9yZWQgKi8KLSAgICAgICAgcHJpbnRrKCJ2R0lDdjM6IHZH SUNEOiB3cml0ZSB1bmtub3duIDB4MDIwIC0gMHgwM2MgciVkIG9mZnNldCAl IzA4eFxuIiwKLSAgICAgICAgICAgICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7 CisgICAgICAgIHByaW50ayhYRU5MT0dfR19ERUJVRworICAgICAgICAgICAg ICAgIiVwdjogdkdJQ0Q6IFdJIG9uIGltcGxlbWVudGF0aW9uIGRlZmluZWQg cmVnaXN0ZXIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICAgICAgdiwg Z2ljZF9yZWcpOwogICAgICAgICBnb3RvIHdyaXRlX2lnbm9yZTsKICAgICBj YXNlIEdJQ0RfSUdST1VQUiAuLi4gR0lDRF9JR1JPVVBSTjoKICAgICBjYXNl IEdJQ0RfSVNFTkFCTEVSIC4uLiBHSUNEX0lTRU5BQkxFUk46CkBAIC04ODUs OCArODk1LDkgQEAgc3RhdGljIGludCB2Z2ljX3YzX2Rpc3RyX21taW9fd3Jp dGUoc3RydWN0IHZjcHUgKnYsIG1taW9faW5mb190ICppbmZvKQogICAgICAg ICAgICAgbmV3X3RhcmdldCA9IG5ld19pcm91dGVyICYgTVBJRFJfQUZGMF9N QVNLOwogICAgICAgICAgICAgaWYgKCBuZXdfdGFyZ2V0ID49IHYtPmRvbWFp bi0+bWF4X3ZjcHVzICkKICAgICAgICAgICAgIHsKLSAgICAgICAgICAgICAg ICBwcmludGsoInZHSUN2MzogdkdJQ0Q6IHdyb25nIGlyb3V0ZXIgYXQgb2Zm c2V0ICUjMDh4XG4gdmFsIDB4JWx4IHZjcHUgJXgiLAotICAgICAgICAgICAg ICAgICAgICAgICBnaWNkX3JlZywgbmV3X3RhcmdldCwgdi0+ZG9tYWluLT5t YXhfdmNwdXMpOworICAgICAgICAgICAgICAgIHByaW50ayhYRU5MT0dfR19E RUJVRworICAgICAgICAgICAgICAgICAgICAgICAiJXB2OiB2R0lDRDogd3Jv bmcgaXJvdXRlciBhdCBvZmZzZXQgJSMwOHhcbiB2YWwgMHglbHggdmNwdSAl eCIsCisgICAgICAgICAgICAgICAgICAgICAgIHYsIGdpY2RfcmVnLCBuZXdf dGFyZ2V0LCB2LT5kb21haW4tPm1heF92Y3B1cyk7CiAgICAgICAgICAgICAg ICAgdmdpY191bmxvY2tfcmFuayh2LCByYW5rLCBmbGFncyk7CiAgICAgICAg ICAgICAgICAgcmV0dXJuIDA7CiAgICAgICAgICAgICB9CkBAIC05MjYsMTkg KzkzNywyMSBAQCBzdGF0aWMgaW50IHZnaWNfdjNfZGlzdHJfbW1pb193cml0 ZShzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgY2Fz ZSAweGYzMCAuLi4gMHg1ZmNjOgogICAgIGNhc2UgMHg4MDAwIC4uLiAweGJm Y2M6CiAgICAgICAgIC8qIFJlc2VydmVkIHJlZ2lzdGVyIGFkZHJlc3NlcyAq LwotICAgICAgICBwcmludGsoInZHSUN2MzogdkdJQ0Q6IHdyaXRlIHVua25v d24gMHgwMGMgMHhmY2MgIHIlZCBvZmZzZXQgJSMwOHhcbiIsCi0gICAgICAg ICAgICAgICAgZGFidC5yZWcsIGdpY2RfcmVnKTsKKyAgICAgICAgcHJpbnRr KFhFTkxPR19HX0RFQlVHCisgICAgICAgICAgICAgICAiJXB2OiB2R0lDRDog d3JpdGUgdW5rbm93biAweDAwYyAweGZjYyAgciVkIG9mZnNldCAlIzA4eFxu IiwKKyAgICAgICAgICAgICAgIHYsIGRhYnQucmVnLCBnaWNkX3JlZyk7CiAg ICAgICAgIGdvdG8gd3JpdGVfaWdub3JlOwogICAgIGRlZmF1bHQ6Ci0gICAg ICAgIHByaW50aygidkdJQ3YzOiB2R0lDRDogdW5oYW5kbGVkIHdyaXRlIHIl ZD0lIlBSSXJlZ2lzdGVyIiAiCi0gICAgICAgICAgICAgICAib2Zmc2V0ICUj MDh4XG4iLCBkYWJ0LnJlZywgKnIsIGdpY2RfcmVnKTsKKyAgICAgICAgcHJp bnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6 IHVuaGFuZGxlZCB3cml0ZSByJWQ9JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUj MDh4XG4iLAorICAgICAgICAgICAgICAgdiwgZGFidC5yZWcsICpyLCBnaWNk X3JlZyk7CiAgICAgICAgIHJldHVybiAwOwogICAgIH0KIAogYmFkX3dpZHRo OgotICAgIGRwcmludGsoWEVOTE9HX0VSUiwKLSAgICAgICAgICAgICJWR0lD djM6IHZHSUNEOiBiYWQgd3JpdGUgd2lkdGggJWQgciVkPSUiUFJJcmVnaXN0 ZXIiICIKLSAgICAgICAgICAgICJvZmZzZXQgJSMwOHhcbiIsIGRhYnQuc2l6 ZSwgZGFidC5yZWcsICpyLCBnaWNkX3JlZyk7CisgICAgcHJpbnRrKFhFTkxP R19HX0VSUgorICAgICAgICAgICAiJXB2OiB2R0lDRDogYmFkIHdyaXRlIHdp ZHRoICVkIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMwOHhcbiIsCisg ICAgICAgICAgIHYsIGRhYnQuc2l6ZSwgZGFidC5yZWcsICpyLCBnaWNkX3Jl Zyk7CiAgICAgZG9tYWluX2NyYXNoX3N5bmNocm9ub3VzKCk7CiAgICAgcmV0 dXJuIDA7CiAKLS0gCjIuMS40Cgo= --=separator Content-Type: application/octet-stream; name="xsa118-4.5-unstable-2.patch" Content-Disposition: attachment; filename="xsa118-4.5-unstable-2.patch" Content-Transfer-Encoding: base64 RnJvbSBlOGZhNDY5NTk1ZTI5YjJkYmU2ZGRlM2E3N2VlMmVhMmQ5ZTkzMjgz IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBsaW5hcm8ub3JnPgpEYXRlOiBNb24sIDE5IEphbiAy MDE1IDEyOjU5OjQyICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzJdIHhlbi9h cm06IHZnaWMtdjI6IG1lc3NhZ2UgaW4gdGhlIGVtdWxhdGlvbiBjb2RlIHNo b3VsZCBiZQogcmF0ZS1saW1pdGVkCgpwcmludGsgaXMgbm90IHJhdGVkLWxp bWl0ZWQgYnkgZGVmYXVsdC4gVGhlcmVmb3JlIGEgbWFsaWNpb3VzIGd1ZXN0 IG1heQpiZSBhYmxlIHRvIGZsb29kIHRoZSBYZW4gY29uc29sZS4KCklmIHdl IHVzZSBnZHByaW50aywgdW5lY2Vzc2FyeSBpbmZvcm1hdGlvbiB3aWxsIGJl IHByaW50ZWQgc3VjaCBhcyB0aGUKZmlsZW5hbWUgYW5kIHRoZSBsaW5lLiBJ bnN0ZWFkIHVzZSBYRU5MT0dfR19FUlIgY29tYmluZSB3aXRoICVwdi4KClNp Z25lZC1vZmYtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGxpbmFy by5vcmc+Ci0tLQogeGVuL2FyY2gvYXJtL3ZnaWMtdjIuYyB8IDQwICsrKysr KysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0tLS0tLS0KIDEgZmlsZSBj aGFuZ2VkLCAyMyBpbnNlcnRpb25zKCspLCAxNyBkZWxldGlvbnMoLSkKCmRp ZmYgLS1naXQgYS94ZW4vYXJjaC9hcm0vdmdpYy12Mi5jIGIveGVuL2FyY2gv YXJtL3ZnaWMtdjIuYwppbmRleCA5ZGM5YTIwLi4zYjg3ZjU0IDEwMDY0NAot LS0gYS94ZW4vYXJjaC9hcm0vdmdpYy12Mi5jCisrKyBiL3hlbi9hcmNoL2Fy bS92Z2ljLXYyLmMKQEAgLTE5OCw3ICsxOTgsNyBAQCBzdGF0aWMgaW50IHZn aWNfdjJfZGlzdHJfbW1pb19yZWFkKHN0cnVjdCB2Y3B1ICp2LCBtbWlvX2lu Zm9fdCAqaW5mbykKIAogICAgIGNhc2UgR0lDRF9JQ1BJRFIyOgogICAgICAg ICBpZiAoIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBnb3RvIGJhZF93aWR0 aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkIHJlYWQgZnJv bSBJQ1BJRFIyXG4iKTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUiAi JXB2OiB2R0lDRDogdW5oYW5kbGVkIHJlYWQgZnJvbSBJQ1BJRFIyXG4iLCB2 KTsKICAgICAgICAgcmV0dXJuIDA7CiAKICAgICAvKiBJbXBsZW1lbnRhdGlv biBkZWZpbmVkIC0tIHJlYWQgYXMgemVybyAqLwpAQCAtMjE1LDE0ICsyMTUs MTQgQEAgc3RhdGljIGludCB2Z2ljX3YyX2Rpc3RyX21taW9fcmVhZChzdHJ1 Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgICAgIGdvdG8g cmVhZF9hc196ZXJvOwogCiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJpbnRr KCJ2R0lDRDogdW5oYW5kbGVkIHJlYWQgciVkIG9mZnNldCAlIzA4eFxuIiwK LSAgICAgICAgICAgICAgIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgICAg IHByaW50ayhYRU5MT0dfR19FUlIgIiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCBy ZWFkIHIlZCBvZmZzZXQgJSMwOHhcbiIsCisgICAgICAgICAgICAgICB2LCBk YWJ0LnJlZywgZ2ljZF9yZWcpOwogICAgICAgICByZXR1cm4gMDsKICAgICB9 CiAKIGJhZF93aWR0aDoKLSAgICBwcmludGsoInZHSUNEOiBiYWQgcmVhZCB3 aWR0aCAlZCByJWQgb2Zmc2V0ICUjMDh4XG4iLAotICAgICAgICAgICBkYWJ0 LnNpemUsIGRhYnQucmVnLCBnaWNkX3JlZyk7CisgICAgcHJpbnRrKFhFTkxP R19HX0VSUiAiJXB2OiB2R0lDRDogYmFkIHJlYWQgd2lkdGggJWQgciVkIG9m ZnNldCAlIzA4eFxuIiwKKyAgICAgICAgICAgdiwgZGFidC5zaXplLCBkYWJ0 LnJlZywgZ2ljZF9yZWcpOwogICAgIGRvbWFpbl9jcmFzaF9zeW5jaHJvbm91 cygpOwogICAgIHJldHVybiAwOwogCkBAIC0zMzEsMTQgKzMzMSwxNiBAQCBz dGF0aWMgaW50IHZnaWNfdjJfZGlzdHJfbW1pb193cml0ZShzdHJ1Y3QgdmNw dSAqdiwgbW1pb19pbmZvX3QgKmluZm8pCiAKICAgICBjYXNlIEdJQ0RfSVNQ RU5EUiAuLi4gR0lDRF9JU1BFTkRSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNp emUgIT0gREFCVF9CWVRFICYmIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBn b3RvIGJhZF93aWR0aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5k bGVkICVzIHdyaXRlICUjIlBSSXJlZ2lzdGVyIiB0byBJU1BFTkRSJWRcbiIs Ci0gICAgICAgICAgICAgICBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIs ICpyLCBnaWNkX3JlZyAtIEdJQ0RfSVNQRU5EUik7CisgICAgICAgIHByaW50 ayhYRU5MT0dfR19FUlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1 bmhhbmRsZWQgJXMgd3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElTUEVORFIl ZFxuIiwKKyAgICAgICAgICAgICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6 ICJieXRlIiwgKnIsIGdpY2RfcmVnIC0gR0lDRF9JU1BFTkRSKTsKICAgICAg ICAgcmV0dXJuIDA7CiAKICAgICBjYXNlIEdJQ0RfSUNQRU5EUiAuLi4gR0lD RF9JQ1BFTkRSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0gREFCVF9C WVRFICYmIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBnb3RvIGJhZF93aWR0 aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRl ICUjIlBSSXJlZ2lzdGVyIiB0byBJQ1BFTkRSJWRcbiIsCi0gICAgICAgICAg ICAgICBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBnaWNkX3Jl ZyAtIEdJQ0RfSUNQRU5EUik7CisgICAgICAgIHByaW50ayhYRU5MT0dfR19F UlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQgJXMg d3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElDUEVORFIlZFxuIiwKKyAgICAg ICAgICAgICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRlIiwgKnIs IGdpY2RfcmVnIC0gR0lDRF9JQ1BFTkRSKTsKICAgICAgICAgcmV0dXJuIDA7 CiAKICAgICBjYXNlIEdJQ0RfSVNBQ1RJVkVSIC4uLiBHSUNEX0lTQUNUSVZF Uk46CkBAIC00NTcsMTQgKzQ1OSwxNiBAQCBzdGF0aWMgaW50IHZnaWNfdjJf ZGlzdHJfbW1pb193cml0ZShzdHJ1Y3QgdmNwdSAqdiwgbW1pb19pbmZvX3Qg KmluZm8pCiAKICAgICBjYXNlIEdJQ0RfQ1BFTkRTR0lSIC4uLiBHSUNEX0NQ RU5EU0dJUk46CiAgICAgICAgIGlmICggZGFidC5zaXplICE9IERBQlRfQllU RSAmJiBkYWJ0LnNpemUgIT0gREFCVF9XT1JEICkgZ290byBiYWRfd2lkdGg7 Ci0gICAgICAgIHByaW50aygidkdJQ0Q6IHVuaGFuZGxlZCAlcyB3cml0ZSAl IyJQUklyZWdpc3RlciIgdG8gSUNQRU5EU0dJUiVkXG4iLAotICAgICAgICAg ICAgICAgZGFidC5zaXplID8gIndvcmQiIDogImJ5dGUiLCAqciwgZ2ljZF9y ZWcgLSBHSUNEX0NQRU5EU0dJUik7CisgICAgICAgIHByaW50ayhYRU5MT0df R19FUlIKKyAgICAgICAgICAgICAgICIlcHY6IHZHSUNEOiB1bmhhbmRsZWQg JXMgd3JpdGUgJSMiUFJJcmVnaXN0ZXIiIHRvIElDUEVORFNHSVIlZFxuIiwK KyAgICAgICAgICAgICAgIHYsIGRhYnQuc2l6ZSA/ICJ3b3JkIiA6ICJieXRl IiwgKnIsIGdpY2RfcmVnIC0gR0lDRF9DUEVORFNHSVIpOwogICAgICAgICBy ZXR1cm4gMDsKIAogICAgIGNhc2UgR0lDRF9TUEVORFNHSVIgLi4uIEdJQ0Rf U1BFTkRTR0lSTjoKICAgICAgICAgaWYgKCBkYWJ0LnNpemUgIT0gREFCVF9C WVRFICYmIGRhYnQuc2l6ZSAhPSBEQUJUX1dPUkQgKSBnb3RvIGJhZF93aWR0 aDsKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDogdW5oYW5kbGVkICVzIHdyaXRl ICUjIlBSSXJlZ2lzdGVyIiB0byBJU1BFTkRTR0lSJWRcbiIsCi0gICAgICAg ICAgICAgICBkYWJ0LnNpemUgPyAid29yZCIgOiAiYnl0ZSIsICpyLCBnaWNk X3JlZyAtIEdJQ0RfU1BFTkRTR0lSKTsKKyAgICAgICAgcHJpbnRrKFhFTkxP R19HX0VSUgorICAgICAgICAgICAgICAgIiVwdjogdkdJQ0Q6IHVuaGFuZGxl ZCAlcyB3cml0ZSAlIyJQUklyZWdpc3RlciIgdG8gSVNQRU5EU0dJUiVkXG4i LAorICAgICAgICAgICAgICAgdiwgZGFidC5zaXplID8gIndvcmQiIDogImJ5 dGUiLCAqciwgZ2ljZF9yZWcgLSBHSUNEX1NQRU5EU0dJUik7CiAgICAgICAg IHJldHVybiAwOwogCiAgICAgLyogSW1wbGVtZW50YXRpb24gZGVmaW5lZCAt LSB3cml0ZSBpZ25vcmVkICovCkBAIC00ODksMTQgKzQ5MywxNiBAQCBzdGF0 aWMgaW50IHZnaWNfdjJfZGlzdHJfbW1pb193cml0ZShzdHJ1Y3QgdmNwdSAq diwgbW1pb19pbmZvX3QgKmluZm8pCiAgICAgICAgIGdvdG8gd3JpdGVfaWdu b3JlOwogCiAgICAgZGVmYXVsdDoKLSAgICAgICAgcHJpbnRrKCJ2R0lDRDog dW5oYW5kbGVkIHdyaXRlIHIlZD0lIlBSSXJlZ2lzdGVyIiBvZmZzZXQgJSMw OHhcbiIsCi0gICAgICAgICAgICAgICBkYWJ0LnJlZywgKnIsIGdpY2RfcmVn KTsKKyAgICAgICAgcHJpbnRrKFhFTkxPR19HX0VSUgorICAgICAgICAgICAg ICAgIiVwdjogdkdJQ0Q6IHVuaGFuZGxlZCB3cml0ZSByJWQ9JSJQUklyZWdp c3RlciIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICAgICAgdiwgZGFi dC5yZWcsICpyLCBnaWNkX3JlZyk7CiAgICAgICAgIHJldHVybiAwOwogICAg IH0KIAogYmFkX3dpZHRoOgotICAgIHByaW50aygidkdJQ0Q6IGJhZCB3cml0 ZSB3aWR0aCAlZCByJWQ9JSJQUklyZWdpc3RlciIgb2Zmc2V0ICUjMDh4XG4i LAotICAgICAgICAgICBkYWJ0LnNpemUsIGRhYnQucmVnLCAqciwgZ2ljZF9y ZWcpOworICAgIHByaW50ayhYRU5MT0dfR19FUlIKKyAgICAgICAgICAgIiVw djogdkdJQ0Q6IGJhZCB3cml0ZSB3aWR0aCAlZCByJWQ9JSJQUklyZWdpc3Rl ciIgb2Zmc2V0ICUjMDh4XG4iLAorICAgICAgICAgICB2LCBkYWJ0LnNpemUs IGRhYnQucmVnLCAqciwgZ2ljZF9yZWcpOwogICAgIGRvbWFpbl9jcmFzaF9z eW5jaHJvbm91cygpOwogICAgIHJldHVybiAwOwogCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator--