From xen-announce-bounces@lists.xen.org Tue Dec 08 12:02:30 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Dec 2015 12:02:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GxS-0007PY-Br; Tue, 08 Dec 2015 12:01:26 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GxQ-0007OC-Sz; Tue, 08 Dec 2015 12:01:25 +0000 Received: from [85.158.137.68] by server-17.bemta-3.messagelabs.com id 0E/88-02940-396C6665; Tue, 08 Dec 2015 12:01:23 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-31.messagelabs.com!1449576081!9319699!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35; banners=-,-,- X-VirusChecked: Checked Received: (qmail 61274 invoked from network); 8 Dec 2015 12:01:22 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 8 Dec 2015 12:01:22 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GxF-0005lV-2y; Tue, 08 Dec 2015 12:01:13 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a6GxE-0003YB-Rd; Tue, 08 Dec 2015 12:01:12 +0000 Date: Tue, 08 Dec 2015 12:01:12 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8338 / XSA-158 version 3 long running memory operations on ARM UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Certain HYPERVISOR_memory_op subops take page order inputs, with so far insufficient enforcement of limits thereof. In particular, for all of XENMEM_increase_reservation, XENMEM_populate_physmap, and XENMEM_exchange the order was limited to 9 only for guests without physical devices assigned. Guests with assigned devices were allowed up to order 18 (x86) or 20 (ARM). XENMEM_decrease_reservation enforced only the latter, higher limit uniformly on all kinds of guests. All of these operations involve loops over individual pages (possibly nested, with only the iteration count of the innermost loop being of interest here), resulting in iteration counts of up to 1 million on ARM. Total execution time of these operations obviously depends on system speed, but have been measured to get into the seconds range. IMPACT ====== A malicious guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant period. Other attacks, namely privilege escalation, cannot be ruled out. If a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest. VULNERABLE SYSTEMS ================== All Xen versions supporting ARM are affected. x86 versions of Xen are unaffected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. On ARM, controlling the guest's kernel may involve locking down the bootloader. Exposure may be limited by not passing through physical devices to untrusted guests. (However, where device pass-through is being used to enhance security, for example, by disaggregating device drivers, users should not change their configuration: moving the drivers from a separate domain, to dom0, does NOT mitigate this vulnerability. Rather, it simply recategorises the additional exposure, regarding it "as designed" and therefore "not a bug". Users and vendors of disaggregated systems should not change their configuration.) CREDITS ======= This issue was discovered by Julien Grall of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa158.patch xen-unstable, Xen 4.6.x, Xen 4.5.x xsa158-4.4.patch Xen 4.4.x, Xen 4.3.x $ sha256sum xsa158* 50d7431cbad8faa631e2057ddd795b880f79b96d126a0b83afef3eceacf0026d xsa158.patch 54b538905e66227bf7f326006a7c322bdf35c76ad8600ff462e61d6e2eab6f04 xsa158-4.4.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the NO PASS-THROUGH partial MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because altering the set of devices observable in a guest in connection with a security issue would be a user-visible change which could lead to the rediscovery of the vulnerability. Deployment of the mitigation is permitted only AFTER the embargo ends. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZr8FAAoJEIP+FMlX6CvZS7UIAKtjK/KGZxAv3L38qTlldHhF BAYuZvlDt4wJEKYd9wUbN5nqXAL23muKj+oOLjS4PRHnsNKAjyKicJEFDIpLGr9z fLKqmWvxnDexP3tjiUqz5z8IOpGTMgFPPl9kosYXhBiQAIrrlTigL+umYSGlIsB1 MkLfW1ZST3H7eoBzNkFEpGsMTjAtnYJfYwZp2MLC8sbdNq04RWbiIqljEb61ULdi CXAFoiVcDiNbRrT2LRFwfAIM2mtzi6Me0GUMmGrdsfg0rlmgxHVItPLEd8fZ1CTE ChqUOCZfL9DH3zlBgqD+0oADxhfwbHHnsu2Mvy0MzgwTZ7zX+12eer89qwvtgwA= =AIko -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa158.patch" Content-Disposition: attachment; filename="xsa158.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+Ci0tLQp2MjogUmVuYW1lIGNvbW1hbmQgbGluZSBvcHRp b24gdG8gIm1lbW9wLW1heC1vcmRlciIuIENsYXJpZnkgZG9tYWluCiAgICBr aW5kcyBpbiBjb21tYW5kIGxpbmUgb3B0aW9uIGRvYy4gQ29ycmVjdCBpdHMg c3ludGF4IGRlc2NyaXB0aW9uLgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21t YW5kLWxpbmUubWFya2Rvd24KKysrIGIvZG9jcy9taXNjL3hlbi1jb21tYW5k LWxpbmUubWFya2Rvd24KQEAgLTEwMjksNiArMTAyOSwxNyBAQCB3aXRoICoq Y3Jhc2hpbmZvX21heGFkZHIqKi4KIFNwZWNpZnkgdGhlIHRocmVzaG9sZCBi ZWxvdyB3aGljaCBYZW4gd2lsbCBpbmZvcm0gZG9tMCB0aGF0IHRoZSBxdWFu dGl0eSBvZgogZnJlZSBtZW1vcnkgaXMgZ2V0dGluZyBsb3cuICBTcGVjaWZ5 aW5nIGAwYCB3aWxsIGRpc2FibGUgdGhpcyBub3RpZmljYXRpb24uCiAKKyMj IyBtZW1vcC1tYXgtb3JkZXIKKz4gYD0gWzxkb21VPl1bLFs8Y3RsZG9tPl1b LFs8aHdkb20+XVssPHB0ZG9tPl1dXWAKKworPiB4ODYgZGVmYXVsdDogYDks MTgsMTIsMTJgCis+IEFSTSBkZWZhdWx0OiBgOSwxOCwxMCwxMGAKKworQ2hh bmdlIHRoZSBtYXhpbXVtIG9yZGVyIHBlcm1pdHRlZCBmb3IgYWxsb2NhdGlv biAob3IgYWxsb2NhdGlvbi1saWtlKQorcmVxdWVzdHMgaXNzdWVkIGJ5IHRo ZSB2YXJpb3VzIGtpbmRzIG9mIGRvbWFpbnMgKGluIHRoaXMgb3JkZXI6Citv cmRpbmFyeSBEb21VLCBjb250cm9sIGRvbWFpbiwgaGFyZHdhcmUgZG9tYWlu LCBhbmQgLSB3aGVuIHN1cHBvcnRlZAorYnkgdGhlIHBsYXRmb3JtIC0gRG9t VSB3aXRoIHBhc3MtdGhyb3VnaCBkZXZpY2UgYXNzaWduZWQpLgorCiAjIyMg bWF4XF9jc3RhdGUKID4gYD0gPGludGVnZXI+YAogCi0tLSBhL3hlbi9jb21t b24vbWVtb3J5LmMKKysrIGIveGVuL2NvbW1vbi9tZW1vcnkuYwpAQCAtNDMs NiArNDMsNTAgQEAgc3RydWN0IG1lbW9wX2FyZ3MgewogICAgIGludCAgICAg ICAgICBwcmVlbXB0ZWQ7ICAvKiBXYXMgdGhlIGh5cGVyY2FsbCBwcmVlbXB0 ZWQ/ICovCiB9OwogCisjaWZuZGVmIENPTkZJR19DVExET01fTUFYX09SREVS CisjZGVmaW5lIENPTkZJR19DVExET01fTUFYX09SREVSIENPTkZJR19QQUdF QUxMT0NfTUFYX09SREVSCisjZW5kaWYKKyNpZm5kZWYgQ09ORklHX1BURE9N X01BWF9PUkRFUgorI2RlZmluZSBDT05GSUdfUFRET01fTUFYX09SREVSIENP TkZJR19IV0RPTV9NQVhfT1JERVIKKyNlbmRpZgorCitzdGF0aWMgdW5zaWdu ZWQgaW50IF9fcmVhZF9tb3N0bHkgZG9tdV9tYXhfb3JkZXIgPSBDT05GSUdf RE9NVV9NQVhfT1JERVI7CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgY3RsZG9tX21heF9vcmRlciA9IENPTkZJR19DVExET01fTUFYX09S REVSOworc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IGh3ZG9t X21heF9vcmRlciA9IENPTkZJR19IV0RPTV9NQVhfT1JERVI7CisjaWZkZWYg SEFTX1BBU1NUSFJPVUdICitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgcHRkb21fbWF4X29yZGVyID0gQ09ORklHX1BURE9NX01BWF9PUkRF UjsKKyNlbHNlCisjIGRlZmluZSBwdGRvbV9tYXhfb3JkZXIgZG9tdV9tYXhf b3JkZXIKKyNlbmRpZgorc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX21heF9v cmRlcihjb25zdCBjaGFyICpzKQoreworICAgIGlmICggKnMgIT0gJywnICkK KyAgICAgICAgZG9tdV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAm cywgMCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQor ICAgICAgICBjdGxkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworICAgIGlmICggKnMgPT0gJywnICYmICorK3MgIT0gJywnICkK KyAgICAgICAgaHdkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworI2lmZGVmIEhBU19QQVNTVEhST1VHSAorICAgIGlmICggKnMg PT0gJywnICYmICorK3MgIT0gJywnICkKKyAgICAgICAgcHRkb21fbWF4X29y ZGVyID0gc2ltcGxlX3N0cnRvdWwocywgJnMsIDApOworI2VuZGlmCit9Citj dXN0b21fcGFyYW0oIm1lbW9wLW1heC1vcmRlciIsIHBhcnNlX21heF9vcmRl cik7CisKK3N0YXRpYyB1bnNpZ25lZCBpbnQgbWF4X29yZGVyKGNvbnN0IHN0 cnVjdCBkb21haW4gKmQpCit7CisgICAgdW5zaWduZWQgaW50IG9yZGVyID0g Y2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpID8gZG9tdV9tYXhfb3JkZXIKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgOiBwdGRvbV9tYXhfb3JkZXI7CisKKyAgICBpZiAoIGlzX2NvbnRyb2xf ZG9tYWluKGQpICYmIG9yZGVyIDwgY3RsZG9tX21heF9vcmRlciApCisgICAg ICAgIG9yZGVyID0gY3RsZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNf aGFyZHdhcmVfZG9tYWluKGQpICYmIG9yZGVyIDwgaHdkb21fbWF4X29yZGVy ICkKKyAgICAgICAgb3JkZXIgPSBod2RvbV9tYXhfb3JkZXI7CisKKyAgICBy ZXR1cm4gbWluKG9yZGVyLCBNQVhfT1JERVIgKyAwVSk7Cit9CisKIHN0YXRp YyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVjdCBtZW1vcF9hcmdz ICphKQogewogICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2U7CkBAIC01NSw3 ICs5OSw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0 cnVjdAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEt Pm5yX2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAo ICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9t YWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9v cmRlciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAg cmV0dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5u cl9leHRlbnRzOyBpKysgKQpAQCAtMTAwLDggKzE0NCw4IEBAIHN0YXRpYyB2 b2lkIHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkK ICAgICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1F TUZfcG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFY X09SREVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAg ICBpZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkg KQogICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9u ZTsgaSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yODUsNyArMzI5LDcg QEAgc3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAK ICAgICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRl bnRfbGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBh LT5leHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0 ZW50X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAg ICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8 IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0zNDMsMTMgKzM4NywxNyBAQCBz dGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAg aWYgKCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAg ICByZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0 ZW50X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAg IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAg IHJjID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAg fQorCiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlm ICggKGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8 fAogICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRp ZmllcnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBl eGNoLm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMg YXJlIHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29y ZGVyID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVu dF9vcmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9m IGlucHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9u Zz8gKi8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRl cikgPCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwg Pj4gZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVu dHMpIHx8CkBAIC0zNjgsMTYgKzQxNiw2IEBAIHN0YXRpYyBsb25nIG1lbW9y eV9leGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vh cmx5OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMg Y2FuIGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAq LwotICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChj dXJyZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAg ICAgIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5k b21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAg cmMgPSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9 Ci0KICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0 LmV4dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRl ciAgPSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9v cmRlcjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysg Yi94ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zOSw2ICszOSwx MCBAQAogCiAjZGVmaW5lIENPTkZJR19JUlFfSEFTX01VTFRJUExFX0FDVElP TiAxCiAKKyNkZWZpbmUgQ09ORklHX1BBR0VBTExPQ19NQVhfT1JERVIgMTgK KyNkZWZpbmUgQ09ORklHX0RPTVVfTUFYX09SREVSICAgICAgOQorI2RlZmlu ZSBDT05GSUdfSFdET01fTUFYX09SREVSICAgICAxMAorCiAjZGVmaW5lIE9Q VF9DT05TT0xFX1NUUiAiZHR1YXJ0IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BV UwotLS0gYS94ZW4vaW5jbHVkZS9hc20tYXJtL2lvY2FwLmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLWFybS9pb2NhcC5oCkBAIC00LDEwICs0LDYgQEAKICNk ZWZpbmUgY2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpICAgICAgICAgICAgICAg ICAgICAgICAgXAogICAgICghcmFuZ2VzZXRfaXNfZW1wdHkoKGQpLT5pb21l bV9jYXBzKSkKIAotI2RlZmluZSBtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoZCwgb3JkZXIpICAgICAgICBcCi0gICAgKCgob3JkZXIpIDw9IDkp IHx8IC8qIGFsbG93IDJNQiBzdXBlcnBhZ2VzICovICAgICAgIFwKLSAgICAg IXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+aW9tZW1fY2FwcykpCi0KICNlbmRp ZgogCiAvKgotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2NvbmZpZy5oCisr KyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvY29uZmlnLmgKQEAgLTI4LDkgKzI4 LDEyIEBACiAjZGVmaW5lIENPTkZJR19OVU1BIDEKICNkZWZpbmUgQ09ORklH X0RJU0NPTlRJR01FTSAxCiAjZGVmaW5lIENPTkZJR19OVU1BX0VNVSAxCi0j ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQogI2RlZmluZSBDT05GSUdfRE9NQUlOX1BBR0UgMQogCisj ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQorI2RlZmluZSBDT05GSUdfRE9NVV9NQVhfT1JERVIgICAg ICBQQUdFVEFCTEVfT1JERVIKKyNkZWZpbmUgQ09ORklHX0hXRE9NX01BWF9P UkRFUiAgICAgMTIKKwogLyogSW50ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJn ZXN0IGNhY2hlIGxpbmUgKEwyIGxpbmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAq LwogI2RlZmluZSBDT05GSUdfWDg2X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0g YS94ZW4vaW5jbHVkZS9hc20teDg2L2lvY2FwLmgKKysrIGIveGVuL2luY2x1 ZGUvYXNtLXg4Ni9pb2NhcC5oCkBAIC0xOCw5ICsxOCw0IEBACiAgICAgKCFy YW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAg ICAgIFwKICAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3Bv cnRfY2FwcykpCiAKLSNkZWZpbmUgbXVsdGlwYWdlX2FsbG9jYXRpb25fcGVy bWl0dGVkKGQsIG9yZGVyKSAgICAgICAgXAotICAgICgoKG9yZGVyKSA8PSA5 KSB8fCAvKiBhbGxvdyAyTUIgc3VwZXJwYWdlcyAqLyAgICAgICBcCi0gICAg ICFyYW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAg ICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5p b3BvcnRfY2FwcykpCi0KICNlbmRpZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: application/octet-stream; name="xsa158-4.4.patch" Content-Disposition: attachment; filename="xsa158-4.4.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+CgotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGlu ZS5tYXJrZG93bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5t YXJrZG93bgpAQCAtNjUzLDYgKzY1MywxNyBAQCB3aGljaCBkYXRhIHN0cnVj dHVyZXMgc2hvdWxkIGJlIGRlbGliZXJhCiBzbyB0aGUgY3Jhc2gga2VybmVs IG1heSBmaW5kIGZpbmQgdGhlbS4gIFNob3VsZCBiZSB1c2VkIGluIGNvbWJp bmF0aW9uCiB3aXRoICoqY3Jhc2hpbmZvX21heGFkZHIqKi4KIAorIyMjIG1l bW9wLW1heC1vcmRlcgorPiBgPSBbPGRvbVU+XVssWzxjdGxkb20+XVssWzxo d2RvbT5dWyw8cHRkb20+XV1dYAorCis+IHg4NiBkZWZhdWx0OiBgOSwxOCwx MiwxMmAKKz4gQVJNIGRlZmF1bHQ6IGA5LDE4LDEwLDEwYAorCitDaGFuZ2Ug dGhlIG1heGltdW0gb3JkZXIgcGVybWl0dGVkIGZvciBhbGxvY2F0aW9uIChv ciBhbGxvY2F0aW9uLWxpa2UpCityZXF1ZXN0cyBpc3N1ZWQgYnkgdGhlIHZh cmlvdXMga2luZHMgb2YgZG9tYWlucyAoaW4gdGhpcyBvcmRlcjoKK29yZGlu YXJ5IERvbVUsIGNvbnRyb2wgZG9tYWluLCBoYXJkd2FyZSBkb21haW4sIGFu ZCAtIHdoZW4gc3VwcG9ydGVkCitieSB0aGUgcGxhdGZvcm0gLSBEb21VIHdp dGggcGFzcy10aHJvdWdoIGRldmljZSBhc3NpZ25lZCkuCisKICMjIyBtYXhc X2NzdGF0ZQogPiBgPSA8aW50ZWdlcj5gCiAKLS0tIGEveGVuL2NvbW1vbi9t ZW1vcnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC00Niw2ICs0 Niw1MCBAQCBzdHJ1Y3QgbWVtb3BfYXJncyB7CiAgICAgaW50ICAgICAgICAg IHByZWVtcHRlZDsgIC8qIFdhcyB0aGUgaHlwZXJjYWxsIHByZWVtcHRlZD8g Ki8KIH07CiAKKyNpZm5kZWYgQ09ORklHX0NUTERPTV9NQVhfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0NUTERPTV9NQVhfT1JERVIgQ09ORklHX1BBR0VBTExP Q19NQVhfT1JERVIKKyNlbmRpZgorI2lmbmRlZiBDT05GSUdfUFRET01fTUFY X09SREVSCisjZGVmaW5lIENPTkZJR19QVERPTV9NQVhfT1JERVIgQ09ORklH X0hXRE9NX01BWF9PUkRFUgorI2VuZGlmCisKK3N0YXRpYyB1bnNpZ25lZCBp bnQgX19yZWFkX21vc3RseSBkb211X21heF9vcmRlciA9IENPTkZJR19ET01V X01BWF9PUkRFUjsKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBjdGxkb21fbWF4X29yZGVyID0gQ09ORklHX0NUTERPTV9NQVhfT1JERVI7 CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9tb3N0bHkgaHdkb21fbWF4 X29yZGVyID0gQ09ORklHX0hXRE9NX01BWF9PUkRFUjsKKyNpZmRlZiBIQVNf UEFTU1RIUk9VR0gKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBwdGRvbV9tYXhfb3JkZXIgPSBDT05GSUdfUFRET01fTUFYX09SREVSOwor I2Vsc2UKKyMgZGVmaW5lIHB0ZG9tX21heF9vcmRlciBkb211X21heF9vcmRl cgorI2VuZGlmCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfbWF4X29yZGVy KGNvbnN0IGNoYXIgKnMpCit7CisgICAgaWYgKCAqcyAhPSAnLCcgKQorICAg ICAgICBkb211X21heF9vcmRlciA9IHNpbXBsZV9zdHJ0b3VsKHMsICZzLCAw KTsKKyAgICBpZiAoICpzID09ICcsJyAmJiAqKytzICE9ICcsJyApCisgICAg ICAgIGN0bGRvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQorICAg ICAgICBod2RvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisjaWZkZWYgSEFTX1BBU1NUSFJPVUdICisgICAgaWYgKCAqcyA9PSAn LCcgJiYgKisrcyAhPSAnLCcgKQorICAgICAgICBwdGRvbV9tYXhfb3JkZXIg PSBzaW1wbGVfc3RydG91bChzLCAmcywgMCk7CisjZW5kaWYKK30KK2N1c3Rv bV9wYXJhbSgibWVtb3AtbWF4LW9yZGVyIiwgcGFyc2VfbWF4X29yZGVyKTsK Kworc3RhdGljIHVuc2lnbmVkIGludCBtYXhfb3JkZXIoY29uc3Qgc3RydWN0 IGRvbWFpbiAqZCkKK3sKKyAgICB1bnNpZ25lZCBpbnQgb3JkZXIgPSBjYWNo ZV9mbHVzaF9wZXJtaXR0ZWQoZCkgPyBkb211X21heF9vcmRlcgorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6 IHB0ZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNfY29udHJvbF9kb21h aW4oZCkgJiYgb3JkZXIgPCBjdGxkb21fbWF4X29yZGVyICkKKyAgICAgICAg b3JkZXIgPSBjdGxkb21fbWF4X29yZGVyOworCisgICAgaWYgKCBpc19oYXJk d2FyZV9kb21haW4oZCkgJiYgb3JkZXIgPCBod2RvbV9tYXhfb3JkZXIgKQor ICAgICAgICBvcmRlciA9IGh3ZG9tX21heF9vcmRlcjsKKworICAgIHJldHVy biBtaW4ob3JkZXIsIE1BWF9PUkRFUiArIDBVKTsKK30KKwogc3RhdGljIHZv aWQgaW5jcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0IG1lbW9wX2FyZ3MgKmEp CiB7CiAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZTsKQEAgLTU4LDcgKzEw Miw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEtPm5y X2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAoICFt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9tYWlu LCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9vcmRl ciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0 dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5ucl9l eHRlbnRzOyBpKysgKQpAQCAtMTAzLDggKzE0Nyw4IEBAIHN0YXRpYyB2b2lk IHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkKICAg ICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFYX09S REVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0 ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBp ZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZfcG9w dWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkgKQog ICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsg aSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yNjksNyArMzEzLDcgQEAg c3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAKICAg ICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRlbnRf bGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBhLT5l eHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0ZW50 X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAgICAg ICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8IGEt Pm5yX2V4dGVudHM7IGkrKyApCkBAIC0zMzQsMTMgKzM3OCwxNyBAQCBzdGF0 aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgaWYg KCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAgICBy ZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0ZW50 X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAgIG1h eF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAgIHJj ID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAgfQor CiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlmICgg KGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8fAog ICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRpZmll cnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBleGNo Lm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMgYXJl IHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29yZGVy ID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVudF9v cmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9mIGlu cHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9uZz8g Ki8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRlcikg PCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwgPj4g ZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVudHMp IHx8CkBAIC0zNTksMTYgKzQwNyw2IEBAIHN0YXRpYyBsb25nIG1lbW9yeV9l eGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vhcmx5 OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMgY2Fu IGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAqLwot ICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJy ZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAgICAg IW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5kb21h aW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAgcmMg PSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9Ci0K ICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0LmV4 dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRlciAg PSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9vcmRl cjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysgYi94 ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zNyw2ICszNywxMCBA QAogCiAjZGVmaW5lIENPTkZJR19WSURFTyAxCiAKKyNkZWZpbmUgQ09ORklH X1BBR0VBTExPQ19NQVhfT1JERVIgMTgKKyNkZWZpbmUgQ09ORklHX0RPTVVf TUFYX09SREVSICAgICAgOQorI2RlZmluZSBDT05GSUdfSFdET01fTUFYX09S REVSICAgICAxMAorCiAjZGVmaW5lIE9QVF9DT05TT0xFX1NUUiAiZHR1YXJ0 IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BVUwotLS0gYS94ZW4vaW5jbHVkZS9h c20tYXJtL2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLWFybS9pb2Nh cC5oCkBAIC00LDEwICs0LDYgQEAKICNkZWZpbmUgY2FjaGVfZmx1c2hfcGVy bWl0dGVkKGQpICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICghcmFu Z2VzZXRfaXNfZW1wdHkoKGQpLT5pb21lbV9jYXBzKSkKIAotI2RlZmluZSBt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoZCwgb3JkZXIpICAgICAg ICBcCi0gICAgKCgob3JkZXIpIDw9IDkpIHx8IC8qIGFsbG93IDJNQiBzdXBl cnBhZ2VzICovICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChk KS0+aW9tZW1fY2FwcykpCi0KICNlbmRpZgogCiAvKgotLS0gYS94ZW4vaW5j bHVkZS9hc20teDg2L2NvbmZpZy5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14 ODYvY29uZmlnLmgKQEAgLTI5LDkgKzI5LDEyIEBACiAjZGVmaW5lIENPTkZJ R19OVU1BIDEKICNkZWZpbmUgQ09ORklHX0RJU0NPTlRJR01FTSAxCiAjZGVm aW5lIENPTkZJR19OVU1BX0VNVSAxCi0jZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQogI2RlZmluZSBD T05GSUdfRE9NQUlOX1BBR0UgMQogCisjZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQorI2RlZmluZSBD T05GSUdfRE9NVV9NQVhfT1JERVIgICAgICBQQUdFVEFCTEVfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0hXRE9NX01BWF9PUkRFUiAgICAgMTIKKwogLyogSW50 ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJnZXN0IGNhY2hlIGxpbmUgKEwyIGxp bmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAqLwogI2RlZmluZSBDT05GSUdfWDg2 X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2 L2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9pb2NhcC5oCkBA IC0xOCw5ICsxOCw0IEBACiAgICAgKCFyYW5nZXNldF9pc19lbXB0eSgoZCkt PmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKICAgICAgIXJhbmdlc2V0 X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCiAKLSNkZWZpbmUg bXVsdGlwYWdlX2FsbG9jYXRpb25fcGVybWl0dGVkKGQsIG9yZGVyKSAgICAg ICAgXAotICAgICgoKG9yZGVyKSA8PSA5KSB8fCAvKiBhbGxvdyAyTUIgc3Vw ZXJwYWdlcyAqLyAgICAgICBcCi0gICAgICFyYW5nZXNldF9pc19lbXB0eSgo ZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKLSAgICAgIXJhbmdl c2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCi0KICNlbmRp ZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 08 12:02:30 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Dec 2015 12:02:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GxS-0007PY-Br; Tue, 08 Dec 2015 12:01:26 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GxQ-0007OC-Sz; Tue, 08 Dec 2015 12:01:25 +0000 Received: from [85.158.137.68] by server-17.bemta-3.messagelabs.com id 0E/88-02940-396C6665; Tue, 08 Dec 2015 12:01:23 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-31.messagelabs.com!1449576081!9319699!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35; banners=-,-,- X-VirusChecked: Checked Received: (qmail 61274 invoked from network); 8 Dec 2015 12:01:22 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 8 Dec 2015 12:01:22 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GxF-0005lV-2y; Tue, 08 Dec 2015 12:01:13 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a6GxE-0003YB-Rd; Tue, 08 Dec 2015 12:01:12 +0000 Date: Tue, 08 Dec 2015 12:01:12 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8338 / XSA-158 version 3 long running memory operations on ARM UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Certain HYPERVISOR_memory_op subops take page order inputs, with so far insufficient enforcement of limits thereof. In particular, for all of XENMEM_increase_reservation, XENMEM_populate_physmap, and XENMEM_exchange the order was limited to 9 only for guests without physical devices assigned. Guests with assigned devices were allowed up to order 18 (x86) or 20 (ARM). XENMEM_decrease_reservation enforced only the latter, higher limit uniformly on all kinds of guests. All of these operations involve loops over individual pages (possibly nested, with only the iteration count of the innermost loop being of interest here), resulting in iteration counts of up to 1 million on ARM. Total execution time of these operations obviously depends on system speed, but have been measured to get into the seconds range. IMPACT ====== A malicious guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant period. Other attacks, namely privilege escalation, cannot be ruled out. If a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest. VULNERABLE SYSTEMS ================== All Xen versions supporting ARM are affected. x86 versions of Xen are unaffected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. On ARM, controlling the guest's kernel may involve locking down the bootloader. Exposure may be limited by not passing through physical devices to untrusted guests. (However, where device pass-through is being used to enhance security, for example, by disaggregating device drivers, users should not change their configuration: moving the drivers from a separate domain, to dom0, does NOT mitigate this vulnerability. Rather, it simply recategorises the additional exposure, regarding it "as designed" and therefore "not a bug". Users and vendors of disaggregated systems should not change their configuration.) CREDITS ======= This issue was discovered by Julien Grall of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa158.patch xen-unstable, Xen 4.6.x, Xen 4.5.x xsa158-4.4.patch Xen 4.4.x, Xen 4.3.x $ sha256sum xsa158* 50d7431cbad8faa631e2057ddd795b880f79b96d126a0b83afef3eceacf0026d xsa158.patch 54b538905e66227bf7f326006a7c322bdf35c76ad8600ff462e61d6e2eab6f04 xsa158-4.4.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the NO PASS-THROUGH partial MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because altering the set of devices observable in a guest in connection with a security issue would be a user-visible change which could lead to the rediscovery of the vulnerability. Deployment of the mitigation is permitted only AFTER the embargo ends. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZr8FAAoJEIP+FMlX6CvZS7UIAKtjK/KGZxAv3L38qTlldHhF BAYuZvlDt4wJEKYd9wUbN5nqXAL23muKj+oOLjS4PRHnsNKAjyKicJEFDIpLGr9z fLKqmWvxnDexP3tjiUqz5z8IOpGTMgFPPl9kosYXhBiQAIrrlTigL+umYSGlIsB1 MkLfW1ZST3H7eoBzNkFEpGsMTjAtnYJfYwZp2MLC8sbdNq04RWbiIqljEb61ULdi CXAFoiVcDiNbRrT2LRFwfAIM2mtzi6Me0GUMmGrdsfg0rlmgxHVItPLEd8fZ1CTE ChqUOCZfL9DH3zlBgqD+0oADxhfwbHHnsu2Mvy0MzgwTZ7zX+12eer89qwvtgwA= =AIko -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa158.patch" Content-Disposition: attachment; filename="xsa158.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+Ci0tLQp2MjogUmVuYW1lIGNvbW1hbmQgbGluZSBvcHRp b24gdG8gIm1lbW9wLW1heC1vcmRlciIuIENsYXJpZnkgZG9tYWluCiAgICBr aW5kcyBpbiBjb21tYW5kIGxpbmUgb3B0aW9uIGRvYy4gQ29ycmVjdCBpdHMg c3ludGF4IGRlc2NyaXB0aW9uLgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21t YW5kLWxpbmUubWFya2Rvd24KKysrIGIvZG9jcy9taXNjL3hlbi1jb21tYW5k LWxpbmUubWFya2Rvd24KQEAgLTEwMjksNiArMTAyOSwxNyBAQCB3aXRoICoq Y3Jhc2hpbmZvX21heGFkZHIqKi4KIFNwZWNpZnkgdGhlIHRocmVzaG9sZCBi ZWxvdyB3aGljaCBYZW4gd2lsbCBpbmZvcm0gZG9tMCB0aGF0IHRoZSBxdWFu dGl0eSBvZgogZnJlZSBtZW1vcnkgaXMgZ2V0dGluZyBsb3cuICBTcGVjaWZ5 aW5nIGAwYCB3aWxsIGRpc2FibGUgdGhpcyBub3RpZmljYXRpb24uCiAKKyMj IyBtZW1vcC1tYXgtb3JkZXIKKz4gYD0gWzxkb21VPl1bLFs8Y3RsZG9tPl1b LFs8aHdkb20+XVssPHB0ZG9tPl1dXWAKKworPiB4ODYgZGVmYXVsdDogYDks MTgsMTIsMTJgCis+IEFSTSBkZWZhdWx0OiBgOSwxOCwxMCwxMGAKKworQ2hh bmdlIHRoZSBtYXhpbXVtIG9yZGVyIHBlcm1pdHRlZCBmb3IgYWxsb2NhdGlv biAob3IgYWxsb2NhdGlvbi1saWtlKQorcmVxdWVzdHMgaXNzdWVkIGJ5IHRo ZSB2YXJpb3VzIGtpbmRzIG9mIGRvbWFpbnMgKGluIHRoaXMgb3JkZXI6Citv cmRpbmFyeSBEb21VLCBjb250cm9sIGRvbWFpbiwgaGFyZHdhcmUgZG9tYWlu LCBhbmQgLSB3aGVuIHN1cHBvcnRlZAorYnkgdGhlIHBsYXRmb3JtIC0gRG9t VSB3aXRoIHBhc3MtdGhyb3VnaCBkZXZpY2UgYXNzaWduZWQpLgorCiAjIyMg bWF4XF9jc3RhdGUKID4gYD0gPGludGVnZXI+YAogCi0tLSBhL3hlbi9jb21t b24vbWVtb3J5LmMKKysrIGIveGVuL2NvbW1vbi9tZW1vcnkuYwpAQCAtNDMs NiArNDMsNTAgQEAgc3RydWN0IG1lbW9wX2FyZ3MgewogICAgIGludCAgICAg ICAgICBwcmVlbXB0ZWQ7ICAvKiBXYXMgdGhlIGh5cGVyY2FsbCBwcmVlbXB0 ZWQ/ICovCiB9OwogCisjaWZuZGVmIENPTkZJR19DVExET01fTUFYX09SREVS CisjZGVmaW5lIENPTkZJR19DVExET01fTUFYX09SREVSIENPTkZJR19QQUdF QUxMT0NfTUFYX09SREVSCisjZW5kaWYKKyNpZm5kZWYgQ09ORklHX1BURE9N X01BWF9PUkRFUgorI2RlZmluZSBDT05GSUdfUFRET01fTUFYX09SREVSIENP TkZJR19IV0RPTV9NQVhfT1JERVIKKyNlbmRpZgorCitzdGF0aWMgdW5zaWdu ZWQgaW50IF9fcmVhZF9tb3N0bHkgZG9tdV9tYXhfb3JkZXIgPSBDT05GSUdf RE9NVV9NQVhfT1JERVI7CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgY3RsZG9tX21heF9vcmRlciA9IENPTkZJR19DVExET01fTUFYX09S REVSOworc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IGh3ZG9t X21heF9vcmRlciA9IENPTkZJR19IV0RPTV9NQVhfT1JERVI7CisjaWZkZWYg SEFTX1BBU1NUSFJPVUdICitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgcHRkb21fbWF4X29yZGVyID0gQ09ORklHX1BURE9NX01BWF9PUkRF UjsKKyNlbHNlCisjIGRlZmluZSBwdGRvbV9tYXhfb3JkZXIgZG9tdV9tYXhf b3JkZXIKKyNlbmRpZgorc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX21heF9v cmRlcihjb25zdCBjaGFyICpzKQoreworICAgIGlmICggKnMgIT0gJywnICkK KyAgICAgICAgZG9tdV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAm cywgMCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQor ICAgICAgICBjdGxkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworICAgIGlmICggKnMgPT0gJywnICYmICorK3MgIT0gJywnICkK KyAgICAgICAgaHdkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworI2lmZGVmIEhBU19QQVNTVEhST1VHSAorICAgIGlmICggKnMg PT0gJywnICYmICorK3MgIT0gJywnICkKKyAgICAgICAgcHRkb21fbWF4X29y ZGVyID0gc2ltcGxlX3N0cnRvdWwocywgJnMsIDApOworI2VuZGlmCit9Citj dXN0b21fcGFyYW0oIm1lbW9wLW1heC1vcmRlciIsIHBhcnNlX21heF9vcmRl cik7CisKK3N0YXRpYyB1bnNpZ25lZCBpbnQgbWF4X29yZGVyKGNvbnN0IHN0 cnVjdCBkb21haW4gKmQpCit7CisgICAgdW5zaWduZWQgaW50IG9yZGVyID0g Y2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpID8gZG9tdV9tYXhfb3JkZXIKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgOiBwdGRvbV9tYXhfb3JkZXI7CisKKyAgICBpZiAoIGlzX2NvbnRyb2xf ZG9tYWluKGQpICYmIG9yZGVyIDwgY3RsZG9tX21heF9vcmRlciApCisgICAg ICAgIG9yZGVyID0gY3RsZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNf aGFyZHdhcmVfZG9tYWluKGQpICYmIG9yZGVyIDwgaHdkb21fbWF4X29yZGVy ICkKKyAgICAgICAgb3JkZXIgPSBod2RvbV9tYXhfb3JkZXI7CisKKyAgICBy ZXR1cm4gbWluKG9yZGVyLCBNQVhfT1JERVIgKyAwVSk7Cit9CisKIHN0YXRp YyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVjdCBtZW1vcF9hcmdz ICphKQogewogICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2U7CkBAIC01NSw3 ICs5OSw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0 cnVjdAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEt Pm5yX2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAo ICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9t YWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9v cmRlciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAg cmV0dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5u cl9leHRlbnRzOyBpKysgKQpAQCAtMTAwLDggKzE0NCw4IEBAIHN0YXRpYyB2 b2lkIHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkK ICAgICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1F TUZfcG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFY X09SREVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAg ICBpZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkg KQogICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9u ZTsgaSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yODUsNyArMzI5LDcg QEAgc3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAK ICAgICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRl bnRfbGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBh LT5leHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0 ZW50X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAg ICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8 IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0zNDMsMTMgKzM4NywxNyBAQCBz dGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAg aWYgKCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAg ICByZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0 ZW50X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAg IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAg IHJjID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAg fQorCiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlm ICggKGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8 fAogICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRp ZmllcnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBl eGNoLm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMg YXJlIHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29y ZGVyID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVu dF9vcmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9m IGlucHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9u Zz8gKi8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRl cikgPCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwg Pj4gZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVu dHMpIHx8CkBAIC0zNjgsMTYgKzQxNiw2IEBAIHN0YXRpYyBsb25nIG1lbW9y eV9leGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vh cmx5OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMg Y2FuIGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAq LwotICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChj dXJyZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAg ICAgIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5k b21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAg cmMgPSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9 Ci0KICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0 LmV4dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRl ciAgPSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9v cmRlcjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysg Yi94ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zOSw2ICszOSwx MCBAQAogCiAjZGVmaW5lIENPTkZJR19JUlFfSEFTX01VTFRJUExFX0FDVElP TiAxCiAKKyNkZWZpbmUgQ09ORklHX1BBR0VBTExPQ19NQVhfT1JERVIgMTgK KyNkZWZpbmUgQ09ORklHX0RPTVVfTUFYX09SREVSICAgICAgOQorI2RlZmlu ZSBDT05GSUdfSFdET01fTUFYX09SREVSICAgICAxMAorCiAjZGVmaW5lIE9Q VF9DT05TT0xFX1NUUiAiZHR1YXJ0IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BV UwotLS0gYS94ZW4vaW5jbHVkZS9hc20tYXJtL2lvY2FwLmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLWFybS9pb2NhcC5oCkBAIC00LDEwICs0LDYgQEAKICNk ZWZpbmUgY2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpICAgICAgICAgICAgICAg ICAgICAgICAgXAogICAgICghcmFuZ2VzZXRfaXNfZW1wdHkoKGQpLT5pb21l bV9jYXBzKSkKIAotI2RlZmluZSBtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoZCwgb3JkZXIpICAgICAgICBcCi0gICAgKCgob3JkZXIpIDw9IDkp IHx8IC8qIGFsbG93IDJNQiBzdXBlcnBhZ2VzICovICAgICAgIFwKLSAgICAg IXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+aW9tZW1fY2FwcykpCi0KICNlbmRp ZgogCiAvKgotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2NvbmZpZy5oCisr KyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvY29uZmlnLmgKQEAgLTI4LDkgKzI4 LDEyIEBACiAjZGVmaW5lIENPTkZJR19OVU1BIDEKICNkZWZpbmUgQ09ORklH X0RJU0NPTlRJR01FTSAxCiAjZGVmaW5lIENPTkZJR19OVU1BX0VNVSAxCi0j ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQogI2RlZmluZSBDT05GSUdfRE9NQUlOX1BBR0UgMQogCisj ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQorI2RlZmluZSBDT05GSUdfRE9NVV9NQVhfT1JERVIgICAg ICBQQUdFVEFCTEVfT1JERVIKKyNkZWZpbmUgQ09ORklHX0hXRE9NX01BWF9P UkRFUiAgICAgMTIKKwogLyogSW50ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJn ZXN0IGNhY2hlIGxpbmUgKEwyIGxpbmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAq LwogI2RlZmluZSBDT05GSUdfWDg2X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0g YS94ZW4vaW5jbHVkZS9hc20teDg2L2lvY2FwLmgKKysrIGIveGVuL2luY2x1 ZGUvYXNtLXg4Ni9pb2NhcC5oCkBAIC0xOCw5ICsxOCw0IEBACiAgICAgKCFy YW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAg ICAgIFwKICAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3Bv cnRfY2FwcykpCiAKLSNkZWZpbmUgbXVsdGlwYWdlX2FsbG9jYXRpb25fcGVy bWl0dGVkKGQsIG9yZGVyKSAgICAgICAgXAotICAgICgoKG9yZGVyKSA8PSA5 KSB8fCAvKiBhbGxvdyAyTUIgc3VwZXJwYWdlcyAqLyAgICAgICBcCi0gICAg ICFyYW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAg ICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5p b3BvcnRfY2FwcykpCi0KICNlbmRpZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: application/octet-stream; name="xsa158-4.4.patch" Content-Disposition: attachment; filename="xsa158-4.4.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+CgotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGlu ZS5tYXJrZG93bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5t YXJrZG93bgpAQCAtNjUzLDYgKzY1MywxNyBAQCB3aGljaCBkYXRhIHN0cnVj dHVyZXMgc2hvdWxkIGJlIGRlbGliZXJhCiBzbyB0aGUgY3Jhc2gga2VybmVs IG1heSBmaW5kIGZpbmQgdGhlbS4gIFNob3VsZCBiZSB1c2VkIGluIGNvbWJp bmF0aW9uCiB3aXRoICoqY3Jhc2hpbmZvX21heGFkZHIqKi4KIAorIyMjIG1l bW9wLW1heC1vcmRlcgorPiBgPSBbPGRvbVU+XVssWzxjdGxkb20+XVssWzxo d2RvbT5dWyw8cHRkb20+XV1dYAorCis+IHg4NiBkZWZhdWx0OiBgOSwxOCwx MiwxMmAKKz4gQVJNIGRlZmF1bHQ6IGA5LDE4LDEwLDEwYAorCitDaGFuZ2Ug dGhlIG1heGltdW0gb3JkZXIgcGVybWl0dGVkIGZvciBhbGxvY2F0aW9uIChv ciBhbGxvY2F0aW9uLWxpa2UpCityZXF1ZXN0cyBpc3N1ZWQgYnkgdGhlIHZh cmlvdXMga2luZHMgb2YgZG9tYWlucyAoaW4gdGhpcyBvcmRlcjoKK29yZGlu YXJ5IERvbVUsIGNvbnRyb2wgZG9tYWluLCBoYXJkd2FyZSBkb21haW4sIGFu ZCAtIHdoZW4gc3VwcG9ydGVkCitieSB0aGUgcGxhdGZvcm0gLSBEb21VIHdp dGggcGFzcy10aHJvdWdoIGRldmljZSBhc3NpZ25lZCkuCisKICMjIyBtYXhc X2NzdGF0ZQogPiBgPSA8aW50ZWdlcj5gCiAKLS0tIGEveGVuL2NvbW1vbi9t ZW1vcnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC00Niw2ICs0 Niw1MCBAQCBzdHJ1Y3QgbWVtb3BfYXJncyB7CiAgICAgaW50ICAgICAgICAg IHByZWVtcHRlZDsgIC8qIFdhcyB0aGUgaHlwZXJjYWxsIHByZWVtcHRlZD8g Ki8KIH07CiAKKyNpZm5kZWYgQ09ORklHX0NUTERPTV9NQVhfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0NUTERPTV9NQVhfT1JERVIgQ09ORklHX1BBR0VBTExP Q19NQVhfT1JERVIKKyNlbmRpZgorI2lmbmRlZiBDT05GSUdfUFRET01fTUFY X09SREVSCisjZGVmaW5lIENPTkZJR19QVERPTV9NQVhfT1JERVIgQ09ORklH X0hXRE9NX01BWF9PUkRFUgorI2VuZGlmCisKK3N0YXRpYyB1bnNpZ25lZCBp bnQgX19yZWFkX21vc3RseSBkb211X21heF9vcmRlciA9IENPTkZJR19ET01V X01BWF9PUkRFUjsKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBjdGxkb21fbWF4X29yZGVyID0gQ09ORklHX0NUTERPTV9NQVhfT1JERVI7 CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9tb3N0bHkgaHdkb21fbWF4 X29yZGVyID0gQ09ORklHX0hXRE9NX01BWF9PUkRFUjsKKyNpZmRlZiBIQVNf UEFTU1RIUk9VR0gKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBwdGRvbV9tYXhfb3JkZXIgPSBDT05GSUdfUFRET01fTUFYX09SREVSOwor I2Vsc2UKKyMgZGVmaW5lIHB0ZG9tX21heF9vcmRlciBkb211X21heF9vcmRl cgorI2VuZGlmCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfbWF4X29yZGVy KGNvbnN0IGNoYXIgKnMpCit7CisgICAgaWYgKCAqcyAhPSAnLCcgKQorICAg ICAgICBkb211X21heF9vcmRlciA9IHNpbXBsZV9zdHJ0b3VsKHMsICZzLCAw KTsKKyAgICBpZiAoICpzID09ICcsJyAmJiAqKytzICE9ICcsJyApCisgICAg ICAgIGN0bGRvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQorICAg ICAgICBod2RvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisjaWZkZWYgSEFTX1BBU1NUSFJPVUdICisgICAgaWYgKCAqcyA9PSAn LCcgJiYgKisrcyAhPSAnLCcgKQorICAgICAgICBwdGRvbV9tYXhfb3JkZXIg PSBzaW1wbGVfc3RydG91bChzLCAmcywgMCk7CisjZW5kaWYKK30KK2N1c3Rv bV9wYXJhbSgibWVtb3AtbWF4LW9yZGVyIiwgcGFyc2VfbWF4X29yZGVyKTsK Kworc3RhdGljIHVuc2lnbmVkIGludCBtYXhfb3JkZXIoY29uc3Qgc3RydWN0 IGRvbWFpbiAqZCkKK3sKKyAgICB1bnNpZ25lZCBpbnQgb3JkZXIgPSBjYWNo ZV9mbHVzaF9wZXJtaXR0ZWQoZCkgPyBkb211X21heF9vcmRlcgorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6 IHB0ZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNfY29udHJvbF9kb21h aW4oZCkgJiYgb3JkZXIgPCBjdGxkb21fbWF4X29yZGVyICkKKyAgICAgICAg b3JkZXIgPSBjdGxkb21fbWF4X29yZGVyOworCisgICAgaWYgKCBpc19oYXJk d2FyZV9kb21haW4oZCkgJiYgb3JkZXIgPCBod2RvbV9tYXhfb3JkZXIgKQor ICAgICAgICBvcmRlciA9IGh3ZG9tX21heF9vcmRlcjsKKworICAgIHJldHVy biBtaW4ob3JkZXIsIE1BWF9PUkRFUiArIDBVKTsKK30KKwogc3RhdGljIHZv aWQgaW5jcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0IG1lbW9wX2FyZ3MgKmEp CiB7CiAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZTsKQEAgLTU4LDcgKzEw Miw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEtPm5y X2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAoICFt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9tYWlu LCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9vcmRl ciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0 dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5ucl9l eHRlbnRzOyBpKysgKQpAQCAtMTAzLDggKzE0Nyw4IEBAIHN0YXRpYyB2b2lk IHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkKICAg ICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFYX09S REVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0 ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBp ZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZfcG9w dWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkgKQog ICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsg aSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yNjksNyArMzEzLDcgQEAg c3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAKICAg ICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRlbnRf bGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBhLT5l eHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0ZW50 X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAgICAg ICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8IGEt Pm5yX2V4dGVudHM7IGkrKyApCkBAIC0zMzQsMTMgKzM3OCwxNyBAQCBzdGF0 aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgaWYg KCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAgICBy ZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0ZW50 X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAgIG1h eF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAgIHJj ID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAgfQor CiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlmICgg KGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8fAog ICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRpZmll cnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBleGNo Lm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMgYXJl IHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29yZGVy ID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVudF9v cmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9mIGlu cHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9uZz8g Ki8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRlcikg PCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwgPj4g ZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVudHMp IHx8CkBAIC0zNTksMTYgKzQwNyw2IEBAIHN0YXRpYyBsb25nIG1lbW9yeV9l eGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vhcmx5 OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMgY2Fu IGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAqLwot ICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJy ZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAgICAg IW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5kb21h aW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAgcmMg PSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9Ci0K ICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0LmV4 dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRlciAg PSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9vcmRl cjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysgYi94 ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zNyw2ICszNywxMCBA QAogCiAjZGVmaW5lIENPTkZJR19WSURFTyAxCiAKKyNkZWZpbmUgQ09ORklH X1BBR0VBTExPQ19NQVhfT1JERVIgMTgKKyNkZWZpbmUgQ09ORklHX0RPTVVf TUFYX09SREVSICAgICAgOQorI2RlZmluZSBDT05GSUdfSFdET01fTUFYX09S REVSICAgICAxMAorCiAjZGVmaW5lIE9QVF9DT05TT0xFX1NUUiAiZHR1YXJ0 IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BVUwotLS0gYS94ZW4vaW5jbHVkZS9h c20tYXJtL2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLWFybS9pb2Nh cC5oCkBAIC00LDEwICs0LDYgQEAKICNkZWZpbmUgY2FjaGVfZmx1c2hfcGVy bWl0dGVkKGQpICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICghcmFu Z2VzZXRfaXNfZW1wdHkoKGQpLT5pb21lbV9jYXBzKSkKIAotI2RlZmluZSBt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoZCwgb3JkZXIpICAgICAg ICBcCi0gICAgKCgob3JkZXIpIDw9IDkpIHx8IC8qIGFsbG93IDJNQiBzdXBl cnBhZ2VzICovICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChk KS0+aW9tZW1fY2FwcykpCi0KICNlbmRpZgogCiAvKgotLS0gYS94ZW4vaW5j bHVkZS9hc20teDg2L2NvbmZpZy5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14 ODYvY29uZmlnLmgKQEAgLTI5LDkgKzI5LDEyIEBACiAjZGVmaW5lIENPTkZJ R19OVU1BIDEKICNkZWZpbmUgQ09ORklHX0RJU0NPTlRJR01FTSAxCiAjZGVm aW5lIENPTkZJR19OVU1BX0VNVSAxCi0jZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQogI2RlZmluZSBD T05GSUdfRE9NQUlOX1BBR0UgMQogCisjZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQorI2RlZmluZSBD T05GSUdfRE9NVV9NQVhfT1JERVIgICAgICBQQUdFVEFCTEVfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0hXRE9NX01BWF9PUkRFUiAgICAgMTIKKwogLyogSW50 ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJnZXN0IGNhY2hlIGxpbmUgKEwyIGxp bmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAqLwogI2RlZmluZSBDT05GSUdfWDg2 X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2 L2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9pb2NhcC5oCkBA IC0xOCw5ICsxOCw0IEBACiAgICAgKCFyYW5nZXNldF9pc19lbXB0eSgoZCkt PmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKICAgICAgIXJhbmdlc2V0 X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCiAKLSNkZWZpbmUg bXVsdGlwYWdlX2FsbG9jYXRpb25fcGVybWl0dGVkKGQsIG9yZGVyKSAgICAg ICAgXAotICAgICgoKG9yZGVyKSA8PSA5KSB8fCAvKiBhbGxvdyAyTUIgc3Vw ZXJwYWdlcyAqLyAgICAgICBcCi0gICAgICFyYW5nZXNldF9pc19lbXB0eSgo ZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKLSAgICAgIXJhbmdl c2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCi0KICNlbmRp ZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 08 12:03:30 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Dec 2015 12:03:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyS-0007eV-T5; Tue, 08 Dec 2015 12:02:28 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyR-0007do-1C; Tue, 08 Dec 2015 12:02:27 +0000 Received: from [193.109.254.147] by server-3.bemta-14.messagelabs.com id 99/4F-25435-2D6C6665; Tue, 08 Dec 2015 12:02:26 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-27.messagelabs.com!1449576143!9265476!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35; banners=-,-,- X-VirusChecked: Checked Received: (qmail 4018 invoked from network); 8 Dec 2015 12:02:25 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 8 Dec 2015 12:02:25 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyH-0005ma-CJ; Tue, 08 Dec 2015 12:02:17 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a6GyG-0003nX-Mh; Tue, 08 Dec 2015 12:02:17 +0000 Date: Tue, 08 Dec 2015 12:02:16 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 159 (CVE-2015-8339, CVE-2015-8340) - XENMEM_exchange error handling issues X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8339,CVE-2015-8340 / XSA-159 version 4 XENMEM_exchange error handling issues UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= Error handling in the operation may involve handing back pages to the domain. This operation may fail when in parallel the domain gets torn down. So far this failure unconditionally resulted in the host being brought down due to an internal error being assumed. This is CVE-2015-8339. Furthermore error handling so far wrongly included the release of a lock. That lock, however, was either not acquired or already released on all paths leading to the error handling sequence. This is CVE-2015-8340. IMPACT ====== A malicious guest administrator may be able to deny service by crashing the host or causing a deadlock. VULNERABLE SYSTEMS ================== All Xen versions from at least 3.2 onwards are vulnerable. Older versions have not been inspected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. In Xen HVM, controlling the guest's kernel would involve locking down the bootloader. CREDITS ======= This issue was discovered by Julien Grall of Citrix and Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa159.patch xen-unstable, Xen 4.6.x, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x $ sha256sum xsa159* 05c35871c1430e9cfdbee049411b23fca6c64c5bc9f112d7508afe5cbd289cef xsa159.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZr8HAAoJEIP+FMlX6CvZXp8IAMNhe/G7435bJNiwMbWIT6vt 8piJPArKxhd3yohEiAx0wG7BXTQ7ockAKFCjdSL8ZGPQuaxwuYrdm4wH14ucxRY6 wgHyU2766g5VuP1bJ1eU/XxZpNGWCqDQaaMzbwQLKVO7rhsZc14txY2nYFZ5cvLT nMDR8rfcNSeGMSCzg9vrdnFhmmslT797fgRXrCnZ2+bEDerTiYu5nDlS+aIZPiSt WwKbiYN/RJLIo4EThvYfPdbm9SPeSdNYNUws2MVkl50x2h4hm33eqKDNxAtUMgDq CZzHQGCMjAtrhK/64AQePiXRHO4SHYbX4FmeO9Yrkbgf971PqpEYed79UJ2a0SA= =sIvq -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa159.patch" Content-Disposition: attachment; filename="xsa159.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBmaXggWEVOTUVNX2V4Y2hhbmdlIGVycm9yIGhhbmRsaW5nCgph c3NpZ25fcGFnZXMoKSBjYW4gZmFpbCBkdWUgdG8gdGhlIGRvbWFpbiBnZXR0 aW5nIGtpbGxlZCBpbiBwYXJhbGxlbCwKd2hpY2ggc2hvdWxkIG5vdCByZXN1 bHQgaW4gYSBoeXBlcnZpc29yIGNyYXNoLgoKQWxzbyBkZWxldGUgYSByZWR1 bmRhbnQgcHV0X2dmbigpIC0gYWxsIHJlbGV2YW50IHBhdGhzIGxlYWRpbmcg dG8gdGhlCiJmYWlsIiBsYWJlbCBhbHJlYWR5IGRvIHRoaXMgKGFuZCB0aGVy ZSBhcmUgYWxzbyBwYXRocyB3aGVyZSBpdCB3YXMKcGxhaW4gd3JvbmcpLiBB bGwgb2YgdGhlIHB1dF9nZm4oKS1zIGdvdCBpbnRyb2R1Y2VkIGJ5IDUxMDMy Y2EwNTgKKCJNb2RpZnkgbmFtaW5nIG9mIHF1ZXJpZXMgaW50byB0aGUgcDJt IiksIGluY2x1ZGluZyB0aGUgb3RoZXJ3aXNlCnVubmVlZGVkIGluaXRpYWxp emVyIGZvciBrICh3aXRoIGV2ZW4gYSBraW5kIG9mIG1pc2xlYWRpbmcgY29t bWVudCAtCnRoZSBjb21waWxlciB3YXJuaW5nIGNvdWxkIGFjdHVhbGx5IGhh dmUgc2VydmVkIGFzIGEgaGludCB0aGF0IHRoZSB1c2UKaXMgd3JvbmcpLgoK VGhpcyBpcyBYU0EtMTU5LgoKUmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8 anVsaWVuLmdyYWxsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vY29t bW9uL21lbW9yeS5jCisrKyBiL3hlbi9jb21tb24vbWVtb3J5LmMKQEAgLTMz NCw3ICszMzQsNyBAQCBzdGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVO X0dVRVNUX0hBCiAgICAgUEFHRV9MSVNUX0hFQUQob3V0X2NodW5rX2xpc3Qp OwogICAgIHVuc2lnbmVkIGxvbmcgaW5fY2h1bmtfb3JkZXIsIG91dF9jaHVu a19vcmRlcjsKICAgICB4ZW5fcGZuX3QgICAgIGdwZm4sIGdtZm4sIG1mbjsK LSAgICB1bnNpZ25lZCBsb25nIGksIGosIGsgPSAwOyAvKiBnY2MgLi4uICov CisgICAgdW5zaWduZWQgbG9uZyBpLCBqLCBrOwogICAgIHVuc2lnbmVkIGlu dCAgbWVtZmxhZ3MgPSAwOwogICAgIGxvbmcgICAgICAgICAgcmMgPSAwOwog ICAgIHN0cnVjdCBkb21haW4gKmQ7CkBAIC01NzIsMTEgKzU3MiwxMiBAQCBz dGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgZmFp bDoKICAgICAvKiBSZWFzc2lnbiBhbnkgaW5wdXQgcGFnZXMgd2UgbWFuYWdl ZCB0byBzdGVhbC4gKi8KICAgICB3aGlsZSAoIChwYWdlID0gcGFnZV9saXN0 X3JlbW92ZV9oZWFkKCZpbl9jaHVua19saXN0KSkgKQotICAgIHsKLSAgICAg ICAgcHV0X2dmbihkLCBnbWZuICsgay0tKTsKICAgICAgICAgaWYgKCBhc3Np Z25fcGFnZXMoZCwgcGFnZSwgMCwgTUVNRl9ub19yZWZjb3VudCkgKQotICAg ICAgICAgICAgQlVHKCk7Ci0gICAgfQorICAgICAgICB7CisgICAgICAgICAg ICBCVUdfT04oIWQtPmlzX2R5aW5nKTsKKyAgICAgICAgICAgIGlmICggdGVz dF9hbmRfY2xlYXJfYml0KF9QR0NfYWxsb2NhdGVkLCAmcGFnZS0+Y291bnRf aW5mbykgKQorICAgICAgICAgICAgICAgIHB1dF9wYWdlKHBhZ2UpOworICAg ICAgICB9CiAKICBkeWluZzoKICAgICByY3VfdW5sb2NrX2RvbWFpbihkKTsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 08 12:03:30 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Dec 2015 12:03:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyS-0007eV-T5; Tue, 08 Dec 2015 12:02:28 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyR-0007do-1C; Tue, 08 Dec 2015 12:02:27 +0000 Received: from [193.109.254.147] by server-3.bemta-14.messagelabs.com id 99/4F-25435-2D6C6665; Tue, 08 Dec 2015 12:02:26 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-27.messagelabs.com!1449576143!9265476!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35; banners=-,-,- X-VirusChecked: Checked Received: (qmail 4018 invoked from network); 8 Dec 2015 12:02:25 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 8 Dec 2015 12:02:25 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyH-0005ma-CJ; Tue, 08 Dec 2015 12:02:17 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a6GyG-0003nX-Mh; Tue, 08 Dec 2015 12:02:17 +0000 Date: Tue, 08 Dec 2015 12:02:16 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 159 (CVE-2015-8339, CVE-2015-8340) - XENMEM_exchange error handling issues X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8339,CVE-2015-8340 / XSA-159 version 4 XENMEM_exchange error handling issues UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= Error handling in the operation may involve handing back pages to the domain. This operation may fail when in parallel the domain gets torn down. So far this failure unconditionally resulted in the host being brought down due to an internal error being assumed. This is CVE-2015-8339. Furthermore error handling so far wrongly included the release of a lock. That lock, however, was either not acquired or already released on all paths leading to the error handling sequence. This is CVE-2015-8340. IMPACT ====== A malicious guest administrator may be able to deny service by crashing the host or causing a deadlock. VULNERABLE SYSTEMS ================== All Xen versions from at least 3.2 onwards are vulnerable. Older versions have not been inspected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. In Xen HVM, controlling the guest's kernel would involve locking down the bootloader. CREDITS ======= This issue was discovered by Julien Grall of Citrix and Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa159.patch xen-unstable, Xen 4.6.x, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x $ sha256sum xsa159* 05c35871c1430e9cfdbee049411b23fca6c64c5bc9f112d7508afe5cbd289cef xsa159.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZr8HAAoJEIP+FMlX6CvZXp8IAMNhe/G7435bJNiwMbWIT6vt 8piJPArKxhd3yohEiAx0wG7BXTQ7ockAKFCjdSL8ZGPQuaxwuYrdm4wH14ucxRY6 wgHyU2766g5VuP1bJ1eU/XxZpNGWCqDQaaMzbwQLKVO7rhsZc14txY2nYFZ5cvLT nMDR8rfcNSeGMSCzg9vrdnFhmmslT797fgRXrCnZ2+bEDerTiYu5nDlS+aIZPiSt WwKbiYN/RJLIo4EThvYfPdbm9SPeSdNYNUws2MVkl50x2h4hm33eqKDNxAtUMgDq CZzHQGCMjAtrhK/64AQePiXRHO4SHYbX4FmeO9Yrkbgf971PqpEYed79UJ2a0SA= =sIvq -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa159.patch" Content-Disposition: attachment; filename="xsa159.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBmaXggWEVOTUVNX2V4Y2hhbmdlIGVycm9yIGhhbmRsaW5nCgph c3NpZ25fcGFnZXMoKSBjYW4gZmFpbCBkdWUgdG8gdGhlIGRvbWFpbiBnZXR0 aW5nIGtpbGxlZCBpbiBwYXJhbGxlbCwKd2hpY2ggc2hvdWxkIG5vdCByZXN1 bHQgaW4gYSBoeXBlcnZpc29yIGNyYXNoLgoKQWxzbyBkZWxldGUgYSByZWR1 bmRhbnQgcHV0X2dmbigpIC0gYWxsIHJlbGV2YW50IHBhdGhzIGxlYWRpbmcg dG8gdGhlCiJmYWlsIiBsYWJlbCBhbHJlYWR5IGRvIHRoaXMgKGFuZCB0aGVy ZSBhcmUgYWxzbyBwYXRocyB3aGVyZSBpdCB3YXMKcGxhaW4gd3JvbmcpLiBB bGwgb2YgdGhlIHB1dF9nZm4oKS1zIGdvdCBpbnRyb2R1Y2VkIGJ5IDUxMDMy Y2EwNTgKKCJNb2RpZnkgbmFtaW5nIG9mIHF1ZXJpZXMgaW50byB0aGUgcDJt IiksIGluY2x1ZGluZyB0aGUgb3RoZXJ3aXNlCnVubmVlZGVkIGluaXRpYWxp emVyIGZvciBrICh3aXRoIGV2ZW4gYSBraW5kIG9mIG1pc2xlYWRpbmcgY29t bWVudCAtCnRoZSBjb21waWxlciB3YXJuaW5nIGNvdWxkIGFjdHVhbGx5IGhh dmUgc2VydmVkIGFzIGEgaGludCB0aGF0IHRoZSB1c2UKaXMgd3JvbmcpLgoK VGhpcyBpcyBYU0EtMTU5LgoKUmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8 anVsaWVuLmdyYWxsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vY29t bW9uL21lbW9yeS5jCisrKyBiL3hlbi9jb21tb24vbWVtb3J5LmMKQEAgLTMz NCw3ICszMzQsNyBAQCBzdGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVO X0dVRVNUX0hBCiAgICAgUEFHRV9MSVNUX0hFQUQob3V0X2NodW5rX2xpc3Qp OwogICAgIHVuc2lnbmVkIGxvbmcgaW5fY2h1bmtfb3JkZXIsIG91dF9jaHVu a19vcmRlcjsKICAgICB4ZW5fcGZuX3QgICAgIGdwZm4sIGdtZm4sIG1mbjsK LSAgICB1bnNpZ25lZCBsb25nIGksIGosIGsgPSAwOyAvKiBnY2MgLi4uICov CisgICAgdW5zaWduZWQgbG9uZyBpLCBqLCBrOwogICAgIHVuc2lnbmVkIGlu dCAgbWVtZmxhZ3MgPSAwOwogICAgIGxvbmcgICAgICAgICAgcmMgPSAwOwog ICAgIHN0cnVjdCBkb21haW4gKmQ7CkBAIC01NzIsMTEgKzU3MiwxMiBAQCBz dGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgZmFp bDoKICAgICAvKiBSZWFzc2lnbiBhbnkgaW5wdXQgcGFnZXMgd2UgbWFuYWdl ZCB0byBzdGVhbC4gKi8KICAgICB3aGlsZSAoIChwYWdlID0gcGFnZV9saXN0 X3JlbW92ZV9oZWFkKCZpbl9jaHVua19saXN0KSkgKQotICAgIHsKLSAgICAg ICAgcHV0X2dmbihkLCBnbWZuICsgay0tKTsKICAgICAgICAgaWYgKCBhc3Np Z25fcGFnZXMoZCwgcGFnZSwgMCwgTUVNRl9ub19yZWZjb3VudCkgKQotICAg ICAgICAgICAgQlVHKCk7Ci0gICAgfQorICAgICAgICB7CisgICAgICAgICAg ICBCVUdfT04oIWQtPmlzX2R5aW5nKTsKKyAgICAgICAgICAgIGlmICggdGVz dF9hbmRfY2xlYXJfYml0KF9QR0NfYWxsb2NhdGVkLCAmcGFnZS0+Y291bnRf aW5mbykgKQorICAgICAgICAgICAgICAgIHB1dF9wYWdlKHBhZ2UpOworICAg ICAgICB9CiAKICBkeWluZzoKICAgICByY3VfdW5sb2NrX2RvbWFpbihkKTsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 08 12:03:30 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Dec 2015 12:03:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyX-0007gj-G6; Tue, 08 Dec 2015 12:02:33 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyV-0007fB-7C; Tue, 08 Dec 2015 12:02:31 +0000 Received: from [193.109.254.147] by server-14.bemta-14.messagelabs.com id 0D/1C-07165-6D6C6665; Tue, 08 Dec 2015 12:02:30 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-16.tower-27.messagelabs.com!1449576148!9464628!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35; banners=-,-,- X-VirusChecked: Checked Received: (qmail 46443 invoked from network); 8 Dec 2015 12:02:29 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-16.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 8 Dec 2015 12:02:29 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyL-0005mr-Ml; Tue, 08 Dec 2015 12:02:21 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a6GyL-0003v0-Cb; Tue, 08 Dec 2015 12:02:21 +0000 Date: Tue, 08 Dec 2015 12:02:21 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 160 (CVE-2015-8341) - libxl leak of pv kernel and initrd on error X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8341 / XSA-160 version 3 libxl leak of pv kernel and initrd on error UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain (e.g. pygrub) libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain. However if building the domain subsequently fails these mappings would not be released leading to a leak of virtual address space in the calling process, as well as preventing the recovery of the temporary disk files containing the kernel and initial ramdisk. IMPACT ====== For toolstacks which manage multiple domains within the same process, an attacker who is able to repeatedly start a suitable domain (or many such domains) can cause an out-of-memory condition in the toolstack process, leading to a denial of service. Under the same circumstances an attacker can also cause files to accumulate on the toolstack domain filesystem (usually under /var in dom0) used to temporarily store the kernel and initial ramdisk, perhaps leading to a denial of service against arbitrary other services using that filesystem. VULNERABLE SYSTEMS ================== Both ARM and x86 systems using a libxl based toolstack are potentially vulnerable. Only libxl-based toolstacks which manage multiple domains in the same process (such as `libvirt') are vulnerable. libxl-based toolstacks which manage only a single domain per process and which exit on failure to create a domain (such as `xl') are not vulnerable. Toolstacks not using libxl are not vulnerable to this issue. Only domains configured to use a PV bootloader in the toolstack domain (e.g. pygrub) will expose this issue. Domains configured to use pvgrub (a totally different program) are not vulnerable. x86 HVM domains are not vulnerable. Systems where the kernel and initial ramdisk are provided by the host administrator from files in domain 0 are not vulnerable. Xen versions 4.1.x and later are vulnerable. MITIGATION ========== Avoiding the use of the PV bootloader mechanisms which run as processes in the toolstack domain (pygrub), either by providing kernels directly from the toolstack domain or using a PV bootloader which runs in guest context (such as pvgrub) will prevent exposure of this issue. CREDITS ======= This issue was discovered by George Dunlap of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa160.patch xen-unstable xsa160-4.6.patch Xen 4.5.x, 4.6.x xsa160-4.4.patch Xen 4.3.x, 4.4.x $ sha256sum xsa160* 470811aeead5e942d6fedad5b4e21bee85f2160b022bcab315520014b6aa39a6 xsa160.patch d0ce9e3c2b951ac3d25da4a0f6f232b13980625a249ed9c4cd6e9484721943a5 xsa160-4.4.patch 40362873b7fa2c1450596ef9ea23c73f80608b77ca50b89e62daf46c131fcee6 xsa160-4.6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the mitigations described above is not permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because such a change to the bootloader arrangements of a PV guest would be a user-visible change which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZr8JAAoJEIP+FMlX6CvZfEYH/Rg7X9HdB+937h81tq30nrkE /PazyPDB8DprHL0X/IjPEQFvGOazCf45uzSzkrPXaFwu27yhbAxx/m8s94FxUjWb EiWwYKsb0Gh9OBejRkgiB3VMQmySWqkcjzUR1f2hk4iJ3yX8q2peRECK/Ba9aYPu lHN9aycnh1ORPmWPUUo8cMFhRVag1P5E77mqrxXo2nfed23xDA5GeZceg8XoT67n T2m59xAEwrSrHypb/XESuwtEU67CnowRcxlH7Z3EEk+ljvxOBvdovNp0yztOtArK EnV3UAwM+YMXvoYB4YZUQ/q9tZ1dIgyeTosOSoNHI471lBYL9QTlO22bc4+qKCE= =IjJr -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa160.patch" Content-Disposition: attachment; filename="xsa160.patch" Content-Transfer-Encoding: base64 RnJvbSA0M2ExMGZlY2Q2ZjRhOWQ4YWRmOWY1ZDg1ZTNkNWU3MTg3ZTJkNTRh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gSmFja3NvbiA8 aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAxOCBOb3Yg MjAxNSAxNTozNDo1NCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhsOiBG aXggYm9vdGxvYWRlci1yZWxhdGVkIHZpcnR1YWwgbWVtb3J5IGxlYWsgb24g cHYKIGJ1aWxkIGZhaWx1cmUKClRoZSBib290bG9hZGVyIG1heSBjYWxsIGxp YnhsX19maWxlX3JlZmVyZW5jZV9tYXAoKSwgd2hpY2ggbW1hcCdzIHRoZQpw dl9rZXJuZWwgYW5kIHB2X3JhbWRpc2sgaW50byBwcm9jZXNzIG1lbW9yeS4g IFRoaXMgd2FzIG9ubHkgdW5tYXBwZWQsCmhvd2V2ZXIsIG9uIHRoZSBzdWNj ZXNzIHBhdGggb2YgbGlieGxfX2J1aWxkX3B2KCkuICBJZiB0aGVyZSB3ZXJl IGEKZmFpbHVyZSBhbnl3aGVyZSBiZXR3ZWVuIGxpYnhsX2Jvb3Rsb2FkZXIu YzpwYXJzZV9ib290bG9hZGVyX3Jlc3VsdCgpCmFuZCB0aGUgZW5kIG9mIGxp YnhsX19idWlsZF9wdigpLCB0aGUgY2FsbHMgdG8KbGlieGxfX2ZpbGVfcmVm ZXJlbmNlX3VubWFwKCkgd291bGQgYmUgc2tpcHBlZCwgbGVha2luZyB0aGUg bWFwcGVkCnZpcnR1YWwgbWVtb3J5LgoKSWRlYWxseSB0aGlzIHdvdWxkIGJl IGZpeGVkIGJ5IGFkZGluZyB0aGUgdW5tYXAgY2FsbHMgdG8gdGhlCmRlc3Ry dWN0aW9uIHBhdGggZm9yIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUuICBV bmZvcnR1bmF0ZWx5IHRoZQpsaWZldGltZSBvZiB0aGUgbGlieGxfX2RvbWFp bl9idWlsZF9zdGF0ZSBpcyBvcGFxdWUsIGFuZCBpdCBkb2Vzbid0CmhhdmUg YSBwcm9wZXIgZGVzdHJ1Y3Rpb24gcGF0aC4gIEJ1dCwgdGhlIG9ubHkgdGhp bmcgaW4gaXQgdGhhdCBpc24ndApmcm9tIHRoZSBnYyBhcmUgdGhlc2UgYm9v dGxvYWRlciByZWZlcmVuY2VzLCBhbmQgdGhleSBhcmUgb25seSBldmVyCnNl dCBmb3Igb25lIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUsIHRoZSBvbmUg d2hpY2ggaXMKbGlieGxfX2RvbWFpbl9jcmVhdGVfc3RhdGUuYnVpbGRfc3Rh dGUuCgpTbyB3ZSBjYW4gY2xlYW4gdXAgaW4gdGhlIGV4aXQgcGF0aCBmcm9t IGxpYnhsX19kb21haW5fY3JlYXRlXyosIHdoaWNoCmFsd2F5cyBjb21lcyB0 aHJvdWdoIGRvbWNyZWF0ZV9jb21wbGV0ZS4KClJlbW92ZSB0aGUgbm93LXJl ZHVuZGFudCB1bm1hcHMgaW4gbGlieGxfX2J1aWxkX3B2J3Mgc3VjY2VzcyBw YXRoLgoKVGhpcyBpcyBYU0EtMTYwLgoKU2lnbmVkLW9mZi1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpTaWduZWQtb2Zm LWJ5OiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4K VGVzdGVkLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFwQGNpdHJp eC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgotLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2NyZWF0ZS5jIHwg ICAgMyArKysKIHRvb2xzL2xpYnhsL2xpYnhsX2RvbS5jICAgIHwgICAgMyAt LS0KIDIgZmlsZXMgY2hhbmdlZCwgMyBpbnNlcnRpb25zKCspLCAzIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2NyZWF0 ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKaW5kZXggZjBmZWUw MC4uY2ViZjkwZSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfY3Jl YXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKQEAgLTE0 ODAsNiArMTQ4MCw5IEBAIHN0YXRpYyB2b2lkIGRvbWNyZWF0ZV9jb21wbGV0 ZShsaWJ4bF9fZWdjICplZ2MsCiAgICAgbGlieGxfZG9tYWluX2NvbmZpZyAq Y29uc3QgZF9jb25maWcgPSBkY3MtPmd1ZXN0X2NvbmZpZzsKICAgICBsaWJ4 bF9kb21haW5fY29uZmlnICpkX2NvbmZpZ19zYXZlZCA9ICZkY3MtPmd1ZXN0 X2NvbmZpZ19zYXZlZDsKIAorICAgIGxpYnhsX19maWxlX3JlZmVyZW5jZV91 bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9rZXJuZWwpOworICAgIGxpYnhs X19maWxlX3JlZmVyZW5jZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9y YW1kaXNrKTsKKwogICAgIGlmICghcmMgJiYgZF9jb25maWctPmJfaW5mby5l eGVjX3NzaWRyZWYpCiAgICAgICAgIHJjID0geGNfZmxhc2tfcmVsYWJlbF9k b21haW4oQ1RYLT54Y2gsIGRjcy0+Z3Vlc3RfZG9taWQsIGRfY29uZmlnLT5i X2luZm8uZXhlY19zc2lkcmVmKTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGwvbGlieGxfZG9tLmMgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwppbmRl eCA0NGQ0ODFiLi44ODcyMTk3IDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9s aWJ4bF9kb20uYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpAQCAt NzY3LDkgKzc2Nyw2IEBAIGludCBsaWJ4bF9fYnVpbGRfcHYobGlieGxfX2dj ICpnYywgdWludDMyX3QgZG9taWQsCiAgICAgICAgIHN0YXRlLT5zdG9yZV9t Zm4gPSB4Y19kb21fcDJtKGRvbSwgZG9tLT54ZW5zdG9yZV9wZm4pOwogICAg IH0KIAotICAgIGxpYnhsX19maWxlX3JlZmVyZW5jZV91bm1hcCgmc3RhdGUt PnB2X2tlcm5lbCk7Ci0gICAgbGlieGxfX2ZpbGVfcmVmZXJlbmNlX3VubWFw KCZzdGF0ZS0+cHZfcmFtZGlzayk7Ci0KICAgICByZXQgPSAwOwogb3V0Ogog ICAgIHhjX2RvbV9yZWxlYXNlKGRvbSk7Ci0tIAoxLjcuMTAuNAoK --=separator Content-Type: application/octet-stream; name="xsa160-4.4.patch" Content-Disposition: attachment; filename="xsa160-4.4.patch" Content-Transfer-Encoding: base64 RnJvbSA3ZjlmZDE0YzgwYjcxYjRhYmJjYTM2ZjI3NDdkMmU3NWRmZWJjMjg5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gSmFja3NvbiA8 aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAxOCBOb3Yg MjAxNSAxNTozNDo1NCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhsOiBG aXggYm9vdGxvYWRlci1yZWxhdGVkIHZpcnR1YWwgbWVtb3J5IGxlYWsgb24g cHYKIGJ1aWxkIGZhaWx1cmUKClRoZSBib290bG9hZGVyIG1heSBjYWxsIGxp YnhsX19maWxlX3JlZmVyZW5jZV9tYXAoKSwgd2hpY2ggbW1hcCdzIHRoZQpw dl9rZXJuZWwgYW5kIHB2X3JhbWRpc2sgaW50byBwcm9jZXNzIG1lbW9yeS4g IFRoaXMgd2FzIG9ubHkgdW5tYXBwZWQsCmhvd2V2ZXIsIG9uIHRoZSBzdWNj ZXNzIHBhdGggb2YgbGlieGxfX2J1aWxkX3B2KCkuICBJZiB0aGVyZSB3ZXJl IGEKZmFpbHVyZSBhbnl3aGVyZSBiZXR3ZWVuIGxpYnhsX2Jvb3Rsb2FkZXIu YzpwYXJzZV9ib290bG9hZGVyX3Jlc3VsdCgpCmFuZCB0aGUgZW5kIG9mIGxp YnhsX19idWlsZF9wdigpLCB0aGUgY2FsbHMgdG8KbGlieGxfX2ZpbGVfcmVm ZXJlbmNlX3VubWFwKCkgd291bGQgYmUgc2tpcHBlZCwgbGVha2luZyB0aGUg bWFwcGVkCnZpcnR1YWwgbWVtb3J5LgoKSWRlYWxseSB0aGlzIHdvdWxkIGJl IGZpeGVkIGJ5IGFkZGluZyB0aGUgdW5tYXAgY2FsbHMgdG8gdGhlCmRlc3Ry dWN0aW9uIHBhdGggZm9yIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUuICBV bmZvcnR1bmF0ZWx5IHRoZQpsaWZldGltZSBvZiB0aGUgbGlieGxfX2RvbWFp bl9idWlsZF9zdGF0ZSBpcyBvcGFxdWUsIGFuZCBpdCBkb2Vzbid0CmhhdmUg YSBwcm9wZXIgZGVzdHJ1Y3Rpb24gcGF0aC4gIEJ1dCwgdGhlIG9ubHkgdGhp bmcgaW4gaXQgdGhhdCBpc24ndApmcm9tIHRoZSBnYyBhcmUgdGhlc2UgYm9v dGxvYWRlciByZWZlcmVuY2VzLCBhbmQgdGhleSBhcmUgb25seSBldmVyCnNl dCBmb3Igb25lIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUsIHRoZSBvbmUg d2hpY2ggaXMKbGlieGxfX2RvbWFpbl9jcmVhdGVfc3RhdGUuYnVpbGRfc3Rh dGUuCgpTbyB3ZSBjYW4gY2xlYW4gdXAgaW4gdGhlIGV4aXQgcGF0aCBmcm9t IGxpYnhsX19kb21haW5fY3JlYXRlXyosIHdoaWNoCmFsd2F5cyBjb21lcyB0 aHJvdWdoIGRvbWNyZWF0ZV9jb21wbGV0ZS4KClJlbW92ZSB0aGUgbm93LXJl ZHVuZGFudCB1bm1hcHMgaW4gbGlieGxfX2J1aWxkX3B2J3Mgc3VjY2VzcyBw YXRoLgoKVGhpcyBpcyBYU0EtMTYwLgoKU2lnbmVkLW9mZi1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpTaWduZWQtb2Zm LWJ5OiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4K VGVzdGVkLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFwQGNpdHJp eC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgotLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2NyZWF0ZS5jIHwg ICAgMyArKysKIHRvb2xzL2xpYnhsL2xpYnhsX2RvbS5jICAgIHwgICAgMyAt LS0KIDIgZmlsZXMgY2hhbmdlZCwgMyBpbnNlcnRpb25zKCspLCAzIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2NyZWF0 ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKaW5kZXggZTMzNTBk NS4uNTI5MmMxNSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfY3Jl YXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKQEAgLTEy OTUsNiArMTI5NSw5IEBAIHN0YXRpYyB2b2lkIGRvbWNyZWF0ZV9jb21wbGV0 ZShsaWJ4bF9fZWdjICplZ2MsCiAgICAgU1RBVEVfQU9fR0MoZGNzLT5hbyk7 CiAgICAgbGlieGxfZG9tYWluX2NvbmZpZyAqY29uc3QgZF9jb25maWcgPSBk Y3MtPmd1ZXN0X2NvbmZpZzsKIAorICAgIGxpYnhsX19maWxlX3JlZmVyZW5j ZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9rZXJuZWwpOworICAgIGxp YnhsX19maWxlX3JlZmVyZW5jZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5w dl9yYW1kaXNrKTsKKwogICAgIGlmICghcmMgJiYgZF9jb25maWctPmJfaW5m by5leGVjX3NzaWRyZWYpCiAgICAgICAgIHJjID0geGNfZmxhc2tfcmVsYWJl bF9kb21haW4oQ1RYLT54Y2gsIGRjcy0+Z3Vlc3RfZG9taWQsIGRfY29uZmln LT5iX2luZm8uZXhlY19zc2lkcmVmKTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMv bGlieGwvbGlieGxfZG9tLmMgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpp bmRleCA1MmJjMDFhLi45NzhhMWViIDEwMDY0NAotLS0gYS90b29scy9saWJ4 bC9saWJ4bF9kb20uYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpA QCAtNDUxLDkgKzQ1MSw2IEBAIGludCBsaWJ4bF9fYnVpbGRfcHYobGlieGxf X2djICpnYywgdWludDMyX3QgZG9taWQsCiAgICAgICAgIHN0YXRlLT5zdG9y ZV9tZm4gPSB4Y19kb21fcDJtX2hvc3QoZG9tLCBkb20tPnhlbnN0b3JlX3Bm bik7CiAgICAgfQogCi0gICAgbGlieGxfX2ZpbGVfcmVmZXJlbmNlX3VubWFw KCZzdGF0ZS0+cHZfa2VybmVsKTsKLSAgICBsaWJ4bF9fZmlsZV9yZWZlcmVu Y2VfdW5tYXAoJnN0YXRlLT5wdl9yYW1kaXNrKTsKLQogICAgIHJldCA9IDA7 CiBvdXQ6CiAgICAgeGNfZG9tX3JlbGVhc2UoZG9tKTsKLS0gCjEuNy4xMC40 Cgo= --=separator Content-Type: application/octet-stream; name="xsa160-4.6.patch" Content-Disposition: attachment; filename="xsa160-4.6.patch" Content-Transfer-Encoding: base64 RnJvbSBhZGNiZDE1YjFhZWM4MzY3Zjc5MDc3NGM5OThkYjE5OWM5YjU3N2Jm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gSmFja3NvbiA8 aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAxOCBOb3Yg MjAxNSAxNTozNDo1NCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhsOiBG aXggYm9vdGxvYWRlci1yZWxhdGVkIHZpcnR1YWwgbWVtb3J5IGxlYWsgb24g cHYKIGJ1aWxkIGZhaWx1cmUKClRoZSBib290bG9hZGVyIG1heSBjYWxsIGxp YnhsX19maWxlX3JlZmVyZW5jZV9tYXAoKSwgd2hpY2ggbW1hcCdzIHRoZQpw dl9rZXJuZWwgYW5kIHB2X3JhbWRpc2sgaW50byBwcm9jZXNzIG1lbW9yeS4g IFRoaXMgd2FzIG9ubHkgdW5tYXBwZWQsCmhvd2V2ZXIsIG9uIHRoZSBzdWNj ZXNzIHBhdGggb2YgbGlieGxfX2J1aWxkX3B2KCkuICBJZiB0aGVyZSB3ZXJl IGEKZmFpbHVyZSBhbnl3aGVyZSBiZXR3ZWVuIGxpYnhsX2Jvb3Rsb2FkZXIu YzpwYXJzZV9ib290bG9hZGVyX3Jlc3VsdCgpCmFuZCB0aGUgZW5kIG9mIGxp YnhsX19idWlsZF9wdigpLCB0aGUgY2FsbHMgdG8KbGlieGxfX2ZpbGVfcmVm ZXJlbmNlX3VubWFwKCkgd291bGQgYmUgc2tpcHBlZCwgbGVha2luZyB0aGUg bWFwcGVkCnZpcnR1YWwgbWVtb3J5LgoKSWRlYWxseSB0aGlzIHdvdWxkIGJl IGZpeGVkIGJ5IGFkZGluZyB0aGUgdW5tYXAgY2FsbHMgdG8gdGhlCmRlc3Ry dWN0aW9uIHBhdGggZm9yIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUuICBV bmZvcnR1bmF0ZWx5IHRoZQpsaWZldGltZSBvZiB0aGUgbGlieGxfX2RvbWFp bl9idWlsZF9zdGF0ZSBpcyBvcGFxdWUsIGFuZCBpdCBkb2Vzbid0CmhhdmUg YSBwcm9wZXIgZGVzdHJ1Y3Rpb24gcGF0aC4gIEJ1dCwgdGhlIG9ubHkgdGhp bmcgaW4gaXQgdGhhdCBpc24ndApmcm9tIHRoZSBnYyBhcmUgdGhlc2UgYm9v dGxvYWRlciByZWZlcmVuY2VzLCBhbmQgdGhleSBhcmUgb25seSBldmVyCnNl dCBmb3Igb25lIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUsIHRoZSBvbmUg d2hpY2ggaXMKbGlieGxfX2RvbWFpbl9jcmVhdGVfc3RhdGUuYnVpbGRfc3Rh dGUuCgpTbyB3ZSBjYW4gY2xlYW4gdXAgaW4gdGhlIGV4aXQgcGF0aCBmcm9t IGxpYnhsX19kb21haW5fY3JlYXRlXyosIHdoaWNoCmFsd2F5cyBjb21lcyB0 aHJvdWdoIGRvbWNyZWF0ZV9jb21wbGV0ZS4KClJlbW92ZSB0aGUgbm93LXJl ZHVuZGFudCB1bm1hcHMgaW4gbGlieGxfX2J1aWxkX3B2J3Mgc3VjY2VzcyBw YXRoLgoKVGhpcyBpcyBYU0EtMTYwLgoKU2lnbmVkLW9mZi1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpTaWduZWQtb2Zm LWJ5OiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4K VGVzdGVkLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFwQGNpdHJp eC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgotLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2NyZWF0ZS5jIHwg ICAgMyArKysKIHRvb2xzL2xpYnhsL2xpYnhsX2RvbS5jICAgIHwgICAgMyAt LS0KIDIgZmlsZXMgY2hhbmdlZCwgMyBpbnNlcnRpb25zKCspLCAzIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2NyZWF0 ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKaW5kZXggZjU3NzFk YS4uMjc4YjllZCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfY3Jl YXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKQEAgLTE0 ODQsNiArMTQ4NCw5IEBAIHN0YXRpYyB2b2lkIGRvbWNyZWF0ZV9jb21wbGV0 ZShsaWJ4bF9fZWdjICplZ2MsCiAgICAgbGlieGxfZG9tYWluX2NvbmZpZyAq Y29uc3QgZF9jb25maWcgPSBkY3MtPmd1ZXN0X2NvbmZpZzsKICAgICBsaWJ4 bF9kb21haW5fY29uZmlnICpkX2NvbmZpZ19zYXZlZCA9ICZkY3MtPmd1ZXN0 X2NvbmZpZ19zYXZlZDsKIAorICAgIGxpYnhsX19maWxlX3JlZmVyZW5jZV91 bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9rZXJuZWwpOworICAgIGxpYnhs X19maWxlX3JlZmVyZW5jZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9y YW1kaXNrKTsKKwogICAgIGlmICghcmMgJiYgZF9jb25maWctPmJfaW5mby5l eGVjX3NzaWRyZWYpCiAgICAgICAgIHJjID0geGNfZmxhc2tfcmVsYWJlbF9k b21haW4oQ1RYLT54Y2gsIGRjcy0+Z3Vlc3RfZG9taWQsIGRfY29uZmlnLT5i X2luZm8uZXhlY19zc2lkcmVmKTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGwvbGlieGxfZG9tLmMgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwppbmRl eCA4MDE5ZjRlLi4yZGEzYWM0IDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9s aWJ4bF9kb20uYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpAQCAt NzUwLDkgKzc1MCw2IEBAIGludCBsaWJ4bF9fYnVpbGRfcHYobGlieGxfX2dj ICpnYywgdWludDMyX3QgZG9taWQsCiAgICAgICAgIHN0YXRlLT5zdG9yZV9t Zm4gPSB4Y19kb21fcDJtX2hvc3QoZG9tLCBkb20tPnhlbnN0b3JlX3Bmbik7 CiAgICAgfQogCi0gICAgbGlieGxfX2ZpbGVfcmVmZXJlbmNlX3VubWFwKCZz dGF0ZS0+cHZfa2VybmVsKTsKLSAgICBsaWJ4bF9fZmlsZV9yZWZlcmVuY2Vf dW5tYXAoJnN0YXRlLT5wdl9yYW1kaXNrKTsKLQogICAgIHJldCA9IDA7CiBv dXQ6CiAgICAgeGNfZG9tX3JlbGVhc2UoZG9tKTsKLS0gCjEuNy4xMC40Cgo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 08 12:03:30 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Dec 2015 12:03:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyX-0007gj-G6; Tue, 08 Dec 2015 12:02:33 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyV-0007fB-7C; Tue, 08 Dec 2015 12:02:31 +0000 Received: from [193.109.254.147] by server-14.bemta-14.messagelabs.com id 0D/1C-07165-6D6C6665; Tue, 08 Dec 2015 12:02:30 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-16.tower-27.messagelabs.com!1449576148!9464628!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35; banners=-,-,- X-VirusChecked: Checked Received: (qmail 46443 invoked from network); 8 Dec 2015 12:02:29 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-16.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 8 Dec 2015 12:02:29 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a6GyL-0005mr-Ml; Tue, 08 Dec 2015 12:02:21 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a6GyL-0003v0-Cb; Tue, 08 Dec 2015 12:02:21 +0000 Date: Tue, 08 Dec 2015 12:02:21 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 160 (CVE-2015-8341) - libxl leak of pv kernel and initrd on error X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8341 / XSA-160 version 3 libxl leak of pv kernel and initrd on error UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain (e.g. pygrub) libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain. However if building the domain subsequently fails these mappings would not be released leading to a leak of virtual address space in the calling process, as well as preventing the recovery of the temporary disk files containing the kernel and initial ramdisk. IMPACT ====== For toolstacks which manage multiple domains within the same process, an attacker who is able to repeatedly start a suitable domain (or many such domains) can cause an out-of-memory condition in the toolstack process, leading to a denial of service. Under the same circumstances an attacker can also cause files to accumulate on the toolstack domain filesystem (usually under /var in dom0) used to temporarily store the kernel and initial ramdisk, perhaps leading to a denial of service against arbitrary other services using that filesystem. VULNERABLE SYSTEMS ================== Both ARM and x86 systems using a libxl based toolstack are potentially vulnerable. Only libxl-based toolstacks which manage multiple domains in the same process (such as `libvirt') are vulnerable. libxl-based toolstacks which manage only a single domain per process and which exit on failure to create a domain (such as `xl') are not vulnerable. Toolstacks not using libxl are not vulnerable to this issue. Only domains configured to use a PV bootloader in the toolstack domain (e.g. pygrub) will expose this issue. Domains configured to use pvgrub (a totally different program) are not vulnerable. x86 HVM domains are not vulnerable. Systems where the kernel and initial ramdisk are provided by the host administrator from files in domain 0 are not vulnerable. Xen versions 4.1.x and later are vulnerable. MITIGATION ========== Avoiding the use of the PV bootloader mechanisms which run as processes in the toolstack domain (pygrub), either by providing kernels directly from the toolstack domain or using a PV bootloader which runs in guest context (such as pvgrub) will prevent exposure of this issue. CREDITS ======= This issue was discovered by George Dunlap of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa160.patch xen-unstable xsa160-4.6.patch Xen 4.5.x, 4.6.x xsa160-4.4.patch Xen 4.3.x, 4.4.x $ sha256sum xsa160* 470811aeead5e942d6fedad5b4e21bee85f2160b022bcab315520014b6aa39a6 xsa160.patch d0ce9e3c2b951ac3d25da4a0f6f232b13980625a249ed9c4cd6e9484721943a5 xsa160-4.4.patch 40362873b7fa2c1450596ef9ea23c73f80608b77ca50b89e62daf46c131fcee6 xsa160-4.6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the mitigations described above is not permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because such a change to the bootloader arrangements of a PV guest would be a user-visible change which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWZr8JAAoJEIP+FMlX6CvZfEYH/Rg7X9HdB+937h81tq30nrkE /PazyPDB8DprHL0X/IjPEQFvGOazCf45uzSzkrPXaFwu27yhbAxx/m8s94FxUjWb EiWwYKsb0Gh9OBejRkgiB3VMQmySWqkcjzUR1f2hk4iJ3yX8q2peRECK/Ba9aYPu lHN9aycnh1ORPmWPUUo8cMFhRVag1P5E77mqrxXo2nfed23xDA5GeZceg8XoT67n T2m59xAEwrSrHypb/XESuwtEU67CnowRcxlH7Z3EEk+ljvxOBvdovNp0yztOtArK EnV3UAwM+YMXvoYB4YZUQ/q9tZ1dIgyeTosOSoNHI471lBYL9QTlO22bc4+qKCE= =IjJr -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa160.patch" Content-Disposition: attachment; filename="xsa160.patch" Content-Transfer-Encoding: base64 RnJvbSA0M2ExMGZlY2Q2ZjRhOWQ4YWRmOWY1ZDg1ZTNkNWU3MTg3ZTJkNTRh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gSmFja3NvbiA8 aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAxOCBOb3Yg MjAxNSAxNTozNDo1NCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhsOiBG aXggYm9vdGxvYWRlci1yZWxhdGVkIHZpcnR1YWwgbWVtb3J5IGxlYWsgb24g cHYKIGJ1aWxkIGZhaWx1cmUKClRoZSBib290bG9hZGVyIG1heSBjYWxsIGxp YnhsX19maWxlX3JlZmVyZW5jZV9tYXAoKSwgd2hpY2ggbW1hcCdzIHRoZQpw dl9rZXJuZWwgYW5kIHB2X3JhbWRpc2sgaW50byBwcm9jZXNzIG1lbW9yeS4g IFRoaXMgd2FzIG9ubHkgdW5tYXBwZWQsCmhvd2V2ZXIsIG9uIHRoZSBzdWNj ZXNzIHBhdGggb2YgbGlieGxfX2J1aWxkX3B2KCkuICBJZiB0aGVyZSB3ZXJl IGEKZmFpbHVyZSBhbnl3aGVyZSBiZXR3ZWVuIGxpYnhsX2Jvb3Rsb2FkZXIu YzpwYXJzZV9ib290bG9hZGVyX3Jlc3VsdCgpCmFuZCB0aGUgZW5kIG9mIGxp YnhsX19idWlsZF9wdigpLCB0aGUgY2FsbHMgdG8KbGlieGxfX2ZpbGVfcmVm ZXJlbmNlX3VubWFwKCkgd291bGQgYmUgc2tpcHBlZCwgbGVha2luZyB0aGUg bWFwcGVkCnZpcnR1YWwgbWVtb3J5LgoKSWRlYWxseSB0aGlzIHdvdWxkIGJl IGZpeGVkIGJ5IGFkZGluZyB0aGUgdW5tYXAgY2FsbHMgdG8gdGhlCmRlc3Ry dWN0aW9uIHBhdGggZm9yIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUuICBV bmZvcnR1bmF0ZWx5IHRoZQpsaWZldGltZSBvZiB0aGUgbGlieGxfX2RvbWFp bl9idWlsZF9zdGF0ZSBpcyBvcGFxdWUsIGFuZCBpdCBkb2Vzbid0CmhhdmUg YSBwcm9wZXIgZGVzdHJ1Y3Rpb24gcGF0aC4gIEJ1dCwgdGhlIG9ubHkgdGhp bmcgaW4gaXQgdGhhdCBpc24ndApmcm9tIHRoZSBnYyBhcmUgdGhlc2UgYm9v dGxvYWRlciByZWZlcmVuY2VzLCBhbmQgdGhleSBhcmUgb25seSBldmVyCnNl dCBmb3Igb25lIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUsIHRoZSBvbmUg d2hpY2ggaXMKbGlieGxfX2RvbWFpbl9jcmVhdGVfc3RhdGUuYnVpbGRfc3Rh dGUuCgpTbyB3ZSBjYW4gY2xlYW4gdXAgaW4gdGhlIGV4aXQgcGF0aCBmcm9t IGxpYnhsX19kb21haW5fY3JlYXRlXyosIHdoaWNoCmFsd2F5cyBjb21lcyB0 aHJvdWdoIGRvbWNyZWF0ZV9jb21wbGV0ZS4KClJlbW92ZSB0aGUgbm93LXJl ZHVuZGFudCB1bm1hcHMgaW4gbGlieGxfX2J1aWxkX3B2J3Mgc3VjY2VzcyBw YXRoLgoKVGhpcyBpcyBYU0EtMTYwLgoKU2lnbmVkLW9mZi1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpTaWduZWQtb2Zm LWJ5OiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4K VGVzdGVkLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFwQGNpdHJp eC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgotLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2NyZWF0ZS5jIHwg ICAgMyArKysKIHRvb2xzL2xpYnhsL2xpYnhsX2RvbS5jICAgIHwgICAgMyAt LS0KIDIgZmlsZXMgY2hhbmdlZCwgMyBpbnNlcnRpb25zKCspLCAzIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2NyZWF0 ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKaW5kZXggZjBmZWUw MC4uY2ViZjkwZSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfY3Jl YXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKQEAgLTE0 ODAsNiArMTQ4MCw5IEBAIHN0YXRpYyB2b2lkIGRvbWNyZWF0ZV9jb21wbGV0 ZShsaWJ4bF9fZWdjICplZ2MsCiAgICAgbGlieGxfZG9tYWluX2NvbmZpZyAq Y29uc3QgZF9jb25maWcgPSBkY3MtPmd1ZXN0X2NvbmZpZzsKICAgICBsaWJ4 bF9kb21haW5fY29uZmlnICpkX2NvbmZpZ19zYXZlZCA9ICZkY3MtPmd1ZXN0 X2NvbmZpZ19zYXZlZDsKIAorICAgIGxpYnhsX19maWxlX3JlZmVyZW5jZV91 bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9rZXJuZWwpOworICAgIGxpYnhs X19maWxlX3JlZmVyZW5jZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9y YW1kaXNrKTsKKwogICAgIGlmICghcmMgJiYgZF9jb25maWctPmJfaW5mby5l eGVjX3NzaWRyZWYpCiAgICAgICAgIHJjID0geGNfZmxhc2tfcmVsYWJlbF9k b21haW4oQ1RYLT54Y2gsIGRjcy0+Z3Vlc3RfZG9taWQsIGRfY29uZmlnLT5i X2luZm8uZXhlY19zc2lkcmVmKTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGwvbGlieGxfZG9tLmMgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwppbmRl eCA0NGQ0ODFiLi44ODcyMTk3IDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9s aWJ4bF9kb20uYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpAQCAt NzY3LDkgKzc2Nyw2IEBAIGludCBsaWJ4bF9fYnVpbGRfcHYobGlieGxfX2dj ICpnYywgdWludDMyX3QgZG9taWQsCiAgICAgICAgIHN0YXRlLT5zdG9yZV9t Zm4gPSB4Y19kb21fcDJtKGRvbSwgZG9tLT54ZW5zdG9yZV9wZm4pOwogICAg IH0KIAotICAgIGxpYnhsX19maWxlX3JlZmVyZW5jZV91bm1hcCgmc3RhdGUt PnB2X2tlcm5lbCk7Ci0gICAgbGlieGxfX2ZpbGVfcmVmZXJlbmNlX3VubWFw KCZzdGF0ZS0+cHZfcmFtZGlzayk7Ci0KICAgICByZXQgPSAwOwogb3V0Ogog ICAgIHhjX2RvbV9yZWxlYXNlKGRvbSk7Ci0tIAoxLjcuMTAuNAoK --=separator Content-Type: application/octet-stream; name="xsa160-4.4.patch" Content-Disposition: attachment; filename="xsa160-4.4.patch" Content-Transfer-Encoding: base64 RnJvbSA3ZjlmZDE0YzgwYjcxYjRhYmJjYTM2ZjI3NDdkMmU3NWRmZWJjMjg5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gSmFja3NvbiA8 aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAxOCBOb3Yg MjAxNSAxNTozNDo1NCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhsOiBG aXggYm9vdGxvYWRlci1yZWxhdGVkIHZpcnR1YWwgbWVtb3J5IGxlYWsgb24g cHYKIGJ1aWxkIGZhaWx1cmUKClRoZSBib290bG9hZGVyIG1heSBjYWxsIGxp YnhsX19maWxlX3JlZmVyZW5jZV9tYXAoKSwgd2hpY2ggbW1hcCdzIHRoZQpw dl9rZXJuZWwgYW5kIHB2X3JhbWRpc2sgaW50byBwcm9jZXNzIG1lbW9yeS4g IFRoaXMgd2FzIG9ubHkgdW5tYXBwZWQsCmhvd2V2ZXIsIG9uIHRoZSBzdWNj ZXNzIHBhdGggb2YgbGlieGxfX2J1aWxkX3B2KCkuICBJZiB0aGVyZSB3ZXJl IGEKZmFpbHVyZSBhbnl3aGVyZSBiZXR3ZWVuIGxpYnhsX2Jvb3Rsb2FkZXIu YzpwYXJzZV9ib290bG9hZGVyX3Jlc3VsdCgpCmFuZCB0aGUgZW5kIG9mIGxp YnhsX19idWlsZF9wdigpLCB0aGUgY2FsbHMgdG8KbGlieGxfX2ZpbGVfcmVm ZXJlbmNlX3VubWFwKCkgd291bGQgYmUgc2tpcHBlZCwgbGVha2luZyB0aGUg bWFwcGVkCnZpcnR1YWwgbWVtb3J5LgoKSWRlYWxseSB0aGlzIHdvdWxkIGJl IGZpeGVkIGJ5IGFkZGluZyB0aGUgdW5tYXAgY2FsbHMgdG8gdGhlCmRlc3Ry dWN0aW9uIHBhdGggZm9yIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUuICBV bmZvcnR1bmF0ZWx5IHRoZQpsaWZldGltZSBvZiB0aGUgbGlieGxfX2RvbWFp bl9idWlsZF9zdGF0ZSBpcyBvcGFxdWUsIGFuZCBpdCBkb2Vzbid0CmhhdmUg YSBwcm9wZXIgZGVzdHJ1Y3Rpb24gcGF0aC4gIEJ1dCwgdGhlIG9ubHkgdGhp bmcgaW4gaXQgdGhhdCBpc24ndApmcm9tIHRoZSBnYyBhcmUgdGhlc2UgYm9v dGxvYWRlciByZWZlcmVuY2VzLCBhbmQgdGhleSBhcmUgb25seSBldmVyCnNl dCBmb3Igb25lIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUsIHRoZSBvbmUg d2hpY2ggaXMKbGlieGxfX2RvbWFpbl9jcmVhdGVfc3RhdGUuYnVpbGRfc3Rh dGUuCgpTbyB3ZSBjYW4gY2xlYW4gdXAgaW4gdGhlIGV4aXQgcGF0aCBmcm9t IGxpYnhsX19kb21haW5fY3JlYXRlXyosIHdoaWNoCmFsd2F5cyBjb21lcyB0 aHJvdWdoIGRvbWNyZWF0ZV9jb21wbGV0ZS4KClJlbW92ZSB0aGUgbm93LXJl ZHVuZGFudCB1bm1hcHMgaW4gbGlieGxfX2J1aWxkX3B2J3Mgc3VjY2VzcyBw YXRoLgoKVGhpcyBpcyBYU0EtMTYwLgoKU2lnbmVkLW9mZi1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpTaWduZWQtb2Zm LWJ5OiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4K VGVzdGVkLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFwQGNpdHJp eC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgotLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2NyZWF0ZS5jIHwg ICAgMyArKysKIHRvb2xzL2xpYnhsL2xpYnhsX2RvbS5jICAgIHwgICAgMyAt LS0KIDIgZmlsZXMgY2hhbmdlZCwgMyBpbnNlcnRpb25zKCspLCAzIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2NyZWF0 ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKaW5kZXggZTMzNTBk NS4uNTI5MmMxNSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfY3Jl YXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKQEAgLTEy OTUsNiArMTI5NSw5IEBAIHN0YXRpYyB2b2lkIGRvbWNyZWF0ZV9jb21wbGV0 ZShsaWJ4bF9fZWdjICplZ2MsCiAgICAgU1RBVEVfQU9fR0MoZGNzLT5hbyk7 CiAgICAgbGlieGxfZG9tYWluX2NvbmZpZyAqY29uc3QgZF9jb25maWcgPSBk Y3MtPmd1ZXN0X2NvbmZpZzsKIAorICAgIGxpYnhsX19maWxlX3JlZmVyZW5j ZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9rZXJuZWwpOworICAgIGxp YnhsX19maWxlX3JlZmVyZW5jZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5w dl9yYW1kaXNrKTsKKwogICAgIGlmICghcmMgJiYgZF9jb25maWctPmJfaW5m by5leGVjX3NzaWRyZWYpCiAgICAgICAgIHJjID0geGNfZmxhc2tfcmVsYWJl bF9kb21haW4oQ1RYLT54Y2gsIGRjcy0+Z3Vlc3RfZG9taWQsIGRfY29uZmln LT5iX2luZm8uZXhlY19zc2lkcmVmKTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMv bGlieGwvbGlieGxfZG9tLmMgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpp bmRleCA1MmJjMDFhLi45NzhhMWViIDEwMDY0NAotLS0gYS90b29scy9saWJ4 bC9saWJ4bF9kb20uYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpA QCAtNDUxLDkgKzQ1MSw2IEBAIGludCBsaWJ4bF9fYnVpbGRfcHYobGlieGxf X2djICpnYywgdWludDMyX3QgZG9taWQsCiAgICAgICAgIHN0YXRlLT5zdG9y ZV9tZm4gPSB4Y19kb21fcDJtX2hvc3QoZG9tLCBkb20tPnhlbnN0b3JlX3Bm bik7CiAgICAgfQogCi0gICAgbGlieGxfX2ZpbGVfcmVmZXJlbmNlX3VubWFw KCZzdGF0ZS0+cHZfa2VybmVsKTsKLSAgICBsaWJ4bF9fZmlsZV9yZWZlcmVu Y2VfdW5tYXAoJnN0YXRlLT5wdl9yYW1kaXNrKTsKLQogICAgIHJldCA9IDA7 CiBvdXQ6CiAgICAgeGNfZG9tX3JlbGVhc2UoZG9tKTsKLS0gCjEuNy4xMC40 Cgo= --=separator Content-Type: application/octet-stream; name="xsa160-4.6.patch" Content-Disposition: attachment; filename="xsa160-4.6.patch" Content-Transfer-Encoding: base64 RnJvbSBhZGNiZDE1YjFhZWM4MzY3Zjc5MDc3NGM5OThkYjE5OWM5YjU3N2Jm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBJYW4gSmFja3NvbiA8 aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAxOCBOb3Yg MjAxNSAxNTozNDo1NCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhsOiBG aXggYm9vdGxvYWRlci1yZWxhdGVkIHZpcnR1YWwgbWVtb3J5IGxlYWsgb24g cHYKIGJ1aWxkIGZhaWx1cmUKClRoZSBib290bG9hZGVyIG1heSBjYWxsIGxp YnhsX19maWxlX3JlZmVyZW5jZV9tYXAoKSwgd2hpY2ggbW1hcCdzIHRoZQpw dl9rZXJuZWwgYW5kIHB2X3JhbWRpc2sgaW50byBwcm9jZXNzIG1lbW9yeS4g IFRoaXMgd2FzIG9ubHkgdW5tYXBwZWQsCmhvd2V2ZXIsIG9uIHRoZSBzdWNj ZXNzIHBhdGggb2YgbGlieGxfX2J1aWxkX3B2KCkuICBJZiB0aGVyZSB3ZXJl IGEKZmFpbHVyZSBhbnl3aGVyZSBiZXR3ZWVuIGxpYnhsX2Jvb3Rsb2FkZXIu YzpwYXJzZV9ib290bG9hZGVyX3Jlc3VsdCgpCmFuZCB0aGUgZW5kIG9mIGxp YnhsX19idWlsZF9wdigpLCB0aGUgY2FsbHMgdG8KbGlieGxfX2ZpbGVfcmVm ZXJlbmNlX3VubWFwKCkgd291bGQgYmUgc2tpcHBlZCwgbGVha2luZyB0aGUg bWFwcGVkCnZpcnR1YWwgbWVtb3J5LgoKSWRlYWxseSB0aGlzIHdvdWxkIGJl IGZpeGVkIGJ5IGFkZGluZyB0aGUgdW5tYXAgY2FsbHMgdG8gdGhlCmRlc3Ry dWN0aW9uIHBhdGggZm9yIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUuICBV bmZvcnR1bmF0ZWx5IHRoZQpsaWZldGltZSBvZiB0aGUgbGlieGxfX2RvbWFp bl9idWlsZF9zdGF0ZSBpcyBvcGFxdWUsIGFuZCBpdCBkb2Vzbid0CmhhdmUg YSBwcm9wZXIgZGVzdHJ1Y3Rpb24gcGF0aC4gIEJ1dCwgdGhlIG9ubHkgdGhp bmcgaW4gaXQgdGhhdCBpc24ndApmcm9tIHRoZSBnYyBhcmUgdGhlc2UgYm9v dGxvYWRlciByZWZlcmVuY2VzLCBhbmQgdGhleSBhcmUgb25seSBldmVyCnNl dCBmb3Igb25lIGxpYnhsX19kb21haW5fYnVpbGRfc3RhdGUsIHRoZSBvbmUg d2hpY2ggaXMKbGlieGxfX2RvbWFpbl9jcmVhdGVfc3RhdGUuYnVpbGRfc3Rh dGUuCgpTbyB3ZSBjYW4gY2xlYW4gdXAgaW4gdGhlIGV4aXQgcGF0aCBmcm9t IGxpYnhsX19kb21haW5fY3JlYXRlXyosIHdoaWNoCmFsd2F5cyBjb21lcyB0 aHJvdWdoIGRvbWNyZWF0ZV9jb21wbGV0ZS4KClJlbW92ZSB0aGUgbm93LXJl ZHVuZGFudCB1bm1hcHMgaW4gbGlieGxfX2J1aWxkX3B2J3Mgc3VjY2VzcyBw YXRoLgoKVGhpcyBpcyBYU0EtMTYwLgoKU2lnbmVkLW9mZi1ieTogR2Vvcmdl IER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpTaWduZWQtb2Zm LWJ5OiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AZXUuY2l0cml4LmNvbT4K VGVzdGVkLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFwQGNpdHJp eC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgotLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2NyZWF0ZS5jIHwg ICAgMyArKysKIHRvb2xzL2xpYnhsL2xpYnhsX2RvbS5jICAgIHwgICAgMyAt LS0KIDIgZmlsZXMgY2hhbmdlZCwgMyBpbnNlcnRpb25zKCspLCAzIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2NyZWF0 ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKaW5kZXggZjU3NzFk YS4uMjc4YjllZCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfY3Jl YXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMKQEAgLTE0 ODQsNiArMTQ4NCw5IEBAIHN0YXRpYyB2b2lkIGRvbWNyZWF0ZV9jb21wbGV0 ZShsaWJ4bF9fZWdjICplZ2MsCiAgICAgbGlieGxfZG9tYWluX2NvbmZpZyAq Y29uc3QgZF9jb25maWcgPSBkY3MtPmd1ZXN0X2NvbmZpZzsKICAgICBsaWJ4 bF9kb21haW5fY29uZmlnICpkX2NvbmZpZ19zYXZlZCA9ICZkY3MtPmd1ZXN0 X2NvbmZpZ19zYXZlZDsKIAorICAgIGxpYnhsX19maWxlX3JlZmVyZW5jZV91 bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9rZXJuZWwpOworICAgIGxpYnhs X19maWxlX3JlZmVyZW5jZV91bm1hcCgmZGNzLT5idWlsZF9zdGF0ZS5wdl9y YW1kaXNrKTsKKwogICAgIGlmICghcmMgJiYgZF9jb25maWctPmJfaW5mby5l eGVjX3NzaWRyZWYpCiAgICAgICAgIHJjID0geGNfZmxhc2tfcmVsYWJlbF9k b21haW4oQ1RYLT54Y2gsIGRjcy0+Z3Vlc3RfZG9taWQsIGRfY29uZmlnLT5i X2luZm8uZXhlY19zc2lkcmVmKTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGwvbGlieGxfZG9tLmMgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwppbmRl eCA4MDE5ZjRlLi4yZGEzYWM0IDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9s aWJ4bF9kb20uYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kb20uYwpAQCAt NzUwLDkgKzc1MCw2IEBAIGludCBsaWJ4bF9fYnVpbGRfcHYobGlieGxfX2dj ICpnYywgdWludDMyX3QgZG9taWQsCiAgICAgICAgIHN0YXRlLT5zdG9yZV9t Zm4gPSB4Y19kb21fcDJtX2hvc3QoZG9tLCBkb20tPnhlbnN0b3JlX3Bmbik7 CiAgICAgfQogCi0gICAgbGlieGxfX2ZpbGVfcmVmZXJlbmNlX3VubWFwKCZz dGF0ZS0+cHZfa2VybmVsKTsKLSAgICBsaWJ4bF9fZmlsZV9yZWZlcmVuY2Vf dW5tYXAoJnN0YXRlLT5wdl9yYW1kaXNrKTsKLQogICAgIHJldCA9IDA7CiBv dXQ6CiAgICAgeGNfZG9tX3JlbGVhc2UoZG9tKTsKLS0gCjEuNy4xMC40Cgo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 10 13:58:18 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Dec 2015 13:58:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a71hY-0002kC-9h; Thu, 10 Dec 2015 13:56:08 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a71hX-0002jO-29; Thu, 10 Dec 2015 13:56:07 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id B4/88-21571-67489665; Thu, 10 Dec 2015 13:56:06 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-11.tower-21.messagelabs.com!1449755763!4682190!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 48720 invoked from network); 10 Dec 2015 13:56:04 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-11.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 10 Dec 2015 13:56:04 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a71hL-0004sC-BE; Thu, 10 Dec 2015 13:55:55 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a71hK-0003E9-PL; Thu, 10 Dec 2015 13:55:55 +0000 Date: Thu, 10 Dec 2015 13:55:54 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8338 / XSA-158 version 4 long running memory operations on ARM UPDATES IN VERSION 4 ==================== Mention that the original patches had two problems, supplying an incremental patch. ISSUE DESCRIPTION ================= Certain HYPERVISOR_memory_op subops take page order inputs, with so far insufficient enforcement of limits thereof. In particular, for all of XENMEM_increase_reservation, XENMEM_populate_physmap, and XENMEM_exchange the order was limited to 9 only for guests without physical devices assigned. Guests with assigned devices were allowed up to order 18 (x86) or 20 (ARM). XENMEM_decrease_reservation enforced only the latter, higher limit uniformly on all kinds of guests. All of these operations involve loops over individual pages (possibly nested, with only the iteration count of the innermost loop being of interest here), resulting in iteration counts of up to 1 million on ARM. Total execution time of these operations obviously depends on system speed, but have been measured to get into the seconds range. IMPACT ====== A malicious guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant period. Other attacks, namely privilege escalation, cannot be ruled out. If a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest. VULNERABLE SYSTEMS ================== All Xen versions supporting ARM are affected. x86 versions of Xen are unaffected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. On ARM, controlling the guest's kernel may involve locking down the bootloader. Exposure may be limited by not passing through physical devices to untrusted guests. (However, where device pass-through is being used to enhance security, for example, by disaggregating device drivers, users should not change their configuration: moving the drivers from a separate domain, to dom0, does NOT mitigate this vulnerability. Rather, it simply recategorises the additional exposure, regarding it "as designed" and therefore "not a bug". Users and vendors of disaggregated systems should not change their configuration.) CREDITS ======= This issue was discovered by Julien Grall of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that the patches provided with previous versions of this advisory had two problems: - The bounding for ordinary DomU and DomU with pass-through devices(s) was swapped. This would result in non-pass-through domains being able to perform operations with larger than intended order. In the default configuration this higher limit is not sufficient to reopen the security issue. However, users of the new memop-max-order option may be vulnerable, depending on the limits they specify. - On 4.4 and earlier, the relevant patch does not compile on ARM. The supplementary patch xsa158-fix.patch fixes these problems on all listed versions. In summary: xsa158.patch } xen-unstable, Xen 4.6.x, Xen 4.5.x xsa158-fix.patch } apply both patches xsa158-4.4.patch } Xen 4.4.x, Xen 4.3.x xsa158-fix.patch } apply both patches $ sha256sum xsa158* 50d7431cbad8faa631e2057ddd795b880f79b96d126a0b83afef3eceacf0026d xsa158.patch 54b538905e66227bf7f326006a7c322bdf35c76ad8600ff462e61d6e2eab6f04 xsa158-4.4.patch ab37e320bceeccc81285a6a72b92ed1292b69ddd8da5af94276b4b5cca4a0441 xsa158-fix.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the NO PASS-THROUGH partial MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because altering the set of devices observable in a guest in connection with a security issue would be a user-visible change which could lead to the rediscovery of the vulnerability. Deployment of the mitigation is permitted only AFTER the embargo ends. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWaYRSAAoJEIP+FMlX6CvZpvIH/A1r8mOX9Gvlz7rUonFVD5Lq 8SE4Ju4TwU9YA+sMZCpLInUC2UoVQGf/8bMWNvbB+yfnALDb5txC/ms8XEZVZWHk tfum+lzmdolMsxGY2JvjRFuwoUZB1rTzcGe9pvH5y3KMKAo7dlN5+DSdym5zoQcZ QqIiAjHj7UXC0Feg5tmRSAp5ht+yMD0rIGJ6/6fFzhdoPyLinzY1Bb12iJN6Xsd+ b7Vl7h80XU23JTviLpEZkx0cDykhzNWGZjsdQPmoDagVaxvahZPCVnefUIkeAHJZ nGdm//cs/CHHBX7iTKlhN5/eDZLqb2etI9v2kRvXkcgEfHYpNgm5cowD4dvBf30= =EDH5 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa158.patch" Content-Disposition: attachment; filename="xsa158.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+Ci0tLQp2MjogUmVuYW1lIGNvbW1hbmQgbGluZSBvcHRp b24gdG8gIm1lbW9wLW1heC1vcmRlciIuIENsYXJpZnkgZG9tYWluCiAgICBr aW5kcyBpbiBjb21tYW5kIGxpbmUgb3B0aW9uIGRvYy4gQ29ycmVjdCBpdHMg c3ludGF4IGRlc2NyaXB0aW9uLgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21t YW5kLWxpbmUubWFya2Rvd24KKysrIGIvZG9jcy9taXNjL3hlbi1jb21tYW5k LWxpbmUubWFya2Rvd24KQEAgLTEwMjksNiArMTAyOSwxNyBAQCB3aXRoICoq Y3Jhc2hpbmZvX21heGFkZHIqKi4KIFNwZWNpZnkgdGhlIHRocmVzaG9sZCBi ZWxvdyB3aGljaCBYZW4gd2lsbCBpbmZvcm0gZG9tMCB0aGF0IHRoZSBxdWFu dGl0eSBvZgogZnJlZSBtZW1vcnkgaXMgZ2V0dGluZyBsb3cuICBTcGVjaWZ5 aW5nIGAwYCB3aWxsIGRpc2FibGUgdGhpcyBub3RpZmljYXRpb24uCiAKKyMj IyBtZW1vcC1tYXgtb3JkZXIKKz4gYD0gWzxkb21VPl1bLFs8Y3RsZG9tPl1b LFs8aHdkb20+XVssPHB0ZG9tPl1dXWAKKworPiB4ODYgZGVmYXVsdDogYDks MTgsMTIsMTJgCis+IEFSTSBkZWZhdWx0OiBgOSwxOCwxMCwxMGAKKworQ2hh bmdlIHRoZSBtYXhpbXVtIG9yZGVyIHBlcm1pdHRlZCBmb3IgYWxsb2NhdGlv biAob3IgYWxsb2NhdGlvbi1saWtlKQorcmVxdWVzdHMgaXNzdWVkIGJ5IHRo ZSB2YXJpb3VzIGtpbmRzIG9mIGRvbWFpbnMgKGluIHRoaXMgb3JkZXI6Citv cmRpbmFyeSBEb21VLCBjb250cm9sIGRvbWFpbiwgaGFyZHdhcmUgZG9tYWlu LCBhbmQgLSB3aGVuIHN1cHBvcnRlZAorYnkgdGhlIHBsYXRmb3JtIC0gRG9t VSB3aXRoIHBhc3MtdGhyb3VnaCBkZXZpY2UgYXNzaWduZWQpLgorCiAjIyMg bWF4XF9jc3RhdGUKID4gYD0gPGludGVnZXI+YAogCi0tLSBhL3hlbi9jb21t b24vbWVtb3J5LmMKKysrIGIveGVuL2NvbW1vbi9tZW1vcnkuYwpAQCAtNDMs NiArNDMsNTAgQEAgc3RydWN0IG1lbW9wX2FyZ3MgewogICAgIGludCAgICAg ICAgICBwcmVlbXB0ZWQ7ICAvKiBXYXMgdGhlIGh5cGVyY2FsbCBwcmVlbXB0 ZWQ/ICovCiB9OwogCisjaWZuZGVmIENPTkZJR19DVExET01fTUFYX09SREVS CisjZGVmaW5lIENPTkZJR19DVExET01fTUFYX09SREVSIENPTkZJR19QQUdF QUxMT0NfTUFYX09SREVSCisjZW5kaWYKKyNpZm5kZWYgQ09ORklHX1BURE9N X01BWF9PUkRFUgorI2RlZmluZSBDT05GSUdfUFRET01fTUFYX09SREVSIENP TkZJR19IV0RPTV9NQVhfT1JERVIKKyNlbmRpZgorCitzdGF0aWMgdW5zaWdu ZWQgaW50IF9fcmVhZF9tb3N0bHkgZG9tdV9tYXhfb3JkZXIgPSBDT05GSUdf RE9NVV9NQVhfT1JERVI7CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgY3RsZG9tX21heF9vcmRlciA9IENPTkZJR19DVExET01fTUFYX09S REVSOworc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IGh3ZG9t X21heF9vcmRlciA9IENPTkZJR19IV0RPTV9NQVhfT1JERVI7CisjaWZkZWYg SEFTX1BBU1NUSFJPVUdICitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgcHRkb21fbWF4X29yZGVyID0gQ09ORklHX1BURE9NX01BWF9PUkRF UjsKKyNlbHNlCisjIGRlZmluZSBwdGRvbV9tYXhfb3JkZXIgZG9tdV9tYXhf b3JkZXIKKyNlbmRpZgorc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX21heF9v cmRlcihjb25zdCBjaGFyICpzKQoreworICAgIGlmICggKnMgIT0gJywnICkK KyAgICAgICAgZG9tdV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAm cywgMCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQor ICAgICAgICBjdGxkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworICAgIGlmICggKnMgPT0gJywnICYmICorK3MgIT0gJywnICkK KyAgICAgICAgaHdkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworI2lmZGVmIEhBU19QQVNTVEhST1VHSAorICAgIGlmICggKnMg PT0gJywnICYmICorK3MgIT0gJywnICkKKyAgICAgICAgcHRkb21fbWF4X29y ZGVyID0gc2ltcGxlX3N0cnRvdWwocywgJnMsIDApOworI2VuZGlmCit9Citj dXN0b21fcGFyYW0oIm1lbW9wLW1heC1vcmRlciIsIHBhcnNlX21heF9vcmRl cik7CisKK3N0YXRpYyB1bnNpZ25lZCBpbnQgbWF4X29yZGVyKGNvbnN0IHN0 cnVjdCBkb21haW4gKmQpCit7CisgICAgdW5zaWduZWQgaW50IG9yZGVyID0g Y2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpID8gZG9tdV9tYXhfb3JkZXIKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgOiBwdGRvbV9tYXhfb3JkZXI7CisKKyAgICBpZiAoIGlzX2NvbnRyb2xf ZG9tYWluKGQpICYmIG9yZGVyIDwgY3RsZG9tX21heF9vcmRlciApCisgICAg ICAgIG9yZGVyID0gY3RsZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNf aGFyZHdhcmVfZG9tYWluKGQpICYmIG9yZGVyIDwgaHdkb21fbWF4X29yZGVy ICkKKyAgICAgICAgb3JkZXIgPSBod2RvbV9tYXhfb3JkZXI7CisKKyAgICBy ZXR1cm4gbWluKG9yZGVyLCBNQVhfT1JERVIgKyAwVSk7Cit9CisKIHN0YXRp YyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVjdCBtZW1vcF9hcmdz ICphKQogewogICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2U7CkBAIC01NSw3 ICs5OSw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0 cnVjdAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEt Pm5yX2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAo ICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9t YWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9v cmRlciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAg cmV0dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5u cl9leHRlbnRzOyBpKysgKQpAQCAtMTAwLDggKzE0NCw4IEBAIHN0YXRpYyB2 b2lkIHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkK ICAgICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1F TUZfcG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFY X09SREVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAg ICBpZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkg KQogICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9u ZTsgaSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yODUsNyArMzI5LDcg QEAgc3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAK ICAgICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRl bnRfbGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBh LT5leHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0 ZW50X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAg ICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8 IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0zNDMsMTMgKzM4NywxNyBAQCBz dGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAg aWYgKCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAg ICByZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0 ZW50X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAg IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAg IHJjID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAg fQorCiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlm ICggKGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8 fAogICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRp ZmllcnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBl eGNoLm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMg YXJlIHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29y ZGVyID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVu dF9vcmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9m IGlucHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9u Zz8gKi8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRl cikgPCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwg Pj4gZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVu dHMpIHx8CkBAIC0zNjgsMTYgKzQxNiw2IEBAIHN0YXRpYyBsb25nIG1lbW9y eV9leGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vh cmx5OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMg Y2FuIGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAq LwotICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChj dXJyZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAg ICAgIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5k b21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAg cmMgPSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9 Ci0KICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0 LmV4dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRl ciAgPSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9v cmRlcjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysg Yi94ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zOSw2ICszOSwx MCBAQAogCiAjZGVmaW5lIENPTkZJR19JUlFfSEFTX01VTFRJUExFX0FDVElP TiAxCiAKKyNkZWZpbmUgQ09ORklHX1BBR0VBTExPQ19NQVhfT1JERVIgMTgK KyNkZWZpbmUgQ09ORklHX0RPTVVfTUFYX09SREVSICAgICAgOQorI2RlZmlu ZSBDT05GSUdfSFdET01fTUFYX09SREVSICAgICAxMAorCiAjZGVmaW5lIE9Q VF9DT05TT0xFX1NUUiAiZHR1YXJ0IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BV UwotLS0gYS94ZW4vaW5jbHVkZS9hc20tYXJtL2lvY2FwLmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLWFybS9pb2NhcC5oCkBAIC00LDEwICs0LDYgQEAKICNk ZWZpbmUgY2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpICAgICAgICAgICAgICAg ICAgICAgICAgXAogICAgICghcmFuZ2VzZXRfaXNfZW1wdHkoKGQpLT5pb21l bV9jYXBzKSkKIAotI2RlZmluZSBtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoZCwgb3JkZXIpICAgICAgICBcCi0gICAgKCgob3JkZXIpIDw9IDkp IHx8IC8qIGFsbG93IDJNQiBzdXBlcnBhZ2VzICovICAgICAgIFwKLSAgICAg IXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+aW9tZW1fY2FwcykpCi0KICNlbmRp ZgogCiAvKgotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2NvbmZpZy5oCisr KyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvY29uZmlnLmgKQEAgLTI4LDkgKzI4 LDEyIEBACiAjZGVmaW5lIENPTkZJR19OVU1BIDEKICNkZWZpbmUgQ09ORklH X0RJU0NPTlRJR01FTSAxCiAjZGVmaW5lIENPTkZJR19OVU1BX0VNVSAxCi0j ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQogI2RlZmluZSBDT05GSUdfRE9NQUlOX1BBR0UgMQogCisj ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQorI2RlZmluZSBDT05GSUdfRE9NVV9NQVhfT1JERVIgICAg ICBQQUdFVEFCTEVfT1JERVIKKyNkZWZpbmUgQ09ORklHX0hXRE9NX01BWF9P UkRFUiAgICAgMTIKKwogLyogSW50ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJn ZXN0IGNhY2hlIGxpbmUgKEwyIGxpbmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAq LwogI2RlZmluZSBDT05GSUdfWDg2X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0g YS94ZW4vaW5jbHVkZS9hc20teDg2L2lvY2FwLmgKKysrIGIveGVuL2luY2x1 ZGUvYXNtLXg4Ni9pb2NhcC5oCkBAIC0xOCw5ICsxOCw0IEBACiAgICAgKCFy YW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAg ICAgIFwKICAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3Bv cnRfY2FwcykpCiAKLSNkZWZpbmUgbXVsdGlwYWdlX2FsbG9jYXRpb25fcGVy bWl0dGVkKGQsIG9yZGVyKSAgICAgICAgXAotICAgICgoKG9yZGVyKSA8PSA5 KSB8fCAvKiBhbGxvdyAyTUIgc3VwZXJwYWdlcyAqLyAgICAgICBcCi0gICAg ICFyYW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAg ICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5p b3BvcnRfY2FwcykpCi0KICNlbmRpZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: application/octet-stream; name="xsa158-4.4.patch" Content-Disposition: attachment; filename="xsa158-4.4.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+CgotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGlu ZS5tYXJrZG93bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5t YXJrZG93bgpAQCAtNjUzLDYgKzY1MywxNyBAQCB3aGljaCBkYXRhIHN0cnVj dHVyZXMgc2hvdWxkIGJlIGRlbGliZXJhCiBzbyB0aGUgY3Jhc2gga2VybmVs IG1heSBmaW5kIGZpbmQgdGhlbS4gIFNob3VsZCBiZSB1c2VkIGluIGNvbWJp bmF0aW9uCiB3aXRoICoqY3Jhc2hpbmZvX21heGFkZHIqKi4KIAorIyMjIG1l bW9wLW1heC1vcmRlcgorPiBgPSBbPGRvbVU+XVssWzxjdGxkb20+XVssWzxo d2RvbT5dWyw8cHRkb20+XV1dYAorCis+IHg4NiBkZWZhdWx0OiBgOSwxOCwx MiwxMmAKKz4gQVJNIGRlZmF1bHQ6IGA5LDE4LDEwLDEwYAorCitDaGFuZ2Ug dGhlIG1heGltdW0gb3JkZXIgcGVybWl0dGVkIGZvciBhbGxvY2F0aW9uIChv ciBhbGxvY2F0aW9uLWxpa2UpCityZXF1ZXN0cyBpc3N1ZWQgYnkgdGhlIHZh cmlvdXMga2luZHMgb2YgZG9tYWlucyAoaW4gdGhpcyBvcmRlcjoKK29yZGlu YXJ5IERvbVUsIGNvbnRyb2wgZG9tYWluLCBoYXJkd2FyZSBkb21haW4sIGFu ZCAtIHdoZW4gc3VwcG9ydGVkCitieSB0aGUgcGxhdGZvcm0gLSBEb21VIHdp dGggcGFzcy10aHJvdWdoIGRldmljZSBhc3NpZ25lZCkuCisKICMjIyBtYXhc X2NzdGF0ZQogPiBgPSA8aW50ZWdlcj5gCiAKLS0tIGEveGVuL2NvbW1vbi9t ZW1vcnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC00Niw2ICs0 Niw1MCBAQCBzdHJ1Y3QgbWVtb3BfYXJncyB7CiAgICAgaW50ICAgICAgICAg IHByZWVtcHRlZDsgIC8qIFdhcyB0aGUgaHlwZXJjYWxsIHByZWVtcHRlZD8g Ki8KIH07CiAKKyNpZm5kZWYgQ09ORklHX0NUTERPTV9NQVhfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0NUTERPTV9NQVhfT1JERVIgQ09ORklHX1BBR0VBTExP Q19NQVhfT1JERVIKKyNlbmRpZgorI2lmbmRlZiBDT05GSUdfUFRET01fTUFY X09SREVSCisjZGVmaW5lIENPTkZJR19QVERPTV9NQVhfT1JERVIgQ09ORklH X0hXRE9NX01BWF9PUkRFUgorI2VuZGlmCisKK3N0YXRpYyB1bnNpZ25lZCBp bnQgX19yZWFkX21vc3RseSBkb211X21heF9vcmRlciA9IENPTkZJR19ET01V X01BWF9PUkRFUjsKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBjdGxkb21fbWF4X29yZGVyID0gQ09ORklHX0NUTERPTV9NQVhfT1JERVI7 CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9tb3N0bHkgaHdkb21fbWF4 X29yZGVyID0gQ09ORklHX0hXRE9NX01BWF9PUkRFUjsKKyNpZmRlZiBIQVNf UEFTU1RIUk9VR0gKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBwdGRvbV9tYXhfb3JkZXIgPSBDT05GSUdfUFRET01fTUFYX09SREVSOwor I2Vsc2UKKyMgZGVmaW5lIHB0ZG9tX21heF9vcmRlciBkb211X21heF9vcmRl cgorI2VuZGlmCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfbWF4X29yZGVy KGNvbnN0IGNoYXIgKnMpCit7CisgICAgaWYgKCAqcyAhPSAnLCcgKQorICAg ICAgICBkb211X21heF9vcmRlciA9IHNpbXBsZV9zdHJ0b3VsKHMsICZzLCAw KTsKKyAgICBpZiAoICpzID09ICcsJyAmJiAqKytzICE9ICcsJyApCisgICAg ICAgIGN0bGRvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQorICAg ICAgICBod2RvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisjaWZkZWYgSEFTX1BBU1NUSFJPVUdICisgICAgaWYgKCAqcyA9PSAn LCcgJiYgKisrcyAhPSAnLCcgKQorICAgICAgICBwdGRvbV9tYXhfb3JkZXIg PSBzaW1wbGVfc3RydG91bChzLCAmcywgMCk7CisjZW5kaWYKK30KK2N1c3Rv bV9wYXJhbSgibWVtb3AtbWF4LW9yZGVyIiwgcGFyc2VfbWF4X29yZGVyKTsK Kworc3RhdGljIHVuc2lnbmVkIGludCBtYXhfb3JkZXIoY29uc3Qgc3RydWN0 IGRvbWFpbiAqZCkKK3sKKyAgICB1bnNpZ25lZCBpbnQgb3JkZXIgPSBjYWNo ZV9mbHVzaF9wZXJtaXR0ZWQoZCkgPyBkb211X21heF9vcmRlcgorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6 IHB0ZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNfY29udHJvbF9kb21h aW4oZCkgJiYgb3JkZXIgPCBjdGxkb21fbWF4X29yZGVyICkKKyAgICAgICAg b3JkZXIgPSBjdGxkb21fbWF4X29yZGVyOworCisgICAgaWYgKCBpc19oYXJk d2FyZV9kb21haW4oZCkgJiYgb3JkZXIgPCBod2RvbV9tYXhfb3JkZXIgKQor ICAgICAgICBvcmRlciA9IGh3ZG9tX21heF9vcmRlcjsKKworICAgIHJldHVy biBtaW4ob3JkZXIsIE1BWF9PUkRFUiArIDBVKTsKK30KKwogc3RhdGljIHZv aWQgaW5jcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0IG1lbW9wX2FyZ3MgKmEp CiB7CiAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZTsKQEAgLTU4LDcgKzEw Miw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEtPm5y X2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAoICFt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9tYWlu LCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9vcmRl ciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0 dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5ucl9l eHRlbnRzOyBpKysgKQpAQCAtMTAzLDggKzE0Nyw4IEBAIHN0YXRpYyB2b2lk IHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkKICAg ICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFYX09S REVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0 ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBp ZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZfcG9w dWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkgKQog ICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsg aSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yNjksNyArMzEzLDcgQEAg c3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAKICAg ICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRlbnRf bGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBhLT5l eHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0ZW50 X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAgICAg ICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8IGEt Pm5yX2V4dGVudHM7IGkrKyApCkBAIC0zMzQsMTMgKzM3OCwxNyBAQCBzdGF0 aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgaWYg KCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAgICBy ZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0ZW50 X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAgIG1h eF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAgIHJj ID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAgfQor CiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlmICgg KGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8fAog ICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRpZmll cnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBleGNo Lm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMgYXJl IHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29yZGVy ID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVudF9v cmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9mIGlu cHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9uZz8g Ki8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRlcikg PCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwgPj4g ZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVudHMp IHx8CkBAIC0zNTksMTYgKzQwNyw2IEBAIHN0YXRpYyBsb25nIG1lbW9yeV9l eGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vhcmx5 OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMgY2Fu IGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAqLwot ICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJy ZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAgICAg IW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5kb21h aW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAgcmMg PSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9Ci0K ICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0LmV4 dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRlciAg PSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9vcmRl cjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysgYi94 ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zNyw2ICszNywxMCBA QAogCiAjZGVmaW5lIENPTkZJR19WSURFTyAxCiAKKyNkZWZpbmUgQ09ORklH X1BBR0VBTExPQ19NQVhfT1JERVIgMTgKKyNkZWZpbmUgQ09ORklHX0RPTVVf TUFYX09SREVSICAgICAgOQorI2RlZmluZSBDT05GSUdfSFdET01fTUFYX09S REVSICAgICAxMAorCiAjZGVmaW5lIE9QVF9DT05TT0xFX1NUUiAiZHR1YXJ0 IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BVUwotLS0gYS94ZW4vaW5jbHVkZS9h c20tYXJtL2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLWFybS9pb2Nh cC5oCkBAIC00LDEwICs0LDYgQEAKICNkZWZpbmUgY2FjaGVfZmx1c2hfcGVy bWl0dGVkKGQpICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICghcmFu Z2VzZXRfaXNfZW1wdHkoKGQpLT5pb21lbV9jYXBzKSkKIAotI2RlZmluZSBt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoZCwgb3JkZXIpICAgICAg ICBcCi0gICAgKCgob3JkZXIpIDw9IDkpIHx8IC8qIGFsbG93IDJNQiBzdXBl cnBhZ2VzICovICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChk KS0+aW9tZW1fY2FwcykpCi0KICNlbmRpZgogCiAvKgotLS0gYS94ZW4vaW5j bHVkZS9hc20teDg2L2NvbmZpZy5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14 ODYvY29uZmlnLmgKQEAgLTI5LDkgKzI5LDEyIEBACiAjZGVmaW5lIENPTkZJ R19OVU1BIDEKICNkZWZpbmUgQ09ORklHX0RJU0NPTlRJR01FTSAxCiAjZGVm aW5lIENPTkZJR19OVU1BX0VNVSAxCi0jZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQogI2RlZmluZSBD T05GSUdfRE9NQUlOX1BBR0UgMQogCisjZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQorI2RlZmluZSBD T05GSUdfRE9NVV9NQVhfT1JERVIgICAgICBQQUdFVEFCTEVfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0hXRE9NX01BWF9PUkRFUiAgICAgMTIKKwogLyogSW50 ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJnZXN0IGNhY2hlIGxpbmUgKEwyIGxp bmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAqLwogI2RlZmluZSBDT05GSUdfWDg2 X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2 L2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9pb2NhcC5oCkBA IC0xOCw5ICsxOCw0IEBACiAgICAgKCFyYW5nZXNldF9pc19lbXB0eSgoZCkt PmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKICAgICAgIXJhbmdlc2V0 X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCiAKLSNkZWZpbmUg bXVsdGlwYWdlX2FsbG9jYXRpb25fcGVybWl0dGVkKGQsIG9yZGVyKSAgICAg ICAgXAotICAgICgoKG9yZGVyKSA8PSA5KSB8fCAvKiBhbGxvdyAyTUIgc3Vw ZXJwYWdlcyAqLyAgICAgICBcCi0gICAgICFyYW5nZXNldF9pc19lbXB0eSgo ZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKLSAgICAgIXJhbmdl c2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCi0KICNlbmRp ZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: application/octet-stream; name="xsa158-fix.patch" Content-Disposition: attachment; filename="xsa158-fix.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBmaXggWFNBLTE1OCBmaXgKCkZvciBvbmUgdGhlIHVzZXMgb2Yg ZG9tdV9tYXhfb3JkZXIgYW5kIHB0ZG9tX21heF9vcmRlciB3ZXJlIHN3YXBw ZWQuCgpBbmQgdGhlbiBnY2Mgd2FybnMgYWJvdXQgYW4gdW51c2VkIHJlc3Vs dCBvZiBhIF9fbXVzdF9jaGVjayBmdW5jdGlvbgppbiB0aGUgY29udHJvbCBw YXJ0IG9mIGEgY29uZGl0aW9uYWwgZXhwcmVzc2lvbiB3aGVuIGJvdGggb3Ro ZXIKZXhwcmVzc2lvbnMgY2FuIGJlIGRldGVybWluZWQgYnkgdGhlIGNvbXBp bGVyIHRvIHByb2R1Y2UgdGhlIHNhbWUgdmFsdWUKKHNlZSBodHRwczovL2dj Yy5nbnUub3JnL2J1Z3ppbGxhL3Nob3dfYnVnLmNnaT9pZD02ODAzOSksIHdo aWNoIGhhcHBlbnMKd2hlbiBIQVNfUEFTU1RIUk9VR0ggaXMgdW5kZWZpbmVk IChpLmUuIGZvciBBUk0gb24gNC40IGFuZCBvbGRlcikuCgpTaWduZWQtb2Zm LWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFja2VkLWJ5 OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgoKLS0t IGEveGVuL2NvbW1vbi9tZW1vcnkuYworKysgYi94ZW4vY29tbW9uL21lbW9y eS5jCkBAIC01NSw4ICs1NSw2IEBAIHN0YXRpYyB1bnNpZ25lZCBpbnQgX19y ZWFkX21vc3RseSBjdGxkb21fbWF4X29yZGVyID0gQ09ORklHX0NUTERPTV9N QVhfT1JERVI7CiBzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9tb3N0bHkg aHdkb21fbWF4X29yZGVyID0gQ09ORklHX0hXRE9NX01BWF9PUkRFUjsKICNp ZmRlZiBIQVNfUEFTU1RIUk9VR0gKIHN0YXRpYyB1bnNpZ25lZCBpbnQgX19y ZWFkX21vc3RseSBwdGRvbV9tYXhfb3JkZXIgPSBDT05GSUdfUFRET01fTUFY X09SREVSOwotI2Vsc2UKLSMgZGVmaW5lIHB0ZG9tX21heF9vcmRlciBkb211 X21heF9vcmRlcgogI2VuZGlmCiBzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2Vf bWF4X29yZGVyKGNvbnN0IGNoYXIgKnMpCiB7CkBAIC03NSw4ICs3MywxMiBA QCBjdXN0b21fcGFyYW0oIm1lbW9wLW1heC1vcmRlciIsIHBhcnNlX21heF9v cmRlcik7CiAKIHN0YXRpYyB1bnNpZ25lZCBpbnQgbWF4X29yZGVyKGNvbnN0 IHN0cnVjdCBkb21haW4gKmQpCiB7Ci0gICAgdW5zaWduZWQgaW50IG9yZGVy ID0gY2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpID8gZG9tdV9tYXhfb3JkZXIK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgOiBwdGRvbV9tYXhfb3JkZXI7CisgICAgdW5zaWduZWQgaW50IG9y ZGVyID0gZG9tdV9tYXhfb3JkZXI7CisKKyNpZmRlZiBIQVNfUEFTU1RIUk9V R0gKKyAgICBpZiAoIGNhY2hlX2ZsdXNoX3Blcm1pdHRlZChkKSAmJiBvcmRl ciA8IHB0ZG9tX21heF9vcmRlciApCisgICAgICAgIG9yZGVyID0gcHRkb21f bWF4X29yZGVyOworI2VuZGlmCiAKICAgICBpZiAoIGlzX2NvbnRyb2xfZG9t YWluKGQpICYmIG9yZGVyIDwgY3RsZG9tX21heF9vcmRlciApCiAgICAgICAg IG9yZGVyID0gY3RsZG9tX21heF9vcmRlcjsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 10 13:58:18 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Dec 2015 13:58:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a71hY-0002kC-9h; Thu, 10 Dec 2015 13:56:08 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a71hX-0002jO-29; Thu, 10 Dec 2015 13:56:07 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id B4/88-21571-67489665; Thu, 10 Dec 2015 13:56:06 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-11.tower-21.messagelabs.com!1449755763!4682190!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 48720 invoked from network); 10 Dec 2015 13:56:04 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-11.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 10 Dec 2015 13:56:04 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a71hL-0004sC-BE; Thu, 10 Dec 2015 13:55:55 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a71hK-0003E9-PL; Thu, 10 Dec 2015 13:55:55 +0000 Date: Thu, 10 Dec 2015 13:55:54 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 158 (CVE-2015-8338) - long running memory operations on ARM X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8338 / XSA-158 version 4 long running memory operations on ARM UPDATES IN VERSION 4 ==================== Mention that the original patches had two problems, supplying an incremental patch. ISSUE DESCRIPTION ================= Certain HYPERVISOR_memory_op subops take page order inputs, with so far insufficient enforcement of limits thereof. In particular, for all of XENMEM_increase_reservation, XENMEM_populate_physmap, and XENMEM_exchange the order was limited to 9 only for guests without physical devices assigned. Guests with assigned devices were allowed up to order 18 (x86) or 20 (ARM). XENMEM_decrease_reservation enforced only the latter, higher limit uniformly on all kinds of guests. All of these operations involve loops over individual pages (possibly nested, with only the iteration count of the innermost loop being of interest here), resulting in iteration counts of up to 1 million on ARM. Total execution time of these operations obviously depends on system speed, but have been measured to get into the seconds range. IMPACT ====== A malicious guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant period. Other attacks, namely privilege escalation, cannot be ruled out. If a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest. VULNERABLE SYSTEMS ================== All Xen versions supporting ARM are affected. x86 versions of Xen are unaffected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. On ARM, controlling the guest's kernel may involve locking down the bootloader. Exposure may be limited by not passing through physical devices to untrusted guests. (However, where device pass-through is being used to enhance security, for example, by disaggregating device drivers, users should not change their configuration: moving the drivers from a separate domain, to dom0, does NOT mitigate this vulnerability. Rather, it simply recategorises the additional exposure, regarding it "as designed" and therefore "not a bug". Users and vendors of disaggregated systems should not change their configuration.) CREDITS ======= This issue was discovered by Julien Grall of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that the patches provided with previous versions of this advisory had two problems: - The bounding for ordinary DomU and DomU with pass-through devices(s) was swapped. This would result in non-pass-through domains being able to perform operations with larger than intended order. In the default configuration this higher limit is not sufficient to reopen the security issue. However, users of the new memop-max-order option may be vulnerable, depending on the limits they specify. - On 4.4 and earlier, the relevant patch does not compile on ARM. The supplementary patch xsa158-fix.patch fixes these problems on all listed versions. In summary: xsa158.patch } xen-unstable, Xen 4.6.x, Xen 4.5.x xsa158-fix.patch } apply both patches xsa158-4.4.patch } Xen 4.4.x, Xen 4.3.x xsa158-fix.patch } apply both patches $ sha256sum xsa158* 50d7431cbad8faa631e2057ddd795b880f79b96d126a0b83afef3eceacf0026d xsa158.patch 54b538905e66227bf7f326006a7c322bdf35c76ad8600ff462e61d6e2eab6f04 xsa158-4.4.patch ab37e320bceeccc81285a6a72b92ed1292b69ddd8da5af94276b4b5cca4a0441 xsa158-fix.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the NO PASS-THROUGH partial MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because altering the set of devices observable in a guest in connection with a security issue would be a user-visible change which could lead to the rediscovery of the vulnerability. Deployment of the mitigation is permitted only AFTER the embargo ends. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWaYRSAAoJEIP+FMlX6CvZpvIH/A1r8mOX9Gvlz7rUonFVD5Lq 8SE4Ju4TwU9YA+sMZCpLInUC2UoVQGf/8bMWNvbB+yfnALDb5txC/ms8XEZVZWHk tfum+lzmdolMsxGY2JvjRFuwoUZB1rTzcGe9pvH5y3KMKAo7dlN5+DSdym5zoQcZ QqIiAjHj7UXC0Feg5tmRSAp5ht+yMD0rIGJ6/6fFzhdoPyLinzY1Bb12iJN6Xsd+ b7Vl7h80XU23JTviLpEZkx0cDykhzNWGZjsdQPmoDagVaxvahZPCVnefUIkeAHJZ nGdm//cs/CHHBX7iTKlhN5/eDZLqb2etI9v2kRvXkcgEfHYpNgm5cowD4dvBf30= =EDH5 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa158.patch" Content-Disposition: attachment; filename="xsa158.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+Ci0tLQp2MjogUmVuYW1lIGNvbW1hbmQgbGluZSBvcHRp b24gdG8gIm1lbW9wLW1heC1vcmRlciIuIENsYXJpZnkgZG9tYWluCiAgICBr aW5kcyBpbiBjb21tYW5kIGxpbmUgb3B0aW9uIGRvYy4gQ29ycmVjdCBpdHMg c3ludGF4IGRlc2NyaXB0aW9uLgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21t YW5kLWxpbmUubWFya2Rvd24KKysrIGIvZG9jcy9taXNjL3hlbi1jb21tYW5k LWxpbmUubWFya2Rvd24KQEAgLTEwMjksNiArMTAyOSwxNyBAQCB3aXRoICoq Y3Jhc2hpbmZvX21heGFkZHIqKi4KIFNwZWNpZnkgdGhlIHRocmVzaG9sZCBi ZWxvdyB3aGljaCBYZW4gd2lsbCBpbmZvcm0gZG9tMCB0aGF0IHRoZSBxdWFu dGl0eSBvZgogZnJlZSBtZW1vcnkgaXMgZ2V0dGluZyBsb3cuICBTcGVjaWZ5 aW5nIGAwYCB3aWxsIGRpc2FibGUgdGhpcyBub3RpZmljYXRpb24uCiAKKyMj IyBtZW1vcC1tYXgtb3JkZXIKKz4gYD0gWzxkb21VPl1bLFs8Y3RsZG9tPl1b LFs8aHdkb20+XVssPHB0ZG9tPl1dXWAKKworPiB4ODYgZGVmYXVsdDogYDks MTgsMTIsMTJgCis+IEFSTSBkZWZhdWx0OiBgOSwxOCwxMCwxMGAKKworQ2hh bmdlIHRoZSBtYXhpbXVtIG9yZGVyIHBlcm1pdHRlZCBmb3IgYWxsb2NhdGlv biAob3IgYWxsb2NhdGlvbi1saWtlKQorcmVxdWVzdHMgaXNzdWVkIGJ5IHRo ZSB2YXJpb3VzIGtpbmRzIG9mIGRvbWFpbnMgKGluIHRoaXMgb3JkZXI6Citv cmRpbmFyeSBEb21VLCBjb250cm9sIGRvbWFpbiwgaGFyZHdhcmUgZG9tYWlu LCBhbmQgLSB3aGVuIHN1cHBvcnRlZAorYnkgdGhlIHBsYXRmb3JtIC0gRG9t VSB3aXRoIHBhc3MtdGhyb3VnaCBkZXZpY2UgYXNzaWduZWQpLgorCiAjIyMg bWF4XF9jc3RhdGUKID4gYD0gPGludGVnZXI+YAogCi0tLSBhL3hlbi9jb21t b24vbWVtb3J5LmMKKysrIGIveGVuL2NvbW1vbi9tZW1vcnkuYwpAQCAtNDMs NiArNDMsNTAgQEAgc3RydWN0IG1lbW9wX2FyZ3MgewogICAgIGludCAgICAg ICAgICBwcmVlbXB0ZWQ7ICAvKiBXYXMgdGhlIGh5cGVyY2FsbCBwcmVlbXB0 ZWQ/ICovCiB9OwogCisjaWZuZGVmIENPTkZJR19DVExET01fTUFYX09SREVS CisjZGVmaW5lIENPTkZJR19DVExET01fTUFYX09SREVSIENPTkZJR19QQUdF QUxMT0NfTUFYX09SREVSCisjZW5kaWYKKyNpZm5kZWYgQ09ORklHX1BURE9N X01BWF9PUkRFUgorI2RlZmluZSBDT05GSUdfUFRET01fTUFYX09SREVSIENP TkZJR19IV0RPTV9NQVhfT1JERVIKKyNlbmRpZgorCitzdGF0aWMgdW5zaWdu ZWQgaW50IF9fcmVhZF9tb3N0bHkgZG9tdV9tYXhfb3JkZXIgPSBDT05GSUdf RE9NVV9NQVhfT1JERVI7CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgY3RsZG9tX21heF9vcmRlciA9IENPTkZJR19DVExET01fTUFYX09S REVSOworc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IGh3ZG9t X21heF9vcmRlciA9IENPTkZJR19IV0RPTV9NQVhfT1JERVI7CisjaWZkZWYg SEFTX1BBU1NUSFJPVUdICitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9t b3N0bHkgcHRkb21fbWF4X29yZGVyID0gQ09ORklHX1BURE9NX01BWF9PUkRF UjsKKyNlbHNlCisjIGRlZmluZSBwdGRvbV9tYXhfb3JkZXIgZG9tdV9tYXhf b3JkZXIKKyNlbmRpZgorc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX21heF9v cmRlcihjb25zdCBjaGFyICpzKQoreworICAgIGlmICggKnMgIT0gJywnICkK KyAgICAgICAgZG9tdV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAm cywgMCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQor ICAgICAgICBjdGxkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworICAgIGlmICggKnMgPT0gJywnICYmICorK3MgIT0gJywnICkK KyAgICAgICAgaHdkb21fbWF4X29yZGVyID0gc2ltcGxlX3N0cnRvdWwocywg JnMsIDApOworI2lmZGVmIEhBU19QQVNTVEhST1VHSAorICAgIGlmICggKnMg PT0gJywnICYmICorK3MgIT0gJywnICkKKyAgICAgICAgcHRkb21fbWF4X29y ZGVyID0gc2ltcGxlX3N0cnRvdWwocywgJnMsIDApOworI2VuZGlmCit9Citj dXN0b21fcGFyYW0oIm1lbW9wLW1heC1vcmRlciIsIHBhcnNlX21heF9vcmRl cik7CisKK3N0YXRpYyB1bnNpZ25lZCBpbnQgbWF4X29yZGVyKGNvbnN0IHN0 cnVjdCBkb21haW4gKmQpCit7CisgICAgdW5zaWduZWQgaW50IG9yZGVyID0g Y2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpID8gZG9tdV9tYXhfb3JkZXIKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgOiBwdGRvbV9tYXhfb3JkZXI7CisKKyAgICBpZiAoIGlzX2NvbnRyb2xf ZG9tYWluKGQpICYmIG9yZGVyIDwgY3RsZG9tX21heF9vcmRlciApCisgICAg ICAgIG9yZGVyID0gY3RsZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNf aGFyZHdhcmVfZG9tYWluKGQpICYmIG9yZGVyIDwgaHdkb21fbWF4X29yZGVy ICkKKyAgICAgICAgb3JkZXIgPSBod2RvbV9tYXhfb3JkZXI7CisKKyAgICBy ZXR1cm4gbWluKG9yZGVyLCBNQVhfT1JERVIgKyAwVSk7Cit9CisKIHN0YXRp YyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVjdCBtZW1vcF9hcmdz ICphKQogewogICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2U7CkBAIC01NSw3 ICs5OSw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0 cnVjdAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEt Pm5yX2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAo ICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9t YWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9v cmRlciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAg cmV0dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5u cl9leHRlbnRzOyBpKysgKQpAQCAtMTAwLDggKzE0NCw4IEBAIHN0YXRpYyB2 b2lkIHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkK ICAgICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1F TUZfcG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFY X09SREVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAg ICBpZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkg KQogICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9u ZTsgaSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yODUsNyArMzI5LDcg QEAgc3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAK ICAgICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRl bnRfbGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBh LT5leHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0 ZW50X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAg ICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8 IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0zNDMsMTMgKzM4NywxNyBAQCBz dGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAg aWYgKCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAg ICByZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0 ZW50X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAg IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAg IHJjID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAg fQorCiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlm ICggKGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8 fAogICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRp ZmllcnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBl eGNoLm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMg YXJlIHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29y ZGVyID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVu dF9vcmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9m IGlucHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9u Zz8gKi8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRl cikgPCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwg Pj4gZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVu dHMpIHx8CkBAIC0zNjgsMTYgKzQxNiw2IEBAIHN0YXRpYyBsb25nIG1lbW9y eV9leGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vh cmx5OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMg Y2FuIGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAq LwotICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChj dXJyZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAg ICAgIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5k b21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAg cmMgPSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9 Ci0KICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0 LmV4dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRl ciAgPSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9v cmRlcjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysg Yi94ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zOSw2ICszOSwx MCBAQAogCiAjZGVmaW5lIENPTkZJR19JUlFfSEFTX01VTFRJUExFX0FDVElP TiAxCiAKKyNkZWZpbmUgQ09ORklHX1BBR0VBTExPQ19NQVhfT1JERVIgMTgK KyNkZWZpbmUgQ09ORklHX0RPTVVfTUFYX09SREVSICAgICAgOQorI2RlZmlu ZSBDT05GSUdfSFdET01fTUFYX09SREVSICAgICAxMAorCiAjZGVmaW5lIE9Q VF9DT05TT0xFX1NUUiAiZHR1YXJ0IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BV UwotLS0gYS94ZW4vaW5jbHVkZS9hc20tYXJtL2lvY2FwLmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLWFybS9pb2NhcC5oCkBAIC00LDEwICs0LDYgQEAKICNk ZWZpbmUgY2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpICAgICAgICAgICAgICAg ICAgICAgICAgXAogICAgICghcmFuZ2VzZXRfaXNfZW1wdHkoKGQpLT5pb21l bV9jYXBzKSkKIAotI2RlZmluZSBtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJt aXR0ZWQoZCwgb3JkZXIpICAgICAgICBcCi0gICAgKCgob3JkZXIpIDw9IDkp IHx8IC8qIGFsbG93IDJNQiBzdXBlcnBhZ2VzICovICAgICAgIFwKLSAgICAg IXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+aW9tZW1fY2FwcykpCi0KICNlbmRp ZgogCiAvKgotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2NvbmZpZy5oCisr KyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvY29uZmlnLmgKQEAgLTI4LDkgKzI4 LDEyIEBACiAjZGVmaW5lIENPTkZJR19OVU1BIDEKICNkZWZpbmUgQ09ORklH X0RJU0NPTlRJR01FTSAxCiAjZGVmaW5lIENPTkZJR19OVU1BX0VNVSAxCi0j ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQogI2RlZmluZSBDT05GSUdfRE9NQUlOX1BBR0UgMQogCisj ZGVmaW5lIENPTkZJR19QQUdFQUxMT0NfTUFYX09SREVSICgyICogUEFHRVRB QkxFX09SREVSKQorI2RlZmluZSBDT05GSUdfRE9NVV9NQVhfT1JERVIgICAg ICBQQUdFVEFCTEVfT1JERVIKKyNkZWZpbmUgQ09ORklHX0hXRE9NX01BWF9P UkRFUiAgICAgMTIKKwogLyogSW50ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJn ZXN0IGNhY2hlIGxpbmUgKEwyIGxpbmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAq LwogI2RlZmluZSBDT05GSUdfWDg2X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0g YS94ZW4vaW5jbHVkZS9hc20teDg2L2lvY2FwLmgKKysrIGIveGVuL2luY2x1 ZGUvYXNtLXg4Ni9pb2NhcC5oCkBAIC0xOCw5ICsxOCw0IEBACiAgICAgKCFy YW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAg ICAgIFwKICAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3Bv cnRfY2FwcykpCiAKLSNkZWZpbmUgbXVsdGlwYWdlX2FsbG9jYXRpb25fcGVy bWl0dGVkKGQsIG9yZGVyKSAgICAgICAgXAotICAgICgoKG9yZGVyKSA8PSA5 KSB8fCAvKiBhbGxvdyAyTUIgc3VwZXJwYWdlcyAqLyAgICAgICBcCi0gICAg ICFyYW5nZXNldF9pc19lbXB0eSgoZCktPmlvbWVtX2NhcHMpIHx8ICAgICAg ICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChkKS0+YXJjaC5p b3BvcnRfY2FwcykpCi0KICNlbmRpZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: application/octet-stream; name="xsa158-4.4.patch" Content-Disposition: attachment; filename="xsa158-4.4.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBzcGxpdCBhbmQgdGlnaHRlbiBtYXhpbXVtIG9yZGVyIHBlcm1p dHRlZCBpbiBtZW1vcHMKCkludHJvZHVjZSBhbmQgZW5mb3JjZSBzZXBhcmF0 ZSBsaW1pdHMgZm9yIG9yZGluYXJ5IERvbVUsIERvbVUgd2l0aApwYXNzLXRo cm91Z2ggZGV2aWNlKHMpLCBjb250cm9sIGRvbWFpbiwgYW5kIGhhcmR3YXJl IGRvbWFpbi4KClRoZSBEb21VIGRlZmF1bHRzIHdlcmUgZGV0ZXJtaW5lZCBi YXNlZCBvbiB3aGF0IHNvIGZhciB3YXMgYWxsb3dlZCBieQptdWx0aXBhZ2Vf YWxsb2NhdGlvbl9wZXJtaXR0ZWQoKS4KClRoZSB4ODYgaHdkb20gZGVmYXVs dCB3YXMgY2hvc2VuIGJhc2VkIG9uIGxpbnV4LTIuNi4xOC14ZW4uaGcgYy9z CjExMDI6ODI3ODJmMTM2MWE5IGluZGljYXRpbmcgMk1iIGlzIG5vdCBlbm91 Z2gsIHBsdXMgc29tZSBzbGFjay4KClRoZSBBUk0gaHdkb20gZGVmYXVsdCB3 YXMgY2hvc2VuIHRvIGFsbG93IDJNYiAob3JkZXItOSkgbWFwcGluZ3MsIHBs dXMKYSBsaXR0bGUgYml0IG9mIHNsYWNrLgoKVGhpcyBpcyBYU0EtMTU4LgoK UmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxs QGNpdHJpeC5jb20+CgotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGlu ZS5tYXJrZG93bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5t YXJrZG93bgpAQCAtNjUzLDYgKzY1MywxNyBAQCB3aGljaCBkYXRhIHN0cnVj dHVyZXMgc2hvdWxkIGJlIGRlbGliZXJhCiBzbyB0aGUgY3Jhc2gga2VybmVs IG1heSBmaW5kIGZpbmQgdGhlbS4gIFNob3VsZCBiZSB1c2VkIGluIGNvbWJp bmF0aW9uCiB3aXRoICoqY3Jhc2hpbmZvX21heGFkZHIqKi4KIAorIyMjIG1l bW9wLW1heC1vcmRlcgorPiBgPSBbPGRvbVU+XVssWzxjdGxkb20+XVssWzxo d2RvbT5dWyw8cHRkb20+XV1dYAorCis+IHg4NiBkZWZhdWx0OiBgOSwxOCwx MiwxMmAKKz4gQVJNIGRlZmF1bHQ6IGA5LDE4LDEwLDEwYAorCitDaGFuZ2Ug dGhlIG1heGltdW0gb3JkZXIgcGVybWl0dGVkIGZvciBhbGxvY2F0aW9uIChv ciBhbGxvY2F0aW9uLWxpa2UpCityZXF1ZXN0cyBpc3N1ZWQgYnkgdGhlIHZh cmlvdXMga2luZHMgb2YgZG9tYWlucyAoaW4gdGhpcyBvcmRlcjoKK29yZGlu YXJ5IERvbVUsIGNvbnRyb2wgZG9tYWluLCBoYXJkd2FyZSBkb21haW4sIGFu ZCAtIHdoZW4gc3VwcG9ydGVkCitieSB0aGUgcGxhdGZvcm0gLSBEb21VIHdp dGggcGFzcy10aHJvdWdoIGRldmljZSBhc3NpZ25lZCkuCisKICMjIyBtYXhc X2NzdGF0ZQogPiBgPSA8aW50ZWdlcj5gCiAKLS0tIGEveGVuL2NvbW1vbi9t ZW1vcnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC00Niw2ICs0 Niw1MCBAQCBzdHJ1Y3QgbWVtb3BfYXJncyB7CiAgICAgaW50ICAgICAgICAg IHByZWVtcHRlZDsgIC8qIFdhcyB0aGUgaHlwZXJjYWxsIHByZWVtcHRlZD8g Ki8KIH07CiAKKyNpZm5kZWYgQ09ORklHX0NUTERPTV9NQVhfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0NUTERPTV9NQVhfT1JERVIgQ09ORklHX1BBR0VBTExP Q19NQVhfT1JERVIKKyNlbmRpZgorI2lmbmRlZiBDT05GSUdfUFRET01fTUFY X09SREVSCisjZGVmaW5lIENPTkZJR19QVERPTV9NQVhfT1JERVIgQ09ORklH X0hXRE9NX01BWF9PUkRFUgorI2VuZGlmCisKK3N0YXRpYyB1bnNpZ25lZCBp bnQgX19yZWFkX21vc3RseSBkb211X21heF9vcmRlciA9IENPTkZJR19ET01V X01BWF9PUkRFUjsKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBjdGxkb21fbWF4X29yZGVyID0gQ09ORklHX0NUTERPTV9NQVhfT1JERVI7 CitzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9tb3N0bHkgaHdkb21fbWF4 X29yZGVyID0gQ09ORklHX0hXRE9NX01BWF9PUkRFUjsKKyNpZmRlZiBIQVNf UEFTU1RIUk9VR0gKK3N0YXRpYyB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3Rs eSBwdGRvbV9tYXhfb3JkZXIgPSBDT05GSUdfUFRET01fTUFYX09SREVSOwor I2Vsc2UKKyMgZGVmaW5lIHB0ZG9tX21heF9vcmRlciBkb211X21heF9vcmRl cgorI2VuZGlmCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfbWF4X29yZGVy KGNvbnN0IGNoYXIgKnMpCit7CisgICAgaWYgKCAqcyAhPSAnLCcgKQorICAg ICAgICBkb211X21heF9vcmRlciA9IHNpbXBsZV9zdHJ0b3VsKHMsICZzLCAw KTsKKyAgICBpZiAoICpzID09ICcsJyAmJiAqKytzICE9ICcsJyApCisgICAg ICAgIGN0bGRvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisgICAgaWYgKCAqcyA9PSAnLCcgJiYgKisrcyAhPSAnLCcgKQorICAg ICAgICBod2RvbV9tYXhfb3JkZXIgPSBzaW1wbGVfc3RydG91bChzLCAmcywg MCk7CisjaWZkZWYgSEFTX1BBU1NUSFJPVUdICisgICAgaWYgKCAqcyA9PSAn LCcgJiYgKisrcyAhPSAnLCcgKQorICAgICAgICBwdGRvbV9tYXhfb3JkZXIg PSBzaW1wbGVfc3RydG91bChzLCAmcywgMCk7CisjZW5kaWYKK30KK2N1c3Rv bV9wYXJhbSgibWVtb3AtbWF4LW9yZGVyIiwgcGFyc2VfbWF4X29yZGVyKTsK Kworc3RhdGljIHVuc2lnbmVkIGludCBtYXhfb3JkZXIoY29uc3Qgc3RydWN0 IGRvbWFpbiAqZCkKK3sKKyAgICB1bnNpZ25lZCBpbnQgb3JkZXIgPSBjYWNo ZV9mbHVzaF9wZXJtaXR0ZWQoZCkgPyBkb211X21heF9vcmRlcgorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA6 IHB0ZG9tX21heF9vcmRlcjsKKworICAgIGlmICggaXNfY29udHJvbF9kb21h aW4oZCkgJiYgb3JkZXIgPCBjdGxkb21fbWF4X29yZGVyICkKKyAgICAgICAg b3JkZXIgPSBjdGxkb21fbWF4X29yZGVyOworCisgICAgaWYgKCBpc19oYXJk d2FyZV9kb21haW4oZCkgJiYgb3JkZXIgPCBod2RvbV9tYXhfb3JkZXIgKQor ICAgICAgICBvcmRlciA9IGh3ZG9tX21heF9vcmRlcjsKKworICAgIHJldHVy biBtaW4ob3JkZXIsIE1BWF9PUkRFUiArIDBVKTsKK30KKwogc3RhdGljIHZv aWQgaW5jcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0IG1lbW9wX2FyZ3MgKmEp CiB7CiAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZTsKQEAgLTU4LDcgKzEw Miw3IEBAIHN0YXRpYyB2b2lkIGluY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGEtPm5y X2V4dGVudHMtMSkgKQogICAgICAgICByZXR1cm47CiAKLSAgICBpZiAoICFt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoY3VycmVudC0+ZG9tYWlu LCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBpZiAoIGEtPmV4dGVudF9vcmRl ciA+IG1heF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0 dXJuOwogCiAgICAgZm9yICggaSA9IGEtPm5yX2RvbmU7IGkgPCBhLT5ucl9l eHRlbnRzOyBpKysgKQpAQCAtMTAzLDggKzE0Nyw4IEBAIHN0YXRpYyB2b2lk IHBvcHVsYXRlX3BoeXNtYXAoc3RydWN0IG1lbW8KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpICkKICAg ICAgICAgcmV0dXJuOwogCi0gICAgaWYgKCBhLT5tZW1mbGFncyAmIE1FTUZf cG9wdWxhdGVfb25fZGVtYW5kID8gYS0+ZXh0ZW50X29yZGVyID4gTUFYX09S REVSIDoKLSAgICAgICAgICFtdWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0 ZWQoY3VycmVudC0+ZG9tYWluLCBhLT5leHRlbnRfb3JkZXIpICkKKyAgICBp ZiAoIGEtPmV4dGVudF9vcmRlciA+IChhLT5tZW1mbGFncyAmIE1FTUZfcG9w dWxhdGVfb25fZGVtYW5kID8gTUFYX09SREVSIDoKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICBtYXhfb3JkZXIoY3VycmVudC0+ZG9tYWluKSkgKQog ICAgICAgICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsg aSA8IGEtPm5yX2V4dGVudHM7IGkrKyApCkBAIC0yNjksNyArMzEzLDcgQEAg c3RhdGljIHZvaWQgZGVjcmVhc2VfcmVzZXJ2YXRpb24oc3RydWN0CiAKICAg ICBpZiAoICFndWVzdF9oYW5kbGVfc3VicmFuZ2Vfb2theShhLT5leHRlbnRf bGlzdCwgYS0+bnJfZG9uZSwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBhLT5ucl9leHRlbnRzLTEpIHx8Ci0gICAgICAgICBhLT5l eHRlbnRfb3JkZXIgPiBNQVhfT1JERVIgKQorICAgICAgICAgYS0+ZXh0ZW50 X29yZGVyID4gbWF4X29yZGVyKGN1cnJlbnQtPmRvbWFpbikgKQogICAgICAg ICByZXR1cm47CiAKICAgICBmb3IgKCBpID0gYS0+bnJfZG9uZTsgaSA8IGEt Pm5yX2V4dGVudHM7IGkrKyApCkBAIC0zMzQsMTMgKzM3OCwxNyBAQCBzdGF0 aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgaWYg KCBjb3B5X2Zyb21fZ3Vlc3QoJmV4Y2gsIGFyZywgMSkgKQogICAgICAgICBy ZXR1cm4gLUVGQVVMVDsKIAorICAgIGlmICggbWF4KGV4Y2guaW4uZXh0ZW50 X29yZGVyLCBleGNoLm91dC5leHRlbnRfb3JkZXIpID4KKyAgICAgICAgIG1h eF9vcmRlcihjdXJyZW50LT5kb21haW4pICkKKyAgICB7CisgICAgICAgIHJj ID0gLUVQRVJNOworICAgICAgICBnb3RvIGZhaWxfZWFybHk7CisgICAgfQor CiAgICAgLyogVmFyaW91cyBzYW5pdHkgY2hlY2tzLiAqLwogICAgIGlmICgg KGV4Y2gubnJfZXhjaGFuZ2VkID4gZXhjaC5pbi5ucl9leHRlbnRzKSB8fAog ICAgICAgICAgLyogSW5wdXQgYW5kIG91dHB1dCBkb21haW4gaWRlbnRpZmll cnMgbWF0Y2g/ICovCiAgICAgICAgICAoZXhjaC5pbi5kb21pZCAhPSBleGNo Lm91dC5kb21pZCkgfHwKLSAgICAgICAgIC8qIEV4dGVudCBvcmRlcnMgYXJl IHNlbnNpYmxlPyAqLwotICAgICAgICAgKGV4Y2guaW4uZXh0ZW50X29yZGVy ID4gTUFYX09SREVSKSB8fAotICAgICAgICAgKGV4Y2gub3V0LmV4dGVudF9v cmRlciA+IE1BWF9PUkRFUikgfHwKICAgICAgICAgIC8qIFNpemVzIG9mIGlu cHV0IGFuZCBvdXRwdXQgbGlzdHMgZG8gbm90IG92ZXJmbG93IGEgbG9uZz8g Ki8KICAgICAgICAgICgofjBVTCA+PiBleGNoLmluLmV4dGVudF9vcmRlcikg PCBleGNoLmluLm5yX2V4dGVudHMpIHx8CiAgICAgICAgICAoKH4wVUwgPj4g ZXhjaC5vdXQuZXh0ZW50X29yZGVyKSA8IGV4Y2gub3V0Lm5yX2V4dGVudHMp IHx8CkBAIC0zNTksMTYgKzQwNyw2IEBAIHN0YXRpYyBsb25nIG1lbW9yeV9l eGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAgZ290byBmYWlsX2Vhcmx5 OwogICAgIH0KIAotICAgIC8qIE9ubHkgcHJpdmlsZWdlZCBndWVzdHMgY2Fu IGFsbG9jYXRlIG11bHRpLXBhZ2UgY29udGlndW91cyBleHRlbnRzLiAqLwot ICAgIGlmICggIW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJy ZW50LT5kb21haW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGV4Y2guaW4uZXh0ZW50X29yZGVyKSB8fAotICAgICAgICAg IW11bHRpcGFnZV9hbGxvY2F0aW9uX3Blcm1pdHRlZChjdXJyZW50LT5kb21h aW4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGV4Y2gub3V0LmV4dGVudF9vcmRlcikgKQotICAgIHsKLSAgICAgICAgcmMg PSAtRVBFUk07Ci0gICAgICAgIGdvdG8gZmFpbF9lYXJseTsKLSAgICB9Ci0K ICAgICBpZiAoIGV4Y2guaW4uZXh0ZW50X29yZGVyIDw9IGV4Y2gub3V0LmV4 dGVudF9vcmRlciApCiAgICAgewogICAgICAgICBpbl9jaHVua19vcmRlciAg PSBleGNoLm91dC5leHRlbnRfb3JkZXIgLSBleGNoLmluLmV4dGVudF9vcmRl cjsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9jb25maWcuaAorKysgYi94 ZW4vaW5jbHVkZS9hc20tYXJtL2NvbmZpZy5oCkBAIC0zNyw2ICszNywxMCBA QAogCiAjZGVmaW5lIENPTkZJR19WSURFTyAxCiAKKyNkZWZpbmUgQ09ORklH X1BBR0VBTExPQ19NQVhfT1JERVIgMTgKKyNkZWZpbmUgQ09ORklHX0RPTVVf TUFYX09SREVSICAgICAgOQorI2RlZmluZSBDT05GSUdfSFdET01fTUFYX09S REVSICAgICAxMAorCiAjZGVmaW5lIE9QVF9DT05TT0xFX1NUUiAiZHR1YXJ0 IgogCiAjaWZkZWYgTUFYX1BIWVNfQ1BVUwotLS0gYS94ZW4vaW5jbHVkZS9h c20tYXJtL2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLWFybS9pb2Nh cC5oCkBAIC00LDEwICs0LDYgQEAKICNkZWZpbmUgY2FjaGVfZmx1c2hfcGVy bWl0dGVkKGQpICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICghcmFu Z2VzZXRfaXNfZW1wdHkoKGQpLT5pb21lbV9jYXBzKSkKIAotI2RlZmluZSBt dWx0aXBhZ2VfYWxsb2NhdGlvbl9wZXJtaXR0ZWQoZCwgb3JkZXIpICAgICAg ICBcCi0gICAgKCgob3JkZXIpIDw9IDkpIHx8IC8qIGFsbG93IDJNQiBzdXBl cnBhZ2VzICovICAgICAgIFwKLSAgICAgIXJhbmdlc2V0X2lzX2VtcHR5KChk KS0+aW9tZW1fY2FwcykpCi0KICNlbmRpZgogCiAvKgotLS0gYS94ZW4vaW5j bHVkZS9hc20teDg2L2NvbmZpZy5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14 ODYvY29uZmlnLmgKQEAgLTI5LDkgKzI5LDEyIEBACiAjZGVmaW5lIENPTkZJ R19OVU1BIDEKICNkZWZpbmUgQ09ORklHX0RJU0NPTlRJR01FTSAxCiAjZGVm aW5lIENPTkZJR19OVU1BX0VNVSAxCi0jZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQogI2RlZmluZSBD T05GSUdfRE9NQUlOX1BBR0UgMQogCisjZGVmaW5lIENPTkZJR19QQUdFQUxM T0NfTUFYX09SREVSICgyICogUEFHRVRBQkxFX09SREVSKQorI2RlZmluZSBD T05GSUdfRE9NVV9NQVhfT1JERVIgICAgICBQQUdFVEFCTEVfT1JERVIKKyNk ZWZpbmUgQ09ORklHX0hXRE9NX01BWF9PUkRFUiAgICAgMTIKKwogLyogSW50 ZWwgUDQgY3VycmVudGx5IGhhcyBsYXJnZXN0IGNhY2hlIGxpbmUgKEwyIGxp bmUgc2l6ZSBpcyAxMjggYnl0ZXMpLiAqLwogI2RlZmluZSBDT05GSUdfWDg2 X0wxX0NBQ0hFX1NISUZUIDcKIAotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2 L2lvY2FwLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9pb2NhcC5oCkBA IC0xOCw5ICsxOCw0IEBACiAgICAgKCFyYW5nZXNldF9pc19lbXB0eSgoZCkt PmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKICAgICAgIXJhbmdlc2V0 X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCiAKLSNkZWZpbmUg bXVsdGlwYWdlX2FsbG9jYXRpb25fcGVybWl0dGVkKGQsIG9yZGVyKSAgICAg ICAgXAotICAgICgoKG9yZGVyKSA8PSA5KSB8fCAvKiBhbGxvdyAyTUIgc3Vw ZXJwYWdlcyAqLyAgICAgICBcCi0gICAgICFyYW5nZXNldF9pc19lbXB0eSgo ZCktPmlvbWVtX2NhcHMpIHx8ICAgICAgICAgICAgIFwKLSAgICAgIXJhbmdl c2V0X2lzX2VtcHR5KChkKS0+YXJjaC5pb3BvcnRfY2FwcykpCi0KICNlbmRp ZiAvKiBfX1g4Nl9JT0NBUF9IX18gKi8K --=separator Content-Type: application/octet-stream; name="xsa158-fix.patch" Content-Disposition: attachment; filename="xsa158-fix.patch" Content-Transfer-Encoding: base64 bWVtb3J5OiBmaXggWFNBLTE1OCBmaXgKCkZvciBvbmUgdGhlIHVzZXMgb2Yg ZG9tdV9tYXhfb3JkZXIgYW5kIHB0ZG9tX21heF9vcmRlciB3ZXJlIHN3YXBw ZWQuCgpBbmQgdGhlbiBnY2Mgd2FybnMgYWJvdXQgYW4gdW51c2VkIHJlc3Vs dCBvZiBhIF9fbXVzdF9jaGVjayBmdW5jdGlvbgppbiB0aGUgY29udHJvbCBw YXJ0IG9mIGEgY29uZGl0aW9uYWwgZXhwcmVzc2lvbiB3aGVuIGJvdGggb3Ro ZXIKZXhwcmVzc2lvbnMgY2FuIGJlIGRldGVybWluZWQgYnkgdGhlIGNvbXBp bGVyIHRvIHByb2R1Y2UgdGhlIHNhbWUgdmFsdWUKKHNlZSBodHRwczovL2dj Yy5nbnUub3JnL2J1Z3ppbGxhL3Nob3dfYnVnLmNnaT9pZD02ODAzOSksIHdo aWNoIGhhcHBlbnMKd2hlbiBIQVNfUEFTU1RIUk9VR0ggaXMgdW5kZWZpbmVk IChpLmUuIGZvciBBUk0gb24gNC40IGFuZCBvbGRlcikuCgpTaWduZWQtb2Zm LWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFja2VkLWJ5 OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgoKLS0t IGEveGVuL2NvbW1vbi9tZW1vcnkuYworKysgYi94ZW4vY29tbW9uL21lbW9y eS5jCkBAIC01NSw4ICs1NSw2IEBAIHN0YXRpYyB1bnNpZ25lZCBpbnQgX19y ZWFkX21vc3RseSBjdGxkb21fbWF4X29yZGVyID0gQ09ORklHX0NUTERPTV9N QVhfT1JERVI7CiBzdGF0aWMgdW5zaWduZWQgaW50IF9fcmVhZF9tb3N0bHkg aHdkb21fbWF4X29yZGVyID0gQ09ORklHX0hXRE9NX01BWF9PUkRFUjsKICNp ZmRlZiBIQVNfUEFTU1RIUk9VR0gKIHN0YXRpYyB1bnNpZ25lZCBpbnQgX19y ZWFkX21vc3RseSBwdGRvbV9tYXhfb3JkZXIgPSBDT05GSUdfUFRET01fTUFY X09SREVSOwotI2Vsc2UKLSMgZGVmaW5lIHB0ZG9tX21heF9vcmRlciBkb211 X21heF9vcmRlcgogI2VuZGlmCiBzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2Vf bWF4X29yZGVyKGNvbnN0IGNoYXIgKnMpCiB7CkBAIC03NSw4ICs3MywxMiBA QCBjdXN0b21fcGFyYW0oIm1lbW9wLW1heC1vcmRlciIsIHBhcnNlX21heF9v cmRlcik7CiAKIHN0YXRpYyB1bnNpZ25lZCBpbnQgbWF4X29yZGVyKGNvbnN0 IHN0cnVjdCBkb21haW4gKmQpCiB7Ci0gICAgdW5zaWduZWQgaW50IG9yZGVy ID0gY2FjaGVfZmx1c2hfcGVybWl0dGVkKGQpID8gZG9tdV9tYXhfb3JkZXIK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgOiBwdGRvbV9tYXhfb3JkZXI7CisgICAgdW5zaWduZWQgaW50IG9y ZGVyID0gZG9tdV9tYXhfb3JkZXI7CisKKyNpZmRlZiBIQVNfUEFTU1RIUk9V R0gKKyAgICBpZiAoIGNhY2hlX2ZsdXNoX3Blcm1pdHRlZChkKSAmJiBvcmRl ciA8IHB0ZG9tX21heF9vcmRlciApCisgICAgICAgIG9yZGVyID0gcHRkb21f bWF4X29yZGVyOworI2VuZGlmCiAKICAgICBpZiAoIGlzX2NvbnRyb2xfZG9t YWluKGQpICYmIG9yZGVyIDwgY3RsZG9tX21heF9vcmRlciApCiAgICAgICAg IG9yZGVyID0gY3RsZG9tX21heF9vcmRlcjsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtW-0007Sj-2X; Thu, 17 Dec 2015 12:42:54 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtU-0007RP-C3; Thu, 17 Dec 2015 12:42:52 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id C0/B1-21571-BCDA2765; Thu, 17 Dec 2015 12:42:51 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-13.tower-21.messagelabs.com!1450356160!6012596!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 38209 invoked from network); 17 Dec 2015 12:42:48 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-13.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:48 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtC-0000wS-UZ; Thu, 17 Dec 2015 12:42:34 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9XtC-000204-Gj; Thu, 17 Dec 2015 12:42:34 +0000 Date: Thu, 17 Dec 2015 12:42:34 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 166 - ioreq handling possibly susceptible to multiple read issue X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-166 version 2 ioreq handling possibly susceptible to multiple read issue UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device model for assistance. Due to the offending field being a bitfield, it is however believed that there is no issue in practice, since compilers, at least when optimizing (which is always the case for non-debug builds), should find it more expensive to extract the bit field value twice than to keep the calculated value in a register. IMPACT ====== This vulnerability is exposed to malicious device models. In conventional Xen systems this means the qemu which service an HVM domain. On such systems this vulnerability can only be exploited if the attacker has gained control of the device model qemu via another vulnerability. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded. VULNERABLE SYSTEMS ================== All Xen versions are affected. Only x86 variants of Xen are susceptible. ARM variants are not affected. Only HVM guests expose this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. CREDITS ======= This issue was discovered by Konrad Rzeszutek Wilk of Oracle and Jan Beulich of SUSE while investigating the issues arising from XSA-155. XSA-155 was discovered by Felix Wilhelm of ERNW. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa166.patch xen-unstable, Xen 4.6.x xsa166-4.5.patch Xen 4.5.x xsa166-4.4.patch Xen 4.4.x xsa166-4.3.patch Xen 4.3.x $ sha256sum xsa166* 740a28a69524e966ab77f9f5e45067aa7ba2d32ea69b1d3c4b9bf0c86212ad0a xsa166.patch 109a9eb132d712a56a7ca81214fff3952868a39206eb34f66f5b2265e680b9fc xsa166-4.3.patch d63261ca2d40e2723a4f3c94665cc120e0ea488200eebb08c7aa07e1c1a35d42 xsa166-4.4.patch d5dddce37c644d35ef52ff7230f83bf0969b6b4db9b586241f5f5bd0dc631096 xsa166-4.5.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html NOTE REGARDING SHORT EMBARGO ============================ This issue was encountered by the Security Team during investigations of the scope and impact of XSA-155. Accordingly XSA-166 is embargoed and the embargo will end at the same time as that of XSA-155. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqzCAAoJEIP+FMlX6CvZPRIIAIkXhtZYi1ro+T74PMote55o npXKgR9tvXOokj3O1IsYfzHQnOiX3kQmmGmSXg5Hh/sYxAQIgqn2f9Zf/K+6gx8j Rd+0QrbhekG7+uA3TrGNtNdBDPevAcKE2xkzGZ7OZknE7Ch9WKua3VtjlY0pG9jr 8PUPE/NZ//MSd9Ds2uPB6G2zaoqFG6oGMgqdYs3zwLM52FR1/VlTzKLZ7sh3mPeK rPO1f1Agn7mFVnSbO0EkAYx++Mr3rv/w2M1qnK0cQk6T9l6Cg6qKzdV+iTV95CNo QxWLsm26c4YsRPIU1gBgHoPxi8hGwZThInSY8j8MH0Ed1xV3bPm1HqirrafpHHA= =Fovo -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa166.patch" Content-Disposition: attachment; filename="xsa166.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTQ2MCw3ICs0NjAsMTAgQEAgc3RhdGljIGJvb2xfdCBodm1fd2FpdF9m b3JfaW8oc3RydWN0IGh2bQogewogICAgIHdoaWxlICggc3YtPnBlbmRpbmcg KQogICAgIHsKLSAgICAgICAgc3dpdGNoICggcC0+c3RhdGUgKQorICAgICAg ICB1bnNpZ25lZCBpbnQgc3RhdGUgPSBwLT5zdGF0ZTsKKworICAgICAgICBy bWIoKTsKKyAgICAgICAgc3dpdGNoICggc3RhdGUgKQogICAgICAgICB7CiAg ICAgICAgIGNhc2UgU1RBVEVfSU9SRVFfTk9ORToKICAgICAgICAgICAgIC8q CkBAIC00NzEsMTggKzQ3NCwxNSBAQCBzdGF0aWMgYm9vbF90IGh2bV93YWl0 X2Zvcl9pbyhzdHJ1Y3QgaHZtCiAgICAgICAgICAgICBodm1faW9fYXNzaXN0 KHN2LCB+MHVsKTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICBjYXNl IFNUQVRFX0lPUkVTUF9SRUFEWTogLyogSU9SRVNQX1JFQURZIC0+IE5PTkUg Ki8KLSAgICAgICAgICAgIHJtYigpOyAvKiBzZWUgSU9SRVNQX1JFQURZIC90 aGVuLyByZWFkIGNvbnRlbnRzIG9mIGlvcmVxICovCiAgICAgICAgICAgICBw LT5zdGF0ZSA9IFNUQVRFX0lPUkVRX05PTkU7CiAgICAgICAgICAgICBodm1f aW9fYXNzaXN0KHN2LCBwLT5kYXRhKTsKICAgICAgICAgICAgIGJyZWFrOwog ICAgICAgICBjYXNlIFNUQVRFX0lPUkVRX1JFQURZOiAgLyogSU9SRVFfe1JF QURZLElOUFJPQ0VTU30gLT4gSU9SRVNQX1JFQURZICovCiAgICAgICAgIGNh c2UgU1RBVEVfSU9SRVFfSU5QUk9DRVNTOgotICAgICAgICAgICAgd2FpdF9v bl94ZW5fZXZlbnRfY2hhbm5lbChzdi0+aW9yZXFfZXZ0Y2huLAotICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAocC0+c3RhdGUgIT0g U1RBVEVfSU9SRVFfUkVBRFkpICYmCi0gICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9JTlBS T0NFU1MpKTsKKyAgICAgICAgICAgIHdhaXRfb25feGVuX2V2ZW50X2NoYW5u ZWwoc3YtPmlvcmVxX2V2dGNobiwgcC0+c3RhdGUgIT0gc3RhdGUpOwogICAg ICAgICAgICAgYnJlYWs7CiAgICAgICAgIGRlZmF1bHQ6Ci0gICAgICAgICAg ICBnZHByaW50ayhYRU5MT0dfRVJSLCAiV2VpcmQgSFZNIGlvcmVxdWVzdCBz dGF0ZSAlZC5cbiIsIHAtPnN0YXRlKTsKKyAgICAgICAgICAgIGdkcHJpbnRr KFhFTkxPR19FUlIsICJXZWlyZCBIVk0gaW9yZXF1ZXN0IHN0YXRlICV1XG4i LCBzdGF0ZSk7CiAgICAgICAgICAgICBzdi0+cGVuZGluZyA9IDA7CiAgICAg ICAgICAgICBkb21haW5fY3Jhc2goc3YtPnZjcHUtPmRvbWFpbik7CiAgICAg ICAgICAgICByZXR1cm4gMDsgLyogYmFpbCAqLwo= --=separator Content-Type: application/octet-stream; name="xsa166-4.3.patch" Content-Disposition: attachment; filename="xsa166-4.3.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTM0Miw2ICszNDIsNyBAQCB2b2lkIGh2bV9taWdyYXRlX3BpcnFzKHN0 cnVjdCB2Y3B1ICp2KQogdm9pZCBodm1fZG9fcmVzdW1lKHN0cnVjdCB2Y3B1 ICp2KQogewogICAgIGlvcmVxX3QgKnA7CisgICAgdW5zaWduZWQgaW50IHN0 YXRlOwogCiAgICAgcHRfcmVzdG9yZV90aW1lcih2KTsKIApAQCAtMzQ5LDkg KzM1MCwxMCBAQCB2b2lkIGh2bV9kb19yZXN1bWUoc3RydWN0IHZjcHUgKnYp CiAKICAgICAvKiBOQi4gT3B0aW1pc2VkIGZvciBjb21tb24gY2FzZSAocC0+ c3RhdGUgPT0gU1RBVEVfSU9SRVFfTk9ORSkuICovCiAgICAgcCA9IGdldF9p b3JlcSh2KTsKLSAgICB3aGlsZSAoIHAtPnN0YXRlICE9IFNUQVRFX0lPUkVR X05PTkUgKQorICAgIHdoaWxlICggKHN0YXRlID0gcC0+c3RhdGUpICE9IFNU QVRFX0lPUkVRX05PTkUgKQogICAgIHsKLSAgICAgICAgc3dpdGNoICggcC0+ c3RhdGUgKQorICAgICAgICBybWIoKTsKKyAgICAgICAgc3dpdGNoICggc3Rh dGUgKQogICAgICAgICB7CiAgICAgICAgIGNhc2UgU1RBVEVfSU9SRVNQX1JF QURZOiAvKiBJT1JFU1BfUkVBRFkgLT4gTk9ORSAqLwogICAgICAgICAgICAg aHZtX2lvX2Fzc2lzdCgpOwpAQCAtMzU5LDExICszNjEsMTAgQEAgdm9pZCBo dm1fZG9fcmVzdW1lKHN0cnVjdCB2Y3B1ICp2KQogICAgICAgICBjYXNlIFNU QVRFX0lPUkVRX1JFQURZOiAgLyogSU9SRVFfe1JFQURZLElOUFJPQ0VTU30g LT4gSU9SRVNQX1JFQURZICovCiAgICAgICAgIGNhc2UgU1RBVEVfSU9SRVFf SU5QUk9DRVNTOgogICAgICAgICAgICAgd2FpdF9vbl94ZW5fZXZlbnRfY2hh bm5lbCh2LT5hcmNoLmh2bV92Y3B1Lnhlbl9wb3J0LAotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAocC0+c3RhdGUgIT0gU1RBVEVf SU9SRVFfUkVBRFkpICYmCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9JTlBST0NFU1Mp KTsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcC0+ c3RhdGUgIT0gc3RhdGUpOwogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAg IGRlZmF1bHQ6Ci0gICAgICAgICAgICBnZHByaW50ayhYRU5MT0dfRVJSLCAi V2VpcmQgSFZNIGlvcmVxdWVzdCBzdGF0ZSAlZC5cbiIsIHAtPnN0YXRlKTsK KyAgICAgICAgICAgIGdkcHJpbnRrKFhFTkxPR19FUlIsICJXZWlyZCBIVk0g aW9yZXF1ZXN0IHN0YXRlICV1XG4iLCBzdGF0ZSk7CiAgICAgICAgICAgICBk b21haW5fY3Jhc2godi0+ZG9tYWluKTsKICAgICAgICAgICAgIHJldHVybjsg LyogYmFpbCAqLwogICAgICAgICB9Cg== --=separator Content-Type: application/octet-stream; name="xsa166-4.4.patch" Content-Disposition: attachment; filename="xsa166-4.4.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTM0OCw2ICszNDgsNyBAQCB2b2lkIGh2bV9taWdyYXRlX3BpcnFzKHN0 cnVjdCB2Y3B1ICp2KQogdm9pZCBodm1fZG9fcmVzdW1lKHN0cnVjdCB2Y3B1 ICp2KQogewogICAgIGlvcmVxX3QgKnA7CisgICAgdW5zaWduZWQgaW50IHN0 YXRlOwogCiAgICAgY2hlY2tfd2FrZXVwX2Zyb21fd2FpdCgpOwogCkBAIC0z NTgsOSArMzU5LDEwIEBAIHZvaWQgaHZtX2RvX3Jlc3VtZShzdHJ1Y3QgdmNw dSAqdikKICAgICBpZiAoICEocCA9IGdldF9pb3JlcSh2KSkgKQogICAgICAg ICBnb3RvIGNoZWNrX2luamVjdF90cmFwOwogCi0gICAgd2hpbGUgKCBwLT5z dGF0ZSAhPSBTVEFURV9JT1JFUV9OT05FICkKKyAgICB3aGlsZSAoIChzdGF0 ZSA9IHAtPnN0YXRlKSAhPSBTVEFURV9JT1JFUV9OT05FICkKICAgICB7Ci0g ICAgICAgIHN3aXRjaCAoIHAtPnN0YXRlICkKKyAgICAgICAgcm1iKCk7Cisg ICAgICAgIHN3aXRjaCAoIHN0YXRlICkKICAgICAgICAgewogICAgICAgICBj YXNlIFNUQVRFX0lPUkVTUF9SRUFEWTogLyogSU9SRVNQX1JFQURZIC0+IE5P TkUgKi8KICAgICAgICAgICAgIGh2bV9pb19hc3Npc3QocCk7CkBAIC0zNjgs MTEgKzM3MCwxMCBAQCB2b2lkIGh2bV9kb19yZXN1bWUoc3RydWN0IHZjcHUg KnYpCiAgICAgICAgIGNhc2UgU1RBVEVfSU9SRVFfUkVBRFk6ICAvKiBJT1JF UV97UkVBRFksSU5QUk9DRVNTfSAtPiBJT1JFU1BfUkVBRFkgKi8KICAgICAg ICAgY2FzZSBTVEFURV9JT1JFUV9JTlBST0NFU1M6CiAgICAgICAgICAgICB3 YWl0X29uX3hlbl9ldmVudF9jaGFubmVsKHYtPmFyY2guaHZtX3ZjcHUueGVu X3BvcnQsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9SRUFEWSkgJiYKLSAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHAtPnN0YXRlICE9IFNU QVRFX0lPUkVRX0lOUFJPQ0VTUykpOworICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBwLT5zdGF0ZSAhPSBzdGF0ZSk7CiAgICAgICAg ICAgICBicmVhazsKICAgICAgICAgZGVmYXVsdDoKLSAgICAgICAgICAgIGdk cHJpbnRrKFhFTkxPR19FUlIsICJXZWlyZCBIVk0gaW9yZXF1ZXN0IHN0YXRl ICVkLlxuIiwgcC0+c3RhdGUpOworICAgICAgICAgICAgZ2RwcmludGsoWEVO TE9HX0VSUiwgIldlaXJkIEhWTSBpb3JlcXVlc3Qgc3RhdGUgJXVcbiIsIHN0 YXRlKTsKICAgICAgICAgICAgIGRvbWFpbl9jcmFzaCh2LT5kb21haW4pOwog ICAgICAgICAgICAgcmV0dXJuOyAvKiBiYWlsICovCiAgICAgICAgIH0K --=separator Content-Type: application/octet-stream; name="xsa166-4.5.patch" Content-Disposition: attachment; filename="xsa166-4.5.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTQwMCwyMyArNDAwLDIzIEBAIGJvb2xfdCBodm1faW9fcGVuZGluZyhz dHJ1Y3QgdmNwdSAqdikKIAogc3RhdGljIGJvb2xfdCBodm1fd2FpdF9mb3Jf aW8oc3RydWN0IGh2bV9pb3JlcV92Y3B1ICpzdiwgaW9yZXFfdCAqcCkKIHsK KyAgICB1bnNpZ25lZCBpbnQgc3RhdGU7CisKICAgICAvKiBOQi4gT3B0aW1p c2VkIGZvciBjb21tb24gY2FzZSAocC0+c3RhdGUgPT0gU1RBVEVfSU9SRVFf Tk9ORSkuICovCi0gICAgd2hpbGUgKCBwLT5zdGF0ZSAhPSBTVEFURV9JT1JF UV9OT05FICkKKyAgICB3aGlsZSAoIChzdGF0ZSA9IHAtPnN0YXRlKSAhPSBT VEFURV9JT1JFUV9OT05FICkKICAgICB7Ci0gICAgICAgIHN3aXRjaCAoIHAt PnN0YXRlICkKKyAgICAgICAgcm1iKCk7CisgICAgICAgIHN3aXRjaCAoIHN0 YXRlICkKICAgICAgICAgewogICAgICAgICBjYXNlIFNUQVRFX0lPUkVTUF9S RUFEWTogLyogSU9SRVNQX1JFQURZIC0+IE5PTkUgKi8KLSAgICAgICAgICAg IHJtYigpOyAvKiBzZWUgSU9SRVNQX1JFQURZIC90aGVuLyByZWFkIGNvbnRl bnRzIG9mIGlvcmVxICovCiAgICAgICAgICAgICBodm1faW9fYXNzaXN0KHAp OwogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIGNhc2UgU1RBVEVfSU9S RVFfUkVBRFk6ICAvKiBJT1JFUV97UkVBRFksSU5QUk9DRVNTfSAtPiBJT1JF U1BfUkVBRFkgKi8KICAgICAgICAgY2FzZSBTVEFURV9JT1JFUV9JTlBST0NF U1M6Ci0gICAgICAgICAgICB3YWl0X29uX3hlbl9ldmVudF9jaGFubmVsKHN2 LT5pb3JlcV9ldnRjaG4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9SRUFEWSkgJiYK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHAtPnN0 YXRlICE9IFNUQVRFX0lPUkVRX0lOUFJPQ0VTUykpOworICAgICAgICAgICAg d2FpdF9vbl94ZW5fZXZlbnRfY2hhbm5lbChzdi0+aW9yZXFfZXZ0Y2huLCBw LT5zdGF0ZSAhPSBzdGF0ZSk7CiAgICAgICAgICAgICBicmVhazsKICAgICAg ICAgZGVmYXVsdDoKLSAgICAgICAgICAgIGdkcHJpbnRrKFhFTkxPR19FUlIs ICJXZWlyZCBIVk0gaW9yZXF1ZXN0IHN0YXRlICVkLlxuIiwgcC0+c3RhdGUp OworICAgICAgICAgICAgZ2RwcmludGsoWEVOTE9HX0VSUiwgIldlaXJkIEhW TSBpb3JlcXVlc3Qgc3RhdGUgJXVcbiIsIHN0YXRlKTsKICAgICAgICAgICAg IGRvbWFpbl9jcmFzaChzdi0+dmNwdS0+ZG9tYWluKTsKICAgICAgICAgICAg IHJldHVybiAwOyAvKiBiYWlsICovCiAgICAgICAgIH0K --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtJ-0007IA-34; Thu, 17 Dec 2015 12:42:41 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtH-0007H1-LU; Thu, 17 Dec 2015 12:42:39 +0000 Received: from [193.109.254.147] by server-11.bemta-14.messagelabs.com id 60/A7-28228-EBDA2765; Thu, 17 Dec 2015 12:42:38 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-11.tower-27.messagelabs.com!1450356156!11639721!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 7943 invoked from network); 17 Dec 2015 12:42:37 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-11.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:37 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt8-0000w9-LA; Thu, 17 Dec 2015 12:42:30 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xt8-0001yt-Em; Thu, 17 Dec 2015 12:42:30 +0000 Date: Thu, 17 Dec 2015 12:42:30 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 165 (CVE-2015-8555) - information leak in legacy x86 FPU/XMM initialization X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8555 / XSA-165 version 3 information leak in legacy x86 FPU/XMM initialization UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= When XSAVE/XRSTOR are not in use by Xen to manage guest extended register state, the initial values in the FPU stack and XMM registers seen by the guest upon first use are those left there by the previous user of those registers. IMPACT ====== A malicious domain may be able to leverage this to obtain sensitive information such as cryptographic keys from another domain. VULNERABLE SYSTEMS ================== All Xen versions are vulnerable. Only x86 systems without XSAVE support or with XSAVE support disabled are vulnerable. ARM systems are not vulnerable. MITIGATION ========== On XSAVE capable systems, not turning off XSAVE support via the "no-xsave" hypervisor command line option (or - when defaulting to off - turning it on via the "xsave" hypervisor command line option) will avoid the vulnerability. To find out whether XSAVE is in use, consult the hypervisor log (obtainable e.g. via "xl dmesg") and look for a message of the form "xstate_init: using cntxt_size: and states: " If such a message is present then XSAVE is in use. But note that due to log buffer size restrictions this boot time message may have scrolled off. There is no known mitigation on XSAVE-incapable systems. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa165.patch xen-unstable xsa165-4.6.patch Xen 4.6.x xsa165-4.5.patch Xen 4.5.x, Xen 4.4.x xsa165-4.3.patch Xen 4.3.x $ sha256sum xsa165* 6422db857dd469f5978b80be95e93d1db4bab965668430e07005b7b6369742be xsa165.patch bced245fb1111b7fa2db642971cceb0523e691367ba8bfbc6ff0da421f198c97 xsa165-4.3.patch dd15e301f2757e0c7975bdccfe49ddf41c730bc124dd90166e0844d332eeedad xsa165-4.5.patch 4bb18f2e44f49f140932c2d1e956e2e28017439cbb0e76eb16a8af617c4112ac xsa165-4.6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the XSAVE ENABLEMENT MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because enabling xsave is visible to guests, so such deployment could lead to the rediscovery of the vulnerability. Deployment of the mitigation is permitted only AFTER the embargo ends. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqzAAAoJEIP+FMlX6CvZAYYH/1KqrQG0r23AiTYXqS4IBYMd RU5edyJkNKRCkJMU3m20LPyZ4/NCMg8rgejLHQDiHav0CNUEX6gUSqIUm8d3vrNg IYtGNhLZUcjRqRK1f/oqgFw3TEXlC59EQdSKdNLaZ+Fj/HN4TQtaQWpUW0r5OYXi tSbZYJ+NT4wHLzmai2tdFekVEBFzL+e6RxngrAl+X17mX3O0jdHFpOPqjwGCXXhh N46sZTi/o3QSHBG7yzcxlA5HKJArxVAQNSKJJrSaj3m8O44V5d6+IkMmCpexvq/R rFA1iiMXu481UQq6kLNIC2kpgSNUaNTHDElVQdeUUGu95INAgsrlMdUqNKL2V8o= =QBGV -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa165.patch" Content-Disposition: attachment; filename="xsa165.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtOTE3 LDYgKzkxNywxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFhTVEFURV9DT01QQUNUSU9OX0VOQUJMRUQ7CiAgICAgICAgIH0K ICAgICB9CisgICAgZWxzZSBpZiAoIHYtPmFyY2gueHNhdmVfYXJlYSApCisg ICAgICAgIG1lbXNldCgmdi0+YXJjaC54c2F2ZV9hcmVhLT54c2F2ZV9oZHIs IDAsCisgICAgICAgICAgICAgICBzaXplb2Yodi0+YXJjaC54c2F2ZV9hcmVh LT54c2F2ZV9oZHIpKTsKKyAgICBlbHNlCisgICAgeworICAgICAgICB0eXBl b2Yodi0+YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYt PmFyY2guZnB1X2N0eHQ7CisKKyAgICAgICAgbWVtc2V0KGZwdV9zc2UsIDAs IHNpemVvZigqZnB1X3NzZSkpOworICAgICAgICBmcHVfc3NlLT5mY3cgPSBG Q1dfREVGQVVMVDsKKyAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENTUl9E RUZBVUxUOworICAgIH0KIAogICAgIGlmICggIWNvbXBhdCApCiAgICAgewot LS0gYS94ZW4vYXJjaC94ODYvaTM4Ny5jCisrKyBiL3hlbi9hcmNoL3g4Ni9p Mzg3LmMKQEAgLTE3LDE2ICsxNyw2IEBACiAjaW5jbHVkZSA8YXNtL3hzdGF0 ZS5oPgogI2luY2x1ZGUgPGFzbS9hc21fZGVmbnMuaD4KIAotc3RhdGljIHZv aWQgZnB1X2luaXQodm9pZCkKLXsKLSAgICB1aW50MzJfdCB2YWwgPSBNWENT Ul9ERUZBVUxUOwotCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5pdCIgKTsK LQotICAgIC8qIGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRy b2wvc3RhdHVzIHJlZ2lzdGVyICovCi0gICAgYXNtIHZvbGF0aWxlICggImxk bXhjc3IgJTAiIDogOiAibSIgKHZhbCkgKTsKLX0KLQogLyoqKioqKioqKioq KioqKioqKioqKioqKioqKioqKiovCiAvKiAgICAgRlBVIFJlc3RvcmUgRnVu Y3Rpb25zICAgKi8KIC8qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq LwpAQCAtMjI4LDEwICsyMTgsOCBAQCB2b2lkIHZjcHVfcmVzdG9yZV9mcHVf bGF6eShzdHJ1Y3QgdmNwdSAqCiAKICAgICBpZiAoIGNwdV9oYXNfeHNhdmUg KQogICAgICAgICBmcHVfeHJzdG9yKHYsIFhTVEFURV9MQVpZKTsKLSAgICBl bHNlIGlmICggdi0+ZnB1X2luaXRpYWxpc2VkICkKLSAgICAgICAgZnB1X2Z4 cnN0b3Iodik7CiAgICAgZWxzZQotICAgICAgICBmcHVfaW5pdCgpOworICAg ICAgICBmcHVfZnhyc3Rvcih2KTsKIAogICAgIHYtPmZwdV9pbml0aWFsaXNl ZCA9IDE7CiAgICAgdi0+ZnB1X2RpcnRpZWQgPSAxOwpAQCAtMjkwLDcgKzI3 OCwxNCBAQCBpbnQgdmNwdV9pbml0X2ZwdShzdHJ1Y3QgdmNwdSAqdikKICAg ICBlbHNlCiAgICAgewogICAgICAgICB2LT5hcmNoLmZwdV9jdHh0ID0gX3h6 YWxsb2Moc2l6ZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSksIDE2 KTsKLSAgICAgICAgaWYgKCAhdi0+YXJjaC5mcHVfY3R4dCApCisgICAgICAg IGlmICggdi0+YXJjaC5mcHVfY3R4dCApCisgICAgICAgIHsKKyAgICAgICAg ICAgIHR5cGVvZih2LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpICpmcHVf c3NlID0gdi0+YXJjaC5mcHVfY3R4dDsKKworICAgICAgICAgICAgZnB1X3Nz ZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgICAgICBmcHVfc3NlLT5t eGNzciA9IE1YQ1NSX0RFRkFVTFQ7CisgICAgICAgIH0KKyAgICAgICAgZWxz ZQogICAgICAgICAgICAgcmMgPSAtRU5PTUVNOwogICAgIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa165-4.3.patch" Content-Disposition: attachment; filename="xsa165-4.3.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtNzMw LDYgKzczMCwxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKIAogICAg IGlmICggZmxhZ3MgJiBWR0NGX0kzODdfVkFMSUQgKQogICAgICAgICBtZW1j cHkodi0+YXJjaC5mcHVfY3R4dCwgJmMubmF0LT5mcHVfY3R4dCwgc2l6ZW9m KGMubmF0LT5mcHVfY3R4dCkpOworICAgIGVsc2UgaWYgKCB2LT5hcmNoLnhz YXZlX2FyZWEgKQorICAgICAgICBtZW1zZXQoJnYtPmFyY2gueHNhdmVfYXJl YS0+eHNhdmVfaGRyLCAwLAorICAgICAgICAgICAgICAgc2l6ZW9mKHYtPmFy Y2gueHNhdmVfYXJlYS0+eHNhdmVfaGRyKSk7CisgICAgZWxzZQorICAgIHsK KyAgICAgICAgdHlwZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSkg KmZwdV9zc2UgPSB2LT5hcmNoLmZwdV9jdHh0OworCisgICAgICAgIG1lbXNl dChmcHVfc3NlLCAwLCBzaXplb2YoKmZwdV9zc2UpKTsKKyAgICAgICAgZnB1 X3NzZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgIGZwdV9zc2UtPm14 Y3NyID0gTVhDU1JfREVGQVVMVDsKKyAgICB9CiAKICAgICBpZiAoICFjb21w YXQgKQogICAgIHsKLS0tIGEveGVuL2FyY2gveDg2L2kzODcuYworKysgYi94 ZW4vYXJjaC94ODYvaTM4Ny5jCkBAIC0xNywxOSArMTcsNiBAQAogI2luY2x1 ZGUgPGFzbS94c3RhdGUuaD4KICNpbmNsdWRlIDxhc20vYXNtX2RlZm5zLmg+ CiAKLXN0YXRpYyB2b2lkIGZwdV9pbml0KHZvaWQpCi17Ci0gICAgdW5zaWdu ZWQgbG9uZyB2YWw7Ci0gICAgCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5p dCIgKTsKLSAgICBpZiAoIGNwdV9oYXNfeG1tICkKLSAgICB7Ci0gICAgICAg IC8qIGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRyb2wvc3Rh dHVzIHJlZ2lzdGVyICovCi0gICAgICAgIHZhbCA9IE1YQ1NSX0RFRkFVTFQ7 Ci0gICAgICAgIGFzbSB2b2xhdGlsZSAoICJsZG14Y3NyICUwIiA6IDogIm0i ICh2YWwpICk7Ci0gICAgfQotfQotCiAvKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKi8KIC8qICAgICBGUFUgUmVzdG9yZSBGdW5jdGlvbnMgICAq LwogLyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCkBAIC0yNTQs MTUgKzI0MSw4IEBAIHZvaWQgdmNwdV9yZXN0b3JlX2ZwdV9sYXp5KHN0cnVj dCB2Y3B1ICoKIAogICAgIGlmICggY3B1X2hhc194c2F2ZSApCiAgICAgICAg IGZwdV94cnN0b3IodiwgWFNUQVRFX0xBWlkpOwotICAgIGVsc2UgaWYgKCB2 LT5mcHVfaW5pdGlhbGlzZWQgKQotICAgIHsKLSAgICAgICAgaWYgKCBjcHVf aGFzX2Z4c3IgKQotICAgICAgICAgICAgZnB1X2Z4cnN0b3Iodik7Ci0gICAg ICAgIGVsc2UKLSAgICAgICAgICAgIGZwdV9mcnN0b3Iodik7Ci0gICAgfQog ICAgIGVsc2UKLSAgICAgICAgZnB1X2luaXQoKTsKKyAgICAgICAgZnB1X2Z4 cnN0b3Iodik7CiAKICAgICB2LT5mcHVfaW5pdGlhbGlzZWQgPSAxOwogICAg IHYtPmZwdV9kaXJ0aWVkID0gMTsKQEAgLTMyMyw3ICszMDMsMTQgQEAgaW50 IHZjcHVfaW5pdF9mcHUoc3RydWN0IHZjcHUgKnYpCiAgICAgZWxzZQogICAg IHsKICAgICAgICAgdi0+YXJjaC5mcHVfY3R4dCA9IF94emFsbG9jKHNpemVv Zih2LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpLCAxNik7Ci0gICAgICAg IGlmICggIXYtPmFyY2guZnB1X2N0eHQgKQorICAgICAgICBpZiAoIHYtPmFy Y2guZnB1X2N0eHQgKQorICAgICAgICB7CisgICAgICAgICAgICB0eXBlb2Yo di0+YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYtPmFy Y2guZnB1X2N0eHQ7CisKKyAgICAgICAgICAgIGZwdV9zc2UtPmZjdyA9IEZD V19ERUZBVUxUOworICAgICAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENT Ul9ERUZBVUxUOworICAgICAgICB9CisgICAgICAgIGVsc2UKICAgICAgICAg ewogICAgICAgICAgICAgcmMgPSAtRU5PTUVNOwogICAgICAgICAgICAgZ290 byBkb25lOwo= --=separator Content-Type: application/octet-stream; name="xsa165-4.5.patch" Content-Disposition: attachment; filename="xsa165-4.5.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtNzk4 LDYgKzc5OCwxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKICAgICAg ICAgaWYgKCB2LT5hcmNoLnhzYXZlX2FyZWEgKQogICAgICAgICAgICAgIHYt PmFyY2gueHNhdmVfYXJlYS0+eHNhdmVfaGRyLnhzdGF0ZV9idiA9IFhTVEFU RV9GUF9TU0U7CiAgICAgfQorICAgIGVsc2UgaWYgKCB2LT5hcmNoLnhzYXZl X2FyZWEgKQorICAgICAgICBtZW1zZXQoJnYtPmFyY2gueHNhdmVfYXJlYS0+ eHNhdmVfaGRyLCAwLAorICAgICAgICAgICAgICAgc2l6ZW9mKHYtPmFyY2gu eHNhdmVfYXJlYS0+eHNhdmVfaGRyKSk7CisgICAgZWxzZQorICAgIHsKKyAg ICAgICAgdHlwZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSkgKmZw dV9zc2UgPSB2LT5hcmNoLmZwdV9jdHh0OworCisgICAgICAgIG1lbXNldChm cHVfc3NlLCAwLCBzaXplb2YoKmZwdV9zc2UpKTsKKyAgICAgICAgZnB1X3Nz ZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgIGZwdV9zc2UtPm14Y3Ny ID0gTVhDU1JfREVGQVVMVDsKKyAgICB9CiAKICAgICBpZiAoICFjb21wYXQg KQogICAgIHsKLS0tIGEveGVuL2FyY2gveDg2L2kzODcuYworKysgYi94ZW4v YXJjaC94ODYvaTM4Ny5jCkBAIC0xNywxOSArMTcsNiBAQAogI2luY2x1ZGUg PGFzbS94c3RhdGUuaD4KICNpbmNsdWRlIDxhc20vYXNtX2RlZm5zLmg+CiAK LXN0YXRpYyB2b2lkIGZwdV9pbml0KHZvaWQpCi17Ci0gICAgdW5zaWduZWQg bG9uZyB2YWw7Ci0gICAgCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5pdCIg KTsKLSAgICBpZiAoIGNwdV9oYXNfeG1tICkKLSAgICB7Ci0gICAgICAgIC8q IGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRyb2wvc3RhdHVz IHJlZ2lzdGVyICovCi0gICAgICAgIHZhbCA9IE1YQ1NSX0RFRkFVTFQ7Ci0g ICAgICAgIGFzbSB2b2xhdGlsZSAoICJsZG14Y3NyICUwIiA6IDogIm0iICh2 YWwpICk7Ci0gICAgfQotfQotCiAvKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKi8KIC8qICAgICBGUFUgUmVzdG9yZSBGdW5jdGlvbnMgICAqLwog LyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCkBAIC0yNDgsMTUg KzIzNSw4IEBAIHZvaWQgdmNwdV9yZXN0b3JlX2ZwdV9sYXp5KHN0cnVjdCB2 Y3B1ICoKIAogICAgIGlmICggY3B1X2hhc194c2F2ZSApCiAgICAgICAgIGZw dV94cnN0b3IodiwgWFNUQVRFX0xBWlkpOwotICAgIGVsc2UgaWYgKCB2LT5m cHVfaW5pdGlhbGlzZWQgKQotICAgIHsKLSAgICAgICAgaWYgKCBjcHVfaGFz X2Z4c3IgKQotICAgICAgICAgICAgZnB1X2Z4cnN0b3Iodik7Ci0gICAgICAg IGVsc2UKLSAgICAgICAgICAgIGZwdV9mcnN0b3Iodik7Ci0gICAgfQogICAg IGVsc2UKLSAgICAgICAgZnB1X2luaXQoKTsKKyAgICAgICAgZnB1X2Z4cnN0 b3Iodik7CiAKICAgICB2LT5mcHVfaW5pdGlhbGlzZWQgPSAxOwogICAgIHYt PmZwdV9kaXJ0aWVkID0gMTsKQEAgLTMxNyw3ICsyOTcsMTQgQEAgaW50IHZj cHVfaW5pdF9mcHUoc3RydWN0IHZjcHUgKnYpCiAgICAgZWxzZQogICAgIHsK ICAgICAgICAgdi0+YXJjaC5mcHVfY3R4dCA9IF94emFsbG9jKHNpemVvZih2 LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpLCAxNik7Ci0gICAgICAgIGlm ICggIXYtPmFyY2guZnB1X2N0eHQgKQorICAgICAgICBpZiAoIHYtPmFyY2gu ZnB1X2N0eHQgKQorICAgICAgICB7CisgICAgICAgICAgICB0eXBlb2Yodi0+ YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYtPmFyY2gu ZnB1X2N0eHQ7CisKKyAgICAgICAgICAgIGZwdV9zc2UtPmZjdyA9IEZDV19E RUZBVUxUOworICAgICAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENTUl9E RUZBVUxUOworICAgICAgICB9CisgICAgICAgIGVsc2UKICAgICAgICAgewog ICAgICAgICAgICAgcmMgPSAtRU5PTUVNOwogICAgICAgICAgICAgZ290byBk b25lOwo= --=separator Content-Type: application/octet-stream; name="xsa165-4.6.patch" Content-Disposition: attachment; filename="xsa165-4.6.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtODUx LDYgKzg1MSwxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKICAgICAg ICAgaWYgKCB2LT5hcmNoLnhzYXZlX2FyZWEgKQogICAgICAgICAgICAgIHYt PmFyY2gueHNhdmVfYXJlYS0+eHNhdmVfaGRyLnhzdGF0ZV9idiA9IFhTVEFU RV9GUF9TU0U7CiAgICAgfQorICAgIGVsc2UgaWYgKCB2LT5hcmNoLnhzYXZl X2FyZWEgKQorICAgICAgICBtZW1zZXQoJnYtPmFyY2gueHNhdmVfYXJlYS0+ eHNhdmVfaGRyLCAwLAorICAgICAgICAgICAgICAgc2l6ZW9mKHYtPmFyY2gu eHNhdmVfYXJlYS0+eHNhdmVfaGRyKSk7CisgICAgZWxzZQorICAgIHsKKyAg ICAgICAgdHlwZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSkgKmZw dV9zc2UgPSB2LT5hcmNoLmZwdV9jdHh0OworCisgICAgICAgIG1lbXNldChm cHVfc3NlLCAwLCBzaXplb2YoKmZwdV9zc2UpKTsKKyAgICAgICAgZnB1X3Nz ZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgIGZwdV9zc2UtPm14Y3Ny ID0gTVhDU1JfREVGQVVMVDsKKyAgICB9CiAKICAgICBpZiAoICFjb21wYXQg KQogICAgIHsKLS0tIGEveGVuL2FyY2gveDg2L2kzODcuYworKysgYi94ZW4v YXJjaC94ODYvaTM4Ny5jCkBAIC0xNywxOSArMTcsNiBAQAogI2luY2x1ZGUg PGFzbS94c3RhdGUuaD4KICNpbmNsdWRlIDxhc20vYXNtX2RlZm5zLmg+CiAK LXN0YXRpYyB2b2lkIGZwdV9pbml0KHZvaWQpCi17Ci0gICAgdW5zaWduZWQg bG9uZyB2YWw7Ci0gICAgCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5pdCIg KTsKLSAgICBpZiAoIGNwdV9oYXNfeG1tICkKLSAgICB7Ci0gICAgICAgIC8q IGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRyb2wvc3RhdHVz IHJlZ2lzdGVyICovCi0gICAgICAgIHZhbCA9IE1YQ1NSX0RFRkFVTFQ7Ci0g ICAgICAgIGFzbSB2b2xhdGlsZSAoICJsZG14Y3NyICUwIiA6IDogIm0iICh2 YWwpICk7Ci0gICAgfQotfQotCiAvKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKi8KIC8qICAgICBGUFUgUmVzdG9yZSBGdW5jdGlvbnMgICAqLwog LyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCkBAIC0yNDgsMTUg KzIzNSw4IEBAIHZvaWQgdmNwdV9yZXN0b3JlX2ZwdV9sYXp5KHN0cnVjdCB2 Y3B1ICoKIAogICAgIGlmICggY3B1X2hhc194c2F2ZSApCiAgICAgICAgIGZw dV94cnN0b3IodiwgWFNUQVRFX0xBWlkpOwotICAgIGVsc2UgaWYgKCB2LT5m cHVfaW5pdGlhbGlzZWQgKQotICAgIHsKLSAgICAgICAgaWYgKCBjcHVfaGFz X2Z4c3IgKQotICAgICAgICAgICAgZnB1X2Z4cnN0b3Iodik7Ci0gICAgICAg IGVsc2UKLSAgICAgICAgICAgIGZwdV9mcnN0b3Iodik7Ci0gICAgfQogICAg IGVsc2UKLSAgICAgICAgZnB1X2luaXQoKTsKKyAgICAgICAgZnB1X2Z4cnN0 b3Iodik7CiAKICAgICB2LT5mcHVfaW5pdGlhbGlzZWQgPSAxOwogICAgIHYt PmZwdV9kaXJ0aWVkID0gMTsKQEAgLTMxMyw3ICsyOTMsMTQgQEAgaW50IHZj cHVfaW5pdF9mcHUoc3RydWN0IHZjcHUgKnYpCiAgICAgZWxzZQogICAgIHsK ICAgICAgICAgdi0+YXJjaC5mcHVfY3R4dCA9IF94emFsbG9jKHNpemVvZih2 LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpLCAxNik7Ci0gICAgICAgIGlm ICggIXYtPmFyY2guZnB1X2N0eHQgKQorICAgICAgICBpZiAoIHYtPmFyY2gu ZnB1X2N0eHQgKQorICAgICAgICB7CisgICAgICAgICAgICB0eXBlb2Yodi0+ YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYtPmFyY2gu ZnB1X2N0eHQ7CisKKyAgICAgICAgICAgIGZwdV9zc2UtPmZjdyA9IEZDV19E RUZBVUxUOworICAgICAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENTUl9E RUZBVUxUOworICAgICAgICB9CisgICAgICAgIGVsc2UKICAgICAgICAgICAg IHJjID0gLUVOT01FTTsKICAgICB9CiAK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt8-0007Cy-50; Thu, 17 Dec 2015 12:42:30 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt6-0007CT-A7; Thu, 17 Dec 2015 12:42:28 +0000 Received: from [193.109.254.147] by server-1.bemta-14.messagelabs.com id 7F/1C-28791-3BDA2765; Thu, 17 Dec 2015 12:42:27 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-27.messagelabs.com!1450356144!11338806!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 62512 invoked from network); 17 Dec 2015 12:42:26 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:26 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xsw-0000vU-UM; Thu, 17 Dec 2015 12:42:18 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xst-0001w5-Ru; Thu, 17 Dec 2015 12:42:18 +0000 Date: Thu, 17 Dec 2015 12:42:15 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 157 (CVE-2015-8551, CVE-2015-8552) - Linux pciback missing sanity checks leading to crash X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8551,CVE-2015-8552 / XSA-157 version 3 Linux pciback missing sanity checks leading to crash UPDATES IN VERSION 3 ==================== Removed CVE-2015-8553 from the title of this advisory. We will issue an update to XSA-120 which documents the assignment of CVE-2015-8553 to the XSA-120 v5+ addendum patch. Public release. ISSUE DESCRIPTION ================= Xen PCI backend driver does not perform proper sanity checks on the device's state. Which in turn allows the generic MSI code (called by Xen PCI backend) to be called incorrectly leading to hitting BUG conditions or causing NULL pointer exceptions in the MSI code. (CVE-2015-8551) To exploit this the guest can craft specific sequence of XEN_PCI_OP_* operations which will trigger this. Furthermore the frontend can also craft an continous stream of XEN_PCI_OP_enable_msi which will trigger an continous stream of WARN() messages triggered by the MSI code leading to the logging in the initial domain to exhaust disk space. (CVE-2015-8552) Lastly there is also missing check to verify whether the device has memory decoding enabled set at the start of the day leading the initial domain "accesses to the respective MMIO or I/O port ranges would - - on PCI Express devices - [which can] lead to Unsupported Request responses. The treatment of such errors is platform specific." (from XSA-120). Note that if XSA-120 'addendum' patch (re CVE-2015-8553) has been applied this particular sub-issue is not exploitable. IMPACT ====== Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact is a host crash. Only x86 systems are vulnerable. ARM systems are not vulnerable. VULNERABLE SYSTEMS ================== This bug affects systems using Linux as the driver domain, including non-disaggregated systems using Linux as dom0. Linux versions v3.1 and onwards are vulnerable due to supporting PCI pass-through backend driver. PV and HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable or MSI-X. (Most modern devices are). MITIGATION ========== Not using PCI passthrough for PV and HVM guests. Note that for HVM guests QEMU is used for PCI passthrough - however the toolstack sets up also the 'PV' PCI which the guest can utilize if it chooses to do so. CREDITS ======= This issue was discovered by Konrad Rzeszutek Wilk of Oracle. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Linux 4.3: xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch $ sha256sum xsa157* 0cb2d1729f17e640e33f11945f2e12eba85071238fab2dcc42f81b5d942c159b xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch 9bcb240a49a5cd48428cc9c01ee480297999b93f6977fdddd79ec715648aa244 xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch 7c39b33d0e2d751970bbe56f463661c50aa5e4addc8eee35b80e9e1378e97b02 xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch 1acfd6f4ea13db6a146d547640f50d0ad40480b914b021760a518ac82e8e4c71 xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch b864620709e4b55a908dd6955a090ca03a9a07cfb31b66e2e5211ab8f0c77e68 xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqy7AAoJEIP+FMlX6CvZr/gH+gKO6HcnCeZGPthmt7tKiHxn oa/VjgDMxIGVHerP0HRXTbletj7XOWhdDNrHNa7JQQXkjXiE+zmLRTVum/ghIxKO OMSiRtLFm6pkWmOXJI5kvOLDxt1aEECLG0lU9okbk7YmhZE65L4ysIsOGydfzAIn niKsCnMCxv2MDz5WtFy4okwE+dYJA/MrPfJ1kdJK2y26elxNv895HmwUG8vG042e NKsqBXWqF8Li2GgrtuXCmUAjHeEFXkouCCh7XVSZo70Zr1kVtFpifeNyz2V72qqh XRDmYkY5TJy+CD8tSIb82CcPU1JA7X5hFm1AuzYHeYT3+hxG0glcELGde+655Ig= =i8jn -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch" Content-Disposition: attachment; filename="xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch" Content-Transfer-Encoding: base64 RnJvbSBlM2RlNGE0NGNmZTE5NmUxNjJkZGVmZmQ2Mzc5ZTVjNGU3NWZmMWQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MyBBcHIgMjAxNSAxMTowODoyMiAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDEvNV0geGVuL3BjaWJhY2s6IFJldHVybiBlcnJvciBvbgogWEVO X1BDSV9PUF9lbmFibGVfbXNpIHdoZW4gZGV2aWNlIGhhcyBNU0kgb3IgTVNJ LVggZW5hYmxlZAoKVGhlIGd1ZXN0IHNlcXVlbmNlIG9mOgoKIGEpIFhFTl9Q Q0lfT1BfZW5hYmxlX21zaQogYikgWEVOX1BDSV9PUF9lbmFibGVfbXNpCiBj KSBYRU5fUENJX09QX2Rpc2FibGVfbXNpCgpyZXN1bHRzIGluIGhpdHRpbmcg YW4gQlVHX09OIGNvbmRpdGlvbiBpbiB0aGUgbXNpLmMgY29kZS4KClRoZSBN U0kgY29kZSB1c2VzIGFuIGRldi0+bXNpX2xpc3QgdG8gd2hpY2ggaXQgYWRk cyBNU0kgZW50cmllcy4KVW5kZXIgdGhlIGFib3ZlIGNvbmRpdGlvbnMgYW4g QlVHX09OKCkgY2FuIGJlIGhpdC4gVGhlIGRldmljZQpwYXNzZWQgaW4gdGhl IGd1ZXN0IE1VU1QgaGF2ZSBNU0kgY2FwYWJpbGl0eS4KClRoZSBhKSBhZGRz IHRoZSBlbnRyeSB0byB0aGUgZGV2LT5tc2lfbGlzdCBhbmQgc2V0cyBtc2lf ZW5hYmxlZC4KVGhlIGIpIGFkZHMgYSBzZWNvbmQgZW50cnkgYnV0IGFkZGlu ZyBpbiB0byBTeXNGUyBmYWlscyAoZHVwbGljYXRlIGVudHJ5KQphbmQgZGVs ZXRlcyBhbGwgb2YgdGhlIGVudHJpZXMgZnJvbSBtc2lfbGlzdCBhbmQgcmV0 dXJucyAod2l0aCBtc2lfZW5hYmxlZAppcyBzdGlsbCBzZXQpLiAgYykgcGNp X2Rpc2FibGVfbXNpIHBhc3NlcyB0aGUgbXNpX2VuYWJsZWQgY2hlY2tzIGFu ZCBoaXRzOgoKQlVHX09OKGxpc3RfZW1wdHkoZGV2X3RvX21zaV9saXN0KCZk ZXYtPmRldikpKTsKCmFuZCBibG93cyB1cC4KClRoZSBwYXRjaCBhZGRzIGEg c2ltcGxlIGNoZWNrIGluIHRoZSBYRU5fUENJX09QX2VuYWJsZV9tc2kgdG8g Z3VhcmQKYWdhaW5zdCB0aGF0LiBUaGUgY2hlY2sgZm9yIG1zaXhfZW5hYmxl ZCBpcyBub3Qgc3RyaWNseSBuZWNjZXNzYXJ5LgoKVGhpcyBpcyBwYXJ0IG9m IFhTQS0xNTcuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZpZXdl ZC1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNvbT4K UmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K U2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25yYWQu d2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMgfCA3ICsrKysrKy0KIDEgZmlsZSBjaGFuZ2VkLCA2 IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9k cml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCBjNGEwNjY2 Li41Y2U1NzNhIDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFj ay9wY2liYWNrX29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMKQEAgLTE0NCw3ICsxNDQsMTIgQEAgaW50IHhlbl9w Y2lia19lbmFibGVfbXNpKHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpwZGV2 LAogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlwcmludGso S0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZW5hYmxlIE1TSVxuIiwgcGNp X25hbWUoZGV2KSk7CiAKLQlzdGF0dXMgPSBwY2lfZW5hYmxlX21zaShkZXYp OworCWlmIChkZXYtPm1zaV9lbmFibGVkKQorCQlzdGF0dXMgPSAtRUFMUkVB RFk7CisJZWxzZSBpZiAoZGV2LT5tc2l4X2VuYWJsZWQpCisJCXN0YXR1cyA9 IC1FTlhJTzsKKwllbHNlCisJCXN0YXR1cyA9IHBjaV9lbmFibGVfbXNpKGRl dik7CiAKIAlpZiAoc3RhdHVzKSB7CiAJCXByX3dhcm5fcmF0ZWxpbWl0ZWQo IiVzOiBlcnJvciBlbmFibGluZyBNU0kgZm9yIGd1ZXN0ICV1OiBlcnIgJWRc biIsCi0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch" Content-Disposition: attachment; filename="xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch" Content-Transfer-Encoding: base64 RnJvbSAxOWIzM2I3MGQ0MjNkZGZlYTFkYWY3NjE1ZWI3ZjYwNTM3MWExODQx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MiBOb3YgMjAxNSAxODowNzo0NCAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDIvNV0geGVuL3BjaWJhY2s6IFJldHVybiBlcnJvciBvbgogWEVO X1BDSV9PUF9lbmFibGVfbXNpeCB3aGVuIGRldmljZSBoYXMgTVNJIG9yIE1T SS1YIGVuYWJsZWQKClRoZSBndWVzdCBzZXF1ZW5jZSBvZjoKCiAgYSkgWEVO X1BDSV9PUF9lbmFibGVfbXNpeAogIGIpIFhFTl9QQ0lfT1BfZW5hYmxlX21z aXgKCnJlc3VsdHMgaW4gaGl0dGluZyBhbiBOVUxMIHBvaW50ZXIgZHVlIHRv IHVzaW5nIGZyZWVkIHBvaW50ZXJzLgoKVGhlIGRldmljZSBwYXNzZWQgaW4g dGhlIGd1ZXN0IE1VU1QgaGF2ZSBNU0ktWCBjYXBhYmlsaXR5LgoKVGhlIGEp IGNvbnN0cnVjdHMgYW5kIFN5c0ZTIHJlcHJlc2VudGF0aW9uIG9mIE1TSSBh bmQgTVNJIGdyb3Vwcy4KVGhlIGIpIGFkZHMgYSBzZWNvbmQgc2V0IG9mIHRo ZW0gYnV0IGFkZGluZyBpbiB0byBTeXNGUyBmYWlscyAoZHVwbGljYXRlIGVu dHJ5KS4KJ3BvcHVsYXRlX21zaV9zeXNmcycgZnJlZXMgdGhlIG5ld2x5IGFs bG9jYXRlZCBtc2lfaXJxX2dyb3VwcyAobm90ZSB0aGF0CmluIGEpIHBkZXYt Pm1zaV9pcnFfZ3JvdXBzIGlzIHN0aWxsIHNldCkgYW5kIGFsc28gZnJlZSdz IEFMTCBvZiB0aGUKTVNJLVggZW50cmllcyBvZiB0aGUgZGV2aWNlICh0aGUg b25lcyBhbGxvY2F0ZWQgaW4gc3RlcCBhKSBhbmQgYikpLgoKVGhlIHVud2lu ZCBjb2RlOiAnZnJlZV9tc2lfaXJxcycgZGVsZXRlcyBhbGwgdGhlIGVudHJp ZXMgYW5kIHRyaWVzIHRvCmRlbGV0ZSB0aGUgcGRldi0+bXNpX2lycV9ncm91 cHMgKHdoaWNoIGhhc24ndCBiZWVuIHNldCB0byBOVUxMKS4KSG93ZXZlciB0 aGUgcG9pbnRlcnMgaW4gdGhlIFN5c0ZTIGFyZSBhbHJlYWR5IGZyZWVkIGFu ZCB3ZSBoaXQgYW4KTlVMTCBwb2ludGVyIGZ1cnRoZXIgb24gd2hlbiAnc3Ry bGVuJyBpcyBhdHRlbXB0ZWQgb24gYSBmcmVlZCBwb2ludGVyLgoKVGhlIHBh dGNoIGFkZHMgYSBzaW1wbGUgY2hlY2sgaW4gdGhlIFhFTl9QQ0lfT1BfZW5h YmxlX21zaXggdG8gZ3VhcmQKYWdhaW5zdCB0aGF0LiBUaGUgY2hlY2sgZm9y IG1zaV9lbmFibGVkIGlzIG5vdCBzdHJpY2x5IG5lY2Nlc3NhcnkuCgpUaGlz IGlzIHBhcnQgb2YgWFNBLTE1NwoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5v cmcKUmV2aWV3ZWQtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNp dHJpeC5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hA c3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL3hlbi94 ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIHwgNyArKysrKysrCiAxIGZpbGUg Y2hhbmdlZCwgNyBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYyBiL2RyaXZlcnMveGVu L3hlbi1wY2liYWNrL3BjaWJhY2tfb3BzLmMKaW5kZXggNWNlNTczYS4uYTEw NzkyOCAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNp YmFja19vcHMuYworKysgYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2li YWNrX29wcy5jCkBAIC0yMDYsOSArMjA2LDE2IEBAIGludCB4ZW5fcGNpYmtf ZW5hYmxlX21zaXgoc3RydWN0IHhlbl9wY2lia19kZXZpY2UgKnBkZXYsCiAJ aWYgKHVubGlrZWx5KHZlcmJvc2VfcmVxdWVzdCkpCiAJCXByaW50ayhLRVJO X0RFQlVHIERSVl9OQU1FICI6ICVzOiBlbmFibGUgTVNJLVhcbiIsCiAJCSAg ICAgICBwY2lfbmFtZShkZXYpKTsKKwogCWlmIChvcC0+dmFsdWUgPiBTSF9J TkZPX01BWF9WRUMpCiAJCXJldHVybiAtRUlOVkFMOwogCisJaWYgKGRldi0+ bXNpeF9lbmFibGVkKQorCQlyZXR1cm4gLUVBTFJFQURZOworCisJaWYgKGRl di0+bXNpX2VuYWJsZWQpCisJCXJldHVybiAtRU5YSU87CisKIAllbnRyaWVz ID0ga21hbGxvYyhvcC0+dmFsdWUgKiBzaXplb2YoKmVudHJpZXMpLCBHRlBf S0VSTkVMKTsKIAlpZiAoZW50cmllcyA9PSBOVUxMKQogCQlyZXR1cm4gLUVO T01FTTsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch" Content-Disposition: attachment; filename="xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch" Content-Transfer-Encoding: base64 RnJvbSBhYTQ4MzE0YzYwZGExMDM1YThlNmNjMDViZWMxMjgzOGEwNzRkZTk4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MiBOb3YgMjAxNSAxNzoyNDowOCAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDMvNV0geGVuL3BjaWJhY2s6IERvIG5vdCBpbnN0YWxsIGFuIElS USBoYW5kbGVyIGZvcgogTVNJIGludGVycnVwdHMuCgpPdGhlcndpc2UgYW4g Z3Vlc3QgY2FuIHN1YnZlcnQgdGhlIGdlbmVyaWMgTVNJIGNvZGUgdG8gdHJp Z2dlcgphbiBCVUdfT04gY29uZGl0aW9uIGR1cmluZyBNU0kgaW50ZXJydXB0 IGZyZWVpbmc6CgogZm9yIChpID0gMDsgaSA8IGVudHJ5LT5udmVjX3VzZWQ7 IGkrKykKICAgICAgICBCVUdfT04oaXJxX2hhc19hY3Rpb24oZW50cnktPmly cSArIGkpKTsKClhlbiBQQ0kgYmFja2VkIGluc3RhbGxzIGFuIElSUSBoYW5k bGVyIChyZXF1ZXN0X2lycSkgZm9yCnRoZSBkZXYtPmlycSB3aGVuZXZlciB0 aGUgZ3Vlc3Qgd3JpdGVzIFBDSV9DT01NQU5EX01FTU9SWQoob3IgUENJX0NP TU1BTkRfSU8pIHRvIHRoZSBQQ0lfQ09NTUFORCByZWdpc3Rlci4gVGhpcyBp cwpkb25lIGluIGNhc2UgdGhlIGRldmljZSBoYXMgbGVnYWN5IGludGVycnVw dHMgdGhlIEdTSSBsaW5lCmlzIHNoYXJlZCBieSB0aGUgYmFja2VuZCBkZXZp Y2VzLgoKVG8gc3VidmVydCB0aGUgYmFja2VuZCB0aGUgZ3Vlc3QgbmVlZHMg dG8gbWFrZSB0aGUgYmFja2VuZAp0byBjaGFuZ2UgdGhlIGRldi0+aXJxIGZy b20gdGhlIEdTSSB0byB0aGUgTVNJIGludGVycnVwdCBsaW5lLAptYWtlIHRo ZSBiYWNrZW5kIGFsbG9jYXRlIGFuIGludGVycnVwdCBoYW5kbGVyLCBhbmQg dGhlbiBjb21tYW5kCnRoZSBiYWNrZW5kIHRvIGZyZWUgdGhlIE1TSSBpbnRl cnJ1cHQgYW5kIGhpdCB0aGUgQlVHX09OLgoKU2luY2UgdGhlIGJhY2tlbmQg b25seSBjYWxscyAncmVxdWVzdF9pcnEnIHdoZW4gdGhlIGd1ZXN0CndyaXRl cyB0byB0aGUgUENJX0NPTU1BTkQgcmVnaXN0ZXIgdGhlIGd1ZXN0IG5lZWRz IHRvIGNhbGwKWEVOX1BDSV9PUF9lbmFibGVfbXNpIGJlZm9yZSBhbnkgb3Ro ZXIgb3BlcmF0aW9uLiBUaGlzIHdpbGwKY2F1c2UgdGhlIGdlbmVyaWMgTVNJ IGNvZGUgdG8gc2V0dXAgYW4gTVNJIGVudHJ5IGFuZApwb3B1bGF0ZSBkZXYt PmlycSB3aXRoIHRoZSBuZXcgUElSUSB2YWx1ZS4KClRoZW4gdGhlIGd1ZXN0 IGNhbiB3cml0ZSB0byBQQ0lfQ09NTUFORCBQQ0lfQ09NTUFORF9NRU1PUlkK YW5kIGNhdXNlIHRoZSBiYWNrZW5kIHRvIHNldHVwIGFuIElSUSBoYW5kbGVy IGZvciBkZXYtPmlycQood2hpY2ggaW5zdGVhZCBvZiB0aGUgR1NJIHZhbHVl IGhhcyB0aGUgTVNJIHBpcnEpLiBTZWUKJ3hlbl9wY2lia19jb250cm9sX2lz cicuCgpUaGVuIHRoZSBndWVzdCBkaXNhYmxlcyB0aGUgTVNJOiBYRU5fUENJ X09QX2Rpc2FibGVfbXNpCndoaWNoIGVuZHMgdXAgdHJpZ2dlcmluZyB0aGUg QlVHX09OIGNvbmRpdGlvbiBpbiAnZnJlZV9tc2lfaXJxcycKYXMgdGhlcmUg aXMgYW4gSVJRIGhhbmRsZXIgZm9yIHRoZSBlbnRyeS0+aXJxIChkZXYtPmly cSkuCgpOb3RlIHRoYXQgdGhpcyBjYW5ub3QgYmUgZG9uZSB1c2luZyBNU0kt WCBhcyB0aGUgZ2VuZXJpYwpjb2RlIGRvZXMgbm90IG92ZXItd3JpdGUgZGV2 LT5pcnEgd2l0aCB0aGUgTVNJLVggUElSUSB2YWx1ZXMuCgpUaGUgcGF0Y2gg aW5oaWJpdHMgc2V0dGluZyB1cCB0aGUgSVJRIGhhbmRsZXIgaWYgTVNJIG9y Ck1TSS1YIChmb3Igc3ltbWV0cnkgcmVhc29ucykgY29kZSBoYWQgYmVlbiBj YWxsZWQgc3VjY2Vzc2Z1bGx5LgoKUC5TLgpYZW4gUENJQmFjayB3aGVuIGl0 IHNldHMgdXAgdGhlIGRldmljZSBmb3IgdGhlIGd1ZXN0IGNvbnN1bXB0aW9u CmVuZHMgdXAgd3JpdHRpbmcgMCB0byB0aGUgUENJX0NPTU1BTkQgKHNlZSB4 ZW5fcGNpYmtfcmVzZXRfZGV2aWNlKS4KWFNBLTEyMCBhZGRlbmR1bSBwYXRj aCByZW1vdmVkIHRoYXQgLSBob3dldmVyIHdoZW4gdXBzdHJlYW1pbmcgc2Fp ZAphZGRlbmR1bSB3ZSBmb3VuZCB0aGF0IGl0IGNhdXNlZCBpc3N1ZXMgd2l0 aCBxZW11IHVwc3RyZWFtLiBUaGF0CmhhcyBub3cgYmVlbiBmaXhlZCBpbiBx ZW11IHVwc3RyZWFtLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0xNTcKCkNDOiBz dGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBEYXZpZCBWcmFi ZWwgPGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBL b25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ Ci0tLQogZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYyB8 IDcgKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDcgaW5zZXJ0aW9ucygrKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMveGVuL3hlbi1wY2liYWNrL3BjaWJhY2tf b3BzLmMgYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5j CmluZGV4IGExMDc5MjguLjViYjc2YzAgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMv eGVuL3hlbi1wY2liYWNrL3BjaWJhY2tfb3BzLmMKKysrIGIvZHJpdmVycy94 ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwpAQCAtNzAsNiArNzAsMTMg QEAgc3RhdGljIHZvaWQgeGVuX3BjaWJrX2NvbnRyb2xfaXNyKHN0cnVjdCBw Y2lfZGV2ICpkZXYsIGludCByZXNldCkKIAkJZW5hYmxlID8gImVuYWJsZSIg OiAiZGlzYWJsZSIpOwogCiAJaWYgKGVuYWJsZSkgeworCQkvKgorCQkgKiBU aGUgTVNJIG9yIE1TSS1YIHNob3VsZCBub3QgaGF2ZSBhbiBJUlEgaGFuZGxl ci4gT3RoZXJ3aXNlCisJCSAqIGlmIHRoZSBndWVzdCB0ZXJtaW5hdGVzIHdl IEJVR19PTiBpbiBmcmVlX21zaV9pcnFzLgorCQkgKi8KKwkJaWYgKGRldi0+ bXNpX2VuYWJsZWQgfHwgZGV2LT5tc2l4X2VuYWJsZWQpCisJCQlnb3RvIG91 dDsKKwogCQlyYyA9IHJlcXVlc3RfaXJxKGRldl9kYXRhLT5pcnEsCiAJCQkJ eGVuX3BjaWJrX2d1ZXN0X2ludGVycnVwdCwgSVJRRl9TSEFSRUQsCiAJCQkJ ZGV2X2RhdGEtPmlycV9uYW1lLCBkZXYpOwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch" Content-Disposition: attachment; filename="xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch" Content-Transfer-Encoding: base64 RnJvbSA1OWE0MDM3NTBkMzc5NmI0NTM3NjA0MWE0ODQzZmNkZTQzNmFlMzdl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFdlZCwg MSBBcHIgMjAxNSAxMDo0OTo0NyAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDQvNV0geGVuL3BjaWJhY2s6IEZvciBYRU5fUENJX09QX2Rpc2Fi bGVfbXNpW3x4XQogb25seSBkaXNhYmxlIGlmIGRldmljZSBoYXMgTVNJKFgp IGVuYWJsZWQuCgpPdGhlcndpc2UganVzdCBjb250aW51ZSBvbiwgcmV0dXJu aW5nIHRoZSBzYW1lIHZhbHVlcyBhcwpwcmV2aW91c2x5IChyZXR1cm4gb2Yg MCwgYW5kIG9wLT5yZXN1bHQgaGFzIHRoZSBQSVJRIHZhbHVlKS4KClRoaXMg ZG9lcyBub3QgY2hhbmdlIHRoZSBiZWhhdmlvciBvZiBYRU5fUENJX09QX2Rp c2FibGVfbXNpW3x4XS4KClRoZSBwY2lfZGlzYWJsZV9tc2kgb3IgcGNpX2Rp c2FibGVfbXNpeCBoYXZlIHRoZSBjaGVja3MgZm9yCm1zaV9lbmFibGVkIG9y IG1zaXhfZW5hYmxlZCBzbyB0aGV5IHdpbGwgZXJyb3Igb3V0IGltbWVkaWF0 ZWx5LgoKSG93ZXZlciB0aGUgZ3Vlc3QgY2FuIHN0aWxsIGNhbGwgdGhlc2Ug b3BlcmF0aW9ucyBhbmQgY2F1c2UKdXMgdG8gZGlzYWJsZSB0aGUgJ2Fja19p bnRyJy4gVGhhdCBtZWFucyB0aGUgYmFja2VuZCBJUlEgaGFuZGxlcgpmb3Ig dGhlIGxlZ2FjeSBpbnRlcnJ1cHQgd2lsbCBub3QgcmVzcG9uZCB0byBpbnRl cnJ1cHRzIGFueW1vcmUuCgpUaGlzIHdpbGwgbGVhZCB0byAoaWYgdGhlIGRl dmljZSBpcyBjYXVzaW5nIGFuIGludGVycnVwdCBzdG9ybSkKZm9yIHRoZSBM aW51eCBnZW5lcmljIGNvZGUgdG8gZGlzYWJsZSB0aGUgaW50ZXJydXB0IGxp bmUuCgpOYXR1cmFsbHkgdGhpcyB3aWxsIG9ubHkgaGFwcGVuIGlmIHRoZSBk ZXZpY2UgaW4gcXVlc3Rpb24KaXMgcGx1Z2dlZCBpbiBvbiB0aGUgbW90aGVy Ym9hcmQgb24gc2hhcmVkIGxldmVsIGludGVycnVwdCBHU0kuCgpUaGlzIGlz IHBhcnQgb2YgWFNBLTE1NwoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcK UmV2aWV3ZWQtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2lsayA8 a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL3hlbi94ZW4t cGNpYmFjay9wY2liYWNrX29wcy5jIHwgMzMgKysrKysrKysrKysrKysrKysr KystLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMjAgaW5zZXJ0aW9u cygrKSwgMTMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94 ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYyBiL2RyaXZlcnMveGVuL3hl bi1wY2liYWNrL3BjaWJhY2tfb3BzLmMKaW5kZXggNWJiNzZjMC4uNjQ4YzA5 YyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNpYmFj a19vcHMuYworKysgYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNr X29wcy5jCkBAIC0xODUsMjAgKzE4NSwyMyBAQCBzdGF0aWMKIGludCB4ZW5f cGNpYmtfZGlzYWJsZV9tc2koc3RydWN0IHhlbl9wY2lia19kZXZpY2UgKnBk ZXYsCiAJCQkgIHN0cnVjdCBwY2lfZGV2ICpkZXYsIHN0cnVjdCB4ZW5fcGNp X29wICpvcCkKIHsKLQlzdHJ1Y3QgeGVuX3BjaWJrX2Rldl9kYXRhICpkZXZf ZGF0YTsKLQogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlw cmludGsoS0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZGlzYWJsZSBNU0lc biIsCiAJCSAgICAgICBwY2lfbmFtZShkZXYpKTsKLQlwY2lfZGlzYWJsZV9t c2koZGV2KTsKIAorCWlmIChkZXYtPm1zaV9lbmFibGVkKSB7CisJCXN0cnVj dCB4ZW5fcGNpYmtfZGV2X2RhdGEgKmRldl9kYXRhOworCisJCXBjaV9kaXNh YmxlX21zaShkZXYpOworCisJCWRldl9kYXRhID0gcGNpX2dldF9kcnZkYXRh KGRldik7CisJCWlmIChkZXZfZGF0YSkKKwkJCWRldl9kYXRhLT5hY2tfaW50 ciA9IDE7CisJfQogCW9wLT52YWx1ZSA9IGRldi0+aXJxID8geGVuX3BpcnFf ZnJvbV9pcnEoZGV2LT5pcnEpIDogMDsKIAlpZiAodW5saWtlbHkodmVyYm9z ZV9yZXF1ZXN0KSkKIAkJcHJpbnRrKEtFUk5fREVCVUcgRFJWX05BTUUgIjog JXM6IE1TSTogJWRcbiIsIHBjaV9uYW1lKGRldiksCiAJCQlvcC0+dmFsdWUp OwotCWRldl9kYXRhID0gcGNpX2dldF9kcnZkYXRhKGRldik7Ci0JaWYgKGRl dl9kYXRhKQotCQlkZXZfZGF0YS0+YWNrX2ludHIgPSAxOwogCXJldHVybiAw OwogfQogCkBAIC0yNjQsMjMgKzI2NywyNyBAQCBzdGF0aWMKIGludCB4ZW5f cGNpYmtfZGlzYWJsZV9tc2l4KHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpw ZGV2LAogCQkJICAgc3RydWN0IHBjaV9kZXYgKmRldiwgc3RydWN0IHhlbl9w Y2lfb3AgKm9wKQogewotCXN0cnVjdCB4ZW5fcGNpYmtfZGV2X2RhdGEgKmRl dl9kYXRhOwogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlw cmludGsoS0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZGlzYWJsZSBNU0kt WFxuIiwKIAkJCXBjaV9uYW1lKGRldikpOwotCXBjaV9kaXNhYmxlX21zaXgo ZGV2KTsKIAorCWlmIChkZXYtPm1zaXhfZW5hYmxlZCkgeworCQlzdHJ1Y3Qg eGVuX3BjaWJrX2Rldl9kYXRhICpkZXZfZGF0YTsKKworCQlwY2lfZGlzYWJs ZV9tc2l4KGRldik7CisKKwkJZGV2X2RhdGEgPSBwY2lfZ2V0X2RydmRhdGEo ZGV2KTsKKwkJaWYgKGRldl9kYXRhKQorCQkJZGV2X2RhdGEtPmFja19pbnRy ID0gMTsKKwl9CiAJLyoKIAkgKiBTUi1JT1YgZGV2aWNlcyAod2hpY2ggZG9u J3QgaGF2ZSBhbnkgbGVnYWN5IElSUSkgaGF2ZQogCSAqIGFuIHVuZGVmaW5l ZCBJUlEgdmFsdWUgb2YgemVyby4KIAkgKi8KIAlvcC0+dmFsdWUgPSBkZXYt PmlycSA/IHhlbl9waXJxX2Zyb21faXJxKGRldi0+aXJxKSA6IDA7CiAJaWYg KHVubGlrZWx5KHZlcmJvc2VfcmVxdWVzdCkpCi0JCXByaW50ayhLRVJOX0RF QlVHIERSVl9OQU1FICI6ICVzOiBNU0ktWDogJWRcbiIsIHBjaV9uYW1lKGRl diksCi0JCQlvcC0+dmFsdWUpOwotCWRldl9kYXRhID0gcGNpX2dldF9kcnZk YXRhKGRldik7Ci0JaWYgKGRldl9kYXRhKQotCQlkZXZfZGF0YS0+YWNrX2lu dHIgPSAxOworCQlwcmludGsoS0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczog TVNJLVg6ICVkXG4iLAorCQkgICAgICAgcGNpX25hbWUoZGV2KSwgb3AtPnZh bHVlKTsKIAlyZXR1cm4gMDsKIH0KICNlbmRpZgotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch" Content-Disposition: attachment; filename="xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch" Content-Transfer-Encoding: base64 RnJvbSBlOWFiOWUwNGVkNzZlZjA2YjRiYTlhMzBiMzcyNGNhNTYzZmRmMWZh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MiBOb3YgMjAxNSAxODoxMzoyNyAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDUvNV0geGVuL3BjaWJhY2s6IERvbid0IGFsbG93IE1TSS1YIG9w cyBpZgogUENJX0NPTU1BTkRfTUVNT1JZIGlzIG5vdCBzZXQuCgpjb21taXQg ZjU5ODI4MmY1MSAoIlBDSTogRml4IHRoZSBOSVUgTVNJLVggcHJvYmxlbSBp biBhIGJldHRlciB3YXkiKQp0ZWFjaGVzIHVzIHRoYXQgZGVhbGluZyB3aXRo IE1TSS1YIGNhbiBiZSB0cm91Ymxlc29tZS4KCkZ1cnRoZXIgY2hlY2tzIGlu IHRoZSBNU0ktWCBhcmNoaXRlY3R1cmUgc2hvd3MgdGhhdCBpZiB0aGUKUENJ X0NPTU1BTkRfTUVNT1JZIGJpdCBpcyB0dXJuZWQgb2YgaW4gdGhlIFBDSV9D T01NQU5EIHdlCm1heSBub3QgYmUgYWJsZSB0byBhY2Nlc3MgdGhlIEJBUiAo c2luY2UgdGhleSBhcmUgbWVtb3J5IHJlZ2lvbnMpLgoKU2luY2UgdGhlIE1T SS1YIHRhYmxlcyBhcmUgbG9jYXRlZCBpbiB0aGVyZS4uIHRoYXQgY2FuIGxl YWQKdG8gdXMgY2F1c2luZyBQQ0llIGVycm9ycy4gSW5oaWJpdCB1cyBwZXJm b3JtaW5nIGFueQpvcGVyYXRpb24gb24gdGhlIE1TSS1YIHVubGVzcyB0aGUg TUVNT1JZIGJpdCBpcyBzZXQuCgpOb3RlIHRoYXQgWGVuIGh5cGVydmlzb3Ig d2l0aDoKIng4Ni9NU0ktWDogYWNjZXNzIE1TSS1YIHRhYmxlIG9ubHkgYWZ0 ZXIgaGF2aW5nIGVuYWJsZWQgTVNJLVgiCndpbGwgcmV0dXJuOgp4ZW5fcGNp YmFjazogMDAwMDowYTowMC4xOiBlcnJvciAtNiBlbmFibGluZyBNU0ktWCBm b3IgZ3Vlc3QgMyEKCldoZW4gdGhlIGdlbmVyaWMgTVNJIGNvZGUgdHJpZXMg dG8gc2V0dXAgdGhlIFBJUlEgd2l0aG91dApNRU1PUlkgYml0IHNldC4gV2hp Y2ggbWVhbnMgd2l0aCBsYXRlciB2ZXJzaW9ucyBvZiBYZW4KKDQuNikgdGhp cyBwYXRjaCBpcyBub3QgbmVjY2Vzc2FyeS4KClRoaXMgaXMgcGFydCBvZiBY U0EtMTU3CgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZpZXdlZC1i eTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTaWduZWQtb2Zm LWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNs ZS5jb20+Ci0tLQogZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19v cHMuYyB8IDggKysrKysrKy0KIDEgZmlsZSBjaGFuZ2VkLCA3IGluc2VydGlv bnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hl bi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVycy94ZW4veGVu LXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCA2NDhjMDljLi5lZGI5MzU3 IDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNr X29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNrL3BjaWJhY2tf b3BzLmMKQEAgLTIxMiw2ICsyMTIsNyBAQCBpbnQgeGVuX3BjaWJrX2VuYWJs ZV9tc2l4KHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpwZGV2LAogCXN0cnVj dCB4ZW5fcGNpYmtfZGV2X2RhdGEgKmRldl9kYXRhOwogCWludCBpLCByZXN1 bHQ7CiAJc3RydWN0IG1zaXhfZW50cnkgKmVudHJpZXM7CisJdTE2IGNtZDsK IAogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlwcmludGso S0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZW5hYmxlIE1TSS1YXG4iLApA QCAtMjIzLDcgKzIyNCwxMiBAQCBpbnQgeGVuX3BjaWJrX2VuYWJsZV9tc2l4 KHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpwZGV2LAogCWlmIChkZXYtPm1z aXhfZW5hYmxlZCkKIAkJcmV0dXJuIC1FQUxSRUFEWTsKIAotCWlmIChkZXYt Pm1zaV9lbmFibGVkKQorCS8qCisJICogUENJX0NPTU1BTkRfTUVNT1JZIG11 c3QgYmUgZW5hYmxlZCwgb3RoZXJ3aXNlIHdlIG1heSBub3QgYmUgYWJsZQor CSAqIHRvIGFjY2VzcyB0aGUgQkFScyB3aGVyZSB0aGUgTVNJLVggZW50cmll cyByZXNpZGUuCisJICovCisJcGNpX3JlYWRfY29uZmlnX3dvcmQoZGV2LCBQ Q0lfQ09NTUFORCwgJmNtZCk7CisJaWYgKGRldi0+bXNpX2VuYWJsZWQgfHwg IShjbWQgJiBQQ0lfQ09NTUFORF9NRU1PUlkpKQogCQlyZXR1cm4gLUVOWElP OwogCiAJZW50cmllcyA9IGttYWxsb2Mob3AtPnZhbHVlICogc2l6ZW9mKCpl bnRyaWVzKSwgR0ZQX0tFUk5FTCk7Ci0tIAoyLjEuMAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtE-0007FS-Km; Thu, 17 Dec 2015 12:42:36 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtC-0007Ds-Rc; Thu, 17 Dec 2015 12:42:35 +0000 Received: from [85.158.139.211] by server-4.bemta-5.messagelabs.com id A4/79-24856-9BDA2765; Thu, 17 Dec 2015 12:42:33 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-6.tower-206.messagelabs.com!1450356152!11061131!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 15822 invoked from network); 17 Dec 2015 12:42:33 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-6.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:33 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt4-0000vu-Gx; Thu, 17 Dec 2015 12:42:26 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xt4-0001xf-Aw; Thu, 17 Dec 2015 12:42:26 +0000 Date: Thu, 17 Dec 2015 12:42:26 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 164 (CVE-2015-8554) - qemu-dm buffer overrun in MSI-X handling X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8554 / XSA-164 version 3 qemu-dm buffer overrun in MSI-X handling UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= "qemu-xen-traditional" (aka qemu-dm) tracks state for each MSI-X table entry of a passed through device. This is used/updated on (intercepted) accesses to the page(s) containing the MSI-X table. There may be space on the final page not covered by any MSI-X table entry, but memory for state tracking is allocated only for existing table entries. Therefore bounds checks are required to avoid accessing/corrupting unrelated heap memory. Such a check is present for the read path, but was missing for the write path. IMPACT ====== A malicious administrator of a guest which has access to a passed through PCI device which is MSI-X capable can exploit this vulnerability to take over the qemu process, elevating its privilege to that of the qemu process. In a system not using a device model stub domain (or other techniques for deprivileging qemu), the malicious guest administrator can thus elevate their privilege to that of the host. VULNERABLE SYSTEMS ================== Xen systems running x86 HVM guests with "qemu-xen-traditional", but without stubdomains, which have been passed through an MSI-X capable physical PCI device are vulnerable. The default configuration is NOT vulnerable from Xen 4.3 onwards (because it uses a newer upstream qemu version). Systems running only PV guests are NOT vulnerable. Only systems using PCI passthrough are vulnerable. Systems using "qemu-xen-traditional" stubdomain device models (for example, by specifying "device_model_stubdomain_override=1" in xl's domain configuration files) are NOT vulnerable. Only the traditional "qemu-xen-traditional" device model is vulnerable. Upstream qemu device models ("qemu-xen") are NOT vulnerable. ARM systems are NOT vulnerable. MITIGATION ========== Not passing through MSI-X capable devices to HVM guests will avoid this vulnerability. Running HVM guests with the default upstream device model will also avoid this vulnerability. Enabling stubdomains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. In a usual configuration, a service domain has only the privilege of the guest, so this eliminates the vulnerability. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa164.patch qemu-xen-traditional: Xen unstable, 4.6.x, 4.5.x, 4.4.x, 4.3.x $ sha256sum xsa164* 40f7327aa414c77a0e18a305a144e4a720ba8fe1b618d2f3ad9d5f605667c340 xsa164.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the mitigations described above is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because in all cases the configuration change may be visible to the guest which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqy+AAoJEIP+FMlX6CvZldwH/RpMzmRhI6lFR02GKXXC+87V Yb2d8au5C/yxYED23WhIW+zPajaNjcpu73xgRqc+mNYSyGOOcmCWEF7nSp4tSHC7 XpF8EXPXFtOYSWuxnn38tL+bqs+sa+Ju5koqxkMzKsYM+TgKvUdtoCqEi7uElJ5y wX3HCyBH0zTX+YMbN32DYihwTRTdDBNXqEhDZcULSkvrKWlYlfJGUJus50JBMZFF THIf6mFZp2VZoHtc14xz4aMzDX8MmK+Xq+jMrMLM56oj9OmAShw4a3Glxbzzla7r H7YFCH2OwrBPCDXWL2DF2LY/pQicIQfVZ1QWHOAMIbKL3icmMwlbINx15Dc0YHE= =KYw9 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa164.patch" Content-Disposition: attachment; filename="xsa164.patch" Content-Transfer-Encoding: base64 TVNJLVg6IGF2b2lkIGFycmF5IG92ZXJydW4gdXBvbiBNU0ktWCB0YWJsZSB3 cml0ZXMKCnB0X21zaXhfaW5pdCgpIGFsbG9jYXRlcyBtc2l4LT5tc2l4X2Vu dHJ5W10gdG8ganVzdCBjb3Zlcgptc2l4LT50b3RhbF9lbnRyaWVzIGVudHJp ZXMuIFdoaWxlIHBjaV9tc2l4X3JlYWRsKCkgcmVzb3J0cyB0byByZWFkaW5n CnBoeXNpY2FsIG1lbW9yeSBmb3Igb3V0IG9mIGJvdW5kcyByZWFkcywgcGNp X21zaXhfd3JpdGVsKCkgc28gZmFyCnNpbXBseSBhY2Nlc3NlZC9jb3JydXB0 ZWQgdW5yZWxhdGVkIG1lbW9yeS4KCnB0X2lvbWVtX21hcCgpJ3MgY2FsbCB0 byBjcHVfcmVnaXN0ZXJfcGh5c2ljYWxfbWVtb3J5KCkgcmVnaXN0ZXJzIGEK cGFnZSBncmFudWxhciByZWdpb24sIHdoaWNoIGlzIG5lY2Vzc2FyeSBhcyB0 aGUgUGVuZGluZyBCaXQgQXJyYXkgbWF5CnNoYXJlIHNwYWNlIHdpdGggdGhl IE1TSS1YIHRhYmxlIChidXQgbm90aGluZyBlbHNlIGlzIGFsbG93ZWQgdG8p LiBUaGlzCmFsc28gZXhwbGFpbnMgd2h5IHBjaV9tc2l4X3JlYWRsKCkgYWN0 dWFsbHkgaG9ub3JzIG91dCBvZiBib3VuZHMgcmVhZHMsCmJ1dCBwY2lfbXNp X3dyaXRlbCgpIGRvZXNuJ3QgbmVlZCB0by4KClRoaXMgaXMgWFNBLTE2NC4K ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNv bT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJp eC5jb20+CgotLS0gYS9ody9wdC1tc2kuYworKysgYi9ody9wdC1tc2kuYwpA QCAtNDQwLDYgKzQ0MCwxMyBAQCBzdGF0aWMgdm9pZCBwY2lfbXNpeF93cml0 ZWwodm9pZCAqb3BhcXVlCiAgICAgICAgIHJldHVybjsKICAgICB9CiAKKyAg ICBpZiAoIGFkZHIgLSBtc2l4LT5tbWlvX2Jhc2VfYWRkciA+PSBtc2l4LT50 b3RhbF9lbnRyaWVzICogMTYgKQorICAgIHsKKyAgICAgICAgUFRfTE9HKCJF cnJvcjogT3V0IG9mIGJvdW5kcyB3cml0ZSB0byBNU0ktWCB0YWJsZSwiCisg ICAgICAgICAgICAgICAiIGFkZHIgJTAxNiJQUkl4NjQiXG4iLCBhZGRyKTsK KyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIGVudHJ5X25yID0gKGFk ZHIgLSBtc2l4LT5tbWlvX2Jhc2VfYWRkcikgLyAxNjsKICAgICBlbnRyeSA9 ICZtc2l4LT5tc2l4X2VudHJ5W2VudHJ5X25yXTsKICAgICBvZmZzZXQgPSAo KGFkZHIgLSBtc2l4LT5tbWlvX2Jhc2VfYWRkcikgJSAxNikgLyA0Owo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt8-0007Cy-50; Thu, 17 Dec 2015 12:42:30 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt6-0007CT-A7; Thu, 17 Dec 2015 12:42:28 +0000 Received: from [193.109.254.147] by server-1.bemta-14.messagelabs.com id 7F/1C-28791-3BDA2765; Thu, 17 Dec 2015 12:42:27 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-27.messagelabs.com!1450356144!11338806!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 62512 invoked from network); 17 Dec 2015 12:42:26 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:26 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xsw-0000vU-UM; Thu, 17 Dec 2015 12:42:18 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xst-0001w5-Ru; Thu, 17 Dec 2015 12:42:18 +0000 Date: Thu, 17 Dec 2015 12:42:15 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 157 (CVE-2015-8551, CVE-2015-8552) - Linux pciback missing sanity checks leading to crash X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8551,CVE-2015-8552 / XSA-157 version 3 Linux pciback missing sanity checks leading to crash UPDATES IN VERSION 3 ==================== Removed CVE-2015-8553 from the title of this advisory. We will issue an update to XSA-120 which documents the assignment of CVE-2015-8553 to the XSA-120 v5+ addendum patch. Public release. ISSUE DESCRIPTION ================= Xen PCI backend driver does not perform proper sanity checks on the device's state. Which in turn allows the generic MSI code (called by Xen PCI backend) to be called incorrectly leading to hitting BUG conditions or causing NULL pointer exceptions in the MSI code. (CVE-2015-8551) To exploit this the guest can craft specific sequence of XEN_PCI_OP_* operations which will trigger this. Furthermore the frontend can also craft an continous stream of XEN_PCI_OP_enable_msi which will trigger an continous stream of WARN() messages triggered by the MSI code leading to the logging in the initial domain to exhaust disk space. (CVE-2015-8552) Lastly there is also missing check to verify whether the device has memory decoding enabled set at the start of the day leading the initial domain "accesses to the respective MMIO or I/O port ranges would - - on PCI Express devices - [which can] lead to Unsupported Request responses. The treatment of such errors is platform specific." (from XSA-120). Note that if XSA-120 'addendum' patch (re CVE-2015-8553) has been applied this particular sub-issue is not exploitable. IMPACT ====== Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact is a host crash. Only x86 systems are vulnerable. ARM systems are not vulnerable. VULNERABLE SYSTEMS ================== This bug affects systems using Linux as the driver domain, including non-disaggregated systems using Linux as dom0. Linux versions v3.1 and onwards are vulnerable due to supporting PCI pass-through backend driver. PV and HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable or MSI-X. (Most modern devices are). MITIGATION ========== Not using PCI passthrough for PV and HVM guests. Note that for HVM guests QEMU is used for PCI passthrough - however the toolstack sets up also the 'PV' PCI which the guest can utilize if it chooses to do so. CREDITS ======= This issue was discovered by Konrad Rzeszutek Wilk of Oracle. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Linux 4.3: xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch $ sha256sum xsa157* 0cb2d1729f17e640e33f11945f2e12eba85071238fab2dcc42f81b5d942c159b xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch 9bcb240a49a5cd48428cc9c01ee480297999b93f6977fdddd79ec715648aa244 xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch 7c39b33d0e2d751970bbe56f463661c50aa5e4addc8eee35b80e9e1378e97b02 xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch 1acfd6f4ea13db6a146d547640f50d0ad40480b914b021760a518ac82e8e4c71 xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch b864620709e4b55a908dd6955a090ca03a9a07cfb31b66e2e5211ab8f0c77e68 xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqy7AAoJEIP+FMlX6CvZr/gH+gKO6HcnCeZGPthmt7tKiHxn oa/VjgDMxIGVHerP0HRXTbletj7XOWhdDNrHNa7JQQXkjXiE+zmLRTVum/ghIxKO OMSiRtLFm6pkWmOXJI5kvOLDxt1aEECLG0lU9okbk7YmhZE65L4ysIsOGydfzAIn niKsCnMCxv2MDz5WtFy4okwE+dYJA/MrPfJ1kdJK2y26elxNv895HmwUG8vG042e NKsqBXWqF8Li2GgrtuXCmUAjHeEFXkouCCh7XVSZo70Zr1kVtFpifeNyz2V72qqh XRDmYkY5TJy+CD8tSIb82CcPU1JA7X5hFm1AuzYHeYT3+hxG0glcELGde+655Ig= =i8jn -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch" Content-Disposition: attachment; filename="xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch" Content-Transfer-Encoding: base64 RnJvbSBlM2RlNGE0NGNmZTE5NmUxNjJkZGVmZmQ2Mzc5ZTVjNGU3NWZmMWQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MyBBcHIgMjAxNSAxMTowODoyMiAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDEvNV0geGVuL3BjaWJhY2s6IFJldHVybiBlcnJvciBvbgogWEVO X1BDSV9PUF9lbmFibGVfbXNpIHdoZW4gZGV2aWNlIGhhcyBNU0kgb3IgTVNJ LVggZW5hYmxlZAoKVGhlIGd1ZXN0IHNlcXVlbmNlIG9mOgoKIGEpIFhFTl9Q Q0lfT1BfZW5hYmxlX21zaQogYikgWEVOX1BDSV9PUF9lbmFibGVfbXNpCiBj KSBYRU5fUENJX09QX2Rpc2FibGVfbXNpCgpyZXN1bHRzIGluIGhpdHRpbmcg YW4gQlVHX09OIGNvbmRpdGlvbiBpbiB0aGUgbXNpLmMgY29kZS4KClRoZSBN U0kgY29kZSB1c2VzIGFuIGRldi0+bXNpX2xpc3QgdG8gd2hpY2ggaXQgYWRk cyBNU0kgZW50cmllcy4KVW5kZXIgdGhlIGFib3ZlIGNvbmRpdGlvbnMgYW4g QlVHX09OKCkgY2FuIGJlIGhpdC4gVGhlIGRldmljZQpwYXNzZWQgaW4gdGhl IGd1ZXN0IE1VU1QgaGF2ZSBNU0kgY2FwYWJpbGl0eS4KClRoZSBhKSBhZGRz IHRoZSBlbnRyeSB0byB0aGUgZGV2LT5tc2lfbGlzdCBhbmQgc2V0cyBtc2lf ZW5hYmxlZC4KVGhlIGIpIGFkZHMgYSBzZWNvbmQgZW50cnkgYnV0IGFkZGlu ZyBpbiB0byBTeXNGUyBmYWlscyAoZHVwbGljYXRlIGVudHJ5KQphbmQgZGVs ZXRlcyBhbGwgb2YgdGhlIGVudHJpZXMgZnJvbSBtc2lfbGlzdCBhbmQgcmV0 dXJucyAod2l0aCBtc2lfZW5hYmxlZAppcyBzdGlsbCBzZXQpLiAgYykgcGNp X2Rpc2FibGVfbXNpIHBhc3NlcyB0aGUgbXNpX2VuYWJsZWQgY2hlY2tzIGFu ZCBoaXRzOgoKQlVHX09OKGxpc3RfZW1wdHkoZGV2X3RvX21zaV9saXN0KCZk ZXYtPmRldikpKTsKCmFuZCBibG93cyB1cC4KClRoZSBwYXRjaCBhZGRzIGEg c2ltcGxlIGNoZWNrIGluIHRoZSBYRU5fUENJX09QX2VuYWJsZV9tc2kgdG8g Z3VhcmQKYWdhaW5zdCB0aGF0LiBUaGUgY2hlY2sgZm9yIG1zaXhfZW5hYmxl ZCBpcyBub3Qgc3RyaWNseSBuZWNjZXNzYXJ5LgoKVGhpcyBpcyBwYXJ0IG9m IFhTQS0xNTcuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZpZXdl ZC1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNvbT4K UmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K U2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25yYWQu d2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMgfCA3ICsrKysrKy0KIDEgZmlsZSBjaGFuZ2VkLCA2 IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9k cml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCBjNGEwNjY2 Li41Y2U1NzNhIDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFj ay9wY2liYWNrX29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMKQEAgLTE0NCw3ICsxNDQsMTIgQEAgaW50IHhlbl9w Y2lia19lbmFibGVfbXNpKHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpwZGV2 LAogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlwcmludGso S0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZW5hYmxlIE1TSVxuIiwgcGNp X25hbWUoZGV2KSk7CiAKLQlzdGF0dXMgPSBwY2lfZW5hYmxlX21zaShkZXYp OworCWlmIChkZXYtPm1zaV9lbmFibGVkKQorCQlzdGF0dXMgPSAtRUFMUkVB RFk7CisJZWxzZSBpZiAoZGV2LT5tc2l4X2VuYWJsZWQpCisJCXN0YXR1cyA9 IC1FTlhJTzsKKwllbHNlCisJCXN0YXR1cyA9IHBjaV9lbmFibGVfbXNpKGRl dik7CiAKIAlpZiAoc3RhdHVzKSB7CiAJCXByX3dhcm5fcmF0ZWxpbWl0ZWQo IiVzOiBlcnJvciBlbmFibGluZyBNU0kgZm9yIGd1ZXN0ICV1OiBlcnIgJWRc biIsCi0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch" Content-Disposition: attachment; filename="xsa157-0002-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msix-w.patch" Content-Transfer-Encoding: base64 RnJvbSAxOWIzM2I3MGQ0MjNkZGZlYTFkYWY3NjE1ZWI3ZjYwNTM3MWExODQx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MiBOb3YgMjAxNSAxODowNzo0NCAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDIvNV0geGVuL3BjaWJhY2s6IFJldHVybiBlcnJvciBvbgogWEVO X1BDSV9PUF9lbmFibGVfbXNpeCB3aGVuIGRldmljZSBoYXMgTVNJIG9yIE1T SS1YIGVuYWJsZWQKClRoZSBndWVzdCBzZXF1ZW5jZSBvZjoKCiAgYSkgWEVO X1BDSV9PUF9lbmFibGVfbXNpeAogIGIpIFhFTl9QQ0lfT1BfZW5hYmxlX21z aXgKCnJlc3VsdHMgaW4gaGl0dGluZyBhbiBOVUxMIHBvaW50ZXIgZHVlIHRv IHVzaW5nIGZyZWVkIHBvaW50ZXJzLgoKVGhlIGRldmljZSBwYXNzZWQgaW4g dGhlIGd1ZXN0IE1VU1QgaGF2ZSBNU0ktWCBjYXBhYmlsaXR5LgoKVGhlIGEp IGNvbnN0cnVjdHMgYW5kIFN5c0ZTIHJlcHJlc2VudGF0aW9uIG9mIE1TSSBh bmQgTVNJIGdyb3Vwcy4KVGhlIGIpIGFkZHMgYSBzZWNvbmQgc2V0IG9mIHRo ZW0gYnV0IGFkZGluZyBpbiB0byBTeXNGUyBmYWlscyAoZHVwbGljYXRlIGVu dHJ5KS4KJ3BvcHVsYXRlX21zaV9zeXNmcycgZnJlZXMgdGhlIG5ld2x5IGFs bG9jYXRlZCBtc2lfaXJxX2dyb3VwcyAobm90ZSB0aGF0CmluIGEpIHBkZXYt Pm1zaV9pcnFfZ3JvdXBzIGlzIHN0aWxsIHNldCkgYW5kIGFsc28gZnJlZSdz IEFMTCBvZiB0aGUKTVNJLVggZW50cmllcyBvZiB0aGUgZGV2aWNlICh0aGUg b25lcyBhbGxvY2F0ZWQgaW4gc3RlcCBhKSBhbmQgYikpLgoKVGhlIHVud2lu ZCBjb2RlOiAnZnJlZV9tc2lfaXJxcycgZGVsZXRlcyBhbGwgdGhlIGVudHJp ZXMgYW5kIHRyaWVzIHRvCmRlbGV0ZSB0aGUgcGRldi0+bXNpX2lycV9ncm91 cHMgKHdoaWNoIGhhc24ndCBiZWVuIHNldCB0byBOVUxMKS4KSG93ZXZlciB0 aGUgcG9pbnRlcnMgaW4gdGhlIFN5c0ZTIGFyZSBhbHJlYWR5IGZyZWVkIGFu ZCB3ZSBoaXQgYW4KTlVMTCBwb2ludGVyIGZ1cnRoZXIgb24gd2hlbiAnc3Ry bGVuJyBpcyBhdHRlbXB0ZWQgb24gYSBmcmVlZCBwb2ludGVyLgoKVGhlIHBh dGNoIGFkZHMgYSBzaW1wbGUgY2hlY2sgaW4gdGhlIFhFTl9QQ0lfT1BfZW5h YmxlX21zaXggdG8gZ3VhcmQKYWdhaW5zdCB0aGF0LiBUaGUgY2hlY2sgZm9y IG1zaV9lbmFibGVkIGlzIG5vdCBzdHJpY2x5IG5lY2Nlc3NhcnkuCgpUaGlz IGlzIHBhcnQgb2YgWFNBLTE1NwoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5v cmcKUmV2aWV3ZWQtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNp dHJpeC5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hA c3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL3hlbi94 ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIHwgNyArKysrKysrCiAxIGZpbGUg Y2hhbmdlZCwgNyBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYyBiL2RyaXZlcnMveGVu L3hlbi1wY2liYWNrL3BjaWJhY2tfb3BzLmMKaW5kZXggNWNlNTczYS4uYTEw NzkyOCAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNp YmFja19vcHMuYworKysgYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2li YWNrX29wcy5jCkBAIC0yMDYsOSArMjA2LDE2IEBAIGludCB4ZW5fcGNpYmtf ZW5hYmxlX21zaXgoc3RydWN0IHhlbl9wY2lia19kZXZpY2UgKnBkZXYsCiAJ aWYgKHVubGlrZWx5KHZlcmJvc2VfcmVxdWVzdCkpCiAJCXByaW50ayhLRVJO X0RFQlVHIERSVl9OQU1FICI6ICVzOiBlbmFibGUgTVNJLVhcbiIsCiAJCSAg ICAgICBwY2lfbmFtZShkZXYpKTsKKwogCWlmIChvcC0+dmFsdWUgPiBTSF9J TkZPX01BWF9WRUMpCiAJCXJldHVybiAtRUlOVkFMOwogCisJaWYgKGRldi0+ bXNpeF9lbmFibGVkKQorCQlyZXR1cm4gLUVBTFJFQURZOworCisJaWYgKGRl di0+bXNpX2VuYWJsZWQpCisJCXJldHVybiAtRU5YSU87CisKIAllbnRyaWVz ID0ga21hbGxvYyhvcC0+dmFsdWUgKiBzaXplb2YoKmVudHJpZXMpLCBHRlBf S0VSTkVMKTsKIAlpZiAoZW50cmllcyA9PSBOVUxMKQogCQlyZXR1cm4gLUVO T01FTTsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch" Content-Disposition: attachment; filename="xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch" Content-Transfer-Encoding: base64 RnJvbSBhYTQ4MzE0YzYwZGExMDM1YThlNmNjMDViZWMxMjgzOGEwNzRkZTk4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MiBOb3YgMjAxNSAxNzoyNDowOCAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDMvNV0geGVuL3BjaWJhY2s6IERvIG5vdCBpbnN0YWxsIGFuIElS USBoYW5kbGVyIGZvcgogTVNJIGludGVycnVwdHMuCgpPdGhlcndpc2UgYW4g Z3Vlc3QgY2FuIHN1YnZlcnQgdGhlIGdlbmVyaWMgTVNJIGNvZGUgdG8gdHJp Z2dlcgphbiBCVUdfT04gY29uZGl0aW9uIGR1cmluZyBNU0kgaW50ZXJydXB0 IGZyZWVpbmc6CgogZm9yIChpID0gMDsgaSA8IGVudHJ5LT5udmVjX3VzZWQ7 IGkrKykKICAgICAgICBCVUdfT04oaXJxX2hhc19hY3Rpb24oZW50cnktPmly cSArIGkpKTsKClhlbiBQQ0kgYmFja2VkIGluc3RhbGxzIGFuIElSUSBoYW5k bGVyIChyZXF1ZXN0X2lycSkgZm9yCnRoZSBkZXYtPmlycSB3aGVuZXZlciB0 aGUgZ3Vlc3Qgd3JpdGVzIFBDSV9DT01NQU5EX01FTU9SWQoob3IgUENJX0NP TU1BTkRfSU8pIHRvIHRoZSBQQ0lfQ09NTUFORCByZWdpc3Rlci4gVGhpcyBp cwpkb25lIGluIGNhc2UgdGhlIGRldmljZSBoYXMgbGVnYWN5IGludGVycnVw dHMgdGhlIEdTSSBsaW5lCmlzIHNoYXJlZCBieSB0aGUgYmFja2VuZCBkZXZp Y2VzLgoKVG8gc3VidmVydCB0aGUgYmFja2VuZCB0aGUgZ3Vlc3QgbmVlZHMg dG8gbWFrZSB0aGUgYmFja2VuZAp0byBjaGFuZ2UgdGhlIGRldi0+aXJxIGZy b20gdGhlIEdTSSB0byB0aGUgTVNJIGludGVycnVwdCBsaW5lLAptYWtlIHRo ZSBiYWNrZW5kIGFsbG9jYXRlIGFuIGludGVycnVwdCBoYW5kbGVyLCBhbmQg dGhlbiBjb21tYW5kCnRoZSBiYWNrZW5kIHRvIGZyZWUgdGhlIE1TSSBpbnRl cnJ1cHQgYW5kIGhpdCB0aGUgQlVHX09OLgoKU2luY2UgdGhlIGJhY2tlbmQg b25seSBjYWxscyAncmVxdWVzdF9pcnEnIHdoZW4gdGhlIGd1ZXN0CndyaXRl cyB0byB0aGUgUENJX0NPTU1BTkQgcmVnaXN0ZXIgdGhlIGd1ZXN0IG5lZWRz IHRvIGNhbGwKWEVOX1BDSV9PUF9lbmFibGVfbXNpIGJlZm9yZSBhbnkgb3Ro ZXIgb3BlcmF0aW9uLiBUaGlzIHdpbGwKY2F1c2UgdGhlIGdlbmVyaWMgTVNJ IGNvZGUgdG8gc2V0dXAgYW4gTVNJIGVudHJ5IGFuZApwb3B1bGF0ZSBkZXYt PmlycSB3aXRoIHRoZSBuZXcgUElSUSB2YWx1ZS4KClRoZW4gdGhlIGd1ZXN0 IGNhbiB3cml0ZSB0byBQQ0lfQ09NTUFORCBQQ0lfQ09NTUFORF9NRU1PUlkK YW5kIGNhdXNlIHRoZSBiYWNrZW5kIHRvIHNldHVwIGFuIElSUSBoYW5kbGVy IGZvciBkZXYtPmlycQood2hpY2ggaW5zdGVhZCBvZiB0aGUgR1NJIHZhbHVl IGhhcyB0aGUgTVNJIHBpcnEpLiBTZWUKJ3hlbl9wY2lia19jb250cm9sX2lz cicuCgpUaGVuIHRoZSBndWVzdCBkaXNhYmxlcyB0aGUgTVNJOiBYRU5fUENJ X09QX2Rpc2FibGVfbXNpCndoaWNoIGVuZHMgdXAgdHJpZ2dlcmluZyB0aGUg QlVHX09OIGNvbmRpdGlvbiBpbiAnZnJlZV9tc2lfaXJxcycKYXMgdGhlcmUg aXMgYW4gSVJRIGhhbmRsZXIgZm9yIHRoZSBlbnRyeS0+aXJxIChkZXYtPmly cSkuCgpOb3RlIHRoYXQgdGhpcyBjYW5ub3QgYmUgZG9uZSB1c2luZyBNU0kt WCBhcyB0aGUgZ2VuZXJpYwpjb2RlIGRvZXMgbm90IG92ZXItd3JpdGUgZGV2 LT5pcnEgd2l0aCB0aGUgTVNJLVggUElSUSB2YWx1ZXMuCgpUaGUgcGF0Y2gg aW5oaWJpdHMgc2V0dGluZyB1cCB0aGUgSVJRIGhhbmRsZXIgaWYgTVNJIG9y Ck1TSS1YIChmb3Igc3ltbWV0cnkgcmVhc29ucykgY29kZSBoYWQgYmVlbiBj YWxsZWQgc3VjY2Vzc2Z1bGx5LgoKUC5TLgpYZW4gUENJQmFjayB3aGVuIGl0 IHNldHMgdXAgdGhlIGRldmljZSBmb3IgdGhlIGd1ZXN0IGNvbnN1bXB0aW9u CmVuZHMgdXAgd3JpdHRpbmcgMCB0byB0aGUgUENJX0NPTU1BTkQgKHNlZSB4 ZW5fcGNpYmtfcmVzZXRfZGV2aWNlKS4KWFNBLTEyMCBhZGRlbmR1bSBwYXRj aCByZW1vdmVkIHRoYXQgLSBob3dldmVyIHdoZW4gdXBzdHJlYW1pbmcgc2Fp ZAphZGRlbmR1bSB3ZSBmb3VuZCB0aGF0IGl0IGNhdXNlZCBpc3N1ZXMgd2l0 aCBxZW11IHVwc3RyZWFtLiBUaGF0CmhhcyBub3cgYmVlbiBmaXhlZCBpbiBx ZW11IHVwc3RyZWFtLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0xNTcKCkNDOiBz dGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBEYXZpZCBWcmFi ZWwgPGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBL b25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ Ci0tLQogZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYyB8 IDcgKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDcgaW5zZXJ0aW9ucygrKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMveGVuL3hlbi1wY2liYWNrL3BjaWJhY2tf b3BzLmMgYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5j CmluZGV4IGExMDc5MjguLjViYjc2YzAgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMv eGVuL3hlbi1wY2liYWNrL3BjaWJhY2tfb3BzLmMKKysrIGIvZHJpdmVycy94 ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwpAQCAtNzAsNiArNzAsMTMg QEAgc3RhdGljIHZvaWQgeGVuX3BjaWJrX2NvbnRyb2xfaXNyKHN0cnVjdCBw Y2lfZGV2ICpkZXYsIGludCByZXNldCkKIAkJZW5hYmxlID8gImVuYWJsZSIg OiAiZGlzYWJsZSIpOwogCiAJaWYgKGVuYWJsZSkgeworCQkvKgorCQkgKiBU aGUgTVNJIG9yIE1TSS1YIHNob3VsZCBub3QgaGF2ZSBhbiBJUlEgaGFuZGxl ci4gT3RoZXJ3aXNlCisJCSAqIGlmIHRoZSBndWVzdCB0ZXJtaW5hdGVzIHdl IEJVR19PTiBpbiBmcmVlX21zaV9pcnFzLgorCQkgKi8KKwkJaWYgKGRldi0+ bXNpX2VuYWJsZWQgfHwgZGV2LT5tc2l4X2VuYWJsZWQpCisJCQlnb3RvIG91 dDsKKwogCQlyYyA9IHJlcXVlc3RfaXJxKGRldl9kYXRhLT5pcnEsCiAJCQkJ eGVuX3BjaWJrX2d1ZXN0X2ludGVycnVwdCwgSVJRRl9TSEFSRUQsCiAJCQkJ ZGV2X2RhdGEtPmlycV9uYW1lLCBkZXYpOwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch" Content-Disposition: attachment; filename="xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch" Content-Transfer-Encoding: base64 RnJvbSA1OWE0MDM3NTBkMzc5NmI0NTM3NjA0MWE0ODQzZmNkZTQzNmFlMzdl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFdlZCwg MSBBcHIgMjAxNSAxMDo0OTo0NyAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDQvNV0geGVuL3BjaWJhY2s6IEZvciBYRU5fUENJX09QX2Rpc2Fi bGVfbXNpW3x4XQogb25seSBkaXNhYmxlIGlmIGRldmljZSBoYXMgTVNJKFgp IGVuYWJsZWQuCgpPdGhlcndpc2UganVzdCBjb250aW51ZSBvbiwgcmV0dXJu aW5nIHRoZSBzYW1lIHZhbHVlcyBhcwpwcmV2aW91c2x5IChyZXR1cm4gb2Yg MCwgYW5kIG9wLT5yZXN1bHQgaGFzIHRoZSBQSVJRIHZhbHVlKS4KClRoaXMg ZG9lcyBub3QgY2hhbmdlIHRoZSBiZWhhdmlvciBvZiBYRU5fUENJX09QX2Rp c2FibGVfbXNpW3x4XS4KClRoZSBwY2lfZGlzYWJsZV9tc2kgb3IgcGNpX2Rp c2FibGVfbXNpeCBoYXZlIHRoZSBjaGVja3MgZm9yCm1zaV9lbmFibGVkIG9y IG1zaXhfZW5hYmxlZCBzbyB0aGV5IHdpbGwgZXJyb3Igb3V0IGltbWVkaWF0 ZWx5LgoKSG93ZXZlciB0aGUgZ3Vlc3QgY2FuIHN0aWxsIGNhbGwgdGhlc2Ug b3BlcmF0aW9ucyBhbmQgY2F1c2UKdXMgdG8gZGlzYWJsZSB0aGUgJ2Fja19p bnRyJy4gVGhhdCBtZWFucyB0aGUgYmFja2VuZCBJUlEgaGFuZGxlcgpmb3Ig dGhlIGxlZ2FjeSBpbnRlcnJ1cHQgd2lsbCBub3QgcmVzcG9uZCB0byBpbnRl cnJ1cHRzIGFueW1vcmUuCgpUaGlzIHdpbGwgbGVhZCB0byAoaWYgdGhlIGRl dmljZSBpcyBjYXVzaW5nIGFuIGludGVycnVwdCBzdG9ybSkKZm9yIHRoZSBM aW51eCBnZW5lcmljIGNvZGUgdG8gZGlzYWJsZSB0aGUgaW50ZXJydXB0IGxp bmUuCgpOYXR1cmFsbHkgdGhpcyB3aWxsIG9ubHkgaGFwcGVuIGlmIHRoZSBk ZXZpY2UgaW4gcXVlc3Rpb24KaXMgcGx1Z2dlZCBpbiBvbiB0aGUgbW90aGVy Ym9hcmQgb24gc2hhcmVkIGxldmVsIGludGVycnVwdCBHU0kuCgpUaGlzIGlz IHBhcnQgb2YgWFNBLTE1NwoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcK UmV2aWV3ZWQtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2lsayA8 a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL3hlbi94ZW4t cGNpYmFjay9wY2liYWNrX29wcy5jIHwgMzMgKysrKysrKysrKysrKysrKysr KystLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMjAgaW5zZXJ0aW9u cygrKSwgMTMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94 ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYyBiL2RyaXZlcnMveGVuL3hl bi1wY2liYWNrL3BjaWJhY2tfb3BzLmMKaW5kZXggNWJiNzZjMC4uNjQ4YzA5 YyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNpYmFj a19vcHMuYworKysgYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNr X29wcy5jCkBAIC0xODUsMjAgKzE4NSwyMyBAQCBzdGF0aWMKIGludCB4ZW5f cGNpYmtfZGlzYWJsZV9tc2koc3RydWN0IHhlbl9wY2lia19kZXZpY2UgKnBk ZXYsCiAJCQkgIHN0cnVjdCBwY2lfZGV2ICpkZXYsIHN0cnVjdCB4ZW5fcGNp X29wICpvcCkKIHsKLQlzdHJ1Y3QgeGVuX3BjaWJrX2Rldl9kYXRhICpkZXZf ZGF0YTsKLQogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlw cmludGsoS0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZGlzYWJsZSBNU0lc biIsCiAJCSAgICAgICBwY2lfbmFtZShkZXYpKTsKLQlwY2lfZGlzYWJsZV9t c2koZGV2KTsKIAorCWlmIChkZXYtPm1zaV9lbmFibGVkKSB7CisJCXN0cnVj dCB4ZW5fcGNpYmtfZGV2X2RhdGEgKmRldl9kYXRhOworCisJCXBjaV9kaXNh YmxlX21zaShkZXYpOworCisJCWRldl9kYXRhID0gcGNpX2dldF9kcnZkYXRh KGRldik7CisJCWlmIChkZXZfZGF0YSkKKwkJCWRldl9kYXRhLT5hY2tfaW50 ciA9IDE7CisJfQogCW9wLT52YWx1ZSA9IGRldi0+aXJxID8geGVuX3BpcnFf ZnJvbV9pcnEoZGV2LT5pcnEpIDogMDsKIAlpZiAodW5saWtlbHkodmVyYm9z ZV9yZXF1ZXN0KSkKIAkJcHJpbnRrKEtFUk5fREVCVUcgRFJWX05BTUUgIjog JXM6IE1TSTogJWRcbiIsIHBjaV9uYW1lKGRldiksCiAJCQlvcC0+dmFsdWUp OwotCWRldl9kYXRhID0gcGNpX2dldF9kcnZkYXRhKGRldik7Ci0JaWYgKGRl dl9kYXRhKQotCQlkZXZfZGF0YS0+YWNrX2ludHIgPSAxOwogCXJldHVybiAw OwogfQogCkBAIC0yNjQsMjMgKzI2NywyNyBAQCBzdGF0aWMKIGludCB4ZW5f cGNpYmtfZGlzYWJsZV9tc2l4KHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpw ZGV2LAogCQkJICAgc3RydWN0IHBjaV9kZXYgKmRldiwgc3RydWN0IHhlbl9w Y2lfb3AgKm9wKQogewotCXN0cnVjdCB4ZW5fcGNpYmtfZGV2X2RhdGEgKmRl dl9kYXRhOwogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlw cmludGsoS0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZGlzYWJsZSBNU0kt WFxuIiwKIAkJCXBjaV9uYW1lKGRldikpOwotCXBjaV9kaXNhYmxlX21zaXgo ZGV2KTsKIAorCWlmIChkZXYtPm1zaXhfZW5hYmxlZCkgeworCQlzdHJ1Y3Qg eGVuX3BjaWJrX2Rldl9kYXRhICpkZXZfZGF0YTsKKworCQlwY2lfZGlzYWJs ZV9tc2l4KGRldik7CisKKwkJZGV2X2RhdGEgPSBwY2lfZ2V0X2RydmRhdGEo ZGV2KTsKKwkJaWYgKGRldl9kYXRhKQorCQkJZGV2X2RhdGEtPmFja19pbnRy ID0gMTsKKwl9CiAJLyoKIAkgKiBTUi1JT1YgZGV2aWNlcyAod2hpY2ggZG9u J3QgaGF2ZSBhbnkgbGVnYWN5IElSUSkgaGF2ZQogCSAqIGFuIHVuZGVmaW5l ZCBJUlEgdmFsdWUgb2YgemVyby4KIAkgKi8KIAlvcC0+dmFsdWUgPSBkZXYt PmlycSA/IHhlbl9waXJxX2Zyb21faXJxKGRldi0+aXJxKSA6IDA7CiAJaWYg KHVubGlrZWx5KHZlcmJvc2VfcmVxdWVzdCkpCi0JCXByaW50ayhLRVJOX0RF QlVHIERSVl9OQU1FICI6ICVzOiBNU0ktWDogJWRcbiIsIHBjaV9uYW1lKGRl diksCi0JCQlvcC0+dmFsdWUpOwotCWRldl9kYXRhID0gcGNpX2dldF9kcnZk YXRhKGRldik7Ci0JaWYgKGRldl9kYXRhKQotCQlkZXZfZGF0YS0+YWNrX2lu dHIgPSAxOworCQlwcmludGsoS0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczog TVNJLVg6ICVkXG4iLAorCQkgICAgICAgcGNpX25hbWUoZGV2KSwgb3AtPnZh bHVlKTsKIAlyZXR1cm4gMDsKIH0KICNlbmRpZgotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch" Content-Disposition: attachment; filename="xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch" Content-Transfer-Encoding: base64 RnJvbSBlOWFiOWUwNGVkNzZlZjA2YjRiYTlhMzBiMzcyNGNhNTYzZmRmMWZh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MiBOb3YgMjAxNSAxODoxMzoyNyAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggdjIg WFNBMTU3IDUvNV0geGVuL3BjaWJhY2s6IERvbid0IGFsbG93IE1TSS1YIG9w cyBpZgogUENJX0NPTU1BTkRfTUVNT1JZIGlzIG5vdCBzZXQuCgpjb21taXQg ZjU5ODI4MmY1MSAoIlBDSTogRml4IHRoZSBOSVUgTVNJLVggcHJvYmxlbSBp biBhIGJldHRlciB3YXkiKQp0ZWFjaGVzIHVzIHRoYXQgZGVhbGluZyB3aXRo IE1TSS1YIGNhbiBiZSB0cm91Ymxlc29tZS4KCkZ1cnRoZXIgY2hlY2tzIGlu IHRoZSBNU0ktWCBhcmNoaXRlY3R1cmUgc2hvd3MgdGhhdCBpZiB0aGUKUENJ X0NPTU1BTkRfTUVNT1JZIGJpdCBpcyB0dXJuZWQgb2YgaW4gdGhlIFBDSV9D T01NQU5EIHdlCm1heSBub3QgYmUgYWJsZSB0byBhY2Nlc3MgdGhlIEJBUiAo c2luY2UgdGhleSBhcmUgbWVtb3J5IHJlZ2lvbnMpLgoKU2luY2UgdGhlIE1T SS1YIHRhYmxlcyBhcmUgbG9jYXRlZCBpbiB0aGVyZS4uIHRoYXQgY2FuIGxl YWQKdG8gdXMgY2F1c2luZyBQQ0llIGVycm9ycy4gSW5oaWJpdCB1cyBwZXJm b3JtaW5nIGFueQpvcGVyYXRpb24gb24gdGhlIE1TSS1YIHVubGVzcyB0aGUg TUVNT1JZIGJpdCBpcyBzZXQuCgpOb3RlIHRoYXQgWGVuIGh5cGVydmlzb3Ig d2l0aDoKIng4Ni9NU0ktWDogYWNjZXNzIE1TSS1YIHRhYmxlIG9ubHkgYWZ0 ZXIgaGF2aW5nIGVuYWJsZWQgTVNJLVgiCndpbGwgcmV0dXJuOgp4ZW5fcGNp YmFjazogMDAwMDowYTowMC4xOiBlcnJvciAtNiBlbmFibGluZyBNU0ktWCBm b3IgZ3Vlc3QgMyEKCldoZW4gdGhlIGdlbmVyaWMgTVNJIGNvZGUgdHJpZXMg dG8gc2V0dXAgdGhlIFBJUlEgd2l0aG91dApNRU1PUlkgYml0IHNldC4gV2hp Y2ggbWVhbnMgd2l0aCBsYXRlciB2ZXJzaW9ucyBvZiBYZW4KKDQuNikgdGhp cyBwYXRjaCBpcyBub3QgbmVjY2Vzc2FyeS4KClRoaXMgaXMgcGFydCBvZiBY U0EtMTU3CgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZpZXdlZC1i eTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTaWduZWQtb2Zm LWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNs ZS5jb20+Ci0tLQogZHJpdmVycy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19v cHMuYyB8IDggKysrKysrKy0KIDEgZmlsZSBjaGFuZ2VkLCA3IGluc2VydGlv bnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hl bi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVycy94ZW4veGVu LXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCA2NDhjMDljLi5lZGI5MzU3 IDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNr X29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNrL3BjaWJhY2tf b3BzLmMKQEAgLTIxMiw2ICsyMTIsNyBAQCBpbnQgeGVuX3BjaWJrX2VuYWJs ZV9tc2l4KHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpwZGV2LAogCXN0cnVj dCB4ZW5fcGNpYmtfZGV2X2RhdGEgKmRldl9kYXRhOwogCWludCBpLCByZXN1 bHQ7CiAJc3RydWN0IG1zaXhfZW50cnkgKmVudHJpZXM7CisJdTE2IGNtZDsK IAogCWlmICh1bmxpa2VseSh2ZXJib3NlX3JlcXVlc3QpKQogCQlwcmludGso S0VSTl9ERUJVRyBEUlZfTkFNRSAiOiAlczogZW5hYmxlIE1TSS1YXG4iLApA QCAtMjIzLDcgKzIyNCwxMiBAQCBpbnQgeGVuX3BjaWJrX2VuYWJsZV9tc2l4 KHN0cnVjdCB4ZW5fcGNpYmtfZGV2aWNlICpwZGV2LAogCWlmIChkZXYtPm1z aXhfZW5hYmxlZCkKIAkJcmV0dXJuIC1FQUxSRUFEWTsKIAotCWlmIChkZXYt Pm1zaV9lbmFibGVkKQorCS8qCisJICogUENJX0NPTU1BTkRfTUVNT1JZIG11 c3QgYmUgZW5hYmxlZCwgb3RoZXJ3aXNlIHdlIG1heSBub3QgYmUgYWJsZQor CSAqIHRvIGFjY2VzcyB0aGUgQkFScyB3aGVyZSB0aGUgTVNJLVggZW50cmll cyByZXNpZGUuCisJICovCisJcGNpX3JlYWRfY29uZmlnX3dvcmQoZGV2LCBQ Q0lfQ09NTUFORCwgJmNtZCk7CisJaWYgKGRldi0+bXNpX2VuYWJsZWQgfHwg IShjbWQgJiBQQ0lfQ09NTUFORF9NRU1PUlkpKQogCQlyZXR1cm4gLUVOWElP OwogCiAJZW50cmllcyA9IGttYWxsb2Mob3AtPnZhbHVlICogc2l6ZW9mKCpl bnRyaWVzKSwgR0ZQX0tFUk5FTCk7Ci0tIAoyLjEuMAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtJ-0007IA-34; Thu, 17 Dec 2015 12:42:41 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtH-0007H1-LU; Thu, 17 Dec 2015 12:42:39 +0000 Received: from [193.109.254.147] by server-11.bemta-14.messagelabs.com id 60/A7-28228-EBDA2765; Thu, 17 Dec 2015 12:42:38 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-11.tower-27.messagelabs.com!1450356156!11639721!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 7943 invoked from network); 17 Dec 2015 12:42:37 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-11.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:37 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt8-0000w9-LA; Thu, 17 Dec 2015 12:42:30 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xt8-0001yt-Em; Thu, 17 Dec 2015 12:42:30 +0000 Date: Thu, 17 Dec 2015 12:42:30 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 165 (CVE-2015-8555) - information leak in legacy x86 FPU/XMM initialization X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8555 / XSA-165 version 3 information leak in legacy x86 FPU/XMM initialization UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= When XSAVE/XRSTOR are not in use by Xen to manage guest extended register state, the initial values in the FPU stack and XMM registers seen by the guest upon first use are those left there by the previous user of those registers. IMPACT ====== A malicious domain may be able to leverage this to obtain sensitive information such as cryptographic keys from another domain. VULNERABLE SYSTEMS ================== All Xen versions are vulnerable. Only x86 systems without XSAVE support or with XSAVE support disabled are vulnerable. ARM systems are not vulnerable. MITIGATION ========== On XSAVE capable systems, not turning off XSAVE support via the "no-xsave" hypervisor command line option (or - when defaulting to off - turning it on via the "xsave" hypervisor command line option) will avoid the vulnerability. To find out whether XSAVE is in use, consult the hypervisor log (obtainable e.g. via "xl dmesg") and look for a message of the form "xstate_init: using cntxt_size: and states: " If such a message is present then XSAVE is in use. But note that due to log buffer size restrictions this boot time message may have scrolled off. There is no known mitigation on XSAVE-incapable systems. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa165.patch xen-unstable xsa165-4.6.patch Xen 4.6.x xsa165-4.5.patch Xen 4.5.x, Xen 4.4.x xsa165-4.3.patch Xen 4.3.x $ sha256sum xsa165* 6422db857dd469f5978b80be95e93d1db4bab965668430e07005b7b6369742be xsa165.patch bced245fb1111b7fa2db642971cceb0523e691367ba8bfbc6ff0da421f198c97 xsa165-4.3.patch dd15e301f2757e0c7975bdccfe49ddf41c730bc124dd90166e0844d332eeedad xsa165-4.5.patch 4bb18f2e44f49f140932c2d1e956e2e28017439cbb0e76eb16a8af617c4112ac xsa165-4.6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the XSAVE ENABLEMENT MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because enabling xsave is visible to guests, so such deployment could lead to the rediscovery of the vulnerability. Deployment of the mitigation is permitted only AFTER the embargo ends. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqzAAAoJEIP+FMlX6CvZAYYH/1KqrQG0r23AiTYXqS4IBYMd RU5edyJkNKRCkJMU3m20LPyZ4/NCMg8rgejLHQDiHav0CNUEX6gUSqIUm8d3vrNg IYtGNhLZUcjRqRK1f/oqgFw3TEXlC59EQdSKdNLaZ+Fj/HN4TQtaQWpUW0r5OYXi tSbZYJ+NT4wHLzmai2tdFekVEBFzL+e6RxngrAl+X17mX3O0jdHFpOPqjwGCXXhh N46sZTi/o3QSHBG7yzcxlA5HKJArxVAQNSKJJrSaj3m8O44V5d6+IkMmCpexvq/R rFA1iiMXu481UQq6kLNIC2kpgSNUaNTHDElVQdeUUGu95INAgsrlMdUqNKL2V8o= =QBGV -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa165.patch" Content-Disposition: attachment; filename="xsa165.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtOTE3 LDYgKzkxNywxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFhTVEFURV9DT01QQUNUSU9OX0VOQUJMRUQ7CiAgICAgICAgIH0K ICAgICB9CisgICAgZWxzZSBpZiAoIHYtPmFyY2gueHNhdmVfYXJlYSApCisg ICAgICAgIG1lbXNldCgmdi0+YXJjaC54c2F2ZV9hcmVhLT54c2F2ZV9oZHIs IDAsCisgICAgICAgICAgICAgICBzaXplb2Yodi0+YXJjaC54c2F2ZV9hcmVh LT54c2F2ZV9oZHIpKTsKKyAgICBlbHNlCisgICAgeworICAgICAgICB0eXBl b2Yodi0+YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYt PmFyY2guZnB1X2N0eHQ7CisKKyAgICAgICAgbWVtc2V0KGZwdV9zc2UsIDAs IHNpemVvZigqZnB1X3NzZSkpOworICAgICAgICBmcHVfc3NlLT5mY3cgPSBG Q1dfREVGQVVMVDsKKyAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENTUl9E RUZBVUxUOworICAgIH0KIAogICAgIGlmICggIWNvbXBhdCApCiAgICAgewot LS0gYS94ZW4vYXJjaC94ODYvaTM4Ny5jCisrKyBiL3hlbi9hcmNoL3g4Ni9p Mzg3LmMKQEAgLTE3LDE2ICsxNyw2IEBACiAjaW5jbHVkZSA8YXNtL3hzdGF0 ZS5oPgogI2luY2x1ZGUgPGFzbS9hc21fZGVmbnMuaD4KIAotc3RhdGljIHZv aWQgZnB1X2luaXQodm9pZCkKLXsKLSAgICB1aW50MzJfdCB2YWwgPSBNWENT Ul9ERUZBVUxUOwotCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5pdCIgKTsK LQotICAgIC8qIGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRy b2wvc3RhdHVzIHJlZ2lzdGVyICovCi0gICAgYXNtIHZvbGF0aWxlICggImxk bXhjc3IgJTAiIDogOiAibSIgKHZhbCkgKTsKLX0KLQogLyoqKioqKioqKioq KioqKioqKioqKioqKioqKioqKiovCiAvKiAgICAgRlBVIFJlc3RvcmUgRnVu Y3Rpb25zICAgKi8KIC8qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq LwpAQCAtMjI4LDEwICsyMTgsOCBAQCB2b2lkIHZjcHVfcmVzdG9yZV9mcHVf bGF6eShzdHJ1Y3QgdmNwdSAqCiAKICAgICBpZiAoIGNwdV9oYXNfeHNhdmUg KQogICAgICAgICBmcHVfeHJzdG9yKHYsIFhTVEFURV9MQVpZKTsKLSAgICBl bHNlIGlmICggdi0+ZnB1X2luaXRpYWxpc2VkICkKLSAgICAgICAgZnB1X2Z4 cnN0b3Iodik7CiAgICAgZWxzZQotICAgICAgICBmcHVfaW5pdCgpOworICAg ICAgICBmcHVfZnhyc3Rvcih2KTsKIAogICAgIHYtPmZwdV9pbml0aWFsaXNl ZCA9IDE7CiAgICAgdi0+ZnB1X2RpcnRpZWQgPSAxOwpAQCAtMjkwLDcgKzI3 OCwxNCBAQCBpbnQgdmNwdV9pbml0X2ZwdShzdHJ1Y3QgdmNwdSAqdikKICAg ICBlbHNlCiAgICAgewogICAgICAgICB2LT5hcmNoLmZwdV9jdHh0ID0gX3h6 YWxsb2Moc2l6ZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSksIDE2 KTsKLSAgICAgICAgaWYgKCAhdi0+YXJjaC5mcHVfY3R4dCApCisgICAgICAg IGlmICggdi0+YXJjaC5mcHVfY3R4dCApCisgICAgICAgIHsKKyAgICAgICAg ICAgIHR5cGVvZih2LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpICpmcHVf c3NlID0gdi0+YXJjaC5mcHVfY3R4dDsKKworICAgICAgICAgICAgZnB1X3Nz ZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgICAgICBmcHVfc3NlLT5t eGNzciA9IE1YQ1NSX0RFRkFVTFQ7CisgICAgICAgIH0KKyAgICAgICAgZWxz ZQogICAgICAgICAgICAgcmMgPSAtRU5PTUVNOwogICAgIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa165-4.3.patch" Content-Disposition: attachment; filename="xsa165-4.3.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtNzMw LDYgKzczMCwxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKIAogICAg IGlmICggZmxhZ3MgJiBWR0NGX0kzODdfVkFMSUQgKQogICAgICAgICBtZW1j cHkodi0+YXJjaC5mcHVfY3R4dCwgJmMubmF0LT5mcHVfY3R4dCwgc2l6ZW9m KGMubmF0LT5mcHVfY3R4dCkpOworICAgIGVsc2UgaWYgKCB2LT5hcmNoLnhz YXZlX2FyZWEgKQorICAgICAgICBtZW1zZXQoJnYtPmFyY2gueHNhdmVfYXJl YS0+eHNhdmVfaGRyLCAwLAorICAgICAgICAgICAgICAgc2l6ZW9mKHYtPmFy Y2gueHNhdmVfYXJlYS0+eHNhdmVfaGRyKSk7CisgICAgZWxzZQorICAgIHsK KyAgICAgICAgdHlwZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSkg KmZwdV9zc2UgPSB2LT5hcmNoLmZwdV9jdHh0OworCisgICAgICAgIG1lbXNl dChmcHVfc3NlLCAwLCBzaXplb2YoKmZwdV9zc2UpKTsKKyAgICAgICAgZnB1 X3NzZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgIGZwdV9zc2UtPm14 Y3NyID0gTVhDU1JfREVGQVVMVDsKKyAgICB9CiAKICAgICBpZiAoICFjb21w YXQgKQogICAgIHsKLS0tIGEveGVuL2FyY2gveDg2L2kzODcuYworKysgYi94 ZW4vYXJjaC94ODYvaTM4Ny5jCkBAIC0xNywxOSArMTcsNiBAQAogI2luY2x1 ZGUgPGFzbS94c3RhdGUuaD4KICNpbmNsdWRlIDxhc20vYXNtX2RlZm5zLmg+ CiAKLXN0YXRpYyB2b2lkIGZwdV9pbml0KHZvaWQpCi17Ci0gICAgdW5zaWdu ZWQgbG9uZyB2YWw7Ci0gICAgCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5p dCIgKTsKLSAgICBpZiAoIGNwdV9oYXNfeG1tICkKLSAgICB7Ci0gICAgICAg IC8qIGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRyb2wvc3Rh dHVzIHJlZ2lzdGVyICovCi0gICAgICAgIHZhbCA9IE1YQ1NSX0RFRkFVTFQ7 Ci0gICAgICAgIGFzbSB2b2xhdGlsZSAoICJsZG14Y3NyICUwIiA6IDogIm0i ICh2YWwpICk7Ci0gICAgfQotfQotCiAvKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKi8KIC8qICAgICBGUFUgUmVzdG9yZSBGdW5jdGlvbnMgICAq LwogLyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCkBAIC0yNTQs MTUgKzI0MSw4IEBAIHZvaWQgdmNwdV9yZXN0b3JlX2ZwdV9sYXp5KHN0cnVj dCB2Y3B1ICoKIAogICAgIGlmICggY3B1X2hhc194c2F2ZSApCiAgICAgICAg IGZwdV94cnN0b3IodiwgWFNUQVRFX0xBWlkpOwotICAgIGVsc2UgaWYgKCB2 LT5mcHVfaW5pdGlhbGlzZWQgKQotICAgIHsKLSAgICAgICAgaWYgKCBjcHVf aGFzX2Z4c3IgKQotICAgICAgICAgICAgZnB1X2Z4cnN0b3Iodik7Ci0gICAg ICAgIGVsc2UKLSAgICAgICAgICAgIGZwdV9mcnN0b3Iodik7Ci0gICAgfQog ICAgIGVsc2UKLSAgICAgICAgZnB1X2luaXQoKTsKKyAgICAgICAgZnB1X2Z4 cnN0b3Iodik7CiAKICAgICB2LT5mcHVfaW5pdGlhbGlzZWQgPSAxOwogICAg IHYtPmZwdV9kaXJ0aWVkID0gMTsKQEAgLTMyMyw3ICszMDMsMTQgQEAgaW50 IHZjcHVfaW5pdF9mcHUoc3RydWN0IHZjcHUgKnYpCiAgICAgZWxzZQogICAg IHsKICAgICAgICAgdi0+YXJjaC5mcHVfY3R4dCA9IF94emFsbG9jKHNpemVv Zih2LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpLCAxNik7Ci0gICAgICAg IGlmICggIXYtPmFyY2guZnB1X2N0eHQgKQorICAgICAgICBpZiAoIHYtPmFy Y2guZnB1X2N0eHQgKQorICAgICAgICB7CisgICAgICAgICAgICB0eXBlb2Yo di0+YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYtPmFy Y2guZnB1X2N0eHQ7CisKKyAgICAgICAgICAgIGZwdV9zc2UtPmZjdyA9IEZD V19ERUZBVUxUOworICAgICAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENT Ul9ERUZBVUxUOworICAgICAgICB9CisgICAgICAgIGVsc2UKICAgICAgICAg ewogICAgICAgICAgICAgcmMgPSAtRU5PTUVNOwogICAgICAgICAgICAgZ290 byBkb25lOwo= --=separator Content-Type: application/octet-stream; name="xsa165-4.5.patch" Content-Disposition: attachment; filename="xsa165-4.5.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtNzk4 LDYgKzc5OCwxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKICAgICAg ICAgaWYgKCB2LT5hcmNoLnhzYXZlX2FyZWEgKQogICAgICAgICAgICAgIHYt PmFyY2gueHNhdmVfYXJlYS0+eHNhdmVfaGRyLnhzdGF0ZV9idiA9IFhTVEFU RV9GUF9TU0U7CiAgICAgfQorICAgIGVsc2UgaWYgKCB2LT5hcmNoLnhzYXZl X2FyZWEgKQorICAgICAgICBtZW1zZXQoJnYtPmFyY2gueHNhdmVfYXJlYS0+ eHNhdmVfaGRyLCAwLAorICAgICAgICAgICAgICAgc2l6ZW9mKHYtPmFyY2gu eHNhdmVfYXJlYS0+eHNhdmVfaGRyKSk7CisgICAgZWxzZQorICAgIHsKKyAg ICAgICAgdHlwZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSkgKmZw dV9zc2UgPSB2LT5hcmNoLmZwdV9jdHh0OworCisgICAgICAgIG1lbXNldChm cHVfc3NlLCAwLCBzaXplb2YoKmZwdV9zc2UpKTsKKyAgICAgICAgZnB1X3Nz ZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgIGZwdV9zc2UtPm14Y3Ny ID0gTVhDU1JfREVGQVVMVDsKKyAgICB9CiAKICAgICBpZiAoICFjb21wYXQg KQogICAgIHsKLS0tIGEveGVuL2FyY2gveDg2L2kzODcuYworKysgYi94ZW4v YXJjaC94ODYvaTM4Ny5jCkBAIC0xNywxOSArMTcsNiBAQAogI2luY2x1ZGUg PGFzbS94c3RhdGUuaD4KICNpbmNsdWRlIDxhc20vYXNtX2RlZm5zLmg+CiAK LXN0YXRpYyB2b2lkIGZwdV9pbml0KHZvaWQpCi17Ci0gICAgdW5zaWduZWQg bG9uZyB2YWw7Ci0gICAgCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5pdCIg KTsKLSAgICBpZiAoIGNwdV9oYXNfeG1tICkKLSAgICB7Ci0gICAgICAgIC8q IGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRyb2wvc3RhdHVz IHJlZ2lzdGVyICovCi0gICAgICAgIHZhbCA9IE1YQ1NSX0RFRkFVTFQ7Ci0g ICAgICAgIGFzbSB2b2xhdGlsZSAoICJsZG14Y3NyICUwIiA6IDogIm0iICh2 YWwpICk7Ci0gICAgfQotfQotCiAvKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKi8KIC8qICAgICBGUFUgUmVzdG9yZSBGdW5jdGlvbnMgICAqLwog LyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCkBAIC0yNDgsMTUg KzIzNSw4IEBAIHZvaWQgdmNwdV9yZXN0b3JlX2ZwdV9sYXp5KHN0cnVjdCB2 Y3B1ICoKIAogICAgIGlmICggY3B1X2hhc194c2F2ZSApCiAgICAgICAgIGZw dV94cnN0b3IodiwgWFNUQVRFX0xBWlkpOwotICAgIGVsc2UgaWYgKCB2LT5m cHVfaW5pdGlhbGlzZWQgKQotICAgIHsKLSAgICAgICAgaWYgKCBjcHVfaGFz X2Z4c3IgKQotICAgICAgICAgICAgZnB1X2Z4cnN0b3Iodik7Ci0gICAgICAg IGVsc2UKLSAgICAgICAgICAgIGZwdV9mcnN0b3Iodik7Ci0gICAgfQogICAg IGVsc2UKLSAgICAgICAgZnB1X2luaXQoKTsKKyAgICAgICAgZnB1X2Z4cnN0 b3Iodik7CiAKICAgICB2LT5mcHVfaW5pdGlhbGlzZWQgPSAxOwogICAgIHYt PmZwdV9kaXJ0aWVkID0gMTsKQEAgLTMxNyw3ICsyOTcsMTQgQEAgaW50IHZj cHVfaW5pdF9mcHUoc3RydWN0IHZjcHUgKnYpCiAgICAgZWxzZQogICAgIHsK ICAgICAgICAgdi0+YXJjaC5mcHVfY3R4dCA9IF94emFsbG9jKHNpemVvZih2 LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpLCAxNik7Ci0gICAgICAgIGlm ICggIXYtPmFyY2guZnB1X2N0eHQgKQorICAgICAgICBpZiAoIHYtPmFyY2gu ZnB1X2N0eHQgKQorICAgICAgICB7CisgICAgICAgICAgICB0eXBlb2Yodi0+ YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYtPmFyY2gu ZnB1X2N0eHQ7CisKKyAgICAgICAgICAgIGZwdV9zc2UtPmZjdyA9IEZDV19E RUZBVUxUOworICAgICAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENTUl9E RUZBVUxUOworICAgICAgICB9CisgICAgICAgIGVsc2UKICAgICAgICAgewog ICAgICAgICAgICAgcmMgPSAtRU5PTUVNOwogICAgICAgICAgICAgZ290byBk b25lOwo= --=separator Content-Type: application/octet-stream; name="xsa165-4.6.patch" Content-Disposition: attachment; filename="xsa165-4.6.patch" Content-Transfer-Encoding: base64 eDg2OiBkb24ndCBsZWFrIFNUKG4pL1hNTW4gdmFsdWVzIHRvIGRvbWFpbnMg Zmlyc3QgdXNpbmcgdGhlbQoKRk5JTklUIGRvZXNuJ3QgYWx0ZXIgdGhlc2Ug cmVnaXN0ZXJzLCBhbmQgaGVuY2UgdXNpbmcgaXQgaXMKaW5zdWZmaWNpZW50 IHRvIGluaXRpYWxpemUgYSBndWVzdCdzIGluaXRpYWwgc3RhdGUuCgpUaGlz IGlzIFhTQS0xNjUuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJl dWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2 L2RvbWFpbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtODUx LDYgKzg1MSwxNyBAQCBpbnQgYXJjaF9zZXRfaW5mb19ndWVzdCgKICAgICAg ICAgaWYgKCB2LT5hcmNoLnhzYXZlX2FyZWEgKQogICAgICAgICAgICAgIHYt PmFyY2gueHNhdmVfYXJlYS0+eHNhdmVfaGRyLnhzdGF0ZV9idiA9IFhTVEFU RV9GUF9TU0U7CiAgICAgfQorICAgIGVsc2UgaWYgKCB2LT5hcmNoLnhzYXZl X2FyZWEgKQorICAgICAgICBtZW1zZXQoJnYtPmFyY2gueHNhdmVfYXJlYS0+ eHNhdmVfaGRyLCAwLAorICAgICAgICAgICAgICAgc2l6ZW9mKHYtPmFyY2gu eHNhdmVfYXJlYS0+eHNhdmVfaGRyKSk7CisgICAgZWxzZQorICAgIHsKKyAg ICAgICAgdHlwZW9mKHYtPmFyY2gueHNhdmVfYXJlYS0+ZnB1X3NzZSkgKmZw dV9zc2UgPSB2LT5hcmNoLmZwdV9jdHh0OworCisgICAgICAgIG1lbXNldChm cHVfc3NlLCAwLCBzaXplb2YoKmZwdV9zc2UpKTsKKyAgICAgICAgZnB1X3Nz ZS0+ZmN3ID0gRkNXX0RFRkFVTFQ7CisgICAgICAgIGZwdV9zc2UtPm14Y3Ny ID0gTVhDU1JfREVGQVVMVDsKKyAgICB9CiAKICAgICBpZiAoICFjb21wYXQg KQogICAgIHsKLS0tIGEveGVuL2FyY2gveDg2L2kzODcuYworKysgYi94ZW4v YXJjaC94ODYvaTM4Ny5jCkBAIC0xNywxOSArMTcsNiBAQAogI2luY2x1ZGUg PGFzbS94c3RhdGUuaD4KICNpbmNsdWRlIDxhc20vYXNtX2RlZm5zLmg+CiAK LXN0YXRpYyB2b2lkIGZwdV9pbml0KHZvaWQpCi17Ci0gICAgdW5zaWduZWQg bG9uZyB2YWw7Ci0gICAgCi0gICAgYXNtIHZvbGF0aWxlICggImZuaW5pdCIg KTsKLSAgICBpZiAoIGNwdV9oYXNfeG1tICkKLSAgICB7Ci0gICAgICAgIC8q IGxvYWQgZGVmYXVsdCB2YWx1ZSBpbnRvIE1YQ1NSIGNvbnRyb2wvc3RhdHVz IHJlZ2lzdGVyICovCi0gICAgICAgIHZhbCA9IE1YQ1NSX0RFRkFVTFQ7Ci0g ICAgICAgIGFzbSB2b2xhdGlsZSAoICJsZG14Y3NyICUwIiA6IDogIm0iICh2 YWwpICk7Ci0gICAgfQotfQotCiAvKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKi8KIC8qICAgICBGUFUgUmVzdG9yZSBGdW5jdGlvbnMgICAqLwog LyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCkBAIC0yNDgsMTUg KzIzNSw4IEBAIHZvaWQgdmNwdV9yZXN0b3JlX2ZwdV9sYXp5KHN0cnVjdCB2 Y3B1ICoKIAogICAgIGlmICggY3B1X2hhc194c2F2ZSApCiAgICAgICAgIGZw dV94cnN0b3IodiwgWFNUQVRFX0xBWlkpOwotICAgIGVsc2UgaWYgKCB2LT5m cHVfaW5pdGlhbGlzZWQgKQotICAgIHsKLSAgICAgICAgaWYgKCBjcHVfaGFz X2Z4c3IgKQotICAgICAgICAgICAgZnB1X2Z4cnN0b3Iodik7Ci0gICAgICAg IGVsc2UKLSAgICAgICAgICAgIGZwdV9mcnN0b3Iodik7Ci0gICAgfQogICAg IGVsc2UKLSAgICAgICAgZnB1X2luaXQoKTsKKyAgICAgICAgZnB1X2Z4cnN0 b3Iodik7CiAKICAgICB2LT5mcHVfaW5pdGlhbGlzZWQgPSAxOwogICAgIHYt PmZwdV9kaXJ0aWVkID0gMTsKQEAgLTMxMyw3ICsyOTMsMTQgQEAgaW50IHZj cHVfaW5pdF9mcHUoc3RydWN0IHZjcHUgKnYpCiAgICAgZWxzZQogICAgIHsK ICAgICAgICAgdi0+YXJjaC5mcHVfY3R4dCA9IF94emFsbG9jKHNpemVvZih2 LT5hcmNoLnhzYXZlX2FyZWEtPmZwdV9zc2UpLCAxNik7Ci0gICAgICAgIGlm ICggIXYtPmFyY2guZnB1X2N0eHQgKQorICAgICAgICBpZiAoIHYtPmFyY2gu ZnB1X2N0eHQgKQorICAgICAgICB7CisgICAgICAgICAgICB0eXBlb2Yodi0+ YXJjaC54c2F2ZV9hcmVhLT5mcHVfc3NlKSAqZnB1X3NzZSA9IHYtPmFyY2gu ZnB1X2N0eHQ7CisKKyAgICAgICAgICAgIGZwdV9zc2UtPmZjdyA9IEZDV19E RUZBVUxUOworICAgICAgICAgICAgZnB1X3NzZS0+bXhjc3IgPSBNWENTUl9E RUZBVUxUOworICAgICAgICB9CisgICAgICAgIGVsc2UKICAgICAgICAgICAg IHJjID0gLUVOT01FTTsKICAgICB9CiAK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt7-0007Cs-Bb; Thu, 17 Dec 2015 12:42:29 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt5-0007CS-VG; Thu, 17 Dec 2015 12:42:28 +0000 Received: from [85.158.139.211] by server-14.bemta-5.messagelabs.com id 90/B6-18633-2BDA2765; Thu, 17 Dec 2015 12:42:26 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-4.tower-206.messagelabs.com!1450356140!11372805!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 12943 invoked from network); 17 Dec 2015 12:42:20 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-4.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:20 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xsp-0000v9-Vu; Thu, 17 Dec 2015 12:42:11 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xsp-0001up-LQ; Thu, 17 Dec 2015 12:42:11 +0000 Date: Thu, 17 Dec 2015 12:42:11 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8550 / XSA-155 version 5 paravirtualized drivers incautious about shared memory contents UPDATES IN VERSION 5 ==================== Public release. ISSUE DESCRIPTION ================= The compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice (during which time the frontend can alter the contents) possibly leading to arbitrary code execution in backend. IMPACT ====== Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact can be a host crash, or privilege escalation. VULNERABLE SYSTEMS ================== Systems running PV or HVM guests are vulnerable. ARM and x86 systems are vulnerable. All OSes providing PV backends are susceptible, this includes Linux and NetBSD. By default the Linux distributions compile kernels with optimizations. MITIGATION ========== There is no mitigation. CREDITS ======= This issue was discovered by Felix Wilhelm of ERNW. RESOLUTION ========== Applying the appropriate attached patches should fix the problem for PV backends. Note only that PV backends are fixed; PV frontend patches will be developed and released (publicly) after the embargo date. Please note that there is a bug in some versions of gcc, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 which can cause the construct used in RING_COPY_REQUEST() to be ineffective in some circumstances. We have determined that this is only the case when the structure being copied consists purely of bitfields. The Xen PV protocols updated here do not use bitfields in this way and therefore these patches are not subject to that bug. However authors of third party PV protocols should take this into consideration. Linux v4.4: xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch Linux v4.[0,1,2,3] All the above patches except #5 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch Linux v3.19: All the above patches except #5 and #6 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux319-0006-xen-scsiback-safely-copy-requests.patch qemu-xen: xsa155-qemu-qdisk-double-access.patch xsa155-qemu-xenfb.patch qemu-traditional: xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch NetBSD 7.0: xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch xen: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xen 4.4: All patches except #3 will apply, please use: xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ sha256sum xsa155* d9fbc104ab2ae797971e351ee0e04e7b7e9c7c33385309bb406c7941dc9a33b4 xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch 590656d83ad7b6052b54659eccb3469658b3942c0dc1366423a66f2f5ac643e1 xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2bd18632178e09394c5cd06aded2c14bcc6b6e360ad6e81827d24860fe3e8ca4 xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch cecdeccb8e2551252c81fc5f164a8298005df714a574a7ba18b84e8ed5f2bb70 xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch 3916b847243047f0e1053233ade742c14a7f29243584e60bf5db4842a8068855 xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch 746c8eb0aeb200d76156c88dfbbd49db79f567b88b07eda70f7c7d095721f05a xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch 18517a184a02f7441065b8d3423086320ec4c2345c00d551231f7976381767f5 xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2e6d556d25b1cc16e71afde665ae3908f4fa8eab7e0d96283fc78400301baf92 xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch 5e130d8b61906015c6a94f8edd3cce97b172f96a265d97ecf370e7b45125b73d xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch 08c2d0f95dcc215165afbce623b6972b81dd45b091b5f40017579b00c8612e03 xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch 0a66010f736092f91f70bb0fd220685e4395efef1db6d23a3d1eace31d144f51 xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch 5e913a8427cab6b4d384d1246e05116afc301eb117edd838101eb53a82c2f2ff xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch 3b8f14eafaed3a7bc66245753a37af4249acf8129fbedb70653192252dc47dc9 xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch 81ae5fa998243a78dad749fc561be647dc1dc1be799e8f18484fdf0989469705 xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch 044ff74fa048df820d528f64f2791ec9cb3940bd313c1179020bd49a6cde2ca3 xsa155-qemu-qdisk-double-access.patch 1150504589eb7bfa108c80ce63395e57d0e627b12d9201219d968fdd026919a6 xsa155-qemut-qdisk-double-access.patch 63186246ab6913b54bfef5f09f33e815935ac40ff821c27a3efda62339bbbd5f xsa155-qemut-xenfb.patch e53b4ac298648cde79344192d5a58ca8d8724344f5105bec7c09eef095c668f6 xsa155-qemu-xenfb.patch e52467fcec73bcc86d3e96d06f8ca8085ae56a83d2c42a30c16bc3dc630d8f8a xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch eae34c8ccc096ad93a74190506b3d55020a88afb0cc504a3a514590e9fd746fd xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch 42780265014085a4221ad32b026214693d751789eb5219e2e83862c0006c66f4 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch dfcaddb8a908a4fc1b048a43187e885117e67dc566f5c841037ee366dcd437d1 xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqy6AAoJEIP+FMlX6CvZeBQH/ReZbtQjtRmlvHyu72GPZfGm fI3Ji5NMczuAu/2aopqOl+dUudO91lHEDmKNuBKHFAb2hOjTd003mCig0JP2D3js 0Ca8ab7VDgSlNKTl99XAizKFYMJEDRdAxYHktNj+1ok9381e7xquEJ77GfSk2S1e gKDoSYkseSEcrThsgsohYiEvIe/odf8gn4gKq7CTK2sAf45wxWwP/QtgbAidJR3s hQKuv++cyf11csSuVBX4cp0YN8lRWPmygD1si6D/y2TUvn3sAw2EzDkdSfryvtFV /PJTtaQKtyvwOu3kJedguPL0yYmdAPQLAwYWum/NfSBB4g94ydxJ30amp3q37lY= =9VP6 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSBmOWM3MWU4OTJkNTE0MmEzMTQ0ODFkZjZiYWEyNmIzNGU2YTZiYTQ1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuLXNjc2li YWNrOiBzYWZlbHkgY29weSByZXF1ZXN0cwoKVGhlIGNvcHkgb2YgdGhlIHJp bmcgcmVxdWVzdCB3YXMgbGFja2luZyBhIGZvbGxvd2luZyBiYXJyaWVyKCks CnBvdGVudGlhbGx5IGFsbG93aW5nIHRoZSBjb21waWxlciB0byBvcHRpbWl6 ZSB0aGUgY29weSBhd2F5LgoKVXNlIFJJTkdfQ09QWV9SRVFVRVNUKCkgdG8g ZW5zdXJlIHRoZSByZXF1ZXN0IGlzIGNvcGllZCB0byBsb2NhbAptZW1vcnku CgpUaGlzIGlzIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3Jn ClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNp dHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCnYyOiBUaGlzIGlzIGEg YWdhaW5zdCB2My4xOQotLS0KIGRyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5j IHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94ZW4veGVuLXNjc2li YWNrLmMgYi9kcml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYwppbmRleCBlOTk5 NDk2ZS4uZDg2ZjZlMSAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXNj c2liYWNrLmMKKysrIGIvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKQEAg LTczNCw3ICs3MzQsNyBAQCBzdGF0aWMgaW50IHNjc2liYWNrX2RvX2NtZF9m bihzdHJ1Y3QgdnNjc2lia19pbmZvICppbmZvKQogCQlpZiAoIXBlbmRpbmdf cmVxKQogCQkJcmV0dXJuIDE7CiAKLQkJcmluZ19yZXEgPSBSSU5HX0dFVF9S RVFVRVNUKHJpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVFU1QocmluZywg cmMsICZyaW5nX3JlcSk7CiAJCXJpbmctPnJlcV9jb25zID0gKytyYzsKIAog CQlhY3QgPSByaW5nX3JlcS0+YWN0OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBkNTJmMDA5NjBjMTA3MGM2ODM4MDlmYWRkZDM1YTIyMjNlMmI4YTZl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDYvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0tCnYyOiBUaGlz IGlzIGFnYWluc3QgdjQuMwotLS0KIGRyaXZlcnMvYmxvY2sveGVuLWJsa2Jh Y2svYmxrYmFjay5jIHwgMTIgKysrKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdl ZCwgNyBpbnNlcnRpb25zKCspLCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIGIvZHJp dmVycy9ibG9jay94ZW4tYmxrYmFjay9ibGtiYWNrLmMKaW5kZXggNmE2ODVh ZS4uZjJlN2EzOCAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxr YmFjay9ibGtiYWNrLmMKKysrIGIvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9ibGtiYWNrLmMKQEAgLTk1MCw2ICs5NTAsOCBAQCBzdGF0aWMgaW50IHhl bl9ibGtia19wYXJzZV9pbmRpcmVjdChzdHJ1Y3QgYmxraWZfcmVxdWVzdCAq cmVxLAogCQlnb3RvIHVubWFwOwogCiAJZm9yIChuID0gMCwgaSA9IDA7IG4g PCBuc2VnOyBuKyspIHsKKwkJdWludDhfdCBmaXJzdF9zZWN0LCBsYXN0X3Nl Y3Q7CisKIAkJaWYgKChuICUgU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUUpID09 IDApIHsKIAkJCS8qIE1hcCBpbmRpcmVjdCBzZWdtZW50cyAqLwogCQkJaWYg KHNlZ21lbnRzKQpAQCAtOTU4LDE0ICs5NjAsMTQgQEAgc3RhdGljIGludCB4 ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3RydWN0IGJsa2lmX3JlcXVlc3Qg KnJlcSwKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1F OwogCQlwZW5kaW5nX3JlcS0+c2VnbWVudHNbbl0tPmdyZWYgPSBzZWdtZW50 c1tpXS5ncmVmOwotCQlzZWdbbl0ubnNlYyA9IHNlZ21lbnRzW2ldLmxhc3Rf c2VjdCAtCi0JCQlzZWdtZW50c1tpXS5maXJzdF9zZWN0ICsgMTsKLQkJc2Vn W25dLm9mZnNldCA9IChzZWdtZW50c1tpXS5maXJzdF9zZWN0IDw8IDkpOwot CQlpZiAoKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA+PSAoUEFHRV9TSVpFID4+ IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNlZ21l bnRzW2ldLmZpcnN0X3NlY3QpKSB7CisJCWZpcnN0X3NlY3QgPSBSRUFEX09O Q0Uoc2VnbWVudHNbaV0uZmlyc3Rfc2VjdCk7CisJCWxhc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5sYXN0X3NlY3QpOworCQlpZiAobGFzdF9z ZWN0ID49IChQQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0IDwgZmlyc3Rf c2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1bm1hcDsKIAkJ fQorCQlzZWdbbl0ubnNlYyA9IGxhc3Rfc2VjdCAtIGZpcnN0X3NlY3QgKyAx OworCQlzZWdbbl0ub2Zmc2V0ID0gZmlyc3Rfc2VjdCA8PCA5OwogCQlwcmVx LT5ucl9zZWN0cyArPSBzZWdbbl0ubnNlYzsKIAl9CiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA0ZTJiYzQyM2UwY2VmMGE0MmY5M2Q5ODljMDk4MDMwMWRmMWJkNDYy IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE0OjU4OjA4ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzddIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6IFVwZGF0ZSBhYm91dCBHQ0Mg YW5kIGJpdGZpZWxkcy4KLS0tCiBpbmNsdWRlL3hlbi9pbnRlcmZhY2UvaW8v cmluZy5oIHwgMTQgKysrKysrKysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCAx NCBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvaW5jbHVkZS94ZW4vaW50 ZXJmYWNlL2lvL3JpbmcuaCBiL2luY2x1ZGUveGVuL2ludGVyZmFjZS9pby9y aW5nLmgKaW5kZXggN2QyOGFmZi4uN2RjNjg1YiAxMDA2NDQKLS0tIGEvaW5j bHVkZS94ZW4vaW50ZXJmYWNlL2lvL3JpbmcuaAorKysgYi9pbmNsdWRlL3hl bi9pbnRlcmZhY2UvaW8vcmluZy5oCkBAIC0xODEsNiArMTgxLDIwIEBAIHN0 cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgewkJCQkJCVwKICNkZWZpbmUgUklO R19HRVRfUkVRVUVTVChfciwgX2lkeCkJCQkJCVwKICAgICAoJigoX3IpLT5z cmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAxKSldLnJl cSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVxdWVzdC4K KyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdfR0VUX1JF UVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBvbiBhIGxv Y2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhlIG90aGVy IGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251Lm9yZy9i dWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNlIHRoaXMK KyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBzdHJ1Y3Qg d2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8KKyNkZWZp bmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRvIHsJCQkJ XAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBpbnRvIF9y ZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVvZihfcmVx KSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGlsZSAoMCkK KwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkJCQkJCVwK ICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0la RShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Transfer-Encoding: base64 RnJvbSAxMDBhYzM3MmEwZTA3Y2NjOGM1MDhjMzg4NGZhOTAyMGNmZTA4MDk0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE2OjAxICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzddIHhlbi1u ZXRiYWNrOiBkb24ndCB1c2UgbGFzdCByZXF1ZXN0IHRvIGRldGVybWluZSBt aW5pbXVtCiBUeCBjcmVkaXQKClRoZSBsYXN0IGZyb20gZ3Vlc3QgdHJhbnNt aXR0ZWQgcmVxdWVzdCBnaXZlcyBubyBpbmRpY2F0aW9uIGFib3V0IHRoZQpt aW5pbXVtIGFtb3VudCBvZiBjcmVkaXQgdGhhdCB0aGUgZ3Vlc3QgbWlnaHQg bmVlZCB0byBzZW5kIGEgcGFja2V0CnNpbmNlIHRoZSBsYXN0IHBhY2tldCBt aWdodCBoYXZlIGJlZW4gYSBzbWFsbCBvbmUuCgpJbnN0ZWFkIGFsbG93IGZv ciB0aGUgd29yc3QgY2FzZSAxMjggS2lCIHBhY2tldC4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZp ZXdlZC1ieTogV2VpIExpdSA8d2VpLmxpdTJAY2l0cml4LmNvbT4KU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMvbmV0L3hlbi1uZXRi YWNrL25ldGJhY2suYyB8IDQgKy0tLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5z ZXJ0aW9uKCspLCAzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZl cnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyBiL2RyaXZlcnMvbmV0L3hl bi1uZXRiYWNrL25ldGJhY2suYwppbmRleCBlNDgxZjM3Li5iNjgzNTgxIDEw MDY0NAotLS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMK KysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCkBAIC02 NzksOSArNjc5LDcgQEAgc3RhdGljIHZvaWQgdHhfYWRkX2NyZWRpdChzdHJ1 Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSkKIAkgKiBBbGxvdyBhIGJ1cnN0IGJp ZyBlbm91Z2ggdG8gdHJhbnNtaXQgYSBqdW1ibyBwYWNrZXQgb2YgdXAgdG8g MTI4a0IuCiAJICogT3RoZXJ3aXNlIHRoZSBpbnRlcmZhY2UgY2FuIHNlaXpl IHVwIGR1ZSB0byBpbnN1ZmZpY2llbnQgY3JlZGl0LgogCSAqLwotCW1heF9i dXJzdCA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT50eCwgcXVldWUtPnR4 LnJlcV9jb25zKS0+c2l6ZTsKLQltYXhfYnVyc3QgPSBtaW4obWF4X2J1cnN0 LCAxMzEwNzJVTCk7Ci0JbWF4X2J1cnN0ID0gbWF4KG1heF9idXJzdCwgcXVl dWUtPmNyZWRpdF9ieXRlcyk7CisJbWF4X2J1cnN0ID0gbWF4KDEzMTA3MlVM LCBxdWV1ZS0+Y3JlZGl0X2J5dGVzKTsKIAogCS8qIFRha2UgY2FyZSB0aGF0 IGFkZGluZyBhIG5ldyBjaHVuayBvZiBjcmVkaXQgZG9lc24ndCB3cmFwIHRv IHplcm8uICovCiAJbWF4X2NyZWRpdCA9IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICsgcXVldWUtPmNyZWRpdF9ieXRlczsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Transfer-Encoding: base64 RnJvbSA0MTI3ZTljY2FlMGVkYTYyMjQyMWQyMTEzMjg0NmFiZGY3NGY2NmVk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE3OjA2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAzLzddIHhlbi1u ZXRiYWNrOiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0CgpJ bnN0ZWFkIG9mIG9wZW4tY29kaW5nIG1lbWNweSgpcyBhbmQgZGlyZWN0bHkg YWNjZXNzaW5nIFR4IGFuZCBSeApyZXF1ZXN0cywgdXNlIHRoZSBuZXcgUklO R19DT1BZX1JFUVVFU1QoKSB0aGF0IGVuc3VyZXMgdGhlIGxvY2FsIGNvcHkK aXMgY29ycmVjdC4KClRoaXMgaXMgbW9yZSB0aGFuIGlzIHN0cmljdGx5IG5l Y2Vzc2FyeSBmb3IgZ3Vlc3QgUnggcmVxdWVzdHMgc2luY2UKb25seSB0aGUg aWQgYW5kIGdyZWYgZmllbGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVz cyBpZiB0aGUKZnJvbnRlbmQgbW9kaWZpZXMgdGhlc2UuCgpUaGlzIGlzIHBh cnQgb2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKUmV2 aWV3ZWQtYnk6IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5j b20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2lsayA8a29u cmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgfCAzMCArKysrKysrKysrKysrKy0tLS0tLS0tLS0t LS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAxNCBpbnNlcnRpb25zKCspLCAxNiBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRi YWNrLmMKaW5kZXggYjY4MzU4MS4uMTA0OWMzNCAxMDA2NDQKLS0tIGEvZHJp dmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCisrKyBiL2RyaXZlcnMv bmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYwpAQCAtMjU4LDE4ICsyNTgsMTgg QEAgc3RhdGljIHN0cnVjdCB4ZW52aWZfcnhfbWV0YSAqZ2V0X25leHRfcnhf YnVmZmVyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQkJCQkJIHN0 cnVjdCBuZXRyeF9wZW5kaW5nX29wZXJhdGlvbnMgKm5wbykKIHsKIAlzdHJ1 Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAotCXJlcSA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT5yeCwg cXVldWUtPnJ4LnJlcV9jb25zKyspOworCVJJTkdfQ09QWV9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrLCAmcmVxKTsKIAogCW1l dGEgPSBucG8tPm1ldGEgKyBucG8tPm1ldGFfcHJvZCsrOwogCW1ldGEtPmdz b190eXBlID0gWEVOX05FVElGX0dTT19UWVBFX05PTkU7CiAJbWV0YS0+Z3Nv X3NpemUgPSAwOwogCW1ldGEtPnNpemUgPSAwOwotCW1ldGEtPmlkID0gcmVx LT5pZDsKKwltZXRhLT5pZCA9IHJlcS5pZDsKIAogCW5wby0+Y29weV9vZmYg PSAwOwotCW5wby0+Y29weV9ncmVmID0gcmVxLT5ncmVmOworCW5wby0+Y29w eV9ncmVmID0gcmVxLmdyZWY7CiAKIAlyZXR1cm4gbWV0YTsKIH0KQEAgLTQy NCw3ICs0MjQsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVj dCBza19idWZmICpza2IsCiAJc3RydWN0IHhlbnZpZiAqdmlmID0gbmV0ZGV2 X3ByaXYoc2tiLT5kZXYpOwogCWludCBucl9mcmFncyA9IHNrYl9zaGluZm8o c2tiKS0+bnJfZnJhZ3M7CiAJaW50IGk7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAlzdHJ1Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7CiAJdW5zaWdu ZWQgY2hhciAqZGF0YTsKIAlpbnQgaGVhZCA9IDE7CkBAIC00NDMsMTUgKzQ0 MywxNSBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVjdCBza19i dWZmICpza2IsCiAKIAkvKiBTZXQgdXAgYSBHU08gcHJlZml4IGRlc2NyaXB0 b3IsIGlmIG5lY2Vzc2FyeSAqLwogCWlmICgoMSA8PCBnc29fdHlwZSkgJiB2 aWYtPmdzb19wcmVmaXhfbWFzaykgewotCQlyZXEgPSBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwkJUklO R19DT1BZX1JFUVVFU1QoJnF1ZXVlLT5yeCwgcXVldWUtPnJ4LnJlcV9jb25z KyssICZyZXEpOwogCQltZXRhID0gbnBvLT5tZXRhICsgbnBvLT5tZXRhX3By b2QrKzsKIAkJbWV0YS0+Z3NvX3R5cGUgPSBnc29fdHlwZTsKIAkJbWV0YS0+ Z3NvX3NpemUgPSBza2Jfc2hpbmZvKHNrYiktPmdzb19zaXplOwogCQltZXRh LT5zaXplID0gMDsKLQkJbWV0YS0+aWQgPSByZXEtPmlkOworCQltZXRhLT5p ZCA9IHJlcS5pZDsKIAl9CiAKLQlyZXEgPSBSSU5HX0dFVF9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnJ4LCBxdWV1ZS0+cngucmVxX2NvbnMrKywgJnJl cSk7CiAJbWV0YSA9IG5wby0+bWV0YSArIG5wby0+bWV0YV9wcm9kKys7CiAK IAlpZiAoKDEgPDwgZ3NvX3R5cGUpICYgdmlmLT5nc29fbWFzaykgewpAQCAt NDYzLDkgKzQ2Myw5IEBAIHN0YXRpYyBpbnQgeGVudmlmX2dvcF9za2Ioc3Ry dWN0IHNrX2J1ZmYgKnNrYiwKIAl9CiAKIAltZXRhLT5zaXplID0gMDsKLQlt ZXRhLT5pZCA9IHJlcS0+aWQ7CisJbWV0YS0+aWQgPSByZXEuaWQ7CiAJbnBv LT5jb3B5X29mZiA9IDA7Ci0JbnBvLT5jb3B5X2dyZWYgPSByZXEtPmdyZWY7 CisJbnBvLT5jb3B5X2dyZWYgPSByZXEuZ3JlZjsKIAogCWRhdGEgPSBza2It PmRhdGE7CiAJd2hpbGUgKGRhdGEgPCBza2JfdGFpbF9wb2ludGVyKHNrYikp IHsKQEAgLTcwOSw3ICs3MDksNyBAQCBzdGF0aWMgdm9pZCB4ZW52aWZfdHhf ZXJyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQlzcGluX3VubG9j a19pcnFyZXN0b3JlKCZxdWV1ZS0+cmVzcG9uc2VfbG9jaywgZmxhZ3MpOwog CQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKLQkJdHhwID0gUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyspOworCQlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyssIHR4cCk7CiAJfSB3aGlsZSAo MSk7CiAJcXVldWUtPnR4LnJlcV9jb25zID0gY29uczsKIH0KQEAgLTc3Niw4 ICs3NzYsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9jb3VudF9yZXF1ZXN0cyhz dHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJaWYgKGRyb3BfZXJyKQog CQkJdHhwID0gJmRyb3BwZWRfdHg7CiAKLQkJbWVtY3B5KHR4cCwgUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zICsgc2xvdHMpLAotCQkgICAg ICAgc2l6ZW9mKCp0eHApKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVl LT50eCwgY29ucyArIHNsb3RzLCB0eHApOwogCiAJCS8qIElmIHRoZSBndWVz dCBzdWJtaXR0ZWQgYSBmcmFtZSA+PSA2NCBLaUIgdGhlbgogCQkgKiBmaXJz dC0+c2l6ZSBvdmVyZmxvd2VkIGFuZCBmb2xsb3dpbmcgc2xvdHMgd2lsbApA QCAtMTExMCw4ICsxMTA5LDcgQEAgc3RhdGljIGludCB4ZW52aWZfZ2V0X2V4 dHJhcyhzdHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJCXJldHVybiAt RUJBRFI7CiAJCX0KIAotCQltZW1jcHkoJmV4dHJhLCBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+dHgsIGNvbnMpLAotCQkgICAgICAgc2l6ZW9mKGV4dHJh KSk7CisJCVJJTkdfQ09QWV9SRVFVRVNUKCZxdWV1ZS0+dHgsIGNvbnMsICZl eHRyYSk7CiAJCWlmICh1bmxpa2VseSghZXh0cmEudHlwZSB8fAogCQkJICAg ICBleHRyYS50eXBlID49IFhFTl9ORVRJRl9FWFRSQV9UWVBFX01BWCkpIHsK IAkJCXF1ZXVlLT50eC5yZXFfY29ucyA9ICsrY29uczsKQEAgLTEzMjAsNyAr MTMxOCw3IEBAIHN0YXRpYyB2b2lkIHhlbnZpZl90eF9idWlsZF9nb3BzKHN0 cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCiAJCWlkeCA9IHF1ZXVlLT50 eC5yZXFfY29uczsKIAkJcm1iKCk7IC8qIEVuc3VyZSB0aGF0IHdlIHNlZSB0 aGUgcmVxdWVzdCBiZWZvcmUgd2UgY29weSBpdC4gKi8KLQkJbWVtY3B5KCZ0 eHJlcSwgUklOR19HRVRfUkVRVUVTVCgmcXVldWUtPnR4LCBpZHgpLCBzaXpl b2YodHhyZXEpKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVlLT50eCwg aWR4LCAmdHhyZXEpOwogCiAJCS8qIENyZWRpdC1iYXNlZCBzY2hlZHVsaW5n LiAqLwogCQlpZiAodHhyZXEuc2l6ZSA+IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICYmCi0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Transfer-Encoding: base64 RnJvbSAwODRiOGMyZTc3ZjFhYzA3ZTRhM2ExMjFmZjk1N2M0OWE5Mzc5Mzg1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6MzQ6MDkgKzAwMDAKU3ViamVj dDogW1BBVENIIDQvN10geGVuLWJsa2JhY2s6IG9ubHkgcmVhZCByZXF1ZXN0 IG9wZXJhdGlvbiBmcm9tIHNoYXJlZCByaW5nCiBvbmNlCk1JTUUtVmVyc2lv bjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYt OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgpBIGNvbXBpbGVy IG1heSBsb2FkIGEgc3dpdGNoIHN0YXRlbWVudCB2YWx1ZSBtdWx0aXBsZSB0 aW1lcywgd2hpY2ggY291bGQKYmUgYmFkIHdoZW4gdGhlIHZhbHVlIGlzIGlu IG1lbW9yeSBzaGFyZWQgd2l0aCB0aGUgZnJvbnRlbmQuCgpXaGVuIGNvbnZl cnRpbmcgYSBub24tbmF0aXZlIHJlcXVlc3QgdG8gYSBuYXRpdmUgb25lLCBl bnN1cmUgdGhhdApzcmMtPm9wZXJhdGlvbiBpcyBvbmx5IGxvYWRlZCBvbmNl IGJ5IHVzaW5nIFJFQURfT05DRSgpLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1 NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3JnClNpZ25lZC1vZmYtYnk6 IFJvZ2VyIFBhdSBNb25uw6kgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpTaWdu ZWQtb2ZmLWJ5OiBEYXZpZCBWcmFiZWwgPGRhdmlkLnZyYWJlbEBjaXRyaXgu Y29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtv bnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogZHJpdmVycy9ibG9jay94ZW4t YmxrYmFjay9jb21tb24uaCB8IDggKysrKy0tLS0KIDEgZmlsZSBjaGFuZ2Vk LCA0IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFjay9jb21tb24uaCBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svY29tbW9uLmgKaW5kZXggNjhlODdhMC4u YzkyOWFlMiAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9jb21tb24uaAorKysgYi9kcml2ZXJzL2Jsb2NrL3hlbi1ibGtiYWNrL2Nv bW1vbi5oCkBAIC00MDgsOCArNDA4LDggQEAgc3RhdGljIGlubGluZSB2b2lk IGJsa2lmX2dldF94ODZfMzJfcmVxKHN0cnVjdCBibGtpZl9yZXF1ZXN0ICpk c3QsCiAJCQkJCXN0cnVjdCBibGtpZl94ODZfMzJfcmVxdWVzdCAqc3JjKQog ewogCWludCBpLCBuID0gQkxLSUZfTUFYX1NFR01FTlRTX1BFUl9SRVFVRVNU LCBqOwotCWRzdC0+b3BlcmF0aW9uID0gc3JjLT5vcGVyYXRpb247Ci0Jc3dp dGNoIChzcmMtPm9wZXJhdGlvbikgeworCWRzdC0+b3BlcmF0aW9uID0gUkVB RF9PTkNFKHNyYy0+b3BlcmF0aW9uKTsKKwlzd2l0Y2ggKGRzdC0+b3BlcmF0 aW9uKSB7CiAJY2FzZSBCTEtJRl9PUF9SRUFEOgogCWNhc2UgQkxLSUZfT1Bf V1JJVEU6CiAJY2FzZSBCTEtJRl9PUF9XUklURV9CQVJSSUVSOgpAQCAtNDU2 LDggKzQ1Niw4IEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBibGtpZl9nZXRfeDg2 XzY0X3JlcShzdHJ1Y3QgYmxraWZfcmVxdWVzdCAqZHN0LAogCQkJCQlzdHJ1 Y3QgYmxraWZfeDg2XzY0X3JlcXVlc3QgKnNyYykKIHsKIAlpbnQgaSwgbiA9 IEJMS0lGX01BWF9TRUdNRU5UU19QRVJfUkVRVUVTVCwgajsKLQlkc3QtPm9w ZXJhdGlvbiA9IHNyYy0+b3BlcmF0aW9uOwotCXN3aXRjaCAoc3JjLT5vcGVy YXRpb24pIHsKKwlkc3QtPm9wZXJhdGlvbiA9IFJFQURfT05DRShzcmMtPm9w ZXJhdGlvbik7CisJc3dpdGNoIChkc3QtPm9wZXJhdGlvbikgewogCWNhc2Ug QkxLSUZfT1BfUkVBRDoKIAljYXNlIEJMS0lGX09QX1dSSVRFOgogCWNhc2Ug QkxLSUZfT1BfV1JJVEVfQkFSUklFUjoKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSAwNmVlN2M3YmViMGI1MjQ1YjFkODc5Yzk3NTNmYWEyY2Y1YWQ5ODkx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDUvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMv YmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIHwgMTUgKysrKysrKysrKy0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMTAgaW5zZXJ0aW9ucygrKSwgNSBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL2Jsb2NrL3hlbi1ibGti YWNrL2Jsa2JhY2suYyBiL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxr YmFjay5jCmluZGV4IGY5MDk5OTQuLjQxZmIxYTkgMTAwNjQ0Ci0tLSBhL2Ry aXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCisrKyBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCkBAIC05NTAsNiArOTUw LDggQEAgc3RhdGljIGludCB4ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3Ry dWN0IGJsa2lmX3JlcXVlc3QgKnJlcSwKIAkJZ290byB1bm1hcDsKIAogCWZv ciAobiA9IDAsIGkgPSAwOyBuIDwgbnNlZzsgbisrKSB7CisJCXVpbnQ4X3Qg Zmlyc3Rfc2VjdCwgbGFzdF9zZWN0OworCiAJCWlmICgobiAlIFNFR1NfUEVS X0lORElSRUNUX0ZSQU1FKSA9PSAwKSB7CiAJCQkvKiBNYXAgaW5kaXJlY3Qg c2VnbWVudHMgKi8KIAkJCWlmIChzZWdtZW50cykKQEAgLTk1NywxNSArOTU5 LDE4IEBAIHN0YXRpYyBpbnQgeGVuX2Jsa2JrX3BhcnNlX2luZGlyZWN0KHN0 cnVjdCBibGtpZl9yZXF1ZXN0ICpyZXEsCiAJCQlzZWdtZW50cyA9IGttYXBf YXRvbWljKHBhZ2VzW24vU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUVdLT5wYWdl KTsKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1FOwor CiAJCXBlbmRpbmdfcmVxLT5zZWdtZW50c1tuXS0+Z3JlZiA9IHNlZ21lbnRz W2ldLmdyZWY7Ci0JCXNlZ1tuXS5uc2VjID0gc2VnbWVudHNbaV0ubGFzdF9z ZWN0IC0KLQkJCXNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgKyAxOwotCQlzZWdb bl0ub2Zmc2V0ID0gKHNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgPDwgOSk7Ci0J CWlmICgoc2VnbWVudHNbaV0ubGFzdF9zZWN0ID49IChYRU5fUEFHRV9TSVpF ID4+IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNl Z21lbnRzW2ldLmZpcnN0X3NlY3QpKSB7CisKKwkJZmlyc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5maXJzdF9zZWN0KTsKKwkJbGFzdF9zZWN0 ID0gUkVBRF9PTkNFKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCk7CisJCWlmIChs YXN0X3NlY3QgPj0gKFhFTl9QQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0 IDwgZmlyc3Rfc2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1 bm1hcDsKIAkJfQorCisJCXNlZ1tuXS5uc2VjID0gbGFzdF9zZWN0IC0gZmly c3Rfc2VjdCArIDE7CisJCXNlZ1tuXS5vZmZzZXQgPSBmaXJzdF9zZWN0IDw8 IDk7CiAJCXByZXEtPm5yX3NlY3RzICs9IHNlZ1tuXS5uc2VjOwogCX0KIAot LSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSA4OTczOWMxNGM3MmU1YzE2MjZhNWNkNWUwOWNiYjJlZmVhYWRiNmQ4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSCA2LzddIHhlbi1z Y3NpYmFjazogc2FmZWx5IGNvcHkgcmVxdWVzdHMKClRoZSBjb3B5IG9mIHRo ZSByaW5nIHJlcXVlc3Qgd2FzIGxhY2tpbmcgYSBmb2xsb3dpbmcgYmFycmll cigpLApwb3RlbnRpYWxseSBhbGxvd2luZyB0aGUgY29tcGlsZXIgdG8gb3B0 aW1pemUgdGhlIGNvcHkgYXdheS4KClVzZSBSSU5HX0NPUFlfUkVRVUVTVCgp IHRvIGVuc3VyZSB0aGUgcmVxdWVzdCBpcyBjb3BpZWQgdG8gbG9jYWwKbWVt b3J5LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdl ci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jv c3NAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2 aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBS emVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBk cml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYyB8IDIgKy0KIDEgZmlsZSBjaGFu Z2VkLCAxIGluc2VydGlvbigrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5jIGIvZHJpdmVycy94ZW4v eGVuLXNjc2liYWNrLmMKaW5kZXggNDNiY2FlOC4uYWQ0ZWIxMCAxMDA2NDQK LS0tIGEvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKKysrIGIvZHJpdmVy cy94ZW4veGVuLXNjc2liYWNrLmMKQEAgLTcyNiw3ICs3MjYsNyBAQCBzdGF0 aWMgaW50IHNjc2liYWNrX2RvX2NtZF9mbihzdHJ1Y3QgdnNjc2lia19pbmZv ICppbmZvKQogCQlpZiAoIXBlbmRpbmdfcmVxKQogCQkJcmV0dXJuIDE7CiAK LQkJcmluZ19yZXEgPSAqUklOR19HRVRfUkVRVUVTVChyaW5nLCByYyk7CisJ CVJJTkdfQ09QWV9SRVFVRVNUKHJpbmcsIHJjLCAmcmluZ19yZXEpOwogCQly aW5nLT5yZXFfY29ucyA9ICsrcmM7CiAKIAkJZXJyID0gcHJlcGFyZV9wZW5k aW5nX3JlcXMoaW5mbywgJnJpbmdfcmVxLCBwZW5kaW5nX3JlcSk7Ci0tIAoy LjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Transfer-Encoding: base64 RnJvbSBmNmY0Mzg4YzkxN2NlOTZiMDc1YTIzOWE0NTM1YjhlZmM2MDY0ZDE0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MTYgTm92IDIwMTUgMTI6NDA6NDggLTA1MDAKU3ViamVjdDogW1BBVENIIDcv N10geGVuL3BjaWJhY2s6IFNhdmUgeGVuX3BjaV9vcCBjb21tYW5kcyBiZWZv cmUgcHJvY2Vzc2luZwogaXQKCkRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXRp ZXMgdGhhdCBoYXBwZW4gd2hlbiBhIHZhcmlhYmxlIGlzCmZldGNoZWQgdHdp Y2UgZnJvbSBzaGFyZWQgbWVtb3J5IGJ1dCBhIHNlY3VyaXR5IGNoZWNrIGlz IG9ubHkKcGVyZm9ybWVkIHRoZSBmaXJzdCB0aW1lLgoKVGhlIHhlbl9wY2li a19kb19vcCBmdW5jdGlvbiBwZXJmb3JtcyBhIHN3aXRjaCBzdGF0ZW1lbnRz IG9uIHRoZSBvcC0+Y21kCnZhbHVlIHdoaWNoIGlzIHN0b3JlZCBpbiBzaGFy ZWQgbWVtb3J5LiBJbnRlcmVzdGluZ2x5IHRoaXMgY2FuIHJlc3VsdAppbiBh IGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5IGRlcGVuZGluZyBvbiB0aGUg cGVyZm9ybWVkIGNvbXBpbGVyCm9wdGltaXphdGlvbi4KClRoaXMgcGF0Y2gg Zml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5fcGNpX29wIGNvbW1hbmQgYmVm b3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28gdXNlICdiYXJyaWVyJyB0byBt YWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIgZG9lcyBub3QgcGVyZm9ybSBh bnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkND OiBzdGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxKQmV1bGljaEBzdXNlLmNvbT4KU2ln bmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaCAgICAgfCAgMSArCiBkcml2ZXJzL3hlbi94ZW4t cGNpYmFjay9wY2liYWNrX29wcy5jIHwgMTUgKysrKysrKysrKysrKystCiAy IGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24o LSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2li YWNrLmggYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrLmgKaW5k ZXggNThlMzhkNS4uNGQ1MjlmMyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4v eGVuLXBjaWJhY2svcGNpYmFjay5oCisrKyBiL2RyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaApAQCAtMzcsNiArMzcsNyBAQCBzdHJ1Y3QgeGVu X3BjaWJrX2RldmljZSB7CiAJc3RydWN0IHhlbl9wY2lfc2hhcmVkaW5mbyAq c2hfaW5mbzsKIAl1bnNpZ25lZCBsb25nIGZsYWdzOwogCXN0cnVjdCB3b3Jr X3N0cnVjdCBvcF93b3JrOworCXN0cnVjdCB4ZW5fcGNpX29wIG9wOwogfTsK IAogc3RydWN0IHhlbl9wY2lia19kZXZfZGF0YSB7CmRpZmYgLS1naXQgYS9k cml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCBjNGEwNjY2 Li5hMGUwZTNlIDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFj ay9wY2liYWNrX29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMKQEAgLTI5OCw5ICsyOTgsMTEgQEAgdm9pZCB4ZW5f cGNpYmtfZG9fb3Aoc3RydWN0IHdvcmtfc3RydWN0ICpkYXRhKQogCQljb250 YWluZXJfb2YoZGF0YSwgc3RydWN0IHhlbl9wY2lia19kZXZpY2UsIG9wX3dv cmspOwogCXN0cnVjdCBwY2lfZGV2ICpkZXY7CiAJc3RydWN0IHhlbl9wY2li a19kZXZfZGF0YSAqZGV2X2RhdGEgPSBOVUxMOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwZGV2LT5zaF9pbmZvLT5vcDsKKwlzdHJ1Y3QgeGVuX3Bj aV9vcCAqb3AgPSAmcGRldi0+b3A7CiAJaW50IHRlc3RfaW50eCA9IDA7CiAK Kwkqb3AgPSBwZGV2LT5zaF9pbmZvLT5vcDsKKwliYXJyaWVyKCk7CiAJZGV2 ID0geGVuX3BjaWJrX2dldF9wY2lfZGV2KHBkZXYsIG9wLT5kb21haW4sIG9w LT5idXMsIG9wLT5kZXZmbik7CiAKIAlpZiAoZGV2ID09IE5VTEwpCkBAIC0z NDIsNiArMzQ0LDE3IEBAIHZvaWQgeGVuX3BjaWJrX2RvX29wKHN0cnVjdCB3 b3JrX3N0cnVjdCAqZGF0YSkKIAkJaWYgKChkZXZfZGF0YS0+ZW5hYmxlX2lu dHggIT0gdGVzdF9pbnR4KSkKIAkJCXhlbl9wY2lia19jb250cm9sX2lzcihk ZXYsIDAgLyogbm8gcmVzZXQgKi8pOwogCX0KKwlwZGV2LT5zaF9pbmZvLT5v cC5lcnIgPSBvcC0+ZXJyOworCXBkZXYtPnNoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworI2lmZGVmIENPTkZJR19QQ0lfTVNJCisJaWYgKG9wLT5j bWQgPT0gWEVOX1BDSV9PUF9lbmFibGVfbXNpeCAmJiBvcC0+ZXJyID09IDAp IHsKKwkJdW5zaWduZWQgaW50IGk7CisKKwkJZm9yIChpID0gMDsgaSA8IG9w LT52YWx1ZTsgaSsrKQorCQkJcGRldi0+c2hfaW5mby0+b3AubXNpeF9lbnRy aWVzW2ldLnZlY3RvciA9CisJCQkJb3AtPm1zaXhfZW50cmllc1tpXS52ZWN0 b3I7CisJfQorI2VuZGlmCiAJLyogVGVsbCB0aGUgZHJpdmVyIGRvbWFpbiB0 aGF0IHdlJ3JlIGRvbmUuICovCiAJd21iKCk7CiAJY2xlYXJfYml0KF9YRU5f UENJRl9hY3RpdmUsICh1bnNpZ25lZCBsb25nICopJnBkZXYtPnNoX2luZm8t PmZsYWdzKTsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSBhNTY0NTZhYzNkZjI4NDMyZmZmNDRhOWE5NjIzZTJkZGZjODI2MTA2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDI0IE5vdiAy MDE1IDAyOjUxOjU2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzVdIG5ldGJz ZC94ZW46IEFkZCBSSU5HX0NPUFlfUkVRVUVTVCgpCgpVc2luZyBSSU5HX0dF VF9SRVFVRVNUKCkgb24gYSBzaGFyZWQgcmluZyBpcyBlYXN5IHRvIHVzZSBp bmNvcnJlY3RseQooaS5lLiwgYnkgbm90IGNvbnNpZGVyaW5nIHRoYXQgdGhl IG90aGVyIGVuZCBtYXkgYWx0ZXIgdGhlIGRhdGEgaW4gdGhlCnNoYXJlZCBy aW5nIHdoaWxlIGl0IGlzIGJlaW5nIGluc3BlY3RlZCkuICBTYWZlIHVzYWdl IG9mIGEgcmVxdWVzdApnZW5lcmFsbHkgcmVxdWlyZXMgdGFraW5nIGEgbG9j YWwgY29weS4KClByb3ZpZGUgYSBSSU5HX0NPUFlfUkVRVUVTVCgpIG1hY3Jv IHRvIHVzZSBpbnN0ZWFkIG9mClJJTkdfR0VUX1JFUVVFU1QoKSBhbmQgYW4g b3Blbi1jb2RlZCBtZW1jcHkoKS4gIFRoaXMgdGFrZXMgY2FyZSBvZgplbnN1 cmluZyB0aGF0IHRoZSBjb3B5IGlzIGRvbmUgY29ycmVjdGx5IHJlZ2FyZGxl c3Mgb2YgYW55IHBvc3NpYmxlCmNvbXBpbGVyIG9wdGltaXphdGlvbnMuCgpV c2UgYSB2b2xhdGlsZSBzb3VyY2UgdG8gcHJldmVudCB0aGUgY29tcGlsZXIg ZnJvbSByZW9yZGVyaW5nIG9yCm9taXR0aW5nIHRoZSBjb3B5LgoKVGhpcyBp cyBwYXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJl bCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtv bnJhZCBSemVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4K LS0tCnYyOiBVcGRhdGUgY29tbWVudCBhYm91dCBHQ0MgYnVnLgotLS0KIGFy Y2gveGVuL2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmggfCAxNCArKysr KysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDE0IGluc2VydGlvbnMoKykK CmRpZmYgLS1naXQgYS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8v cmluZy5oIGIvYXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3Jpbmcu aAppbmRleCAwOWMxODZjLi42MzBiODBlIDEwMDY0NAotLS0gYS9hcmNoL3hl bi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVu L2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmgKQEAgLTIzNiw2ICsyMzYs MjAgQEAgdHlwZWRlZiBzdHJ1Y3QgX19uYW1lIyNfYmFja19yaW5nIF9fbmFt ZSMjX2JhY2tfcmluZ190CiAjZGVmaW5lIFJJTkdfR0VUX1JFUVVFU1QoX3Is IF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgKCYoKF9yKS0+c3JpbmctPnJpbmdbKChfaWR4KSAmIChSSU5HX1NJ WkUoX3IpIC0gMSkpXS5yZXEpKQogCisvKgorICogR2V0IGEgbG9jYWwgY29w eSBvZiBhIHJlcXVlc3QuCisgKgorICogVXNlIHRoaXMgaW4gcHJlZmVyZW5j ZSB0byBSSU5HX0dFVF9SRVFVRVNUKCkgc28gYWxsIHByb2Nlc3NpbmcgaXMK KyAqIGRvbmUgb24gYSBsb2NhbCBjb3B5IHRoYXQgY2Fubm90IGJlIG1vZGlm aWVkIGJ5IHRoZSBvdGhlciBlbmQuCisgKgorICogTm90ZSB0aGF0IGh0dHBz Oi8vZ2NjLmdudS5vcmcvYnVnemlsbGEvc2hvd19idWcuY2dpP2lkPTU4MTQ1 IG1heSBjYXVzZSB0aGlzCisgKiB0byBiZSBpbmVmZmVjdGl2ZSB3aGVyZSBf cmVxIGlzIGEgc3RydWN0IHdoaWNoIGNvbnNpc3RzIG9mIG9ubHkgYml0Zmll bGRzLgorICovCisjZGVmaW5lIFJJTkdfQ09QWV9SRVFVRVNUKF9yLCBfaWR4 LCBfcmVxKSBkbyB7CQkJCVwKKwkvKiBVc2Ugdm9sYXRpbGUgdG8gZm9yY2Ug dGhlIGNvcHkgaW50byBfcmVxLiAqLwkJCVwKKwkqKF9yZXEpID0gKih2b2xh dGlsZSB0eXBlb2YoX3JlcSkpUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCk7 CVwKK30gd2hpbGUgKDApCisKICNkZWZpbmUgUklOR19HRVRfUkVTUE9OU0Uo X3IsIF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFwKICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdf U0laRShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuNS4yCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Transfer-Encoding: base64 RnJvbSAxYzY5N2NhNzZhNjcwYjA4ODNjZDZhMjAzODI4YzMzY2NmNGVjYjFl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTM6MTYgKzAwMDAKU3ViamVjdDogW1BBVENIIDIv NV0gbmV0YnNkL25ldGJhY2s6IFVzZSBSSU5HX0NPUFlfUkVRVUVTVCBpbnN0 ZWFkIG9mCiBSSU5HX1JFUV9SRVFVRVNUCgpUaGlzIHdheSB3ZSBvcGVyYXRl IG9uIGEgbG9jYWwgY29weSBvZiB0aGUgZ3Vlc3QgUnguIFRoaXMgaXMgbW9y ZSB0aGFuCm5lY2Nlc3NhcnkgYXMgb25seSB0aGUgaWQgYW5kIGdyZWYgZmll bGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVzcwppZiB0aGUgZnJvbnRl bmQgbW9kaWZpZXMgdGhlc2UuCgpGb3IgdGhlIFRYIHdlIGFsc28gY29weSB0 aGUgcmVxdWVzdCBhbmQgbWFrZSBzdXJlIHRvIHVzZSBvbmx5IHRoZQpsb2Nh bCBjb3B5LgoKVGhpcyBpcyBiYXNlZCBvZmYgTGludXggJ3hlbi1uZXRiYWNr OiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0JwpwYXRjaC4K ClRoaXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25y YWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0t LQogYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMgfCA3OCArKysr KysrKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUg Y2hhbmdlZCwgNDAgaW5zZXJ0aW9ucygrKSwgMzggZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMg Yi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194ZW5idXMuYwppbmRleCA3Y2Mx NGFmLi4wZWYyMzUzIDEwMDY0NAotLS0gYS9hcmNoL3hlbi94ZW4veGVubmV0 YmFja194ZW5idXMuYworKysgYi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194 ZW5idXMuYwpAQCAtNzE1LDcgKzcxNSw3IEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiB7CiAJc3RydWN0IHhuZXRiYWNrX2luc3RhbmNl ICp4bmV0aSA9IGFyZzsKIAlzdHJ1Y3QgaWZuZXQgKmlmcCA9ICZ4bmV0aS0+ eG5pX2lmOwotCW5ldGlmX3R4X3JlcXVlc3RfdCAqdHhyZXE7CisJbmV0aWZf dHhfcmVxdWVzdF90IHR4cmVxOwogCXN0cnVjdCB4bmlfcGt0ICpwa3Q7CiAJ dmFkZHJfdCBwa3RfdmE7CiAJc3RydWN0IG1idWYgKm07CkBAIC03MzMsMzYg KzczMywzNiBAQCB4ZW5uZXRiYWNrX2V2dGhhbmRsZXIodm9pZCAqYXJnKQog CQkgICAgcmVjZWl2ZV9wZW5kaW5nKTsKIAkJaWYgKHJlY2VpdmVfcGVuZGlu ZyA9PSAwKQogCQkJYnJlYWs7Ci0JCXR4cmVxID0gUklOR19HRVRfUkVRVUVT VCgmeG5ldGktPnhuaV90eHJpbmcsIHJlcV9jb25zKTsKKwkJUklOR19DT1BZ X1JFUVVFU1QoJnhuZXRpLT54bmlfdHhyaW5nLCByZXFfY29ucywgJnR4cmVx KTsKIAkJeGVuX3JtYigpOwogCQlYRU5QUklOVEYoKCIlcyBwa3Qgc2l6ZSAl ZFxuIiwgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwKLQkJICAgIHR4cmVxLT5z aXplKSk7CisJCSAgICB0eHJlcS5zaXplKSk7CiAJCXJlcV9jb25zKys7CiAJ CWlmIChfX3ByZWRpY3RfZmFsc2UoKGlmcC0+aWZfZmxhZ3MgJiAoSUZGX1VQ IHwgSUZGX1JVTk5JTkcpKSAhPQogCQkgICAgKElGRl9VUCB8IElGRl9SVU5O SU5HKSkpIHsKIAkJCS8qIGludGVyZmFjZSBub3QgdXAsIGRyb3AgKi8KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWNvbnRpbnVlOwogCQl9CiAJ CS8qCiAJCSAqIERvIHNvbWUgc2FuaXR5IGNoZWNrcywgYW5kIG1hcCB0aGUg cGFja2V0J3MgcGFnZS4KIAkJICovCi0JCWlmIChfX3ByZWRpY3RfZmFsc2Uo dHhyZXEtPnNpemUgPCBFVEhFUl9IRFJfTEVOIHx8Ci0JCSAgIHR4cmVxLT5z aXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhFUl9DUkNfTEVOKSkpIHsKKwkJ aWYgKF9fcHJlZGljdF9mYWxzZSh0eHJlcS5zaXplIDwgRVRIRVJfSERSX0xF TiB8fAorCQkgICB0eHJlcS5zaXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhF Ul9DUkNfTEVOKSkpIHsKIAkJCXByaW50ZigiJXM6IHBhY2tldCBzaXplICVk IHRvbyBiaWdcbiIsCi0JCQkgICAgaWZwLT5pZl94bmFtZSwgdHhyZXEtPnNp emUpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEt PmlkLAorCQkJICAgIGlmcC0+aWZfeG5hbWUsIHR4cmVxLnNpemUpOworCQkJ eGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkg ICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlmcC0+aWZfaWVycm9ycysrOwog CQkJY29udGludWU7CiAJCX0KIAkJLyogZG9uJ3QgY3Jvc3MgcGFnZSBib3Vu ZGFyaWVzICovCiAJCWlmIChfX3ByZWRpY3RfZmFsc2UoCi0JCSAgICB0eHJl cS0+b2Zmc2V0ICsgdHhyZXEtPnNpemUgPiBQQUdFX1NJWkUpKSB7CisJCSAg ICB0eHJlcS5vZmZzZXQgKyB0eHJlcS5zaXplID4gUEFHRV9TSVpFKSkgewog CQkJcHJpbnRmKCIlczogcGFja2V0IGNyb3NzIHBhZ2UgYm91bmRhcnlcbiIs CiAJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9SU1BfRVJS T1IpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQljb250aW51ZTsKQEAg LTc3NCwxNSArNzc0LDE1IEBAIHhlbm5ldGJhY2tfZXZ0aGFuZGxlcih2b2lk ICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZsYXN0dGltZSwgJnhuaV9wb29s X2VycmludHZsKSkKIAkJCQlwcmludGYoIiVzOiBtYnVmIGFsbG9jIGZhaWxl ZFxuIiwKIAkJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9S U1BfRFJPUFBFRCk7CiAJCQlpZnAtPmlmX2llcnJvcnMrKzsKIAkJCWNvbnRp bnVlOwogCQl9CiAKIAkJWEVOUFJJTlRGKCgiJXMgcGt0IG9mZnNldCAlZCBz aXplICVkIGlkICVkIHJlcV9jb25zICVkXG4iLAotCQkgICAgeG5ldGktPnhu aV9pZi5pZl94bmFtZSwgdHhyZXEtPm9mZnNldCwKLQkJICAgIHR4cmVxLT5z aXplLCB0eHJlcS0+aWQsIE1BU0tfTkVUSUZfVFhfSURYKHJlcV9jb25zKSkp OworCQkgICAgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwgdHhyZXEub2Zmc2V0 LAorCQkgICAgdHhyZXEuc2l6ZSwgdHhyZXEuaWQsIE1BU0tfTkVUSUZfVFhf SURYKHJlcV9jb25zKSkpOwogCQkKIAkJcGt0ID0gcG9vbF9nZXQoJnhuaV9w a3RfcG9vbCwgUFJfTk9XQUlUKTsKIAkJaWYgKF9fcHJlZGljdF9mYWxzZShw a3QgPT0gTlVMTCkpIHsKQEAgLTc5MCwxNiArNzkwLDE2IEBAIHhlbm5ldGJh Y2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZs YXN0dGltZSwgJnhuaV9wb29sX2VycmludHZsKSkKIAkJCQlwcmludGYoIiVz OiB4bmJwa3QgYWxsb2MgZmFpbGVkXG4iLAogCQkJCSAgICBpZnAtPmlmX3hu YW1lKTsKLQkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LT5pZCwKKwkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LmlkLAogCQkJICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWlmcC0+aWZf aWVycm9ycysrOwogCQkJbV9mcmVlbShtKTsKIAkJCWNvbnRpbnVlOwogCQl9 Ci0JCWVyciA9IHhlbl9zaG1fbWFwKDEsIHhuZXRpLT54bmlfZG9taWQsICZ0 eHJlcS0+Z3JlZiwgJnBrdF92YSwKKwkJZXJyID0geGVuX3NobV9tYXAoMSwg eG5ldGktPnhuaV9kb21pZCwgJnR4cmVxLmdyZWYsICZwa3RfdmEsCiAJCSAg ICAmcGt0LT5wa3RfaGFuZGxlLCBYU0hNX1JPKTsKIAkJaWYgKF9fcHJlZGlj dF9mYWxzZShlcnIgPT0gRU5PTUVNKSkgewotCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0RS T1BQRUQpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQlwb29sX3B1dCgm eG5pX3BrdF9wb29sLCBwa3QpOwpAQCAtODEwLDcgKzgxMCw3IEBAIHhlbm5l dGJhY2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCWlmIChfX3ByZWRpY3Rf ZmFsc2UoZXJyKSkgewogCQkJcHJpbnRmKCIlczogbWFwcGluZyBmb3JlaW5n IHBhZ2UgZmFpbGVkOiAlZFxuIiwKIAkJCSAgICB4bmV0aS0+eG5pX2lmLmlm X3huYW1lLCBlcnIpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlm cC0+aWZfaWVycm9ycysrOwogCQkJcG9vbF9wdXQoJnhuaV9wa3RfcG9vbCwg cGt0KTsKQEAgLTgyMCwxMyArODIwLDEzIEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiAKIAkJaWYgKChpZnAtPmlmX2ZsYWdzICYgSUZG X1BST01JU0MpID09IDApIHsKIAkJCXN0cnVjdCBldGhlcl9oZWFkZXIgKmVo ID0KLQkJCSAgICAodm9pZCopKHBrdF92YSArIHR4cmVxLT5vZmZzZXQpOwor CQkJICAgICh2b2lkKikocGt0X3ZhICsgdHhyZXEub2Zmc2V0KTsKIAkJCWlm IChFVEhFUl9JU19NVUxUSUNBU1QoZWgtPmV0aGVyX2Rob3N0KSA9PSAwICYm CiAJCQkgICAgbWVtY21wKENMTEFERFIoaWZwLT5pZl9zYWRsKSwgZWgtPmV0 aGVyX2Rob3N0LAogCQkJICAgIEVUSEVSX0FERFJfTEVOKSAhPSAwKSB7CiAJ CQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92YSk7CiAJCQkJbV9mcmVlbSht KTsKLQkJCQl4ZW5uZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+ aWQsCisJCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEu aWQsCiAJCQkJICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJCQljb250aW51ZTsg LyogcGFja2V0IGlzIG5vdCBmb3IgdXMgKi8KIAkJCX0KQEAgLTg0NSwzMSAr ODQ1LDMxIEBAIHNvIGFsd2F5cyBjb3B5IGZvciBub3cuCiAJCQkgKiBhY2sg aXQuIERlbGF5aW5nIGl0IHVudGlsIHRoZSBtYnVmIGlzCiAJCQkgKiBmcmVl ZCB3aWxsIHN0YWxsIHRyYW5zbWl0LgogCQkJICovCi0JCQltLT5tX2xlbiA9 IG1pbihNSExFTiwgdHhyZXEtPnNpemUpOworCQkJbS0+bV9sZW4gPSBtaW4o TUhMRU4sIHR4cmVxLnNpemUpOwogCQkJbS0+bV9wa3RoZHIubGVuID0gMDsK LQkJCW1fY29weWJhY2sobSwgMCwgdHhyZXEtPnNpemUsCi0JCQkgICAgKHZv aWQgKikocGt0X3ZhICsgdHhyZXEtPm9mZnNldCkpOworCQkJbV9jb3B5YmFj ayhtLCAwLCB0eHJlcS5zaXplLAorCQkJICAgICh2b2lkICopKHBrdF92YSAr IHR4cmVxLm9mZnNldCkpOwogCQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92 YSk7Ci0JCQlpZiAobS0+bV9wa3RoZHIubGVuIDwgdHhyZXEtPnNpemUpIHsK KwkJCWlmIChtLT5tX3BrdGhkci5sZW4gPCB0eHJlcS5zaXplKSB7CiAJCQkJ aWZwLT5pZl9pZXJyb3JzKys7CiAJCQkJbV9mcmVlbShtKTsKLQkJCQl4ZW5u ZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQkJeGVu bmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkJICAg IE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCQljb250aW51ZTsKIAkJCX0KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJfSBlbHNlIHsKIAotCQkJcGt0LT5w a3RfaWQgPSB0eHJlcS0+aWQ7CisJCQlwa3QtPnBrdF9pZCA9IHR4cmVxLmlk OwogCQkJcGt0LT5wa3RfeG5ldGkgPSB4bmV0aTsKIAotCQkJTUVYVEFERCht LCBwa3RfdmEgKyB0eHJlcS0+b2Zmc2V0LAotCQkJICAgIHR4cmVxLT5zaXpl LCBNX0RFVkJVRiwgeGVubmV0YmFja190eF9mcmVlLCBwa3QpOwotCQkJbS0+ bV9wa3RoZHIubGVuID0gbS0+bV9sZW4gPSB0eHJlcS0+c2l6ZTsKKwkJCU1F WFRBREQobSwgcGt0X3ZhICsgdHhyZXEub2Zmc2V0LAorCQkJICAgIHR4cmVx LnNpemUsIE1fREVWQlVGLCB4ZW5uZXRiYWNrX3R4X2ZyZWUsIHBrdCk7CisJ CQltLT5tX3BrdGhkci5sZW4gPSBtLT5tX2xlbiA9IHR4cmVxLnNpemU7CiAJ CQltLT5tX2ZsYWdzIHw9IE1fRVhUX1JPTUFQOwogCQl9Ci0JCWlmICgodHhy ZXEtPmZsYWdzICYgTkVUVFhGX2NzdW1fYmxhbmspICE9IDApIHsKKwkJaWYg KCh0eHJlcS5mbGFncyAmIE5FVFRYRl9jc3VtX2JsYW5rKSAhPSAwKSB7CiAJ CQl4ZW5uZXRfY2hlY2tzdW1fZmlsbCgmbSk7CiAJCQlpZiAobSA9PSBOVUxM KSB7CiAJCQkJaWZwLT5pZl9pZXJyb3JzKys7CkBAIC05NTMsNiArOTUzLDcg QEAgeGVubmV0YmFja19pZnNvZnRzdGFydF90cmFuc2Zlcih2b2lkICphcmcp CiAJbW11X3VwZGF0ZV90ICptbXVwOwogCW11bHRpY2FsbF9lbnRyeV90ICpt Y2xwOwogCW5ldGlmX3J4X3Jlc3BvbnNlX3QgKnJ4cmVzcDsKKwluZXRpZl9y eF9yZXF1ZXN0X3QgcnhyZXE7CiAJUklOR19JRFggcmVxX3Byb2QsIHJlc3Bf cHJvZDsKIAlpbnQgZG9fZXZlbnQgPSAwOwogCWdudHRhYl90cmFuc2Zlcl90 ICpnb3A7CkBAIC0xMDI4LDEwICsxMDI5LDEwIEBAIHhlbm5ldGJhY2tfaWZz b2Z0c3RhcnRfdHJhbnNmZXIodm9pZCAqYXJnKQogCQkJCW5wcGl0ZW1zKys7 CiAJCQl9CiAJCQkvKiBzdGFydCBmaWxsaW5nIHJpbmcgKi8KLQkJCWdvcC0+ cmVmID0gUklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0J CQkgICAgeG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5ncmVmOwotCQkJ aWQgPSBSSU5HX0dFVF9SRVFVRVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKLQkJ CSAgICB4bmV0aS0+eG5pX3J4cmluZy5yZXFfY29ucyktPmlkOworCQkJUklO R19DT1BZX1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAorCQkJICAgIHhu ZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zLCAmcnhyZXEpOworCQkJZ29wLT5y ZWYgPSByeHJlcS5ncmVmOworCQkJaWQgPSByeHJlcS5pZDsKIAkJCXhlbl9y bWIoKTsKIAkJCXhuZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zKys7CiAJCQly eHJlc3AgPSBSSU5HX0dFVF9SRVNQT05TRSgmeG5ldGktPnhuaV9yeHJpbmcs CkBAIC0xMTk4LDYgKzExOTksNyBAQCB4ZW5uZXRiYWNrX2lmc29mdHN0YXJ0 X2NvcHkodm9pZCAqYXJnKQogCXBhZGRyX3QgeG1pdF9tYTsKIAlpbnQgaSwg ajsKIAluZXRpZl9yeF9yZXNwb25zZV90ICpyeHJlc3A7CisJbmV0aWZfcnhf cmVxdWVzdF90IHJ4cmVxOwogCVJJTkdfSURYIHJlcV9wcm9kLCByZXNwX3By b2Q7CiAJaW50IGRvX2V2ZW50ID0gMDsKIAlnbnR0YWJfY29weV90ICpnb3A7 CkBAIC0xMzA5LDE2ICsxMzExLDE2IEBAIHhlbm5ldGJhY2tfaWZzb2Z0c3Rh cnRfY29weSh2b2lkICphcmcpCiAJCQlnb3AtPnNvdXJjZS5kb21pZCA9IERP TUlEX1NFTEY7CiAJCQlnb3AtPnNvdXJjZS51LmdtZm4gPSB4bWl0X21hID4+ IFBBR0VfU0hJRlQ7CiAKLQkJCWdvcC0+ZGVzdC51LnJlZiA9IFJJTkdfR0VU X1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAotCQkJICAgIHhuZXRpLT54 bmlfcnhyaW5nLnJlcV9jb25zKS0+Z3JlZjsKKwkJCVJJTkdfQ09QWV9SRVFV RVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKKwkJCSAgICB4bmV0aS0+eG5pX3J4 cmluZy5yZXFfY29ucywgJnJ4cmVxKTsKKwkJCWdvcC0+ZGVzdC51LnJlZiA9 IHJ4cmVxLmdyZWY7CiAJCQlnb3AtPmRlc3Qub2Zmc2V0ID0gMDsKIAkJCWdv cC0+ZGVzdC5kb21pZCA9IHhuZXRpLT54bmlfZG9taWQ7CiAKIAkJCWdvcC0+ bGVuID0gbS0+bV9wa3RoZHIubGVuOwogCQkJZ29wKys7CiAKLQkJCWlkID0g UklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0JCQkgICAg eG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5pZDsKKwkJCWlkID0gcnhy ZXEuaWQ7CiAJCQl4ZW5fcm1iKCk7CiAJCQl4bmV0aS0+eG5pX3J4cmluZy5y ZXFfY29ucysrOwogCQkJcnhyZXNwID0gUklOR19HRVRfUkVTUE9OU0UoJnhu ZXRpLT54bmlfcnhyaW5nLAotLSAKMi41LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Transfer-Encoding: base64 RnJvbSBiMzY3Y2RiYTBjYzNlMmRlNDIzN2NhNzRmMzEwNDMxNDFkZWRhODky IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTQ6NDUgKzAwMDAKU3ViamVjdDogW1BBVENIIDMv NV0gbmV0YnNkL3Jpbmc6IEFkZCAnYmFycmllcicgdG8gcHJvdmlkZSBhbiBj b21waWxlcgogYmFycmllci4KCldlIG5lZWQgYW4gbWVjaGFuaXNtIHRvIGRp c2FibGUgdGhlIGNvbXBpbGVyIGZyb20gZ2VuZXJhdGluZyB0byBtdWNoCm9w dGltaXphdGlvbi4gVXNpbmcgdGhlICdiYXJyaWVyJyBtYWNybyB3aWxsIG1h a2UgdGhlIGNvbXBpbGVyIG5vdApvcHRpbWl6ZSB2YXJpYWJsZXMgcGFzdCB0 aGUgJ2JhcnJpZXInIChhcyBpbiwgcmUtdXNlIHRoZSByZWdpc3RlcnMKb3Ig b25seSByZWFkIHBhcnQgb2YgYSB2YWx1ZSBmcm9tIGEgbWVtb3J5KS4KClRo aXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog YXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaCB8IDIgKysK IDEgZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQg YS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oIGIvYXJj aC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaAppbmRleCAzMTZi Y2ViLi41Mjc4ZDA2IDEwMDY0NAotLS0gYS9hcmNoL3hlbi9pbmNsdWRlL3hl bi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVuL2luY2x1ZGUveGVu LXB1YmxpYy9pby9yaW5nLmgKQEAgLTM1LDYgKzM1LDcgQEAKICNkZWZpbmUg eGVuX21iKCkgIG1iKCkKICNkZWZpbmUgeGVuX3JtYigpIHJtYigpCiAjZGVm aW5lIHhlbl93bWIoKSB3bWIoKQorI2RlZmluZSBiYXJyaWVyKCkgICAgIF9f YXNtX18gX192b2xhdGlsZV9fKCIiOiA6IDoibWVtb3J5IikKICNlbmRpZgog I2VuZGlmCiAKQEAgLTQyLDYgKzQzLDcgQEAKICNkZWZpbmUgeGVuX21iKCkg IHg4Nl9tZmVuY2UoKQogI2RlZmluZSB4ZW5fcm1iKCkgeDg2X2xmZW5jZSgp CiAjZGVmaW5lIHhlbl93bWIoKSB4ODZfc2ZlbmNlKCkKKyNkZWZpbmUgYmFy cmllcigpICAgICBfX2FzbV9fIF9fdm9sYXRpbGVfXygiIjogOiA6Im1lbW9y eSIpCiAjZW5kaWYKIAogdHlwZWRlZiB1bnNpZ25lZCBpbnQgUklOR19JRFg7 Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Transfer-Encoding: base64 RnJvbSBhMGM1MjgyYWZmNTFkNWU2NTIwY2FhOTA0MjA3Yjk3MzU2N2Q5MjBk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTY6MDcgKzAwMDAKU3ViamVjdDogW1BBVENIIDQv NV0gbmV0YnNkL2Jsb2NrOiBvbmx5IHJlYWQgcmVxdWVzdCBvcGVyYXRpb24g ZnJvbSBzaGFyZWQKIHJpbmcgb25jZQoKVGhlIGNvbXBpbGVyIG1heSBsb2Fk IGEgc3dpdGNoIHN0YXRlbWVudCBtdWx0aXBsZSB0aW1lcyBmcm9tIHRoZSBz aGFyZWQKc3BhY2UuIFRoaXMgY291bGQgbGVhZCB0byB0aGUgZnJvbnRlbmQg bWFuaXB1bGF0aW5nIHRoZSBiYWNrZW5kIGludG8KdW5mb3JzZWVuIGJyYW5j aGVzLgoKV2Ugd2FudCB0byBlbnN1cmUgdGhhdCB0aGUgcmVxLT5vcGVyYXRp b24gaXMgb25seSByZWFkIG9uY2UgYW5kIHdlCmRvIHRoYXQgYnkgdXNpbmcg YW4gY29tcGlsZXIgYmFycmllci4KClRoaXMgaXMgcGFydCBvZiBYU0ExNTUu CgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJh ZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMgfCAxICsKIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigr KQoKZGlmZiAtLWdpdCBhL2FyY2gveGVuL3hlbi94YmRiYWNrX3hlbmJ1cy5j IGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMKaW5kZXggOWVlMDc1 OC4uM2QxODAyMSAxMDA2NDQKLS0tIGEvYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMKKysrIGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMK QEAgLTEwMjIsNiArMTAyMiw3IEBAIHhiZGJhY2tfY29fbWFpbl9sb29wKHN0 cnVjdCB4YmRiYWNrX2luc3RhbmNlICp4YmRpLCB2b2lkICpvYmopCiAJCQly ZXEtPnNlY3Rvcl9udW1iZXIgPSByZXE2NC0+c2VjdG9yX251bWJlcjsKIAkJ CWJyZWFrOwogCQl9CisJCWJhcnJpZXIoKTsKIAkJWEVOUFJJTlRGKCgieGJk YmFjayBvcCAlZCByZXFfY29ucyAweCV4IHJlcV9wcm9kIDB4JXggIgogCQkg ICAgInJlc3BfcHJvZCAweCV4IGlkICUiIFBSSXU2NCAiXG4iLCByZXEtPm9w ZXJhdGlvbiwKIAkJCXhiZGktPnhiZGlfcmluZy5yaW5nX24ucmVxX2NvbnMs Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Transfer-Encoding: base64 RnJvbSAzZjM5ZTA1MWIyMzRiNGJkOGUzNmI4MjBhOTMyNTkxYWZkNjQxM2Ix IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTc6MjIgKzAwMDAKU3ViamVjdDogW1BBVENIIDUv NV0gbmV0YnNkL3BjaWJhY2s6IE9wZXJhdGUgb24gbG9jYWwgdmVyc2lvbiBv ZiB4ZW5fcGNpX29wCgpEb3VibGUgZmV0Y2ggdnVsbmVyYWJpbGl0aWVzIHRo YXQgaGFwcGVuIHdoZW4gYSB2YXJpYWJsZSBpcwpmZXRjaGVkIHR3aWNlIGZy b20gc2hhcmVkIG1lbW9yeSBidXQgYSBzZWN1cml0eSBjaGVjayBpcyBvbmx5 CnBlcmZvcm1lZCB0aGUgZmlyc3QgdGltZS4KClRoZSBwY2liYWNrX3hlbmJ1 c19ldnRoYW5kbGVyIGZ1bmN0aW9uIHBlcmZvcm1zIGEgc3dpdGNoIHN0YXRl bWVudHMgb24gdGhlCm9wLT5zaXplIGFuZCBvcC0+Y21kIHZhbHVlIHdoaWNo IGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5LgpJbnRlcmVzdGluZ2x5IHRo aXMgY2FuIHJlc3VsdCBpbiBhIGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5 IGRlcGVuZGluZyBvbgp0aGUgcGVyZm9ybWVkIGNvbXBpbGVyIG9wdGltaXph dGlvbi4KClRoaXMgcGF0Y2ggZml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5f cGNpX29wIGNvbW1hbmQgYmVmb3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28g dXNlICdiYXJyaWVyJyB0byBtYWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIg ZG9lcyBub3QgcGVyZm9ybSBhbnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBw YXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0 ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBhcmNoL3hl bi94ZW4vcGNpYmFjay5jIHwgOCArKysrKysrLQogMSBmaWxlIGNoYW5nZWQs IDcgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBh L2FyY2gveGVuL3hlbi9wY2liYWNrLmMgYi9hcmNoL3hlbi94ZW4vcGNpYmFj ay5jCmluZGV4IDA0MmM4YzkuLjQ2YzgyMWMgMTAwNjQ0Ci0tLSBhL2FyY2gv eGVuL3hlbi9wY2liYWNrLmMKKysrIGIvYXJjaC94ZW4veGVuL3BjaWJhY2su YwpAQCAtMTg4LDYgKzE4OCw3IEBAIHN0cnVjdCBwYl94ZW5idXNfaW5zdGFu Y2UgewogCS8qIGNvbW11bmljYXRpb24gd2l0aCB0aGUgZG9tVSAqLwogICAg ICAgICB1bnNpZ25lZCBpbnQgcGJ4X2V2dGNobjsgLyogb3VyIGV2ZW4gY2hh bm5lbCAqLwogICAgICAgICBzdHJ1Y3QgeGVuX3BjaV9zaGFyZWRpbmZvICpw Ynhfc2hfaW5mbzsKKyAgICAgICAgc3RydWN0IHhlbl9wY2lfb3Agb3A7CiAg ICAgICAgIGdyYW50X2hhbmRsZV90IHBieF9zaGluZm9faGFuZGxlOyAvKiB0 byB1bm1hcCBzaGFyZWQgcGFnZSAqLwogfTsKIApAQCAtNzIxLDEzICs3MjIs MTYgQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJnKQog ewogCXN0cnVjdCBwYl94ZW5idXNfaW5zdGFuY2UgKnBieGkgPSBhcmc7CiAJ c3RydWN0IHBjaWJhY2tfcGNpX2RldiAqcGJkOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwYnhpLT5wYnhfc2hfaW5mby0+b3A7CisJc3RydWN0IHhl bl9wY2lfb3AgKm9wID0gJnBieGktPm9wOwogCXVfaW50IGJ1cywgZGV2LCBm dW5jOwogCiAJaHlwZXJ2aXNvcl9jbGVhcl9ldmVudChwYnhpLT5wYnhfZXZ0 Y2huKTsKIAlpZiAoeGVuX2F0b21pY190ZXN0X2JpdCgmcGJ4aS0+cGJ4X3No X2luZm8tPmZsYWdzLAogCSAgICBfWEVOX1BDSUZfYWN0aXZlKSA9PSAwKQog CQlyZXR1cm4gMDsKKworCW1lbWNweShvcCwgJnBieGktPnBieF9zaF9pbmZv LT5vcCwgc2l6ZW9mIChzdHJ1Y3QgeGVuX3BjaV9vcCkpOworCWJhcnJpZXIo KTsKIAlpZiAob3AtPmRvbWFpbiAhPSAwKSB7CiAJCWFwcmludF9lcnJvcigi cGNpYmFjazogZG9tYWluICVkICE9IDAiLCBvcC0+ZG9tYWluKTsKIAkJb3At PmVyciA9IFhFTl9QQ0lfRVJSX2Rldl9ub3RfZm91bmQ7CkBAIC03OTQsNiAr Nzk4LDggQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJn KQogCQlhcHJpbnRfZXJyb3IoInBjaWJhY2s6IHVua25vd24gY21kICVkXG4i LCBvcC0+Y21kKTsKIAkJb3AtPmVyciA9IFhFTl9QQ0lfRVJSX25vdF9pbXBs ZW1lbnRlZDsKIAl9CisJcGJ4aS0+cGJ4X3NoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworCXBieGktPnBieF9zaF9pbmZvLT5vcC5lcnIgPSBvcC0+ ZXJyOwogZW5kOgogCXhlbl9hdG9taWNfY2xlYXJfYml0KCZwYnhpLT5wYnhf c2hfaW5mby0+ZmxhZ3MsIF9YRU5fUENJRl9hY3RpdmUpOwogCWh5cGVydmlz b3Jfbm90aWZ5X3ZpYV9ldnRjaG4ocGJ4aS0+cGJ4X2V2dGNobik7Ci0tIAoy LjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemu-qdisk-double-access.patch" Content-Transfer-Encoding: base64 eGVuL2Jsa2lmOiBBdm9pZCBkb3VibGUgYWNjZXNzIHRvIHNyYy0+bnJfc2Vn bWVudHMKCnNyYyBpcyBzdG9yZWQgaW4gc2hhcmVkIG1lbW9yeSBhbmQgc3Jj LT5ucl9zZWdtZW50cyBpcyBkZXJlZmVyZW5jZWQKdHdpY2UgYXQgdGhlIGVu ZCBvZiB0aGUgZnVuY3Rpb24uICBJZiBhIGNvbXBpbGVyIGRlY2lkZXMgdG8g Y29tcGlsZSB0aGlzCmludG8gdHdvIHNlcGFyYXRlIG1lbW9yeSBhY2Nlc3Nl cyB0aGVuIHRoZSBzaXplIGxpbWl0YXRpb24gY291bGQgYmUKYnlwYXNzZWQu CgpGaXggaXQgYnkgcmVtb3ZpbmcgdGhlIGRvdWJsZSBhY2Nlc3MgdG8gc3Jj LT5ucl9zZWdtZW50cy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoKU2ln bmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJl bGxpbmlAZXUuY2l0cml4LmNvbT4KCmRpZmYgLS1naXQgYS9ody9ibG9jay94 ZW5fYmxraWYuaCBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCmluZGV4IDcxMWI2 OTIuLjllNzFlMDAgMTAwNjQ0Ci0tLSBhL2h3L2Jsb2NrL3hlbl9ibGtpZi5o CisrKyBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCkBAIC04NSw4ICs4NSwxMCBA QCBzdGF0aWMgaW5saW5lIHZvaWQgYmxraWZfZ2V0X3g4Nl8zMl9yZXEoYmxr aWZfcmVxdWVzdF90ICpkc3QsIGJsa2lmX3g4Nl8zMl9yZXF1ZQogCQlkLT5u cl9zZWN0b3JzID0gcy0+bnJfc2VjdG9yczsKIAkJcmV0dXJuOwogCX0KLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJYmFycmllcigpOworCWlmIChuID4gZHN0LT5ucl9zZWdtZW50cykK KwkJbiA9IGRzdC0+bnJfc2VnbWVudHM7CiAJZm9yIChpID0gMDsgaSA8IG47 IGkrKykKIAkJZHN0LT5zZWdbaV0gPSBzcmMtPnNlZ1tpXTsKIH0KQEAgLTEw Niw4ICsxMDgsMTAgQEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94 ODZfNjRfcmVxKGJsa2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRf cmVxdWUKIAkJZC0+bnJfc2VjdG9ycyA9IHMtPm5yX3NlY3RvcnM7CiAJCXJl dHVybjsKIAl9Ci0JaWYgKG4gPiBzcmMtPm5yX3NlZ21lbnRzKQotCQluID0g c3JjLT5ucl9zZWdtZW50czsKKwkvKiBwcmV2ZW50IHRoZSBjb21waWxlciBm cm9tIG9wdGltaXppbmcgdGhlIGNvZGUgYW5kIHVzaW5nIHNyYy0+bnJfc2Vn bWVudHMgaW5zdGVhZCAqLworCWJhcnJpZXIoKTsKKwlpZiAobiA+IGRzdC0+ bnJfc2VnbWVudHMpCisJCW4gPSBkc3QtPm5yX3NlZ21lbnRzOwogCWZvciAo aSA9IDA7IGkgPCBuOyBpKyspCiAJCWRzdC0+c2VnW2ldID0gc3JjLT5zZWdb aV07CiB9Cg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemut-qdisk-double-access.patch" Content-Transfer-Encoding: base64 RnJvbSAyNzk0MmIwY2IyMzI3ZTkzZGViMTIzMjZiYmU3YjM2YzgxZjlmYTdi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjU2OjAwIC0wNTAwClN1YmplY3Q6IFtQ QVRDSF0gYmxraWY6IEF2b2lkIGRvdWJsZSBhY2Nlc3MgdG8gc3JjLT5ucl9z ZWdtZW50cwoKc3JjIGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5IGFuZCBz cmMtPm5yX3NlZ21lbnRzIGlzIGRlcmVmZXJlbmNlZAp0d2ljZSBhdCB0aGUg ZW5kIG9mIHRoZSBmdW5jdGlvbi4gIElmIGEgY29tcGlsZXIgZGVjaWRlcyB0 byBjb21waWxlIHRoaXMKaW50byB0d28gc2VwYXJhdGUgbWVtb3J5IGFjY2Vz c2VzIHRoZW4gdGhlIHNpemUgbGltaXRhdGlvbiBjb3VsZCBiZQpieXBhc3Nl ZC4KCkZpeCBpdCBieSByZW1vdmluZyB0aGUgZG91YmxlIGFjY2VzcyB0byBz cmMtPm5yX3NlZ21lbnRzLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0xNTUuCgpT aWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3Rh YmVsbGluaUBldS5jaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog aHcveGVuX2Jsa2lmLmggfCAxMiArKysrKysrKy0tLS0KIDEgZmlsZSBjaGFu Z2VkLCA4IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0t Z2l0IGEvaHcveGVuX2Jsa2lmLmggYi9ody94ZW5fYmxraWYuaAppbmRleCBj YTNhNjViLi5lYjI5Y2IxIDEwMDY0NAotLS0gYS9ody94ZW5fYmxraWYuaAor KysgYi9ody94ZW5fYmxraWYuaApAQCAtNzksOCArNzksMTAgQEAgc3RhdGlj IGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfMzJfcmVxKGJsa2lmX3JlcXVl c3RfdCAqZHN0LCBibGtpZl94ODZfMzJfcmVxdWUKIAlkc3QtPmhhbmRsZSA9 IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwogCWRzdC0+c2Vj dG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlpZiAobiA+IHNy Yy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21lbnRzOworCS8q IHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemluZyB0aGUgY29k ZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFkICovCisJeGVu X21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQorCQluID0gZHN0 LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsgaSsrKQogCQlk c3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQpAQCAtOTQsOCArOTYsMTAg QEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfNjRfcmVxKGJs a2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRfcmVxdWUKIAlkc3Qt PmhhbmRsZSA9IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwog CWRzdC0+c2VjdG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJeGVuX21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQor CQluID0gZHN0LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsg aSsrKQogCQlkc3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQotLSAKMi40 LjMKCg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemut-xenfb.patch" Content-Transfer-Encoding: base64 RnJvbSAwZmZkNDU0NzY2NWQyZmVjNjQ4YWIyYzlmZjg1NmM1ZDlkYjliMDdj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjM3OjA4IC0wNTAwClN1YmplY3Q6IFtQ QVRDSCAyLzJdIHhlbmZiOiBhdm9pZCByZWFkaW5nIHR3aWNlIHRoZSBzYW1l IGZpZWxkcyBmcm9tIHRoZQogc2hhcmVkIHBhZ2UKClJlYWRpbmcgdHdpY2Ug dGhlIHNhbWUgZmllbGQgY291bGQgZ2l2ZSB0aGUgZ3Vlc3QgYW4gYXR0YWNr IG9mCm9wcG9ydHVuaXR5LiBJbiB0aGUgY2FzZSBvZiBldmVudC0+dHlwZSwg Z2NjIGNvdWxkIGNvbXBpbGUgdGhlIHN3aXRjaApzdGF0ZW1lbnQgaW50byBh IGp1bXAgdGFibGUsIGVmZmVjdGl2ZWx5IGVuZGluZyB1cCByZWFkaW5nIHRo ZSB0eXBlCmZpZWxkIG11bHRpcGxlIHRpbWVzLgoKVGhpcyBpcyBwYXJ0IG9m IFhTQS0xNTUuCgpTaWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkg PHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgotLS0KIGh3L3hl bmZiLmMgfCAxMCArKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgNiBpbnNl cnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2h3L3hl bmZiLmMgYi9ody94ZW5mYi5jCmluZGV4IDc1YjJiYzIuLjM2OWQ0NWQgMTAw NjQ0Ci0tLSBhL2h3L3hlbmZiLmMKKysrIGIvaHcveGVuZmIuYwpAQCAtODI3 LDE4ICs4MjcsMjAgQEAgc3RhdGljIHZvaWQgeGVuZmJfaW52YWxpZGF0ZSh2 b2lkICpvcGFxdWUpCiAKIHN0YXRpYyB2b2lkIHhlbmZiX2hhbmRsZV9ldmVu dHMoc3RydWN0IFhlbkZCICp4ZW5mYikKIHsKLSAgICB1aW50MzJfdCBwcm9k LCBjb25zOworICAgIHVpbnQzMl90IHByb2QsIGNvbnMsIG91dF9jb25zOwog ICAgIHN0cnVjdCB4ZW5mYl9wYWdlICpwYWdlID0geGVuZmItPmMucGFnZTsK IAogICAgIHByb2QgPSBwYWdlLT5vdXRfcHJvZDsKLSAgICBpZiAocHJvZCA9 PSBwYWdlLT5vdXRfY29ucykKKyAgICBvdXRfY29ucyA9IHBhZ2UtPm91dF9j b25zOworICAgIGlmIChwcm9kID09IG91dF9jb25zKQogCXJldHVybjsKICAg ICB4ZW5fcm1iKCk7CQkvKiBlbnN1cmUgd2Ugc2VlIHJpbmcgY29udGVudHMg dXAgdG8gcHJvZCAqLwotICAgIGZvciAoY29ucyA9IHBhZ2UtPm91dF9jb25z OyBjb25zICE9IHByb2Q7IGNvbnMrKykgeworICAgIGZvciAoY29ucyA9IG91 dF9jb25zOyBjb25zICE9IHByb2Q7IGNvbnMrKykgewogCXVuaW9uIHhlbmZi X291dF9ldmVudCAqZXZlbnQgPSAmWEVORkJfT1VUX1JJTkdfUkVGKHBhZ2Us IGNvbnMpOworICAgICAgICB1aW50OF90IHR5cGUgPSBldmVudC0+dHlwZTsK IAlpbnQgeCwgeSwgdywgaDsKIAotCXN3aXRjaCAoZXZlbnQtPnR5cGUpIHsK Kwlzd2l0Y2ggKHR5cGUpIHsKIAljYXNlIFhFTkZCX1RZUEVfVVBEQVRFOgog CSAgICBpZiAoeGVuZmItPnVwX2NvdW50ID09IFVQX1FVRVVFKQogCQl4ZW5m Yi0+dXBfZnVsbHNjcmVlbiA9IDE7Ci0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemu-xenfb.patch" Content-Transfer-Encoding: base64 eGVuZmI6IGF2b2lkIHJlYWRpbmcgdHdpY2UgdGhlIHNhbWUgZmllbGRzIGZy b20gdGhlIHNoYXJlZCBwYWdlCgpSZWFkaW5nIHR3aWNlIHRoZSBzYW1lIGZp ZWxkIGNvdWxkIGdpdmUgdGhlIGd1ZXN0IGFuIGF0dGFjayBvZgpvcHBvcnR1 bml0eS4gSW4gdGhlIGNhc2Ugb2YgZXZlbnQtPnR5cGUsIGdjYyBjb3VsZCBj b21waWxlIHRoZSBzd2l0Y2gKc3RhdGVtZW50IGludG8gYSBqdW1wIHRhYmxl LCBlZmZlY3RpdmVseSBlbmRpbmcgdXAgcmVhZGluZyB0aGUgdHlwZQpmaWVs ZCBtdWx0aXBsZSB0aW1lcy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoK U2lnbmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0 YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KCgpkaWZmIC0tZ2l0IGEvaHcvZGlz cGxheS94ZW5mYi5jIGIvaHcvZGlzcGxheS94ZW5mYi5jCmluZGV4IDVlMzI0 ZWYuLjRlMmEyN2EgMTAwNjQ0Ci0tLSBhL2h3L2Rpc3BsYXkveGVuZmIuYwor KysgYi9ody9kaXNwbGF5L3hlbmZiLmMKQEAgLTc4NCwxOCArNzg0LDIwIEBA IHN0YXRpYyB2b2lkIHhlbmZiX2ludmFsaWRhdGUodm9pZCAqb3BhcXVlKQog CiBzdGF0aWMgdm9pZCB4ZW5mYl9oYW5kbGVfZXZlbnRzKHN0cnVjdCBYZW5G QiAqeGVuZmIpCiB7Ci0gICAgdWludDMyX3QgcHJvZCwgY29uczsKKyAgICB1 aW50MzJfdCBwcm9kLCBjb25zLCBvdXRfY29uczsKICAgICBzdHJ1Y3QgeGVu ZmJfcGFnZSAqcGFnZSA9IHhlbmZiLT5jLnBhZ2U7CiAKICAgICBwcm9kID0g cGFnZS0+b3V0X3Byb2Q7Ci0gICAgaWYgKHByb2QgPT0gcGFnZS0+b3V0X2Nv bnMpCisgICAgb3V0X2NvbnMgPSBwYWdlLT5vdXRfY29uczsKKyAgICBpZiAo cHJvZCA9PSBvdXRfY29ucykKIAlyZXR1cm47CiAgICAgeGVuX3JtYigpOwkJ LyogZW5zdXJlIHdlIHNlZSByaW5nIGNvbnRlbnRzIHVwIHRvIHByb2QgKi8K LSAgICBmb3IgKGNvbnMgPSBwYWdlLT5vdXRfY29uczsgY29ucyAhPSBwcm9k OyBjb25zKyspIHsKKyAgICBmb3IgKGNvbnMgPSBvdXRfY29uczsgY29ucyAh PSBwcm9kOyBjb25zKyspIHsKIAl1bmlvbiB4ZW5mYl9vdXRfZXZlbnQgKmV2 ZW50ID0gJlhFTkZCX09VVF9SSU5HX1JFRihwYWdlLCBjb25zKTsKKyAgICAg ICAgdWludDhfdCB0eXBlID0gZXZlbnQtPnR5cGU7CiAJaW50IHgsIHksIHcs IGg7CiAKLQlzd2l0Y2ggKGV2ZW50LT50eXBlKSB7CisJc3dpdGNoICh0eXBl KSB7CiAJY2FzZSBYRU5GQl9UWVBFX1VQREFURToKIAkgICAgaWYgKHhlbmZi LT51cF9jb3VudCA9PSBVUF9RVUVVRSkKIAkJeGVuZmItPnVwX2Z1bGxzY3Jl ZW4gPSAxOwo= --=separator Content-Type: application/octet-stream; name="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSAxMmIxMTY1OGE5ZDZhNjU0YTFlN2FjYmYyZjJkNTZjZTlhMzk2Yzg2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDIwIE5vdiAy MDE1IDExOjU5OjA1IC0wNTAwClN1YmplY3Q6IFtQQVRDSCAxLzNdIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZp ZC52cmFiZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6 ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6 IEFkZCBjb21tZW50IGFib3V0IEdDQyBidWcuCi0tLQogeGVuL2luY2x1ZGUv cHVibGljL2lvL3JpbmcuaCB8IDE0ICsrKysrKysrKysrKysrCiAxIGZpbGUg Y2hhbmdlZCwgMTQgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9p bmNsdWRlL3B1YmxpYy9pby9yaW5nLmggYi94ZW4vaW5jbHVkZS9wdWJsaWMv aW8vcmluZy5oCmluZGV4IGJhOTQwMWIuLjgwMWMwZGEgMTAwNjQ0Ci0tLSBh L3hlbi9pbmNsdWRlL3B1YmxpYy9pby9yaW5nLmgKKysrIGIveGVuL2luY2x1 ZGUvcHVibGljL2lvL3JpbmcuaApAQCAtMjEyLDYgKzIxMiwyMCBAQCB0eXBl ZGVmIHN0cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgX19uYW1lIyNfYmFja19y aW5nX3QKICNkZWZpbmUgUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCkgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAoJigo X3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAx KSldLnJlcSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVx dWVzdC4KKyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdf R0VUX1JFUVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBv biBhIGxvY2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhl IG90aGVyIGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251 Lm9yZy9idWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNl IHRoaXMKKyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBz dHJ1Y3Qgd2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8K KyNkZWZpbmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRv IHsJCQkJXAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBp bnRvIF9yZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVv ZihfcmVxKSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGls ZSAoMCkKKwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICgm KChfciktPnNyaW5nLT5yaW5nWygoX2lkeCkgJiAoUklOR19TSVpFKF9yKSAt IDEpKV0ucnNwKSkKIAotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA4NTFmZmI0ZWVhOTE3ZTI3MDhjOTEyMjkxZGVhNGQxMzMwMjZjMGFj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MTY6MDIgLTA1MDAKU3ViamVjdDogW1BBVENIIDIv M10gYmxrdGFwMjogVXNlIFJJTkdfQ09QWV9SRVFVRVNUCgpJbnN0ZWFkIG9m IFJJTkdfR0VUX1JFUVVFU1QuIFVzaW5nIGEgbG9jYWwgY29weSBvZiB0aGUK cmluZyAoYW5kIGFsc28gd2l0aCBwcm9wZXIgbWVtb3J5IGJhcnJpZXJzKSB3 aWxsIG1lYW4Kd2UgY2FuIGRvIG5vdCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRo ZSBjb21waWxlciBvcHRpbWl6aW5nCnRoZSBjb2RlIGFuZCBkb2luZyBhIGRv dWJsZS1mZXRjaCBpbiB0aGUgc2hhcmVkIG1lbW9yeSBzcGFjZS4KClRoaXMg aXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnpl c3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CgotLS0KdjI6 IEZpeCBjb21waWxlIGlzc3VlcyB3aXRoIHRhcGRpc2stdmJkCi0tLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jICAgfCAzICsrLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMgfCA4ICsrKystLS0t CiAyIGZpbGVzIGNoYW5nZWQsIDYgaW5zZXJ0aW9ucygrKSwgNSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxv Y2stbG9nLmMgYi90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxvY2stbG9nLmMK aW5kZXggNTMzMGNkYy4uNWYzYmQzNSAxMDA2NDQKLS0tIGEvdG9vbHMvYmxr dGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jCisrKyBiL3Rvb2xzL2Jsa3RhcDIv ZHJpdmVycy9ibG9jay1sb2cuYwpAQCAtNDk0LDExICs0OTQsMTIgQEAgc3Rh dGljIGludCBjdGxfa2ljayhzdHJ1Y3QgdGRsb2dfc3RhdGUqIHMsIGludCBm ZCkKICAgcmVxc3RhcnQgPSBzLT5icmluZy5yZXFfY29uczsKICAgcmVxZW5k ID0gcy0+c3JpbmctPnJlcV9wcm9kOwogCisgIHhlbl9tYigpOwogICBCRFBS SU5URigiY3RsOiByaW5nIGtpY2tlZCAoc3RhcnQgPSAldSwgZW5kID0gJXUp IiwgcmVxc3RhcnQsIHJlcWVuZCk7CiAKICAgd2hpbGUgKHJlcXN0YXJ0ICE9 IHJlcWVuZCkgewogICAgIC8qIFhYWCBhY3R1YWxseSBzdWJtaXQgdGhlc2Uh ICovCi0gICAgbWVtY3B5KCZyZXEsIFJJTkdfR0VUX1JFUVVFU1QoJnMtPmJy aW5nLCByZXFzdGFydCksIHNpemVvZihyZXEpKTsKKyAgICBSSU5HX0NPUFlf UkVRVUVTVCgmcy0+YnJpbmcsIHJlcXN0YXJ0LCAmcmVxKTsKICAgICBCRFBS SU5URigiY3RsOiByZWFkIHJlcXVlc3QgJSJQUkl1NjQiOiV1IiwgcmVxLnNl Y3RvciwgcmVxLmNvdW50KTsKICAgICBzLT5icmluZy5yZXFfY29ucyA9ICsr cmVxc3RhcnQ7CiAKZGlmZiAtLWdpdCBhL3Rvb2xzL2Jsa3RhcDIvZHJpdmVy cy90YXBkaXNrLXZiZC5jIGIvdG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRp c2stdmJkLmMKaW5kZXggNmQxZDk0YS4uODllZjllZCAxMDA2NDQKLS0tIGEv dG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKKysrIGIvdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKQEAgLTE1NTUsNyAr MTU1NSw3IEBAIHRhcGRpc2tfdmJkX3B1bGxfcmluZ19yZXF1ZXN0cyh0ZF92 YmRfdCAqdmJkKQogCWludCBpZHg7CiAJUklOR19JRFggcnAsIHJjOwogCXRk X3JpbmdfdCAqcmluZzsKLQlibGtpZl9yZXF1ZXN0X3QgKnJlcTsKKwlibGtp Zl9yZXF1ZXN0X3QgcmVxOwogCXRkX3ZiZF9yZXF1ZXN0X3QgKnZyZXE7CiAK IAlyaW5nID0gJnZiZC0+cmluZzsKQEAgLTE1NjYsMTYgKzE1NjYsMTYgQEAg dGFwZGlza192YmRfcHVsbF9yaW5nX3JlcXVlc3RzKHRkX3ZiZF90ICp2YmQp CiAJeGVuX3JtYigpOwogCiAJZm9yIChyYyA9IHJpbmctPmZlX3JpbmcucmVx X2NvbnM7IHJjICE9IHJwOyByYysrKSB7Ci0JCXJlcSA9IFJJTkdfR0VUX1JF UVVFU1QoJnJpbmctPmZlX3JpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVF U1QoJnJpbmctPmZlX3JpbmcsIHJjLCAmcmVxKTsKIAkJKytyaW5nLT5mZV9y aW5nLnJlcV9jb25zOwogCi0JCWlkeCAgPSByZXEtPmlkOworCQlpZHggID0g cmVxLmlkOwogCQl2cmVxID0gJnZiZC0+cmVxdWVzdF9saXN0W2lkeF07CiAK IAkJQVNTRVJUKGxpc3RfZW1wdHkoJnZyZXEtPm5leHQpKTsKIAkJQVNTRVJU KHZyZXEtPnNlY3NfcGVuZGluZyA9PSAwKTsKIAotCQltZW1jcHkoJnZyZXEt PnJlcSwgcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7CisJCW1lbWNw eSgmdnJlcS0+cmVxLCAmcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7 CiAJCXZiZC0+cmVjZWl2ZWQrKzsKIAkJdnJlcS0+dmJkID0gdmJkOwogCi0t IAoyLjEuNAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBjMWZjZTY1ZTJiNzIwNjg0ZWE2YmE3NmFlNTk5MjE1NDJiZDE1NGJi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIIDMv M10gbGlidmNoYW46IFJlYWQgcHJvZC9jb25zIG9ubHkgb25jZS4KCldlIG11 c3QgZW5zdXJlIHRoYXQgdGhlIHByb2QvY29ucyBhcmUgb25seSByZWFkIG9u Y2UgYW5kIHRoYXQKdGhlIGNvbXBpbGVyIHdvbid0IHRyeSB0byBvcHRpbWl6 ZSB0aGUgcmVhZHMuIFRoYXQgaXMgc3BsaXQKdGhlIHJlYWQgb2YgdGhlc2Ug aW4gbXVsdGlwbGUgaW5zdHJ1Y3Rpb25zIGluZmx1ZW5jaW5nIGxhdGVyCmJy YW5jaCBjb2RlLiBBcyBzdWNoIGluc2VydCBiYXJyaWVycyB3aGVuIGZldGNo aW5nIHRoZSBjb25zCmFuZCBwcm9kIGluZGV4LgoKVGhpcyBpcyBwYXJ0IG9m IFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiB0b29scy9saWJ2Y2hh bi9pby5jIHwgMiArKwogMSBmaWxlIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygr KQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMgYi90b29scy9s aWJ2Y2hhbi9pby5jCmluZGV4IDhhOTYyOWIuLjM4MWNjMDUgMTAwNjQ0Ci0t LSBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMKKysrIGIvdG9vbHMvbGlidmNoYW4v aW8uYwpAQCAtMTE3LDYgKzExNyw3IEBAIHN0YXRpYyBpbmxpbmUgaW50IHNl bmRfbm90aWZ5KHN0cnVjdCBsaWJ4ZW52Y2hhbiAqY3RybCwgdWludDhfdCBi aXQpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0X2RhdGFfcmVhZHkoc3Ry dWN0IGxpYnhlbnZjaGFuICpjdHJsKQogewogCXVpbnQzMl90IHJlYWR5ID0g cmRfcHJvZChjdHJsKSAtIHJkX2NvbnMoY3RybCk7CisJeGVuX21iKCk7IC8q IEVuc3VyZSAncmVhZHknIGlzIHJlYWQgb25seSBvbmNlLiAqLwogCWlmIChy ZWFkeSA+IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3 YXkgdG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMK IAkJICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1 OCw2ICsxNTksNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1 Y3QgbGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdf Z2V0X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7 CiAJdWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3Jf cHJvZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBF bnN1cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVh ZHkgPiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5 IHRvIHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJ CSAqIGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEu MAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBlZjg2YWQwYjYwZmUxNzliMWE2ZmEzOTBlMDVjMzM5ZmI0NGI5Y2M5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIXSBs aWJ2Y2hhbjogUmVhZCBwcm9kL2NvbnMgb25seSBvbmNlLgoKV2UgbXVzdCBl bnN1cmUgdGhhdCB0aGUgcHJvZC9jb25zIGFyZSBvbmx5IHJlYWQgb25jZSBh bmQgdGhhdAp0aGUgY29tcGlsZXIgd29uJ3QgdHJ5IHRvIG9wdGltaXplIHRo ZSByZWFkcy4gVGhhdCBpcyBzcGxpdAp0aGUgcmVhZCBvZiB0aGVzZSBpbiBt dWx0aXBsZSBpbnN0cnVjdGlvbnMgaW5mbHVlbmNpbmcgbGF0ZXIKYnJhbmNo IGNvZGUuIEFzIHN1Y2ggaW5zZXJ0IGJhcnJpZXJzIHdoZW4gZmV0Y2hpbmcg dGhlIGNvbnMKYW5kIHByb2QgaW5kZXguCgpUaGlzIGlzIHBhcnQgb2YgWFNB MTU1LgoKU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIHRvb2xzL2xpYnZjaGFuL2lv LmMgfCAyICsrCiAxIGZpbGUgY2hhbmdlZCwgMiBpbnNlcnRpb25zKCspCgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlidmNoYW4vaW8uYyBiL3Rvb2xzL2xpYnZj aGFuL2lvLmMKaW5kZXggODA0YzYzYy4uOGIzM2Y0MCAxMDA2NDQKLS0tIGEv dG9vbHMvbGlidmNoYW4vaW8uYworKysgYi90b29scy9saWJ2Y2hhbi9pby5j CkBAIC0xMTgsNiArMTE4LDcgQEAgc3RhdGljIGlubGluZSBpbnQgc2VuZF9u b3RpZnkoc3RydWN0IGxpYnhlbnZjaGFuICpjdHJsLCB1aW50OF90IGJpdCkK IHN0YXRpYyBpbmxpbmUgaW50IHJhd19nZXRfZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiB7CiAJdWludDMyX3QgcmVhZHkgPSByZF9w cm9kKGN0cmwpIC0gcmRfY29ucyhjdHJsKTsKKwl4ZW5fbWIoKTsgLyogRW5z dXJlICdyZWFkeScgaXMgcmVhZCBvbmx5IG9uY2UuICovCiAJaWYgKHJlYWR5 ID49IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3YXkg dG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMKIAkJ ICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1OSw2 ICsxNjAsNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0 X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7CiAJ dWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3JfcHJv ZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBFbnN1 cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVhZHkg PiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5IHRv IHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJCSAq IGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtW-0007Sj-2X; Thu, 17 Dec 2015 12:42:54 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtU-0007RP-C3; Thu, 17 Dec 2015 12:42:52 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id C0/B1-21571-BCDA2765; Thu, 17 Dec 2015 12:42:51 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-13.tower-21.messagelabs.com!1450356160!6012596!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 38209 invoked from network); 17 Dec 2015 12:42:48 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-13.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:48 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtC-0000wS-UZ; Thu, 17 Dec 2015 12:42:34 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9XtC-000204-Gj; Thu, 17 Dec 2015 12:42:34 +0000 Date: Thu, 17 Dec 2015 12:42:34 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 166 - ioreq handling possibly susceptible to multiple read issue X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-166 version 2 ioreq handling possibly susceptible to multiple read issue UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Single memory accesses in source code can be translated to multiple ones in machine code by the compiler, requiring special caution when accessing shared memory. Such precaution was missing from the hypervisor code inspecting the state of I/O requests sent to the device model for assistance. Due to the offending field being a bitfield, it is however believed that there is no issue in practice, since compilers, at least when optimizing (which is always the case for non-debug builds), should find it more expensive to extract the bit field value twice than to keep the calculated value in a register. IMPACT ====== This vulnerability is exposed to malicious device models. In conventional Xen systems this means the qemu which service an HVM domain. On such systems this vulnerability can only be exploited if the attacker has gained control of the device model qemu via another vulnerability. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded. VULNERABLE SYSTEMS ================== All Xen versions are affected. Only x86 variants of Xen are susceptible. ARM variants are not affected. Only HVM guests expose this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. CREDITS ======= This issue was discovered by Konrad Rzeszutek Wilk of Oracle and Jan Beulich of SUSE while investigating the issues arising from XSA-155. XSA-155 was discovered by Felix Wilhelm of ERNW. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa166.patch xen-unstable, Xen 4.6.x xsa166-4.5.patch Xen 4.5.x xsa166-4.4.patch Xen 4.4.x xsa166-4.3.patch Xen 4.3.x $ sha256sum xsa166* 740a28a69524e966ab77f9f5e45067aa7ba2d32ea69b1d3c4b9bf0c86212ad0a xsa166.patch 109a9eb132d712a56a7ca81214fff3952868a39206eb34f66f5b2265e680b9fc xsa166-4.3.patch d63261ca2d40e2723a4f3c94665cc120e0ea488200eebb08c7aa07e1c1a35d42 xsa166-4.4.patch d5dddce37c644d35ef52ff7230f83bf0969b6b4db9b586241f5f5bd0dc631096 xsa166-4.5.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html NOTE REGARDING SHORT EMBARGO ============================ This issue was encountered by the Security Team during investigations of the scope and impact of XSA-155. Accordingly XSA-166 is embargoed and the embargo will end at the same time as that of XSA-155. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqzCAAoJEIP+FMlX6CvZPRIIAIkXhtZYi1ro+T74PMote55o npXKgR9tvXOokj3O1IsYfzHQnOiX3kQmmGmSXg5Hh/sYxAQIgqn2f9Zf/K+6gx8j Rd+0QrbhekG7+uA3TrGNtNdBDPevAcKE2xkzGZ7OZknE7Ch9WKua3VtjlY0pG9jr 8PUPE/NZ//MSd9Ds2uPB6G2zaoqFG6oGMgqdYs3zwLM52FR1/VlTzKLZ7sh3mPeK rPO1f1Agn7mFVnSbO0EkAYx++Mr3rv/w2M1qnK0cQk6T9l6Cg6qKzdV+iTV95CNo QxWLsm26c4YsRPIU1gBgHoPxi8hGwZThInSY8j8MH0Ed1xV3bPm1HqirrafpHHA= =Fovo -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa166.patch" Content-Disposition: attachment; filename="xsa166.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTQ2MCw3ICs0NjAsMTAgQEAgc3RhdGljIGJvb2xfdCBodm1fd2FpdF9m b3JfaW8oc3RydWN0IGh2bQogewogICAgIHdoaWxlICggc3YtPnBlbmRpbmcg KQogICAgIHsKLSAgICAgICAgc3dpdGNoICggcC0+c3RhdGUgKQorICAgICAg ICB1bnNpZ25lZCBpbnQgc3RhdGUgPSBwLT5zdGF0ZTsKKworICAgICAgICBy bWIoKTsKKyAgICAgICAgc3dpdGNoICggc3RhdGUgKQogICAgICAgICB7CiAg ICAgICAgIGNhc2UgU1RBVEVfSU9SRVFfTk9ORToKICAgICAgICAgICAgIC8q CkBAIC00NzEsMTggKzQ3NCwxNSBAQCBzdGF0aWMgYm9vbF90IGh2bV93YWl0 X2Zvcl9pbyhzdHJ1Y3QgaHZtCiAgICAgICAgICAgICBodm1faW9fYXNzaXN0 KHN2LCB+MHVsKTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICBjYXNl IFNUQVRFX0lPUkVTUF9SRUFEWTogLyogSU9SRVNQX1JFQURZIC0+IE5PTkUg Ki8KLSAgICAgICAgICAgIHJtYigpOyAvKiBzZWUgSU9SRVNQX1JFQURZIC90 aGVuLyByZWFkIGNvbnRlbnRzIG9mIGlvcmVxICovCiAgICAgICAgICAgICBw LT5zdGF0ZSA9IFNUQVRFX0lPUkVRX05PTkU7CiAgICAgICAgICAgICBodm1f aW9fYXNzaXN0KHN2LCBwLT5kYXRhKTsKICAgICAgICAgICAgIGJyZWFrOwog ICAgICAgICBjYXNlIFNUQVRFX0lPUkVRX1JFQURZOiAgLyogSU9SRVFfe1JF QURZLElOUFJPQ0VTU30gLT4gSU9SRVNQX1JFQURZICovCiAgICAgICAgIGNh c2UgU1RBVEVfSU9SRVFfSU5QUk9DRVNTOgotICAgICAgICAgICAgd2FpdF9v bl94ZW5fZXZlbnRfY2hhbm5lbChzdi0+aW9yZXFfZXZ0Y2huLAotICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAocC0+c3RhdGUgIT0g U1RBVEVfSU9SRVFfUkVBRFkpICYmCi0gICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9JTlBS T0NFU1MpKTsKKyAgICAgICAgICAgIHdhaXRfb25feGVuX2V2ZW50X2NoYW5u ZWwoc3YtPmlvcmVxX2V2dGNobiwgcC0+c3RhdGUgIT0gc3RhdGUpOwogICAg ICAgICAgICAgYnJlYWs7CiAgICAgICAgIGRlZmF1bHQ6Ci0gICAgICAgICAg ICBnZHByaW50ayhYRU5MT0dfRVJSLCAiV2VpcmQgSFZNIGlvcmVxdWVzdCBz dGF0ZSAlZC5cbiIsIHAtPnN0YXRlKTsKKyAgICAgICAgICAgIGdkcHJpbnRr KFhFTkxPR19FUlIsICJXZWlyZCBIVk0gaW9yZXF1ZXN0IHN0YXRlICV1XG4i LCBzdGF0ZSk7CiAgICAgICAgICAgICBzdi0+cGVuZGluZyA9IDA7CiAgICAg ICAgICAgICBkb21haW5fY3Jhc2goc3YtPnZjcHUtPmRvbWFpbik7CiAgICAg ICAgICAgICByZXR1cm4gMDsgLyogYmFpbCAqLwo= --=separator Content-Type: application/octet-stream; name="xsa166-4.3.patch" Content-Disposition: attachment; filename="xsa166-4.3.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTM0Miw2ICszNDIsNyBAQCB2b2lkIGh2bV9taWdyYXRlX3BpcnFzKHN0 cnVjdCB2Y3B1ICp2KQogdm9pZCBodm1fZG9fcmVzdW1lKHN0cnVjdCB2Y3B1 ICp2KQogewogICAgIGlvcmVxX3QgKnA7CisgICAgdW5zaWduZWQgaW50IHN0 YXRlOwogCiAgICAgcHRfcmVzdG9yZV90aW1lcih2KTsKIApAQCAtMzQ5LDkg KzM1MCwxMCBAQCB2b2lkIGh2bV9kb19yZXN1bWUoc3RydWN0IHZjcHUgKnYp CiAKICAgICAvKiBOQi4gT3B0aW1pc2VkIGZvciBjb21tb24gY2FzZSAocC0+ c3RhdGUgPT0gU1RBVEVfSU9SRVFfTk9ORSkuICovCiAgICAgcCA9IGdldF9p b3JlcSh2KTsKLSAgICB3aGlsZSAoIHAtPnN0YXRlICE9IFNUQVRFX0lPUkVR X05PTkUgKQorICAgIHdoaWxlICggKHN0YXRlID0gcC0+c3RhdGUpICE9IFNU QVRFX0lPUkVRX05PTkUgKQogICAgIHsKLSAgICAgICAgc3dpdGNoICggcC0+ c3RhdGUgKQorICAgICAgICBybWIoKTsKKyAgICAgICAgc3dpdGNoICggc3Rh dGUgKQogICAgICAgICB7CiAgICAgICAgIGNhc2UgU1RBVEVfSU9SRVNQX1JF QURZOiAvKiBJT1JFU1BfUkVBRFkgLT4gTk9ORSAqLwogICAgICAgICAgICAg aHZtX2lvX2Fzc2lzdCgpOwpAQCAtMzU5LDExICszNjEsMTAgQEAgdm9pZCBo dm1fZG9fcmVzdW1lKHN0cnVjdCB2Y3B1ICp2KQogICAgICAgICBjYXNlIFNU QVRFX0lPUkVRX1JFQURZOiAgLyogSU9SRVFfe1JFQURZLElOUFJPQ0VTU30g LT4gSU9SRVNQX1JFQURZICovCiAgICAgICAgIGNhc2UgU1RBVEVfSU9SRVFf SU5QUk9DRVNTOgogICAgICAgICAgICAgd2FpdF9vbl94ZW5fZXZlbnRfY2hh bm5lbCh2LT5hcmNoLmh2bV92Y3B1Lnhlbl9wb3J0LAotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAocC0+c3RhdGUgIT0gU1RBVEVf SU9SRVFfUkVBRFkpICYmCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9JTlBST0NFU1Mp KTsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcC0+ c3RhdGUgIT0gc3RhdGUpOwogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAg IGRlZmF1bHQ6Ci0gICAgICAgICAgICBnZHByaW50ayhYRU5MT0dfRVJSLCAi V2VpcmQgSFZNIGlvcmVxdWVzdCBzdGF0ZSAlZC5cbiIsIHAtPnN0YXRlKTsK KyAgICAgICAgICAgIGdkcHJpbnRrKFhFTkxPR19FUlIsICJXZWlyZCBIVk0g aW9yZXF1ZXN0IHN0YXRlICV1XG4iLCBzdGF0ZSk7CiAgICAgICAgICAgICBk b21haW5fY3Jhc2godi0+ZG9tYWluKTsKICAgICAgICAgICAgIHJldHVybjsg LyogYmFpbCAqLwogICAgICAgICB9Cg== --=separator Content-Type: application/octet-stream; name="xsa166-4.4.patch" Content-Disposition: attachment; filename="xsa166-4.4.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTM0OCw2ICszNDgsNyBAQCB2b2lkIGh2bV9taWdyYXRlX3BpcnFzKHN0 cnVjdCB2Y3B1ICp2KQogdm9pZCBodm1fZG9fcmVzdW1lKHN0cnVjdCB2Y3B1 ICp2KQogewogICAgIGlvcmVxX3QgKnA7CisgICAgdW5zaWduZWQgaW50IHN0 YXRlOwogCiAgICAgY2hlY2tfd2FrZXVwX2Zyb21fd2FpdCgpOwogCkBAIC0z NTgsOSArMzU5LDEwIEBAIHZvaWQgaHZtX2RvX3Jlc3VtZShzdHJ1Y3QgdmNw dSAqdikKICAgICBpZiAoICEocCA9IGdldF9pb3JlcSh2KSkgKQogICAgICAg ICBnb3RvIGNoZWNrX2luamVjdF90cmFwOwogCi0gICAgd2hpbGUgKCBwLT5z dGF0ZSAhPSBTVEFURV9JT1JFUV9OT05FICkKKyAgICB3aGlsZSAoIChzdGF0 ZSA9IHAtPnN0YXRlKSAhPSBTVEFURV9JT1JFUV9OT05FICkKICAgICB7Ci0g ICAgICAgIHN3aXRjaCAoIHAtPnN0YXRlICkKKyAgICAgICAgcm1iKCk7Cisg ICAgICAgIHN3aXRjaCAoIHN0YXRlICkKICAgICAgICAgewogICAgICAgICBj YXNlIFNUQVRFX0lPUkVTUF9SRUFEWTogLyogSU9SRVNQX1JFQURZIC0+IE5P TkUgKi8KICAgICAgICAgICAgIGh2bV9pb19hc3Npc3QocCk7CkBAIC0zNjgs MTEgKzM3MCwxMCBAQCB2b2lkIGh2bV9kb19yZXN1bWUoc3RydWN0IHZjcHUg KnYpCiAgICAgICAgIGNhc2UgU1RBVEVfSU9SRVFfUkVBRFk6ICAvKiBJT1JF UV97UkVBRFksSU5QUk9DRVNTfSAtPiBJT1JFU1BfUkVBRFkgKi8KICAgICAg ICAgY2FzZSBTVEFURV9JT1JFUV9JTlBST0NFU1M6CiAgICAgICAgICAgICB3 YWl0X29uX3hlbl9ldmVudF9jaGFubmVsKHYtPmFyY2guaHZtX3ZjcHUueGVu X3BvcnQsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9SRUFEWSkgJiYKLSAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHAtPnN0YXRlICE9IFNU QVRFX0lPUkVRX0lOUFJPQ0VTUykpOworICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBwLT5zdGF0ZSAhPSBzdGF0ZSk7CiAgICAgICAg ICAgICBicmVhazsKICAgICAgICAgZGVmYXVsdDoKLSAgICAgICAgICAgIGdk cHJpbnRrKFhFTkxPR19FUlIsICJXZWlyZCBIVk0gaW9yZXF1ZXN0IHN0YXRl ICVkLlxuIiwgcC0+c3RhdGUpOworICAgICAgICAgICAgZ2RwcmludGsoWEVO TE9HX0VSUiwgIldlaXJkIEhWTSBpb3JlcXVlc3Qgc3RhdGUgJXVcbiIsIHN0 YXRlKTsKICAgICAgICAgICAgIGRvbWFpbl9jcmFzaCh2LT5kb21haW4pOwog ICAgICAgICAgICAgcmV0dXJuOyAvKiBiYWlsICovCiAgICAgICAgIH0K --=separator Content-Type: application/octet-stream; name="xsa166-4.5.patch" Content-Disposition: attachment; filename="xsa166-4.5.patch" Content-Transfer-Encoding: base64 eDg2L0hWTTogYXZvaWQgcmVhZGluZyBpb3JlcSBzdGF0ZSBtb3JlIHRoYW4g b25jZQoKT3RoZXJ3aXNlLCBlc3BlY2lhbGx5IHdoZW4gdGhlIGNvbXBpbGVy IGNob29zZXMgdG8gdHJhbnNsYXRlIHRoZQpzd2l0Y2goKSB0byBhIGp1bXAg dGFibGUsIHVucHJlZGljdGFibGUgYmVoYXZpb3IgKGFuZCBpbiB0aGUganVt cCB0YWJsZQpjYXNlIGFyYml0cmFyeSBjb2RlIGV4ZWN1dGlvbikgY2FuIHJl c3VsdC4KClRoaXMgaXMgWFNBLTE2Ni4KClNpZ25lZC1vZmYtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBDYW1w YmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJj aC94ODYvaHZtL2h2bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMK QEAgLTQwMCwyMyArNDAwLDIzIEBAIGJvb2xfdCBodm1faW9fcGVuZGluZyhz dHJ1Y3QgdmNwdSAqdikKIAogc3RhdGljIGJvb2xfdCBodm1fd2FpdF9mb3Jf aW8oc3RydWN0IGh2bV9pb3JlcV92Y3B1ICpzdiwgaW9yZXFfdCAqcCkKIHsK KyAgICB1bnNpZ25lZCBpbnQgc3RhdGU7CisKICAgICAvKiBOQi4gT3B0aW1p c2VkIGZvciBjb21tb24gY2FzZSAocC0+c3RhdGUgPT0gU1RBVEVfSU9SRVFf Tk9ORSkuICovCi0gICAgd2hpbGUgKCBwLT5zdGF0ZSAhPSBTVEFURV9JT1JF UV9OT05FICkKKyAgICB3aGlsZSAoIChzdGF0ZSA9IHAtPnN0YXRlKSAhPSBT VEFURV9JT1JFUV9OT05FICkKICAgICB7Ci0gICAgICAgIHN3aXRjaCAoIHAt PnN0YXRlICkKKyAgICAgICAgcm1iKCk7CisgICAgICAgIHN3aXRjaCAoIHN0 YXRlICkKICAgICAgICAgewogICAgICAgICBjYXNlIFNUQVRFX0lPUkVTUF9S RUFEWTogLyogSU9SRVNQX1JFQURZIC0+IE5PTkUgKi8KLSAgICAgICAgICAg IHJtYigpOyAvKiBzZWUgSU9SRVNQX1JFQURZIC90aGVuLyByZWFkIGNvbnRl bnRzIG9mIGlvcmVxICovCiAgICAgICAgICAgICBodm1faW9fYXNzaXN0KHAp OwogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIGNhc2UgU1RBVEVfSU9S RVFfUkVBRFk6ICAvKiBJT1JFUV97UkVBRFksSU5QUk9DRVNTfSAtPiBJT1JF U1BfUkVBRFkgKi8KICAgICAgICAgY2FzZSBTVEFURV9JT1JFUV9JTlBST0NF U1M6Ci0gICAgICAgICAgICB3YWl0X29uX3hlbl9ldmVudF9jaGFubmVsKHN2 LT5pb3JlcV9ldnRjaG4sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIChwLT5zdGF0ZSAhPSBTVEFURV9JT1JFUV9SRUFEWSkgJiYK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHAtPnN0 YXRlICE9IFNUQVRFX0lPUkVRX0lOUFJPQ0VTUykpOworICAgICAgICAgICAg d2FpdF9vbl94ZW5fZXZlbnRfY2hhbm5lbChzdi0+aW9yZXFfZXZ0Y2huLCBw LT5zdGF0ZSAhPSBzdGF0ZSk7CiAgICAgICAgICAgICBicmVhazsKICAgICAg ICAgZGVmYXVsdDoKLSAgICAgICAgICAgIGdkcHJpbnRrKFhFTkxPR19FUlIs ICJXZWlyZCBIVk0gaW9yZXF1ZXN0IHN0YXRlICVkLlxuIiwgcC0+c3RhdGUp OworICAgICAgICAgICAgZ2RwcmludGsoWEVOTE9HX0VSUiwgIldlaXJkIEhW TSBpb3JlcXVlc3Qgc3RhdGUgJXVcbiIsIHN0YXRlKTsKICAgICAgICAgICAg IGRvbWFpbl9jcmFzaChzdi0+dmNwdS0+ZG9tYWluKTsKICAgICAgICAgICAg IHJldHVybiAwOyAvKiBiYWlsICovCiAgICAgICAgIH0K --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtE-0007FS-Km; Thu, 17 Dec 2015 12:42:36 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9XtC-0007Ds-Rc; Thu, 17 Dec 2015 12:42:35 +0000 Received: from [85.158.139.211] by server-4.bemta-5.messagelabs.com id A4/79-24856-9BDA2765; Thu, 17 Dec 2015 12:42:33 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-6.tower-206.messagelabs.com!1450356152!11061131!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 15822 invoked from network); 17 Dec 2015 12:42:33 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-6.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:33 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt4-0000vu-Gx; Thu, 17 Dec 2015 12:42:26 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xt4-0001xf-Aw; Thu, 17 Dec 2015 12:42:26 +0000 Date: Thu, 17 Dec 2015 12:42:26 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 164 (CVE-2015-8554) - qemu-dm buffer overrun in MSI-X handling X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8554 / XSA-164 version 3 qemu-dm buffer overrun in MSI-X handling UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= "qemu-xen-traditional" (aka qemu-dm) tracks state for each MSI-X table entry of a passed through device. This is used/updated on (intercepted) accesses to the page(s) containing the MSI-X table. There may be space on the final page not covered by any MSI-X table entry, but memory for state tracking is allocated only for existing table entries. Therefore bounds checks are required to avoid accessing/corrupting unrelated heap memory. Such a check is present for the read path, but was missing for the write path. IMPACT ====== A malicious administrator of a guest which has access to a passed through PCI device which is MSI-X capable can exploit this vulnerability to take over the qemu process, elevating its privilege to that of the qemu process. In a system not using a device model stub domain (or other techniques for deprivileging qemu), the malicious guest administrator can thus elevate their privilege to that of the host. VULNERABLE SYSTEMS ================== Xen systems running x86 HVM guests with "qemu-xen-traditional", but without stubdomains, which have been passed through an MSI-X capable physical PCI device are vulnerable. The default configuration is NOT vulnerable from Xen 4.3 onwards (because it uses a newer upstream qemu version). Systems running only PV guests are NOT vulnerable. Only systems using PCI passthrough are vulnerable. Systems using "qemu-xen-traditional" stubdomain device models (for example, by specifying "device_model_stubdomain_override=1" in xl's domain configuration files) are NOT vulnerable. Only the traditional "qemu-xen-traditional" device model is vulnerable. Upstream qemu device models ("qemu-xen") are NOT vulnerable. ARM systems are NOT vulnerable. MITIGATION ========== Not passing through MSI-X capable devices to HVM guests will avoid this vulnerability. Running HVM guests with the default upstream device model will also avoid this vulnerability. Enabling stubdomains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. In a usual configuration, a service domain has only the privilege of the guest, so this eliminates the vulnerability. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa164.patch qemu-xen-traditional: Xen unstable, 4.6.x, 4.5.x, 4.4.x, 4.3.x $ sha256sum xsa164* 40f7327aa414c77a0e18a305a144e4a720ba8fe1b618d2f3ad9d5f605667c340 xsa164.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the mitigations described above is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because in all cases the configuration change may be visible to the guest which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqy+AAoJEIP+FMlX6CvZldwH/RpMzmRhI6lFR02GKXXC+87V Yb2d8au5C/yxYED23WhIW+zPajaNjcpu73xgRqc+mNYSyGOOcmCWEF7nSp4tSHC7 XpF8EXPXFtOYSWuxnn38tL+bqs+sa+Ju5koqxkMzKsYM+TgKvUdtoCqEi7uElJ5y wX3HCyBH0zTX+YMbN32DYihwTRTdDBNXqEhDZcULSkvrKWlYlfJGUJus50JBMZFF THIf6mFZp2VZoHtc14xz4aMzDX8MmK+Xq+jMrMLM56oj9OmAShw4a3Glxbzzla7r H7YFCH2OwrBPCDXWL2DF2LY/pQicIQfVZ1QWHOAMIbKL3icmMwlbINx15Dc0YHE= =KYw9 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa164.patch" Content-Disposition: attachment; filename="xsa164.patch" Content-Transfer-Encoding: base64 TVNJLVg6IGF2b2lkIGFycmF5IG92ZXJydW4gdXBvbiBNU0ktWCB0YWJsZSB3 cml0ZXMKCnB0X21zaXhfaW5pdCgpIGFsbG9jYXRlcyBtc2l4LT5tc2l4X2Vu dHJ5W10gdG8ganVzdCBjb3Zlcgptc2l4LT50b3RhbF9lbnRyaWVzIGVudHJp ZXMuIFdoaWxlIHBjaV9tc2l4X3JlYWRsKCkgcmVzb3J0cyB0byByZWFkaW5n CnBoeXNpY2FsIG1lbW9yeSBmb3Igb3V0IG9mIGJvdW5kcyByZWFkcywgcGNp X21zaXhfd3JpdGVsKCkgc28gZmFyCnNpbXBseSBhY2Nlc3NlZC9jb3JydXB0 ZWQgdW5yZWxhdGVkIG1lbW9yeS4KCnB0X2lvbWVtX21hcCgpJ3MgY2FsbCB0 byBjcHVfcmVnaXN0ZXJfcGh5c2ljYWxfbWVtb3J5KCkgcmVnaXN0ZXJzIGEK cGFnZSBncmFudWxhciByZWdpb24sIHdoaWNoIGlzIG5lY2Vzc2FyeSBhcyB0 aGUgUGVuZGluZyBCaXQgQXJyYXkgbWF5CnNoYXJlIHNwYWNlIHdpdGggdGhl IE1TSS1YIHRhYmxlIChidXQgbm90aGluZyBlbHNlIGlzIGFsbG93ZWQgdG8p LiBUaGlzCmFsc28gZXhwbGFpbnMgd2h5IHBjaV9tc2l4X3JlYWRsKCkgYWN0 dWFsbHkgaG9ub3JzIG91dCBvZiBib3VuZHMgcmVhZHMsCmJ1dCBwY2lfbXNp X3dyaXRlbCgpIGRvZXNuJ3QgbmVlZCB0by4KClRoaXMgaXMgWFNBLTE2NC4K ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNv bT4KQWNrZWQtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJp eC5jb20+CgotLS0gYS9ody9wdC1tc2kuYworKysgYi9ody9wdC1tc2kuYwpA QCAtNDQwLDYgKzQ0MCwxMyBAQCBzdGF0aWMgdm9pZCBwY2lfbXNpeF93cml0 ZWwodm9pZCAqb3BhcXVlCiAgICAgICAgIHJldHVybjsKICAgICB9CiAKKyAg ICBpZiAoIGFkZHIgLSBtc2l4LT5tbWlvX2Jhc2VfYWRkciA+PSBtc2l4LT50 b3RhbF9lbnRyaWVzICogMTYgKQorICAgIHsKKyAgICAgICAgUFRfTE9HKCJF cnJvcjogT3V0IG9mIGJvdW5kcyB3cml0ZSB0byBNU0ktWCB0YWJsZSwiCisg ICAgICAgICAgICAgICAiIGFkZHIgJTAxNiJQUkl4NjQiXG4iLCBhZGRyKTsK KyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIGVudHJ5X25yID0gKGFk ZHIgLSBtc2l4LT5tbWlvX2Jhc2VfYWRkcikgLyAxNjsKICAgICBlbnRyeSA9 ICZtc2l4LT5tc2l4X2VudHJ5W2VudHJ5X25yXTsKICAgICBvZmZzZXQgPSAo KGFkZHIgLSBtc2l4LT5tbWlvX2Jhc2VfYWRkcikgJSAxNikgLyA0Owo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 12:43:32 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 12:43:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt7-0007Cs-Bb; Thu, 17 Dec 2015 12:42:29 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xt5-0007CS-VG; Thu, 17 Dec 2015 12:42:28 +0000 Received: from [85.158.139.211] by server-14.bemta-5.messagelabs.com id 90/B6-18633-2BDA2765; Thu, 17 Dec 2015 12:42:26 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-4.tower-206.messagelabs.com!1450356140!11372805!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 12943 invoked from network); 17 Dec 2015 12:42:20 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-4.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 12:42:20 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Xsp-0000v9-Vu; Thu, 17 Dec 2015 12:42:11 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Xsp-0001up-LQ; Thu, 17 Dec 2015 12:42:11 +0000 Date: Thu, 17 Dec 2015 12:42:11 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8550 / XSA-155 version 5 paravirtualized drivers incautious about shared memory contents UPDATES IN VERSION 5 ==================== Public release. ISSUE DESCRIPTION ================= The compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice (during which time the frontend can alter the contents) possibly leading to arbitrary code execution in backend. IMPACT ====== Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact can be a host crash, or privilege escalation. VULNERABLE SYSTEMS ================== Systems running PV or HVM guests are vulnerable. ARM and x86 systems are vulnerable. All OSes providing PV backends are susceptible, this includes Linux and NetBSD. By default the Linux distributions compile kernels with optimizations. MITIGATION ========== There is no mitigation. CREDITS ======= This issue was discovered by Felix Wilhelm of ERNW. RESOLUTION ========== Applying the appropriate attached patches should fix the problem for PV backends. Note only that PV backends are fixed; PV frontend patches will be developed and released (publicly) after the embargo date. Please note that there is a bug in some versions of gcc, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 which can cause the construct used in RING_COPY_REQUEST() to be ineffective in some circumstances. We have determined that this is only the case when the structure being copied consists purely of bitfields. The Xen PV protocols updated here do not use bitfields in this way and therefore these patches are not subject to that bug. However authors of third party PV protocols should take this into consideration. Linux v4.4: xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch Linux v4.[0,1,2,3] All the above patches except #5 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch Linux v3.19: All the above patches except #5 and #6 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux319-0006-xen-scsiback-safely-copy-requests.patch qemu-xen: xsa155-qemu-qdisk-double-access.patch xsa155-qemu-xenfb.patch qemu-traditional: xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch NetBSD 7.0: xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch xen: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xen 4.4: All patches except #3 will apply, please use: xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ sha256sum xsa155* d9fbc104ab2ae797971e351ee0e04e7b7e9c7c33385309bb406c7941dc9a33b4 xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch 590656d83ad7b6052b54659eccb3469658b3942c0dc1366423a66f2f5ac643e1 xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2bd18632178e09394c5cd06aded2c14bcc6b6e360ad6e81827d24860fe3e8ca4 xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch cecdeccb8e2551252c81fc5f164a8298005df714a574a7ba18b84e8ed5f2bb70 xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch 3916b847243047f0e1053233ade742c14a7f29243584e60bf5db4842a8068855 xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch 746c8eb0aeb200d76156c88dfbbd49db79f567b88b07eda70f7c7d095721f05a xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch 18517a184a02f7441065b8d3423086320ec4c2345c00d551231f7976381767f5 xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2e6d556d25b1cc16e71afde665ae3908f4fa8eab7e0d96283fc78400301baf92 xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch 5e130d8b61906015c6a94f8edd3cce97b172f96a265d97ecf370e7b45125b73d xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch 08c2d0f95dcc215165afbce623b6972b81dd45b091b5f40017579b00c8612e03 xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch 0a66010f736092f91f70bb0fd220685e4395efef1db6d23a3d1eace31d144f51 xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch 5e913a8427cab6b4d384d1246e05116afc301eb117edd838101eb53a82c2f2ff xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch 3b8f14eafaed3a7bc66245753a37af4249acf8129fbedb70653192252dc47dc9 xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch 81ae5fa998243a78dad749fc561be647dc1dc1be799e8f18484fdf0989469705 xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch 044ff74fa048df820d528f64f2791ec9cb3940bd313c1179020bd49a6cde2ca3 xsa155-qemu-qdisk-double-access.patch 1150504589eb7bfa108c80ce63395e57d0e627b12d9201219d968fdd026919a6 xsa155-qemut-qdisk-double-access.patch 63186246ab6913b54bfef5f09f33e815935ac40ff821c27a3efda62339bbbd5f xsa155-qemut-xenfb.patch e53b4ac298648cde79344192d5a58ca8d8724344f5105bec7c09eef095c668f6 xsa155-qemu-xenfb.patch e52467fcec73bcc86d3e96d06f8ca8085ae56a83d2c42a30c16bc3dc630d8f8a xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch eae34c8ccc096ad93a74190506b3d55020a88afb0cc504a3a514590e9fd746fd xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch 42780265014085a4221ad32b026214693d751789eb5219e2e83862c0006c66f4 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch dfcaddb8a908a4fc1b048a43187e885117e67dc566f5c841037ee366dcd437d1 xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcqy6AAoJEIP+FMlX6CvZeBQH/ReZbtQjtRmlvHyu72GPZfGm fI3Ji5NMczuAu/2aopqOl+dUudO91lHEDmKNuBKHFAb2hOjTd003mCig0JP2D3js 0Ca8ab7VDgSlNKTl99XAizKFYMJEDRdAxYHktNj+1ok9381e7xquEJ77GfSk2S1e gKDoSYkseSEcrThsgsohYiEvIe/odf8gn4gKq7CTK2sAf45wxWwP/QtgbAidJR3s hQKuv++cyf11csSuVBX4cp0YN8lRWPmygD1si6D/y2TUvn3sAw2EzDkdSfryvtFV /PJTtaQKtyvwOu3kJedguPL0yYmdAPQLAwYWum/NfSBB4g94ydxJ30amp3q37lY= =9VP6 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSBmOWM3MWU4OTJkNTE0MmEzMTQ0ODFkZjZiYWEyNmIzNGU2YTZiYTQ1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuLXNjc2li YWNrOiBzYWZlbHkgY29weSByZXF1ZXN0cwoKVGhlIGNvcHkgb2YgdGhlIHJp bmcgcmVxdWVzdCB3YXMgbGFja2luZyBhIGZvbGxvd2luZyBiYXJyaWVyKCks CnBvdGVudGlhbGx5IGFsbG93aW5nIHRoZSBjb21waWxlciB0byBvcHRpbWl6 ZSB0aGUgY29weSBhd2F5LgoKVXNlIFJJTkdfQ09QWV9SRVFVRVNUKCkgdG8g ZW5zdXJlIHRoZSByZXF1ZXN0IGlzIGNvcGllZCB0byBsb2NhbAptZW1vcnku CgpUaGlzIGlzIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3Jn ClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNp dHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCnYyOiBUaGlzIGlzIGEg YWdhaW5zdCB2My4xOQotLS0KIGRyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5j IHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94ZW4veGVuLXNjc2li YWNrLmMgYi9kcml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYwppbmRleCBlOTk5 NDk2ZS4uZDg2ZjZlMSAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXNj c2liYWNrLmMKKysrIGIvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKQEAg LTczNCw3ICs3MzQsNyBAQCBzdGF0aWMgaW50IHNjc2liYWNrX2RvX2NtZF9m bihzdHJ1Y3QgdnNjc2lia19pbmZvICppbmZvKQogCQlpZiAoIXBlbmRpbmdf cmVxKQogCQkJcmV0dXJuIDE7CiAKLQkJcmluZ19yZXEgPSBSSU5HX0dFVF9S RVFVRVNUKHJpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVFU1QocmluZywg cmMsICZyaW5nX3JlcSk7CiAJCXJpbmctPnJlcV9jb25zID0gKytyYzsKIAog CQlhY3QgPSByaW5nX3JlcS0+YWN0OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBkNTJmMDA5NjBjMTA3MGM2ODM4MDlmYWRkZDM1YTIyMjNlMmI4YTZl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDYvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0tCnYyOiBUaGlz IGlzIGFnYWluc3QgdjQuMwotLS0KIGRyaXZlcnMvYmxvY2sveGVuLWJsa2Jh Y2svYmxrYmFjay5jIHwgMTIgKysrKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdl ZCwgNyBpbnNlcnRpb25zKCspLCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIGIvZHJp dmVycy9ibG9jay94ZW4tYmxrYmFjay9ibGtiYWNrLmMKaW5kZXggNmE2ODVh ZS4uZjJlN2EzOCAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxr YmFjay9ibGtiYWNrLmMKKysrIGIvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9ibGtiYWNrLmMKQEAgLTk1MCw2ICs5NTAsOCBAQCBzdGF0aWMgaW50IHhl bl9ibGtia19wYXJzZV9pbmRpcmVjdChzdHJ1Y3QgYmxraWZfcmVxdWVzdCAq cmVxLAogCQlnb3RvIHVubWFwOwogCiAJZm9yIChuID0gMCwgaSA9IDA7IG4g PCBuc2VnOyBuKyspIHsKKwkJdWludDhfdCBmaXJzdF9zZWN0LCBsYXN0X3Nl Y3Q7CisKIAkJaWYgKChuICUgU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUUpID09 IDApIHsKIAkJCS8qIE1hcCBpbmRpcmVjdCBzZWdtZW50cyAqLwogCQkJaWYg KHNlZ21lbnRzKQpAQCAtOTU4LDE0ICs5NjAsMTQgQEAgc3RhdGljIGludCB4 ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3RydWN0IGJsa2lmX3JlcXVlc3Qg KnJlcSwKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1F OwogCQlwZW5kaW5nX3JlcS0+c2VnbWVudHNbbl0tPmdyZWYgPSBzZWdtZW50 c1tpXS5ncmVmOwotCQlzZWdbbl0ubnNlYyA9IHNlZ21lbnRzW2ldLmxhc3Rf c2VjdCAtCi0JCQlzZWdtZW50c1tpXS5maXJzdF9zZWN0ICsgMTsKLQkJc2Vn W25dLm9mZnNldCA9IChzZWdtZW50c1tpXS5maXJzdF9zZWN0IDw8IDkpOwot CQlpZiAoKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA+PSAoUEFHRV9TSVpFID4+ IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNlZ21l bnRzW2ldLmZpcnN0X3NlY3QpKSB7CisJCWZpcnN0X3NlY3QgPSBSRUFEX09O Q0Uoc2VnbWVudHNbaV0uZmlyc3Rfc2VjdCk7CisJCWxhc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5sYXN0X3NlY3QpOworCQlpZiAobGFzdF9z ZWN0ID49IChQQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0IDwgZmlyc3Rf c2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1bm1hcDsKIAkJ fQorCQlzZWdbbl0ubnNlYyA9IGxhc3Rfc2VjdCAtIGZpcnN0X3NlY3QgKyAx OworCQlzZWdbbl0ub2Zmc2V0ID0gZmlyc3Rfc2VjdCA8PCA5OwogCQlwcmVx LT5ucl9zZWN0cyArPSBzZWdbbl0ubnNlYzsKIAl9CiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA0ZTJiYzQyM2UwY2VmMGE0MmY5M2Q5ODljMDk4MDMwMWRmMWJkNDYy IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE0OjU4OjA4ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzddIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6IFVwZGF0ZSBhYm91dCBHQ0Mg YW5kIGJpdGZpZWxkcy4KLS0tCiBpbmNsdWRlL3hlbi9pbnRlcmZhY2UvaW8v cmluZy5oIHwgMTQgKysrKysrKysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCAx NCBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvaW5jbHVkZS94ZW4vaW50 ZXJmYWNlL2lvL3JpbmcuaCBiL2luY2x1ZGUveGVuL2ludGVyZmFjZS9pby9y aW5nLmgKaW5kZXggN2QyOGFmZi4uN2RjNjg1YiAxMDA2NDQKLS0tIGEvaW5j bHVkZS94ZW4vaW50ZXJmYWNlL2lvL3JpbmcuaAorKysgYi9pbmNsdWRlL3hl bi9pbnRlcmZhY2UvaW8vcmluZy5oCkBAIC0xODEsNiArMTgxLDIwIEBAIHN0 cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgewkJCQkJCVwKICNkZWZpbmUgUklO R19HRVRfUkVRVUVTVChfciwgX2lkeCkJCQkJCVwKICAgICAoJigoX3IpLT5z cmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAxKSldLnJl cSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVxdWVzdC4K KyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdfR0VUX1JF UVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBvbiBhIGxv Y2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhlIG90aGVy IGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251Lm9yZy9i dWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNlIHRoaXMK KyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBzdHJ1Y3Qg d2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8KKyNkZWZp bmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRvIHsJCQkJ XAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBpbnRvIF9y ZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVvZihfcmVx KSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGlsZSAoMCkK KwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkJCQkJCVwK ICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0la RShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Transfer-Encoding: base64 RnJvbSAxMDBhYzM3MmEwZTA3Y2NjOGM1MDhjMzg4NGZhOTAyMGNmZTA4MDk0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE2OjAxICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzddIHhlbi1u ZXRiYWNrOiBkb24ndCB1c2UgbGFzdCByZXF1ZXN0IHRvIGRldGVybWluZSBt aW5pbXVtCiBUeCBjcmVkaXQKClRoZSBsYXN0IGZyb20gZ3Vlc3QgdHJhbnNt aXR0ZWQgcmVxdWVzdCBnaXZlcyBubyBpbmRpY2F0aW9uIGFib3V0IHRoZQpt aW5pbXVtIGFtb3VudCBvZiBjcmVkaXQgdGhhdCB0aGUgZ3Vlc3QgbWlnaHQg bmVlZCB0byBzZW5kIGEgcGFja2V0CnNpbmNlIHRoZSBsYXN0IHBhY2tldCBt aWdodCBoYXZlIGJlZW4gYSBzbWFsbCBvbmUuCgpJbnN0ZWFkIGFsbG93IGZv ciB0aGUgd29yc3QgY2FzZSAxMjggS2lCIHBhY2tldC4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZp ZXdlZC1ieTogV2VpIExpdSA8d2VpLmxpdTJAY2l0cml4LmNvbT4KU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMvbmV0L3hlbi1uZXRi YWNrL25ldGJhY2suYyB8IDQgKy0tLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5z ZXJ0aW9uKCspLCAzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZl cnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyBiL2RyaXZlcnMvbmV0L3hl bi1uZXRiYWNrL25ldGJhY2suYwppbmRleCBlNDgxZjM3Li5iNjgzNTgxIDEw MDY0NAotLS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMK KysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCkBAIC02 NzksOSArNjc5LDcgQEAgc3RhdGljIHZvaWQgdHhfYWRkX2NyZWRpdChzdHJ1 Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSkKIAkgKiBBbGxvdyBhIGJ1cnN0IGJp ZyBlbm91Z2ggdG8gdHJhbnNtaXQgYSBqdW1ibyBwYWNrZXQgb2YgdXAgdG8g MTI4a0IuCiAJICogT3RoZXJ3aXNlIHRoZSBpbnRlcmZhY2UgY2FuIHNlaXpl IHVwIGR1ZSB0byBpbnN1ZmZpY2llbnQgY3JlZGl0LgogCSAqLwotCW1heF9i dXJzdCA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT50eCwgcXVldWUtPnR4 LnJlcV9jb25zKS0+c2l6ZTsKLQltYXhfYnVyc3QgPSBtaW4obWF4X2J1cnN0 LCAxMzEwNzJVTCk7Ci0JbWF4X2J1cnN0ID0gbWF4KG1heF9idXJzdCwgcXVl dWUtPmNyZWRpdF9ieXRlcyk7CisJbWF4X2J1cnN0ID0gbWF4KDEzMTA3MlVM LCBxdWV1ZS0+Y3JlZGl0X2J5dGVzKTsKIAogCS8qIFRha2UgY2FyZSB0aGF0 IGFkZGluZyBhIG5ldyBjaHVuayBvZiBjcmVkaXQgZG9lc24ndCB3cmFwIHRv IHplcm8uICovCiAJbWF4X2NyZWRpdCA9IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICsgcXVldWUtPmNyZWRpdF9ieXRlczsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Transfer-Encoding: base64 RnJvbSA0MTI3ZTljY2FlMGVkYTYyMjQyMWQyMTEzMjg0NmFiZGY3NGY2NmVk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE3OjA2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAzLzddIHhlbi1u ZXRiYWNrOiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0CgpJ bnN0ZWFkIG9mIG9wZW4tY29kaW5nIG1lbWNweSgpcyBhbmQgZGlyZWN0bHkg YWNjZXNzaW5nIFR4IGFuZCBSeApyZXF1ZXN0cywgdXNlIHRoZSBuZXcgUklO R19DT1BZX1JFUVVFU1QoKSB0aGF0IGVuc3VyZXMgdGhlIGxvY2FsIGNvcHkK aXMgY29ycmVjdC4KClRoaXMgaXMgbW9yZSB0aGFuIGlzIHN0cmljdGx5IG5l Y2Vzc2FyeSBmb3IgZ3Vlc3QgUnggcmVxdWVzdHMgc2luY2UKb25seSB0aGUg aWQgYW5kIGdyZWYgZmllbGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVz cyBpZiB0aGUKZnJvbnRlbmQgbW9kaWZpZXMgdGhlc2UuCgpUaGlzIGlzIHBh cnQgb2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKUmV2 aWV3ZWQtYnk6IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5j b20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2lsayA8a29u cmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgfCAzMCArKysrKysrKysrKysrKy0tLS0tLS0tLS0t LS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAxNCBpbnNlcnRpb25zKCspLCAxNiBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRi YWNrLmMKaW5kZXggYjY4MzU4MS4uMTA0OWMzNCAxMDA2NDQKLS0tIGEvZHJp dmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCisrKyBiL2RyaXZlcnMv bmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYwpAQCAtMjU4LDE4ICsyNTgsMTgg QEAgc3RhdGljIHN0cnVjdCB4ZW52aWZfcnhfbWV0YSAqZ2V0X25leHRfcnhf YnVmZmVyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQkJCQkJIHN0 cnVjdCBuZXRyeF9wZW5kaW5nX29wZXJhdGlvbnMgKm5wbykKIHsKIAlzdHJ1 Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAotCXJlcSA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT5yeCwg cXVldWUtPnJ4LnJlcV9jb25zKyspOworCVJJTkdfQ09QWV9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrLCAmcmVxKTsKIAogCW1l dGEgPSBucG8tPm1ldGEgKyBucG8tPm1ldGFfcHJvZCsrOwogCW1ldGEtPmdz b190eXBlID0gWEVOX05FVElGX0dTT19UWVBFX05PTkU7CiAJbWV0YS0+Z3Nv X3NpemUgPSAwOwogCW1ldGEtPnNpemUgPSAwOwotCW1ldGEtPmlkID0gcmVx LT5pZDsKKwltZXRhLT5pZCA9IHJlcS5pZDsKIAogCW5wby0+Y29weV9vZmYg PSAwOwotCW5wby0+Y29weV9ncmVmID0gcmVxLT5ncmVmOworCW5wby0+Y29w eV9ncmVmID0gcmVxLmdyZWY7CiAKIAlyZXR1cm4gbWV0YTsKIH0KQEAgLTQy NCw3ICs0MjQsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVj dCBza19idWZmICpza2IsCiAJc3RydWN0IHhlbnZpZiAqdmlmID0gbmV0ZGV2 X3ByaXYoc2tiLT5kZXYpOwogCWludCBucl9mcmFncyA9IHNrYl9zaGluZm8o c2tiKS0+bnJfZnJhZ3M7CiAJaW50IGk7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAlzdHJ1Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7CiAJdW5zaWdu ZWQgY2hhciAqZGF0YTsKIAlpbnQgaGVhZCA9IDE7CkBAIC00NDMsMTUgKzQ0 MywxNSBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVjdCBza19i dWZmICpza2IsCiAKIAkvKiBTZXQgdXAgYSBHU08gcHJlZml4IGRlc2NyaXB0 b3IsIGlmIG5lY2Vzc2FyeSAqLwogCWlmICgoMSA8PCBnc29fdHlwZSkgJiB2 aWYtPmdzb19wcmVmaXhfbWFzaykgewotCQlyZXEgPSBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwkJUklO R19DT1BZX1JFUVVFU1QoJnF1ZXVlLT5yeCwgcXVldWUtPnJ4LnJlcV9jb25z KyssICZyZXEpOwogCQltZXRhID0gbnBvLT5tZXRhICsgbnBvLT5tZXRhX3By b2QrKzsKIAkJbWV0YS0+Z3NvX3R5cGUgPSBnc29fdHlwZTsKIAkJbWV0YS0+ Z3NvX3NpemUgPSBza2Jfc2hpbmZvKHNrYiktPmdzb19zaXplOwogCQltZXRh LT5zaXplID0gMDsKLQkJbWV0YS0+aWQgPSByZXEtPmlkOworCQltZXRhLT5p ZCA9IHJlcS5pZDsKIAl9CiAKLQlyZXEgPSBSSU5HX0dFVF9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnJ4LCBxdWV1ZS0+cngucmVxX2NvbnMrKywgJnJl cSk7CiAJbWV0YSA9IG5wby0+bWV0YSArIG5wby0+bWV0YV9wcm9kKys7CiAK IAlpZiAoKDEgPDwgZ3NvX3R5cGUpICYgdmlmLT5nc29fbWFzaykgewpAQCAt NDYzLDkgKzQ2Myw5IEBAIHN0YXRpYyBpbnQgeGVudmlmX2dvcF9za2Ioc3Ry dWN0IHNrX2J1ZmYgKnNrYiwKIAl9CiAKIAltZXRhLT5zaXplID0gMDsKLQlt ZXRhLT5pZCA9IHJlcS0+aWQ7CisJbWV0YS0+aWQgPSByZXEuaWQ7CiAJbnBv LT5jb3B5X29mZiA9IDA7Ci0JbnBvLT5jb3B5X2dyZWYgPSByZXEtPmdyZWY7 CisJbnBvLT5jb3B5X2dyZWYgPSByZXEuZ3JlZjsKIAogCWRhdGEgPSBza2It PmRhdGE7CiAJd2hpbGUgKGRhdGEgPCBza2JfdGFpbF9wb2ludGVyKHNrYikp IHsKQEAgLTcwOSw3ICs3MDksNyBAQCBzdGF0aWMgdm9pZCB4ZW52aWZfdHhf ZXJyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQlzcGluX3VubG9j a19pcnFyZXN0b3JlKCZxdWV1ZS0+cmVzcG9uc2VfbG9jaywgZmxhZ3MpOwog CQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKLQkJdHhwID0gUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyspOworCQlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyssIHR4cCk7CiAJfSB3aGlsZSAo MSk7CiAJcXVldWUtPnR4LnJlcV9jb25zID0gY29uczsKIH0KQEAgLTc3Niw4 ICs3NzYsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9jb3VudF9yZXF1ZXN0cyhz dHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJaWYgKGRyb3BfZXJyKQog CQkJdHhwID0gJmRyb3BwZWRfdHg7CiAKLQkJbWVtY3B5KHR4cCwgUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zICsgc2xvdHMpLAotCQkgICAg ICAgc2l6ZW9mKCp0eHApKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVl LT50eCwgY29ucyArIHNsb3RzLCB0eHApOwogCiAJCS8qIElmIHRoZSBndWVz dCBzdWJtaXR0ZWQgYSBmcmFtZSA+PSA2NCBLaUIgdGhlbgogCQkgKiBmaXJz dC0+c2l6ZSBvdmVyZmxvd2VkIGFuZCBmb2xsb3dpbmcgc2xvdHMgd2lsbApA QCAtMTExMCw4ICsxMTA5LDcgQEAgc3RhdGljIGludCB4ZW52aWZfZ2V0X2V4 dHJhcyhzdHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJCXJldHVybiAt RUJBRFI7CiAJCX0KIAotCQltZW1jcHkoJmV4dHJhLCBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+dHgsIGNvbnMpLAotCQkgICAgICAgc2l6ZW9mKGV4dHJh KSk7CisJCVJJTkdfQ09QWV9SRVFVRVNUKCZxdWV1ZS0+dHgsIGNvbnMsICZl eHRyYSk7CiAJCWlmICh1bmxpa2VseSghZXh0cmEudHlwZSB8fAogCQkJICAg ICBleHRyYS50eXBlID49IFhFTl9ORVRJRl9FWFRSQV9UWVBFX01BWCkpIHsK IAkJCXF1ZXVlLT50eC5yZXFfY29ucyA9ICsrY29uczsKQEAgLTEzMjAsNyAr MTMxOCw3IEBAIHN0YXRpYyB2b2lkIHhlbnZpZl90eF9idWlsZF9nb3BzKHN0 cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCiAJCWlkeCA9IHF1ZXVlLT50 eC5yZXFfY29uczsKIAkJcm1iKCk7IC8qIEVuc3VyZSB0aGF0IHdlIHNlZSB0 aGUgcmVxdWVzdCBiZWZvcmUgd2UgY29weSBpdC4gKi8KLQkJbWVtY3B5KCZ0 eHJlcSwgUklOR19HRVRfUkVRVUVTVCgmcXVldWUtPnR4LCBpZHgpLCBzaXpl b2YodHhyZXEpKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVlLT50eCwg aWR4LCAmdHhyZXEpOwogCiAJCS8qIENyZWRpdC1iYXNlZCBzY2hlZHVsaW5n LiAqLwogCQlpZiAodHhyZXEuc2l6ZSA+IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICYmCi0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Transfer-Encoding: base64 RnJvbSAwODRiOGMyZTc3ZjFhYzA3ZTRhM2ExMjFmZjk1N2M0OWE5Mzc5Mzg1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6MzQ6MDkgKzAwMDAKU3ViamVj dDogW1BBVENIIDQvN10geGVuLWJsa2JhY2s6IG9ubHkgcmVhZCByZXF1ZXN0 IG9wZXJhdGlvbiBmcm9tIHNoYXJlZCByaW5nCiBvbmNlCk1JTUUtVmVyc2lv bjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYt OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgpBIGNvbXBpbGVy IG1heSBsb2FkIGEgc3dpdGNoIHN0YXRlbWVudCB2YWx1ZSBtdWx0aXBsZSB0 aW1lcywgd2hpY2ggY291bGQKYmUgYmFkIHdoZW4gdGhlIHZhbHVlIGlzIGlu IG1lbW9yeSBzaGFyZWQgd2l0aCB0aGUgZnJvbnRlbmQuCgpXaGVuIGNvbnZl cnRpbmcgYSBub24tbmF0aXZlIHJlcXVlc3QgdG8gYSBuYXRpdmUgb25lLCBl bnN1cmUgdGhhdApzcmMtPm9wZXJhdGlvbiBpcyBvbmx5IGxvYWRlZCBvbmNl IGJ5IHVzaW5nIFJFQURfT05DRSgpLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1 NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3JnClNpZ25lZC1vZmYtYnk6 IFJvZ2VyIFBhdSBNb25uw6kgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpTaWdu ZWQtb2ZmLWJ5OiBEYXZpZCBWcmFiZWwgPGRhdmlkLnZyYWJlbEBjaXRyaXgu Y29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtv bnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogZHJpdmVycy9ibG9jay94ZW4t YmxrYmFjay9jb21tb24uaCB8IDggKysrKy0tLS0KIDEgZmlsZSBjaGFuZ2Vk LCA0IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFjay9jb21tb24uaCBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svY29tbW9uLmgKaW5kZXggNjhlODdhMC4u YzkyOWFlMiAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9jb21tb24uaAorKysgYi9kcml2ZXJzL2Jsb2NrL3hlbi1ibGtiYWNrL2Nv bW1vbi5oCkBAIC00MDgsOCArNDA4LDggQEAgc3RhdGljIGlubGluZSB2b2lk IGJsa2lmX2dldF94ODZfMzJfcmVxKHN0cnVjdCBibGtpZl9yZXF1ZXN0ICpk c3QsCiAJCQkJCXN0cnVjdCBibGtpZl94ODZfMzJfcmVxdWVzdCAqc3JjKQog ewogCWludCBpLCBuID0gQkxLSUZfTUFYX1NFR01FTlRTX1BFUl9SRVFVRVNU LCBqOwotCWRzdC0+b3BlcmF0aW9uID0gc3JjLT5vcGVyYXRpb247Ci0Jc3dp dGNoIChzcmMtPm9wZXJhdGlvbikgeworCWRzdC0+b3BlcmF0aW9uID0gUkVB RF9PTkNFKHNyYy0+b3BlcmF0aW9uKTsKKwlzd2l0Y2ggKGRzdC0+b3BlcmF0 aW9uKSB7CiAJY2FzZSBCTEtJRl9PUF9SRUFEOgogCWNhc2UgQkxLSUZfT1Bf V1JJVEU6CiAJY2FzZSBCTEtJRl9PUF9XUklURV9CQVJSSUVSOgpAQCAtNDU2 LDggKzQ1Niw4IEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBibGtpZl9nZXRfeDg2 XzY0X3JlcShzdHJ1Y3QgYmxraWZfcmVxdWVzdCAqZHN0LAogCQkJCQlzdHJ1 Y3QgYmxraWZfeDg2XzY0X3JlcXVlc3QgKnNyYykKIHsKIAlpbnQgaSwgbiA9 IEJMS0lGX01BWF9TRUdNRU5UU19QRVJfUkVRVUVTVCwgajsKLQlkc3QtPm9w ZXJhdGlvbiA9IHNyYy0+b3BlcmF0aW9uOwotCXN3aXRjaCAoc3JjLT5vcGVy YXRpb24pIHsKKwlkc3QtPm9wZXJhdGlvbiA9IFJFQURfT05DRShzcmMtPm9w ZXJhdGlvbik7CisJc3dpdGNoIChkc3QtPm9wZXJhdGlvbikgewogCWNhc2Ug QkxLSUZfT1BfUkVBRDoKIAljYXNlIEJMS0lGX09QX1dSSVRFOgogCWNhc2Ug QkxLSUZfT1BfV1JJVEVfQkFSUklFUjoKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSAwNmVlN2M3YmViMGI1MjQ1YjFkODc5Yzk3NTNmYWEyY2Y1YWQ5ODkx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDUvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMv YmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIHwgMTUgKysrKysrKysrKy0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMTAgaW5zZXJ0aW9ucygrKSwgNSBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL2Jsb2NrL3hlbi1ibGti YWNrL2Jsa2JhY2suYyBiL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxr YmFjay5jCmluZGV4IGY5MDk5OTQuLjQxZmIxYTkgMTAwNjQ0Ci0tLSBhL2Ry aXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCisrKyBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCkBAIC05NTAsNiArOTUw LDggQEAgc3RhdGljIGludCB4ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3Ry dWN0IGJsa2lmX3JlcXVlc3QgKnJlcSwKIAkJZ290byB1bm1hcDsKIAogCWZv ciAobiA9IDAsIGkgPSAwOyBuIDwgbnNlZzsgbisrKSB7CisJCXVpbnQ4X3Qg Zmlyc3Rfc2VjdCwgbGFzdF9zZWN0OworCiAJCWlmICgobiAlIFNFR1NfUEVS X0lORElSRUNUX0ZSQU1FKSA9PSAwKSB7CiAJCQkvKiBNYXAgaW5kaXJlY3Qg c2VnbWVudHMgKi8KIAkJCWlmIChzZWdtZW50cykKQEAgLTk1NywxNSArOTU5 LDE4IEBAIHN0YXRpYyBpbnQgeGVuX2Jsa2JrX3BhcnNlX2luZGlyZWN0KHN0 cnVjdCBibGtpZl9yZXF1ZXN0ICpyZXEsCiAJCQlzZWdtZW50cyA9IGttYXBf YXRvbWljKHBhZ2VzW24vU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUVdLT5wYWdl KTsKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1FOwor CiAJCXBlbmRpbmdfcmVxLT5zZWdtZW50c1tuXS0+Z3JlZiA9IHNlZ21lbnRz W2ldLmdyZWY7Ci0JCXNlZ1tuXS5uc2VjID0gc2VnbWVudHNbaV0ubGFzdF9z ZWN0IC0KLQkJCXNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgKyAxOwotCQlzZWdb bl0ub2Zmc2V0ID0gKHNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgPDwgOSk7Ci0J CWlmICgoc2VnbWVudHNbaV0ubGFzdF9zZWN0ID49IChYRU5fUEFHRV9TSVpF ID4+IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNl Z21lbnRzW2ldLmZpcnN0X3NlY3QpKSB7CisKKwkJZmlyc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5maXJzdF9zZWN0KTsKKwkJbGFzdF9zZWN0 ID0gUkVBRF9PTkNFKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCk7CisJCWlmIChs YXN0X3NlY3QgPj0gKFhFTl9QQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0 IDwgZmlyc3Rfc2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1 bm1hcDsKIAkJfQorCisJCXNlZ1tuXS5uc2VjID0gbGFzdF9zZWN0IC0gZmly c3Rfc2VjdCArIDE7CisJCXNlZ1tuXS5vZmZzZXQgPSBmaXJzdF9zZWN0IDw8 IDk7CiAJCXByZXEtPm5yX3NlY3RzICs9IHNlZ1tuXS5uc2VjOwogCX0KIAot LSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSA4OTczOWMxNGM3MmU1YzE2MjZhNWNkNWUwOWNiYjJlZmVhYWRiNmQ4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSCA2LzddIHhlbi1z Y3NpYmFjazogc2FmZWx5IGNvcHkgcmVxdWVzdHMKClRoZSBjb3B5IG9mIHRo ZSByaW5nIHJlcXVlc3Qgd2FzIGxhY2tpbmcgYSBmb2xsb3dpbmcgYmFycmll cigpLApwb3RlbnRpYWxseSBhbGxvd2luZyB0aGUgY29tcGlsZXIgdG8gb3B0 aW1pemUgdGhlIGNvcHkgYXdheS4KClVzZSBSSU5HX0NPUFlfUkVRVUVTVCgp IHRvIGVuc3VyZSB0aGUgcmVxdWVzdCBpcyBjb3BpZWQgdG8gbG9jYWwKbWVt b3J5LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdl ci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jv c3NAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2 aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBS emVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBk cml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYyB8IDIgKy0KIDEgZmlsZSBjaGFu Z2VkLCAxIGluc2VydGlvbigrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5jIGIvZHJpdmVycy94ZW4v eGVuLXNjc2liYWNrLmMKaW5kZXggNDNiY2FlOC4uYWQ0ZWIxMCAxMDA2NDQK LS0tIGEvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKKysrIGIvZHJpdmVy cy94ZW4veGVuLXNjc2liYWNrLmMKQEAgLTcyNiw3ICs3MjYsNyBAQCBzdGF0 aWMgaW50IHNjc2liYWNrX2RvX2NtZF9mbihzdHJ1Y3QgdnNjc2lia19pbmZv ICppbmZvKQogCQlpZiAoIXBlbmRpbmdfcmVxKQogCQkJcmV0dXJuIDE7CiAK LQkJcmluZ19yZXEgPSAqUklOR19HRVRfUkVRVUVTVChyaW5nLCByYyk7CisJ CVJJTkdfQ09QWV9SRVFVRVNUKHJpbmcsIHJjLCAmcmluZ19yZXEpOwogCQly aW5nLT5yZXFfY29ucyA9ICsrcmM7CiAKIAkJZXJyID0gcHJlcGFyZV9wZW5k aW5nX3JlcXMoaW5mbywgJnJpbmdfcmVxLCBwZW5kaW5nX3JlcSk7Ci0tIAoy LjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Transfer-Encoding: base64 RnJvbSBmNmY0Mzg4YzkxN2NlOTZiMDc1YTIzOWE0NTM1YjhlZmM2MDY0ZDE0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MTYgTm92IDIwMTUgMTI6NDA6NDggLTA1MDAKU3ViamVjdDogW1BBVENIIDcv N10geGVuL3BjaWJhY2s6IFNhdmUgeGVuX3BjaV9vcCBjb21tYW5kcyBiZWZv cmUgcHJvY2Vzc2luZwogaXQKCkRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXRp ZXMgdGhhdCBoYXBwZW4gd2hlbiBhIHZhcmlhYmxlIGlzCmZldGNoZWQgdHdp Y2UgZnJvbSBzaGFyZWQgbWVtb3J5IGJ1dCBhIHNlY3VyaXR5IGNoZWNrIGlz IG9ubHkKcGVyZm9ybWVkIHRoZSBmaXJzdCB0aW1lLgoKVGhlIHhlbl9wY2li a19kb19vcCBmdW5jdGlvbiBwZXJmb3JtcyBhIHN3aXRjaCBzdGF0ZW1lbnRz IG9uIHRoZSBvcC0+Y21kCnZhbHVlIHdoaWNoIGlzIHN0b3JlZCBpbiBzaGFy ZWQgbWVtb3J5LiBJbnRlcmVzdGluZ2x5IHRoaXMgY2FuIHJlc3VsdAppbiBh IGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5IGRlcGVuZGluZyBvbiB0aGUg cGVyZm9ybWVkIGNvbXBpbGVyCm9wdGltaXphdGlvbi4KClRoaXMgcGF0Y2gg Zml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5fcGNpX29wIGNvbW1hbmQgYmVm b3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28gdXNlICdiYXJyaWVyJyB0byBt YWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIgZG9lcyBub3QgcGVyZm9ybSBh bnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkND OiBzdGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxKQmV1bGljaEBzdXNlLmNvbT4KU2ln bmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaCAgICAgfCAgMSArCiBkcml2ZXJzL3hlbi94ZW4t cGNpYmFjay9wY2liYWNrX29wcy5jIHwgMTUgKysrKysrKysrKysrKystCiAy IGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24o LSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2li YWNrLmggYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrLmgKaW5k ZXggNThlMzhkNS4uNGQ1MjlmMyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4v eGVuLXBjaWJhY2svcGNpYmFjay5oCisrKyBiL2RyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaApAQCAtMzcsNiArMzcsNyBAQCBzdHJ1Y3QgeGVu X3BjaWJrX2RldmljZSB7CiAJc3RydWN0IHhlbl9wY2lfc2hhcmVkaW5mbyAq c2hfaW5mbzsKIAl1bnNpZ25lZCBsb25nIGZsYWdzOwogCXN0cnVjdCB3b3Jr X3N0cnVjdCBvcF93b3JrOworCXN0cnVjdCB4ZW5fcGNpX29wIG9wOwogfTsK IAogc3RydWN0IHhlbl9wY2lia19kZXZfZGF0YSB7CmRpZmYgLS1naXQgYS9k cml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCBjNGEwNjY2 Li5hMGUwZTNlIDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFj ay9wY2liYWNrX29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMKQEAgLTI5OCw5ICsyOTgsMTEgQEAgdm9pZCB4ZW5f cGNpYmtfZG9fb3Aoc3RydWN0IHdvcmtfc3RydWN0ICpkYXRhKQogCQljb250 YWluZXJfb2YoZGF0YSwgc3RydWN0IHhlbl9wY2lia19kZXZpY2UsIG9wX3dv cmspOwogCXN0cnVjdCBwY2lfZGV2ICpkZXY7CiAJc3RydWN0IHhlbl9wY2li a19kZXZfZGF0YSAqZGV2X2RhdGEgPSBOVUxMOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwZGV2LT5zaF9pbmZvLT5vcDsKKwlzdHJ1Y3QgeGVuX3Bj aV9vcCAqb3AgPSAmcGRldi0+b3A7CiAJaW50IHRlc3RfaW50eCA9IDA7CiAK Kwkqb3AgPSBwZGV2LT5zaF9pbmZvLT5vcDsKKwliYXJyaWVyKCk7CiAJZGV2 ID0geGVuX3BjaWJrX2dldF9wY2lfZGV2KHBkZXYsIG9wLT5kb21haW4sIG9w LT5idXMsIG9wLT5kZXZmbik7CiAKIAlpZiAoZGV2ID09IE5VTEwpCkBAIC0z NDIsNiArMzQ0LDE3IEBAIHZvaWQgeGVuX3BjaWJrX2RvX29wKHN0cnVjdCB3 b3JrX3N0cnVjdCAqZGF0YSkKIAkJaWYgKChkZXZfZGF0YS0+ZW5hYmxlX2lu dHggIT0gdGVzdF9pbnR4KSkKIAkJCXhlbl9wY2lia19jb250cm9sX2lzcihk ZXYsIDAgLyogbm8gcmVzZXQgKi8pOwogCX0KKwlwZGV2LT5zaF9pbmZvLT5v cC5lcnIgPSBvcC0+ZXJyOworCXBkZXYtPnNoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworI2lmZGVmIENPTkZJR19QQ0lfTVNJCisJaWYgKG9wLT5j bWQgPT0gWEVOX1BDSV9PUF9lbmFibGVfbXNpeCAmJiBvcC0+ZXJyID09IDAp IHsKKwkJdW5zaWduZWQgaW50IGk7CisKKwkJZm9yIChpID0gMDsgaSA8IG9w LT52YWx1ZTsgaSsrKQorCQkJcGRldi0+c2hfaW5mby0+b3AubXNpeF9lbnRy aWVzW2ldLnZlY3RvciA9CisJCQkJb3AtPm1zaXhfZW50cmllc1tpXS52ZWN0 b3I7CisJfQorI2VuZGlmCiAJLyogVGVsbCB0aGUgZHJpdmVyIGRvbWFpbiB0 aGF0IHdlJ3JlIGRvbmUuICovCiAJd21iKCk7CiAJY2xlYXJfYml0KF9YRU5f UENJRl9hY3RpdmUsICh1bnNpZ25lZCBsb25nICopJnBkZXYtPnNoX2luZm8t PmZsYWdzKTsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSBhNTY0NTZhYzNkZjI4NDMyZmZmNDRhOWE5NjIzZTJkZGZjODI2MTA2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDI0IE5vdiAy MDE1IDAyOjUxOjU2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzVdIG5ldGJz ZC94ZW46IEFkZCBSSU5HX0NPUFlfUkVRVUVTVCgpCgpVc2luZyBSSU5HX0dF VF9SRVFVRVNUKCkgb24gYSBzaGFyZWQgcmluZyBpcyBlYXN5IHRvIHVzZSBp bmNvcnJlY3RseQooaS5lLiwgYnkgbm90IGNvbnNpZGVyaW5nIHRoYXQgdGhl IG90aGVyIGVuZCBtYXkgYWx0ZXIgdGhlIGRhdGEgaW4gdGhlCnNoYXJlZCBy aW5nIHdoaWxlIGl0IGlzIGJlaW5nIGluc3BlY3RlZCkuICBTYWZlIHVzYWdl IG9mIGEgcmVxdWVzdApnZW5lcmFsbHkgcmVxdWlyZXMgdGFraW5nIGEgbG9j YWwgY29weS4KClByb3ZpZGUgYSBSSU5HX0NPUFlfUkVRVUVTVCgpIG1hY3Jv IHRvIHVzZSBpbnN0ZWFkIG9mClJJTkdfR0VUX1JFUVVFU1QoKSBhbmQgYW4g b3Blbi1jb2RlZCBtZW1jcHkoKS4gIFRoaXMgdGFrZXMgY2FyZSBvZgplbnN1 cmluZyB0aGF0IHRoZSBjb3B5IGlzIGRvbmUgY29ycmVjdGx5IHJlZ2FyZGxl c3Mgb2YgYW55IHBvc3NpYmxlCmNvbXBpbGVyIG9wdGltaXphdGlvbnMuCgpV c2UgYSB2b2xhdGlsZSBzb3VyY2UgdG8gcHJldmVudCB0aGUgY29tcGlsZXIg ZnJvbSByZW9yZGVyaW5nIG9yCm9taXR0aW5nIHRoZSBjb3B5LgoKVGhpcyBp cyBwYXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJl bCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtv bnJhZCBSemVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4K LS0tCnYyOiBVcGRhdGUgY29tbWVudCBhYm91dCBHQ0MgYnVnLgotLS0KIGFy Y2gveGVuL2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmggfCAxNCArKysr KysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDE0IGluc2VydGlvbnMoKykK CmRpZmYgLS1naXQgYS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8v cmluZy5oIGIvYXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3Jpbmcu aAppbmRleCAwOWMxODZjLi42MzBiODBlIDEwMDY0NAotLS0gYS9hcmNoL3hl bi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVu L2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmgKQEAgLTIzNiw2ICsyMzYs MjAgQEAgdHlwZWRlZiBzdHJ1Y3QgX19uYW1lIyNfYmFja19yaW5nIF9fbmFt ZSMjX2JhY2tfcmluZ190CiAjZGVmaW5lIFJJTkdfR0VUX1JFUVVFU1QoX3Is IF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgKCYoKF9yKS0+c3JpbmctPnJpbmdbKChfaWR4KSAmIChSSU5HX1NJ WkUoX3IpIC0gMSkpXS5yZXEpKQogCisvKgorICogR2V0IGEgbG9jYWwgY29w eSBvZiBhIHJlcXVlc3QuCisgKgorICogVXNlIHRoaXMgaW4gcHJlZmVyZW5j ZSB0byBSSU5HX0dFVF9SRVFVRVNUKCkgc28gYWxsIHByb2Nlc3NpbmcgaXMK KyAqIGRvbmUgb24gYSBsb2NhbCBjb3B5IHRoYXQgY2Fubm90IGJlIG1vZGlm aWVkIGJ5IHRoZSBvdGhlciBlbmQuCisgKgorICogTm90ZSB0aGF0IGh0dHBz Oi8vZ2NjLmdudS5vcmcvYnVnemlsbGEvc2hvd19idWcuY2dpP2lkPTU4MTQ1 IG1heSBjYXVzZSB0aGlzCisgKiB0byBiZSBpbmVmZmVjdGl2ZSB3aGVyZSBf cmVxIGlzIGEgc3RydWN0IHdoaWNoIGNvbnNpc3RzIG9mIG9ubHkgYml0Zmll bGRzLgorICovCisjZGVmaW5lIFJJTkdfQ09QWV9SRVFVRVNUKF9yLCBfaWR4 LCBfcmVxKSBkbyB7CQkJCVwKKwkvKiBVc2Ugdm9sYXRpbGUgdG8gZm9yY2Ug dGhlIGNvcHkgaW50byBfcmVxLiAqLwkJCVwKKwkqKF9yZXEpID0gKih2b2xh dGlsZSB0eXBlb2YoX3JlcSkpUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCk7 CVwKK30gd2hpbGUgKDApCisKICNkZWZpbmUgUklOR19HRVRfUkVTUE9OU0Uo X3IsIF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFwKICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdf U0laRShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuNS4yCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Transfer-Encoding: base64 RnJvbSAxYzY5N2NhNzZhNjcwYjA4ODNjZDZhMjAzODI4YzMzY2NmNGVjYjFl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTM6MTYgKzAwMDAKU3ViamVjdDogW1BBVENIIDIv NV0gbmV0YnNkL25ldGJhY2s6IFVzZSBSSU5HX0NPUFlfUkVRVUVTVCBpbnN0 ZWFkIG9mCiBSSU5HX1JFUV9SRVFVRVNUCgpUaGlzIHdheSB3ZSBvcGVyYXRl IG9uIGEgbG9jYWwgY29weSBvZiB0aGUgZ3Vlc3QgUnguIFRoaXMgaXMgbW9y ZSB0aGFuCm5lY2Nlc3NhcnkgYXMgb25seSB0aGUgaWQgYW5kIGdyZWYgZmll bGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVzcwppZiB0aGUgZnJvbnRl bmQgbW9kaWZpZXMgdGhlc2UuCgpGb3IgdGhlIFRYIHdlIGFsc28gY29weSB0 aGUgcmVxdWVzdCBhbmQgbWFrZSBzdXJlIHRvIHVzZSBvbmx5IHRoZQpsb2Nh bCBjb3B5LgoKVGhpcyBpcyBiYXNlZCBvZmYgTGludXggJ3hlbi1uZXRiYWNr OiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0JwpwYXRjaC4K ClRoaXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25y YWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0t LQogYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMgfCA3OCArKysr KysrKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUg Y2hhbmdlZCwgNDAgaW5zZXJ0aW9ucygrKSwgMzggZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMg Yi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194ZW5idXMuYwppbmRleCA3Y2Mx NGFmLi4wZWYyMzUzIDEwMDY0NAotLS0gYS9hcmNoL3hlbi94ZW4veGVubmV0 YmFja194ZW5idXMuYworKysgYi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194 ZW5idXMuYwpAQCAtNzE1LDcgKzcxNSw3IEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiB7CiAJc3RydWN0IHhuZXRiYWNrX2luc3RhbmNl ICp4bmV0aSA9IGFyZzsKIAlzdHJ1Y3QgaWZuZXQgKmlmcCA9ICZ4bmV0aS0+ eG5pX2lmOwotCW5ldGlmX3R4X3JlcXVlc3RfdCAqdHhyZXE7CisJbmV0aWZf dHhfcmVxdWVzdF90IHR4cmVxOwogCXN0cnVjdCB4bmlfcGt0ICpwa3Q7CiAJ dmFkZHJfdCBwa3RfdmE7CiAJc3RydWN0IG1idWYgKm07CkBAIC03MzMsMzYg KzczMywzNiBAQCB4ZW5uZXRiYWNrX2V2dGhhbmRsZXIodm9pZCAqYXJnKQog CQkgICAgcmVjZWl2ZV9wZW5kaW5nKTsKIAkJaWYgKHJlY2VpdmVfcGVuZGlu ZyA9PSAwKQogCQkJYnJlYWs7Ci0JCXR4cmVxID0gUklOR19HRVRfUkVRVUVT VCgmeG5ldGktPnhuaV90eHJpbmcsIHJlcV9jb25zKTsKKwkJUklOR19DT1BZ X1JFUVVFU1QoJnhuZXRpLT54bmlfdHhyaW5nLCByZXFfY29ucywgJnR4cmVx KTsKIAkJeGVuX3JtYigpOwogCQlYRU5QUklOVEYoKCIlcyBwa3Qgc2l6ZSAl ZFxuIiwgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwKLQkJICAgIHR4cmVxLT5z aXplKSk7CisJCSAgICB0eHJlcS5zaXplKSk7CiAJCXJlcV9jb25zKys7CiAJ CWlmIChfX3ByZWRpY3RfZmFsc2UoKGlmcC0+aWZfZmxhZ3MgJiAoSUZGX1VQ IHwgSUZGX1JVTk5JTkcpKSAhPQogCQkgICAgKElGRl9VUCB8IElGRl9SVU5O SU5HKSkpIHsKIAkJCS8qIGludGVyZmFjZSBub3QgdXAsIGRyb3AgKi8KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWNvbnRpbnVlOwogCQl9CiAJ CS8qCiAJCSAqIERvIHNvbWUgc2FuaXR5IGNoZWNrcywgYW5kIG1hcCB0aGUg cGFja2V0J3MgcGFnZS4KIAkJICovCi0JCWlmIChfX3ByZWRpY3RfZmFsc2Uo dHhyZXEtPnNpemUgPCBFVEhFUl9IRFJfTEVOIHx8Ci0JCSAgIHR4cmVxLT5z aXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhFUl9DUkNfTEVOKSkpIHsKKwkJ aWYgKF9fcHJlZGljdF9mYWxzZSh0eHJlcS5zaXplIDwgRVRIRVJfSERSX0xF TiB8fAorCQkgICB0eHJlcS5zaXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhF Ul9DUkNfTEVOKSkpIHsKIAkJCXByaW50ZigiJXM6IHBhY2tldCBzaXplICVk IHRvbyBiaWdcbiIsCi0JCQkgICAgaWZwLT5pZl94bmFtZSwgdHhyZXEtPnNp emUpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEt PmlkLAorCQkJICAgIGlmcC0+aWZfeG5hbWUsIHR4cmVxLnNpemUpOworCQkJ eGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkg ICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlmcC0+aWZfaWVycm9ycysrOwog CQkJY29udGludWU7CiAJCX0KIAkJLyogZG9uJ3QgY3Jvc3MgcGFnZSBib3Vu ZGFyaWVzICovCiAJCWlmIChfX3ByZWRpY3RfZmFsc2UoCi0JCSAgICB0eHJl cS0+b2Zmc2V0ICsgdHhyZXEtPnNpemUgPiBQQUdFX1NJWkUpKSB7CisJCSAg ICB0eHJlcS5vZmZzZXQgKyB0eHJlcS5zaXplID4gUEFHRV9TSVpFKSkgewog CQkJcHJpbnRmKCIlczogcGFja2V0IGNyb3NzIHBhZ2UgYm91bmRhcnlcbiIs CiAJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9SU1BfRVJS T1IpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQljb250aW51ZTsKQEAg LTc3NCwxNSArNzc0LDE1IEBAIHhlbm5ldGJhY2tfZXZ0aGFuZGxlcih2b2lk ICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZsYXN0dGltZSwgJnhuaV9wb29s X2VycmludHZsKSkKIAkJCQlwcmludGYoIiVzOiBtYnVmIGFsbG9jIGZhaWxl ZFxuIiwKIAkJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9S U1BfRFJPUFBFRCk7CiAJCQlpZnAtPmlmX2llcnJvcnMrKzsKIAkJCWNvbnRp bnVlOwogCQl9CiAKIAkJWEVOUFJJTlRGKCgiJXMgcGt0IG9mZnNldCAlZCBz aXplICVkIGlkICVkIHJlcV9jb25zICVkXG4iLAotCQkgICAgeG5ldGktPnhu aV9pZi5pZl94bmFtZSwgdHhyZXEtPm9mZnNldCwKLQkJICAgIHR4cmVxLT5z aXplLCB0eHJlcS0+aWQsIE1BU0tfTkVUSUZfVFhfSURYKHJlcV9jb25zKSkp OworCQkgICAgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwgdHhyZXEub2Zmc2V0 LAorCQkgICAgdHhyZXEuc2l6ZSwgdHhyZXEuaWQsIE1BU0tfTkVUSUZfVFhf SURYKHJlcV9jb25zKSkpOwogCQkKIAkJcGt0ID0gcG9vbF9nZXQoJnhuaV9w a3RfcG9vbCwgUFJfTk9XQUlUKTsKIAkJaWYgKF9fcHJlZGljdF9mYWxzZShw a3QgPT0gTlVMTCkpIHsKQEAgLTc5MCwxNiArNzkwLDE2IEBAIHhlbm5ldGJh Y2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZs YXN0dGltZSwgJnhuaV9wb29sX2VycmludHZsKSkKIAkJCQlwcmludGYoIiVz OiB4bmJwa3QgYWxsb2MgZmFpbGVkXG4iLAogCQkJCSAgICBpZnAtPmlmX3hu YW1lKTsKLQkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LT5pZCwKKwkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LmlkLAogCQkJICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWlmcC0+aWZf aWVycm9ycysrOwogCQkJbV9mcmVlbShtKTsKIAkJCWNvbnRpbnVlOwogCQl9 Ci0JCWVyciA9IHhlbl9zaG1fbWFwKDEsIHhuZXRpLT54bmlfZG9taWQsICZ0 eHJlcS0+Z3JlZiwgJnBrdF92YSwKKwkJZXJyID0geGVuX3NobV9tYXAoMSwg eG5ldGktPnhuaV9kb21pZCwgJnR4cmVxLmdyZWYsICZwa3RfdmEsCiAJCSAg ICAmcGt0LT5wa3RfaGFuZGxlLCBYU0hNX1JPKTsKIAkJaWYgKF9fcHJlZGlj dF9mYWxzZShlcnIgPT0gRU5PTUVNKSkgewotCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0RS T1BQRUQpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQlwb29sX3B1dCgm eG5pX3BrdF9wb29sLCBwa3QpOwpAQCAtODEwLDcgKzgxMCw3IEBAIHhlbm5l dGJhY2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCWlmIChfX3ByZWRpY3Rf ZmFsc2UoZXJyKSkgewogCQkJcHJpbnRmKCIlczogbWFwcGluZyBmb3JlaW5n IHBhZ2UgZmFpbGVkOiAlZFxuIiwKIAkJCSAgICB4bmV0aS0+eG5pX2lmLmlm X3huYW1lLCBlcnIpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlm cC0+aWZfaWVycm9ycysrOwogCQkJcG9vbF9wdXQoJnhuaV9wa3RfcG9vbCwg cGt0KTsKQEAgLTgyMCwxMyArODIwLDEzIEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiAKIAkJaWYgKChpZnAtPmlmX2ZsYWdzICYgSUZG X1BST01JU0MpID09IDApIHsKIAkJCXN0cnVjdCBldGhlcl9oZWFkZXIgKmVo ID0KLQkJCSAgICAodm9pZCopKHBrdF92YSArIHR4cmVxLT5vZmZzZXQpOwor CQkJICAgICh2b2lkKikocGt0X3ZhICsgdHhyZXEub2Zmc2V0KTsKIAkJCWlm IChFVEhFUl9JU19NVUxUSUNBU1QoZWgtPmV0aGVyX2Rob3N0KSA9PSAwICYm CiAJCQkgICAgbWVtY21wKENMTEFERFIoaWZwLT5pZl9zYWRsKSwgZWgtPmV0 aGVyX2Rob3N0LAogCQkJICAgIEVUSEVSX0FERFJfTEVOKSAhPSAwKSB7CiAJ CQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92YSk7CiAJCQkJbV9mcmVlbSht KTsKLQkJCQl4ZW5uZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+ aWQsCisJCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEu aWQsCiAJCQkJICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJCQljb250aW51ZTsg LyogcGFja2V0IGlzIG5vdCBmb3IgdXMgKi8KIAkJCX0KQEAgLTg0NSwzMSAr ODQ1LDMxIEBAIHNvIGFsd2F5cyBjb3B5IGZvciBub3cuCiAJCQkgKiBhY2sg aXQuIERlbGF5aW5nIGl0IHVudGlsIHRoZSBtYnVmIGlzCiAJCQkgKiBmcmVl ZCB3aWxsIHN0YWxsIHRyYW5zbWl0LgogCQkJICovCi0JCQltLT5tX2xlbiA9 IG1pbihNSExFTiwgdHhyZXEtPnNpemUpOworCQkJbS0+bV9sZW4gPSBtaW4o TUhMRU4sIHR4cmVxLnNpemUpOwogCQkJbS0+bV9wa3RoZHIubGVuID0gMDsK LQkJCW1fY29weWJhY2sobSwgMCwgdHhyZXEtPnNpemUsCi0JCQkgICAgKHZv aWQgKikocGt0X3ZhICsgdHhyZXEtPm9mZnNldCkpOworCQkJbV9jb3B5YmFj ayhtLCAwLCB0eHJlcS5zaXplLAorCQkJICAgICh2b2lkICopKHBrdF92YSAr IHR4cmVxLm9mZnNldCkpOwogCQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92 YSk7Ci0JCQlpZiAobS0+bV9wa3RoZHIubGVuIDwgdHhyZXEtPnNpemUpIHsK KwkJCWlmIChtLT5tX3BrdGhkci5sZW4gPCB0eHJlcS5zaXplKSB7CiAJCQkJ aWZwLT5pZl9pZXJyb3JzKys7CiAJCQkJbV9mcmVlbShtKTsKLQkJCQl4ZW5u ZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQkJeGVu bmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkJICAg IE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCQljb250aW51ZTsKIAkJCX0KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJfSBlbHNlIHsKIAotCQkJcGt0LT5w a3RfaWQgPSB0eHJlcS0+aWQ7CisJCQlwa3QtPnBrdF9pZCA9IHR4cmVxLmlk OwogCQkJcGt0LT5wa3RfeG5ldGkgPSB4bmV0aTsKIAotCQkJTUVYVEFERCht LCBwa3RfdmEgKyB0eHJlcS0+b2Zmc2V0LAotCQkJICAgIHR4cmVxLT5zaXpl LCBNX0RFVkJVRiwgeGVubmV0YmFja190eF9mcmVlLCBwa3QpOwotCQkJbS0+ bV9wa3RoZHIubGVuID0gbS0+bV9sZW4gPSB0eHJlcS0+c2l6ZTsKKwkJCU1F WFRBREQobSwgcGt0X3ZhICsgdHhyZXEub2Zmc2V0LAorCQkJICAgIHR4cmVx LnNpemUsIE1fREVWQlVGLCB4ZW5uZXRiYWNrX3R4X2ZyZWUsIHBrdCk7CisJ CQltLT5tX3BrdGhkci5sZW4gPSBtLT5tX2xlbiA9IHR4cmVxLnNpemU7CiAJ CQltLT5tX2ZsYWdzIHw9IE1fRVhUX1JPTUFQOwogCQl9Ci0JCWlmICgodHhy ZXEtPmZsYWdzICYgTkVUVFhGX2NzdW1fYmxhbmspICE9IDApIHsKKwkJaWYg KCh0eHJlcS5mbGFncyAmIE5FVFRYRl9jc3VtX2JsYW5rKSAhPSAwKSB7CiAJ CQl4ZW5uZXRfY2hlY2tzdW1fZmlsbCgmbSk7CiAJCQlpZiAobSA9PSBOVUxM KSB7CiAJCQkJaWZwLT5pZl9pZXJyb3JzKys7CkBAIC05NTMsNiArOTUzLDcg QEAgeGVubmV0YmFja19pZnNvZnRzdGFydF90cmFuc2Zlcih2b2lkICphcmcp CiAJbW11X3VwZGF0ZV90ICptbXVwOwogCW11bHRpY2FsbF9lbnRyeV90ICpt Y2xwOwogCW5ldGlmX3J4X3Jlc3BvbnNlX3QgKnJ4cmVzcDsKKwluZXRpZl9y eF9yZXF1ZXN0X3QgcnhyZXE7CiAJUklOR19JRFggcmVxX3Byb2QsIHJlc3Bf cHJvZDsKIAlpbnQgZG9fZXZlbnQgPSAwOwogCWdudHRhYl90cmFuc2Zlcl90 ICpnb3A7CkBAIC0xMDI4LDEwICsxMDI5LDEwIEBAIHhlbm5ldGJhY2tfaWZz b2Z0c3RhcnRfdHJhbnNmZXIodm9pZCAqYXJnKQogCQkJCW5wcGl0ZW1zKys7 CiAJCQl9CiAJCQkvKiBzdGFydCBmaWxsaW5nIHJpbmcgKi8KLQkJCWdvcC0+ cmVmID0gUklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0J CQkgICAgeG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5ncmVmOwotCQkJ aWQgPSBSSU5HX0dFVF9SRVFVRVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKLQkJ CSAgICB4bmV0aS0+eG5pX3J4cmluZy5yZXFfY29ucyktPmlkOworCQkJUklO R19DT1BZX1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAorCQkJICAgIHhu ZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zLCAmcnhyZXEpOworCQkJZ29wLT5y ZWYgPSByeHJlcS5ncmVmOworCQkJaWQgPSByeHJlcS5pZDsKIAkJCXhlbl9y bWIoKTsKIAkJCXhuZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zKys7CiAJCQly eHJlc3AgPSBSSU5HX0dFVF9SRVNQT05TRSgmeG5ldGktPnhuaV9yeHJpbmcs CkBAIC0xMTk4LDYgKzExOTksNyBAQCB4ZW5uZXRiYWNrX2lmc29mdHN0YXJ0 X2NvcHkodm9pZCAqYXJnKQogCXBhZGRyX3QgeG1pdF9tYTsKIAlpbnQgaSwg ajsKIAluZXRpZl9yeF9yZXNwb25zZV90ICpyeHJlc3A7CisJbmV0aWZfcnhf cmVxdWVzdF90IHJ4cmVxOwogCVJJTkdfSURYIHJlcV9wcm9kLCByZXNwX3By b2Q7CiAJaW50IGRvX2V2ZW50ID0gMDsKIAlnbnR0YWJfY29weV90ICpnb3A7 CkBAIC0xMzA5LDE2ICsxMzExLDE2IEBAIHhlbm5ldGJhY2tfaWZzb2Z0c3Rh cnRfY29weSh2b2lkICphcmcpCiAJCQlnb3AtPnNvdXJjZS5kb21pZCA9IERP TUlEX1NFTEY7CiAJCQlnb3AtPnNvdXJjZS51LmdtZm4gPSB4bWl0X21hID4+ IFBBR0VfU0hJRlQ7CiAKLQkJCWdvcC0+ZGVzdC51LnJlZiA9IFJJTkdfR0VU X1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAotCQkJICAgIHhuZXRpLT54 bmlfcnhyaW5nLnJlcV9jb25zKS0+Z3JlZjsKKwkJCVJJTkdfQ09QWV9SRVFV RVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKKwkJCSAgICB4bmV0aS0+eG5pX3J4 cmluZy5yZXFfY29ucywgJnJ4cmVxKTsKKwkJCWdvcC0+ZGVzdC51LnJlZiA9 IHJ4cmVxLmdyZWY7CiAJCQlnb3AtPmRlc3Qub2Zmc2V0ID0gMDsKIAkJCWdv cC0+ZGVzdC5kb21pZCA9IHhuZXRpLT54bmlfZG9taWQ7CiAKIAkJCWdvcC0+ bGVuID0gbS0+bV9wa3RoZHIubGVuOwogCQkJZ29wKys7CiAKLQkJCWlkID0g UklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0JCQkgICAg eG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5pZDsKKwkJCWlkID0gcnhy ZXEuaWQ7CiAJCQl4ZW5fcm1iKCk7CiAJCQl4bmV0aS0+eG5pX3J4cmluZy5y ZXFfY29ucysrOwogCQkJcnhyZXNwID0gUklOR19HRVRfUkVTUE9OU0UoJnhu ZXRpLT54bmlfcnhyaW5nLAotLSAKMi41LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Transfer-Encoding: base64 RnJvbSBiMzY3Y2RiYTBjYzNlMmRlNDIzN2NhNzRmMzEwNDMxNDFkZWRhODky IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTQ6NDUgKzAwMDAKU3ViamVjdDogW1BBVENIIDMv NV0gbmV0YnNkL3Jpbmc6IEFkZCAnYmFycmllcicgdG8gcHJvdmlkZSBhbiBj b21waWxlcgogYmFycmllci4KCldlIG5lZWQgYW4gbWVjaGFuaXNtIHRvIGRp c2FibGUgdGhlIGNvbXBpbGVyIGZyb20gZ2VuZXJhdGluZyB0byBtdWNoCm9w dGltaXphdGlvbi4gVXNpbmcgdGhlICdiYXJyaWVyJyBtYWNybyB3aWxsIG1h a2UgdGhlIGNvbXBpbGVyIG5vdApvcHRpbWl6ZSB2YXJpYWJsZXMgcGFzdCB0 aGUgJ2JhcnJpZXInIChhcyBpbiwgcmUtdXNlIHRoZSByZWdpc3RlcnMKb3Ig b25seSByZWFkIHBhcnQgb2YgYSB2YWx1ZSBmcm9tIGEgbWVtb3J5KS4KClRo aXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog YXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaCB8IDIgKysK IDEgZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQg YS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oIGIvYXJj aC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaAppbmRleCAzMTZi Y2ViLi41Mjc4ZDA2IDEwMDY0NAotLS0gYS9hcmNoL3hlbi9pbmNsdWRlL3hl bi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVuL2luY2x1ZGUveGVu LXB1YmxpYy9pby9yaW5nLmgKQEAgLTM1LDYgKzM1LDcgQEAKICNkZWZpbmUg eGVuX21iKCkgIG1iKCkKICNkZWZpbmUgeGVuX3JtYigpIHJtYigpCiAjZGVm aW5lIHhlbl93bWIoKSB3bWIoKQorI2RlZmluZSBiYXJyaWVyKCkgICAgIF9f YXNtX18gX192b2xhdGlsZV9fKCIiOiA6IDoibWVtb3J5IikKICNlbmRpZgog I2VuZGlmCiAKQEAgLTQyLDYgKzQzLDcgQEAKICNkZWZpbmUgeGVuX21iKCkg IHg4Nl9tZmVuY2UoKQogI2RlZmluZSB4ZW5fcm1iKCkgeDg2X2xmZW5jZSgp CiAjZGVmaW5lIHhlbl93bWIoKSB4ODZfc2ZlbmNlKCkKKyNkZWZpbmUgYmFy cmllcigpICAgICBfX2FzbV9fIF9fdm9sYXRpbGVfXygiIjogOiA6Im1lbW9y eSIpCiAjZW5kaWYKIAogdHlwZWRlZiB1bnNpZ25lZCBpbnQgUklOR19JRFg7 Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Transfer-Encoding: base64 RnJvbSBhMGM1MjgyYWZmNTFkNWU2NTIwY2FhOTA0MjA3Yjk3MzU2N2Q5MjBk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTY6MDcgKzAwMDAKU3ViamVjdDogW1BBVENIIDQv NV0gbmV0YnNkL2Jsb2NrOiBvbmx5IHJlYWQgcmVxdWVzdCBvcGVyYXRpb24g ZnJvbSBzaGFyZWQKIHJpbmcgb25jZQoKVGhlIGNvbXBpbGVyIG1heSBsb2Fk IGEgc3dpdGNoIHN0YXRlbWVudCBtdWx0aXBsZSB0aW1lcyBmcm9tIHRoZSBz aGFyZWQKc3BhY2UuIFRoaXMgY291bGQgbGVhZCB0byB0aGUgZnJvbnRlbmQg bWFuaXB1bGF0aW5nIHRoZSBiYWNrZW5kIGludG8KdW5mb3JzZWVuIGJyYW5j aGVzLgoKV2Ugd2FudCB0byBlbnN1cmUgdGhhdCB0aGUgcmVxLT5vcGVyYXRp b24gaXMgb25seSByZWFkIG9uY2UgYW5kIHdlCmRvIHRoYXQgYnkgdXNpbmcg YW4gY29tcGlsZXIgYmFycmllci4KClRoaXMgaXMgcGFydCBvZiBYU0ExNTUu CgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJh ZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMgfCAxICsKIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigr KQoKZGlmZiAtLWdpdCBhL2FyY2gveGVuL3hlbi94YmRiYWNrX3hlbmJ1cy5j IGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMKaW5kZXggOWVlMDc1 OC4uM2QxODAyMSAxMDA2NDQKLS0tIGEvYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMKKysrIGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMK QEAgLTEwMjIsNiArMTAyMiw3IEBAIHhiZGJhY2tfY29fbWFpbl9sb29wKHN0 cnVjdCB4YmRiYWNrX2luc3RhbmNlICp4YmRpLCB2b2lkICpvYmopCiAJCQly ZXEtPnNlY3Rvcl9udW1iZXIgPSByZXE2NC0+c2VjdG9yX251bWJlcjsKIAkJ CWJyZWFrOwogCQl9CisJCWJhcnJpZXIoKTsKIAkJWEVOUFJJTlRGKCgieGJk YmFjayBvcCAlZCByZXFfY29ucyAweCV4IHJlcV9wcm9kIDB4JXggIgogCQkg ICAgInJlc3BfcHJvZCAweCV4IGlkICUiIFBSSXU2NCAiXG4iLCByZXEtPm9w ZXJhdGlvbiwKIAkJCXhiZGktPnhiZGlfcmluZy5yaW5nX24ucmVxX2NvbnMs Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Transfer-Encoding: base64 RnJvbSAzZjM5ZTA1MWIyMzRiNGJkOGUzNmI4MjBhOTMyNTkxYWZkNjQxM2Ix IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTc6MjIgKzAwMDAKU3ViamVjdDogW1BBVENIIDUv NV0gbmV0YnNkL3BjaWJhY2s6IE9wZXJhdGUgb24gbG9jYWwgdmVyc2lvbiBv ZiB4ZW5fcGNpX29wCgpEb3VibGUgZmV0Y2ggdnVsbmVyYWJpbGl0aWVzIHRo YXQgaGFwcGVuIHdoZW4gYSB2YXJpYWJsZSBpcwpmZXRjaGVkIHR3aWNlIGZy b20gc2hhcmVkIG1lbW9yeSBidXQgYSBzZWN1cml0eSBjaGVjayBpcyBvbmx5 CnBlcmZvcm1lZCB0aGUgZmlyc3QgdGltZS4KClRoZSBwY2liYWNrX3hlbmJ1 c19ldnRoYW5kbGVyIGZ1bmN0aW9uIHBlcmZvcm1zIGEgc3dpdGNoIHN0YXRl bWVudHMgb24gdGhlCm9wLT5zaXplIGFuZCBvcC0+Y21kIHZhbHVlIHdoaWNo IGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5LgpJbnRlcmVzdGluZ2x5IHRo aXMgY2FuIHJlc3VsdCBpbiBhIGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5 IGRlcGVuZGluZyBvbgp0aGUgcGVyZm9ybWVkIGNvbXBpbGVyIG9wdGltaXph dGlvbi4KClRoaXMgcGF0Y2ggZml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5f cGNpX29wIGNvbW1hbmQgYmVmb3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28g dXNlICdiYXJyaWVyJyB0byBtYWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIg ZG9lcyBub3QgcGVyZm9ybSBhbnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBw YXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0 ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBhcmNoL3hl bi94ZW4vcGNpYmFjay5jIHwgOCArKysrKysrLQogMSBmaWxlIGNoYW5nZWQs IDcgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBh L2FyY2gveGVuL3hlbi9wY2liYWNrLmMgYi9hcmNoL3hlbi94ZW4vcGNpYmFj ay5jCmluZGV4IDA0MmM4YzkuLjQ2YzgyMWMgMTAwNjQ0Ci0tLSBhL2FyY2gv eGVuL3hlbi9wY2liYWNrLmMKKysrIGIvYXJjaC94ZW4veGVuL3BjaWJhY2su YwpAQCAtMTg4LDYgKzE4OCw3IEBAIHN0cnVjdCBwYl94ZW5idXNfaW5zdGFu Y2UgewogCS8qIGNvbW11bmljYXRpb24gd2l0aCB0aGUgZG9tVSAqLwogICAg ICAgICB1bnNpZ25lZCBpbnQgcGJ4X2V2dGNobjsgLyogb3VyIGV2ZW4gY2hh bm5lbCAqLwogICAgICAgICBzdHJ1Y3QgeGVuX3BjaV9zaGFyZWRpbmZvICpw Ynhfc2hfaW5mbzsKKyAgICAgICAgc3RydWN0IHhlbl9wY2lfb3Agb3A7CiAg ICAgICAgIGdyYW50X2hhbmRsZV90IHBieF9zaGluZm9faGFuZGxlOyAvKiB0 byB1bm1hcCBzaGFyZWQgcGFnZSAqLwogfTsKIApAQCAtNzIxLDEzICs3MjIs MTYgQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJnKQog ewogCXN0cnVjdCBwYl94ZW5idXNfaW5zdGFuY2UgKnBieGkgPSBhcmc7CiAJ c3RydWN0IHBjaWJhY2tfcGNpX2RldiAqcGJkOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwYnhpLT5wYnhfc2hfaW5mby0+b3A7CisJc3RydWN0IHhl bl9wY2lfb3AgKm9wID0gJnBieGktPm9wOwogCXVfaW50IGJ1cywgZGV2LCBm dW5jOwogCiAJaHlwZXJ2aXNvcl9jbGVhcl9ldmVudChwYnhpLT5wYnhfZXZ0 Y2huKTsKIAlpZiAoeGVuX2F0b21pY190ZXN0X2JpdCgmcGJ4aS0+cGJ4X3No X2luZm8tPmZsYWdzLAogCSAgICBfWEVOX1BDSUZfYWN0aXZlKSA9PSAwKQog CQlyZXR1cm4gMDsKKworCW1lbWNweShvcCwgJnBieGktPnBieF9zaF9pbmZv LT5vcCwgc2l6ZW9mIChzdHJ1Y3QgeGVuX3BjaV9vcCkpOworCWJhcnJpZXIo KTsKIAlpZiAob3AtPmRvbWFpbiAhPSAwKSB7CiAJCWFwcmludF9lcnJvcigi cGNpYmFjazogZG9tYWluICVkICE9IDAiLCBvcC0+ZG9tYWluKTsKIAkJb3At PmVyciA9IFhFTl9QQ0lfRVJSX2Rldl9ub3RfZm91bmQ7CkBAIC03OTQsNiAr Nzk4LDggQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJn KQogCQlhcHJpbnRfZXJyb3IoInBjaWJhY2s6IHVua25vd24gY21kICVkXG4i LCBvcC0+Y21kKTsKIAkJb3AtPmVyciA9IFhFTl9QQ0lfRVJSX25vdF9pbXBs ZW1lbnRlZDsKIAl9CisJcGJ4aS0+cGJ4X3NoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworCXBieGktPnBieF9zaF9pbmZvLT5vcC5lcnIgPSBvcC0+ ZXJyOwogZW5kOgogCXhlbl9hdG9taWNfY2xlYXJfYml0KCZwYnhpLT5wYnhf c2hfaW5mby0+ZmxhZ3MsIF9YRU5fUENJRl9hY3RpdmUpOwogCWh5cGVydmlz b3Jfbm90aWZ5X3ZpYV9ldnRjaG4ocGJ4aS0+cGJ4X2V2dGNobik7Ci0tIAoy LjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemu-qdisk-double-access.patch" Content-Transfer-Encoding: base64 eGVuL2Jsa2lmOiBBdm9pZCBkb3VibGUgYWNjZXNzIHRvIHNyYy0+bnJfc2Vn bWVudHMKCnNyYyBpcyBzdG9yZWQgaW4gc2hhcmVkIG1lbW9yeSBhbmQgc3Jj LT5ucl9zZWdtZW50cyBpcyBkZXJlZmVyZW5jZWQKdHdpY2UgYXQgdGhlIGVu ZCBvZiB0aGUgZnVuY3Rpb24uICBJZiBhIGNvbXBpbGVyIGRlY2lkZXMgdG8g Y29tcGlsZSB0aGlzCmludG8gdHdvIHNlcGFyYXRlIG1lbW9yeSBhY2Nlc3Nl cyB0aGVuIHRoZSBzaXplIGxpbWl0YXRpb24gY291bGQgYmUKYnlwYXNzZWQu CgpGaXggaXQgYnkgcmVtb3ZpbmcgdGhlIGRvdWJsZSBhY2Nlc3MgdG8gc3Jj LT5ucl9zZWdtZW50cy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoKU2ln bmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJl bGxpbmlAZXUuY2l0cml4LmNvbT4KCmRpZmYgLS1naXQgYS9ody9ibG9jay94 ZW5fYmxraWYuaCBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCmluZGV4IDcxMWI2 OTIuLjllNzFlMDAgMTAwNjQ0Ci0tLSBhL2h3L2Jsb2NrL3hlbl9ibGtpZi5o CisrKyBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCkBAIC04NSw4ICs4NSwxMCBA QCBzdGF0aWMgaW5saW5lIHZvaWQgYmxraWZfZ2V0X3g4Nl8zMl9yZXEoYmxr aWZfcmVxdWVzdF90ICpkc3QsIGJsa2lmX3g4Nl8zMl9yZXF1ZQogCQlkLT5u cl9zZWN0b3JzID0gcy0+bnJfc2VjdG9yczsKIAkJcmV0dXJuOwogCX0KLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJYmFycmllcigpOworCWlmIChuID4gZHN0LT5ucl9zZWdtZW50cykK KwkJbiA9IGRzdC0+bnJfc2VnbWVudHM7CiAJZm9yIChpID0gMDsgaSA8IG47 IGkrKykKIAkJZHN0LT5zZWdbaV0gPSBzcmMtPnNlZ1tpXTsKIH0KQEAgLTEw Niw4ICsxMDgsMTAgQEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94 ODZfNjRfcmVxKGJsa2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRf cmVxdWUKIAkJZC0+bnJfc2VjdG9ycyA9IHMtPm5yX3NlY3RvcnM7CiAJCXJl dHVybjsKIAl9Ci0JaWYgKG4gPiBzcmMtPm5yX3NlZ21lbnRzKQotCQluID0g c3JjLT5ucl9zZWdtZW50czsKKwkvKiBwcmV2ZW50IHRoZSBjb21waWxlciBm cm9tIG9wdGltaXppbmcgdGhlIGNvZGUgYW5kIHVzaW5nIHNyYy0+bnJfc2Vn bWVudHMgaW5zdGVhZCAqLworCWJhcnJpZXIoKTsKKwlpZiAobiA+IGRzdC0+ bnJfc2VnbWVudHMpCisJCW4gPSBkc3QtPm5yX3NlZ21lbnRzOwogCWZvciAo aSA9IDA7IGkgPCBuOyBpKyspCiAJCWRzdC0+c2VnW2ldID0gc3JjLT5zZWdb aV07CiB9Cg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemut-qdisk-double-access.patch" Content-Transfer-Encoding: base64 RnJvbSAyNzk0MmIwY2IyMzI3ZTkzZGViMTIzMjZiYmU3YjM2YzgxZjlmYTdi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjU2OjAwIC0wNTAwClN1YmplY3Q6IFtQ QVRDSF0gYmxraWY6IEF2b2lkIGRvdWJsZSBhY2Nlc3MgdG8gc3JjLT5ucl9z ZWdtZW50cwoKc3JjIGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5IGFuZCBz cmMtPm5yX3NlZ21lbnRzIGlzIGRlcmVmZXJlbmNlZAp0d2ljZSBhdCB0aGUg ZW5kIG9mIHRoZSBmdW5jdGlvbi4gIElmIGEgY29tcGlsZXIgZGVjaWRlcyB0 byBjb21waWxlIHRoaXMKaW50byB0d28gc2VwYXJhdGUgbWVtb3J5IGFjY2Vz c2VzIHRoZW4gdGhlIHNpemUgbGltaXRhdGlvbiBjb3VsZCBiZQpieXBhc3Nl ZC4KCkZpeCBpdCBieSByZW1vdmluZyB0aGUgZG91YmxlIGFjY2VzcyB0byBz cmMtPm5yX3NlZ21lbnRzLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0xNTUuCgpT aWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3Rh YmVsbGluaUBldS5jaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog aHcveGVuX2Jsa2lmLmggfCAxMiArKysrKysrKy0tLS0KIDEgZmlsZSBjaGFu Z2VkLCA4IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0t Z2l0IGEvaHcveGVuX2Jsa2lmLmggYi9ody94ZW5fYmxraWYuaAppbmRleCBj YTNhNjViLi5lYjI5Y2IxIDEwMDY0NAotLS0gYS9ody94ZW5fYmxraWYuaAor KysgYi9ody94ZW5fYmxraWYuaApAQCAtNzksOCArNzksMTAgQEAgc3RhdGlj IGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfMzJfcmVxKGJsa2lmX3JlcXVl c3RfdCAqZHN0LCBibGtpZl94ODZfMzJfcmVxdWUKIAlkc3QtPmhhbmRsZSA9 IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwogCWRzdC0+c2Vj dG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlpZiAobiA+IHNy Yy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21lbnRzOworCS8q IHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemluZyB0aGUgY29k ZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFkICovCisJeGVu X21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQorCQluID0gZHN0 LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsgaSsrKQogCQlk c3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQpAQCAtOTQsOCArOTYsMTAg QEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfNjRfcmVxKGJs a2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRfcmVxdWUKIAlkc3Qt PmhhbmRsZSA9IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwog CWRzdC0+c2VjdG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJeGVuX21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQor CQluID0gZHN0LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsg aSsrKQogCQlkc3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQotLSAKMi40 LjMKCg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemut-xenfb.patch" Content-Transfer-Encoding: base64 RnJvbSAwZmZkNDU0NzY2NWQyZmVjNjQ4YWIyYzlmZjg1NmM1ZDlkYjliMDdj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjM3OjA4IC0wNTAwClN1YmplY3Q6IFtQ QVRDSCAyLzJdIHhlbmZiOiBhdm9pZCByZWFkaW5nIHR3aWNlIHRoZSBzYW1l IGZpZWxkcyBmcm9tIHRoZQogc2hhcmVkIHBhZ2UKClJlYWRpbmcgdHdpY2Ug dGhlIHNhbWUgZmllbGQgY291bGQgZ2l2ZSB0aGUgZ3Vlc3QgYW4gYXR0YWNr IG9mCm9wcG9ydHVuaXR5LiBJbiB0aGUgY2FzZSBvZiBldmVudC0+dHlwZSwg Z2NjIGNvdWxkIGNvbXBpbGUgdGhlIHN3aXRjaApzdGF0ZW1lbnQgaW50byBh IGp1bXAgdGFibGUsIGVmZmVjdGl2ZWx5IGVuZGluZyB1cCByZWFkaW5nIHRo ZSB0eXBlCmZpZWxkIG11bHRpcGxlIHRpbWVzLgoKVGhpcyBpcyBwYXJ0IG9m IFhTQS0xNTUuCgpTaWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkg PHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgotLS0KIGh3L3hl bmZiLmMgfCAxMCArKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgNiBpbnNl cnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2h3L3hl bmZiLmMgYi9ody94ZW5mYi5jCmluZGV4IDc1YjJiYzIuLjM2OWQ0NWQgMTAw NjQ0Ci0tLSBhL2h3L3hlbmZiLmMKKysrIGIvaHcveGVuZmIuYwpAQCAtODI3 LDE4ICs4MjcsMjAgQEAgc3RhdGljIHZvaWQgeGVuZmJfaW52YWxpZGF0ZSh2 b2lkICpvcGFxdWUpCiAKIHN0YXRpYyB2b2lkIHhlbmZiX2hhbmRsZV9ldmVu dHMoc3RydWN0IFhlbkZCICp4ZW5mYikKIHsKLSAgICB1aW50MzJfdCBwcm9k LCBjb25zOworICAgIHVpbnQzMl90IHByb2QsIGNvbnMsIG91dF9jb25zOwog ICAgIHN0cnVjdCB4ZW5mYl9wYWdlICpwYWdlID0geGVuZmItPmMucGFnZTsK IAogICAgIHByb2QgPSBwYWdlLT5vdXRfcHJvZDsKLSAgICBpZiAocHJvZCA9 PSBwYWdlLT5vdXRfY29ucykKKyAgICBvdXRfY29ucyA9IHBhZ2UtPm91dF9j b25zOworICAgIGlmIChwcm9kID09IG91dF9jb25zKQogCXJldHVybjsKICAg ICB4ZW5fcm1iKCk7CQkvKiBlbnN1cmUgd2Ugc2VlIHJpbmcgY29udGVudHMg dXAgdG8gcHJvZCAqLwotICAgIGZvciAoY29ucyA9IHBhZ2UtPm91dF9jb25z OyBjb25zICE9IHByb2Q7IGNvbnMrKykgeworICAgIGZvciAoY29ucyA9IG91 dF9jb25zOyBjb25zICE9IHByb2Q7IGNvbnMrKykgewogCXVuaW9uIHhlbmZi X291dF9ldmVudCAqZXZlbnQgPSAmWEVORkJfT1VUX1JJTkdfUkVGKHBhZ2Us IGNvbnMpOworICAgICAgICB1aW50OF90IHR5cGUgPSBldmVudC0+dHlwZTsK IAlpbnQgeCwgeSwgdywgaDsKIAotCXN3aXRjaCAoZXZlbnQtPnR5cGUpIHsK Kwlzd2l0Y2ggKHR5cGUpIHsKIAljYXNlIFhFTkZCX1RZUEVfVVBEQVRFOgog CSAgICBpZiAoeGVuZmItPnVwX2NvdW50ID09IFVQX1FVRVVFKQogCQl4ZW5m Yi0+dXBfZnVsbHNjcmVlbiA9IDE7Ci0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemu-xenfb.patch" Content-Transfer-Encoding: base64 eGVuZmI6IGF2b2lkIHJlYWRpbmcgdHdpY2UgdGhlIHNhbWUgZmllbGRzIGZy b20gdGhlIHNoYXJlZCBwYWdlCgpSZWFkaW5nIHR3aWNlIHRoZSBzYW1lIGZp ZWxkIGNvdWxkIGdpdmUgdGhlIGd1ZXN0IGFuIGF0dGFjayBvZgpvcHBvcnR1 bml0eS4gSW4gdGhlIGNhc2Ugb2YgZXZlbnQtPnR5cGUsIGdjYyBjb3VsZCBj b21waWxlIHRoZSBzd2l0Y2gKc3RhdGVtZW50IGludG8gYSBqdW1wIHRhYmxl LCBlZmZlY3RpdmVseSBlbmRpbmcgdXAgcmVhZGluZyB0aGUgdHlwZQpmaWVs ZCBtdWx0aXBsZSB0aW1lcy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoK U2lnbmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0 YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KCgpkaWZmIC0tZ2l0IGEvaHcvZGlz cGxheS94ZW5mYi5jIGIvaHcvZGlzcGxheS94ZW5mYi5jCmluZGV4IDVlMzI0 ZWYuLjRlMmEyN2EgMTAwNjQ0Ci0tLSBhL2h3L2Rpc3BsYXkveGVuZmIuYwor KysgYi9ody9kaXNwbGF5L3hlbmZiLmMKQEAgLTc4NCwxOCArNzg0LDIwIEBA IHN0YXRpYyB2b2lkIHhlbmZiX2ludmFsaWRhdGUodm9pZCAqb3BhcXVlKQog CiBzdGF0aWMgdm9pZCB4ZW5mYl9oYW5kbGVfZXZlbnRzKHN0cnVjdCBYZW5G QiAqeGVuZmIpCiB7Ci0gICAgdWludDMyX3QgcHJvZCwgY29uczsKKyAgICB1 aW50MzJfdCBwcm9kLCBjb25zLCBvdXRfY29uczsKICAgICBzdHJ1Y3QgeGVu ZmJfcGFnZSAqcGFnZSA9IHhlbmZiLT5jLnBhZ2U7CiAKICAgICBwcm9kID0g cGFnZS0+b3V0X3Byb2Q7Ci0gICAgaWYgKHByb2QgPT0gcGFnZS0+b3V0X2Nv bnMpCisgICAgb3V0X2NvbnMgPSBwYWdlLT5vdXRfY29uczsKKyAgICBpZiAo cHJvZCA9PSBvdXRfY29ucykKIAlyZXR1cm47CiAgICAgeGVuX3JtYigpOwkJ LyogZW5zdXJlIHdlIHNlZSByaW5nIGNvbnRlbnRzIHVwIHRvIHByb2QgKi8K LSAgICBmb3IgKGNvbnMgPSBwYWdlLT5vdXRfY29uczsgY29ucyAhPSBwcm9k OyBjb25zKyspIHsKKyAgICBmb3IgKGNvbnMgPSBvdXRfY29uczsgY29ucyAh PSBwcm9kOyBjb25zKyspIHsKIAl1bmlvbiB4ZW5mYl9vdXRfZXZlbnQgKmV2 ZW50ID0gJlhFTkZCX09VVF9SSU5HX1JFRihwYWdlLCBjb25zKTsKKyAgICAg ICAgdWludDhfdCB0eXBlID0gZXZlbnQtPnR5cGU7CiAJaW50IHgsIHksIHcs IGg7CiAKLQlzd2l0Y2ggKGV2ZW50LT50eXBlKSB7CisJc3dpdGNoICh0eXBl KSB7CiAJY2FzZSBYRU5GQl9UWVBFX1VQREFURToKIAkgICAgaWYgKHhlbmZi LT51cF9jb3VudCA9PSBVUF9RVUVVRSkKIAkJeGVuZmItPnVwX2Z1bGxzY3Jl ZW4gPSAxOwo= --=separator Content-Type: application/octet-stream; name="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSAxMmIxMTY1OGE5ZDZhNjU0YTFlN2FjYmYyZjJkNTZjZTlhMzk2Yzg2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDIwIE5vdiAy MDE1IDExOjU5OjA1IC0wNTAwClN1YmplY3Q6IFtQQVRDSCAxLzNdIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZp ZC52cmFiZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6 ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6 IEFkZCBjb21tZW50IGFib3V0IEdDQyBidWcuCi0tLQogeGVuL2luY2x1ZGUv cHVibGljL2lvL3JpbmcuaCB8IDE0ICsrKysrKysrKysrKysrCiAxIGZpbGUg Y2hhbmdlZCwgMTQgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9p bmNsdWRlL3B1YmxpYy9pby9yaW5nLmggYi94ZW4vaW5jbHVkZS9wdWJsaWMv aW8vcmluZy5oCmluZGV4IGJhOTQwMWIuLjgwMWMwZGEgMTAwNjQ0Ci0tLSBh L3hlbi9pbmNsdWRlL3B1YmxpYy9pby9yaW5nLmgKKysrIGIveGVuL2luY2x1 ZGUvcHVibGljL2lvL3JpbmcuaApAQCAtMjEyLDYgKzIxMiwyMCBAQCB0eXBl ZGVmIHN0cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgX19uYW1lIyNfYmFja19y aW5nX3QKICNkZWZpbmUgUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCkgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAoJigo X3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAx KSldLnJlcSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVx dWVzdC4KKyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdf R0VUX1JFUVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBv biBhIGxvY2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhl IG90aGVyIGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251 Lm9yZy9idWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNl IHRoaXMKKyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBz dHJ1Y3Qgd2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8K KyNkZWZpbmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRv IHsJCQkJXAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBp bnRvIF9yZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVv ZihfcmVxKSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGls ZSAoMCkKKwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICgm KChfciktPnNyaW5nLT5yaW5nWygoX2lkeCkgJiAoUklOR19TSVpFKF9yKSAt IDEpKV0ucnNwKSkKIAotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA4NTFmZmI0ZWVhOTE3ZTI3MDhjOTEyMjkxZGVhNGQxMzMwMjZjMGFj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MTY6MDIgLTA1MDAKU3ViamVjdDogW1BBVENIIDIv M10gYmxrdGFwMjogVXNlIFJJTkdfQ09QWV9SRVFVRVNUCgpJbnN0ZWFkIG9m IFJJTkdfR0VUX1JFUVVFU1QuIFVzaW5nIGEgbG9jYWwgY29weSBvZiB0aGUK cmluZyAoYW5kIGFsc28gd2l0aCBwcm9wZXIgbWVtb3J5IGJhcnJpZXJzKSB3 aWxsIG1lYW4Kd2UgY2FuIGRvIG5vdCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRo ZSBjb21waWxlciBvcHRpbWl6aW5nCnRoZSBjb2RlIGFuZCBkb2luZyBhIGRv dWJsZS1mZXRjaCBpbiB0aGUgc2hhcmVkIG1lbW9yeSBzcGFjZS4KClRoaXMg aXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnpl c3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CgotLS0KdjI6 IEZpeCBjb21waWxlIGlzc3VlcyB3aXRoIHRhcGRpc2stdmJkCi0tLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jICAgfCAzICsrLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMgfCA4ICsrKystLS0t CiAyIGZpbGVzIGNoYW5nZWQsIDYgaW5zZXJ0aW9ucygrKSwgNSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxv Y2stbG9nLmMgYi90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxvY2stbG9nLmMK aW5kZXggNTMzMGNkYy4uNWYzYmQzNSAxMDA2NDQKLS0tIGEvdG9vbHMvYmxr dGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jCisrKyBiL3Rvb2xzL2Jsa3RhcDIv ZHJpdmVycy9ibG9jay1sb2cuYwpAQCAtNDk0LDExICs0OTQsMTIgQEAgc3Rh dGljIGludCBjdGxfa2ljayhzdHJ1Y3QgdGRsb2dfc3RhdGUqIHMsIGludCBm ZCkKICAgcmVxc3RhcnQgPSBzLT5icmluZy5yZXFfY29uczsKICAgcmVxZW5k ID0gcy0+c3JpbmctPnJlcV9wcm9kOwogCisgIHhlbl9tYigpOwogICBCRFBS SU5URigiY3RsOiByaW5nIGtpY2tlZCAoc3RhcnQgPSAldSwgZW5kID0gJXUp IiwgcmVxc3RhcnQsIHJlcWVuZCk7CiAKICAgd2hpbGUgKHJlcXN0YXJ0ICE9 IHJlcWVuZCkgewogICAgIC8qIFhYWCBhY3R1YWxseSBzdWJtaXQgdGhlc2Uh ICovCi0gICAgbWVtY3B5KCZyZXEsIFJJTkdfR0VUX1JFUVVFU1QoJnMtPmJy aW5nLCByZXFzdGFydCksIHNpemVvZihyZXEpKTsKKyAgICBSSU5HX0NPUFlf UkVRVUVTVCgmcy0+YnJpbmcsIHJlcXN0YXJ0LCAmcmVxKTsKICAgICBCRFBS SU5URigiY3RsOiByZWFkIHJlcXVlc3QgJSJQUkl1NjQiOiV1IiwgcmVxLnNl Y3RvciwgcmVxLmNvdW50KTsKICAgICBzLT5icmluZy5yZXFfY29ucyA9ICsr cmVxc3RhcnQ7CiAKZGlmZiAtLWdpdCBhL3Rvb2xzL2Jsa3RhcDIvZHJpdmVy cy90YXBkaXNrLXZiZC5jIGIvdG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRp c2stdmJkLmMKaW5kZXggNmQxZDk0YS4uODllZjllZCAxMDA2NDQKLS0tIGEv dG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKKysrIGIvdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKQEAgLTE1NTUsNyAr MTU1NSw3IEBAIHRhcGRpc2tfdmJkX3B1bGxfcmluZ19yZXF1ZXN0cyh0ZF92 YmRfdCAqdmJkKQogCWludCBpZHg7CiAJUklOR19JRFggcnAsIHJjOwogCXRk X3JpbmdfdCAqcmluZzsKLQlibGtpZl9yZXF1ZXN0X3QgKnJlcTsKKwlibGtp Zl9yZXF1ZXN0X3QgcmVxOwogCXRkX3ZiZF9yZXF1ZXN0X3QgKnZyZXE7CiAK IAlyaW5nID0gJnZiZC0+cmluZzsKQEAgLTE1NjYsMTYgKzE1NjYsMTYgQEAg dGFwZGlza192YmRfcHVsbF9yaW5nX3JlcXVlc3RzKHRkX3ZiZF90ICp2YmQp CiAJeGVuX3JtYigpOwogCiAJZm9yIChyYyA9IHJpbmctPmZlX3JpbmcucmVx X2NvbnM7IHJjICE9IHJwOyByYysrKSB7Ci0JCXJlcSA9IFJJTkdfR0VUX1JF UVVFU1QoJnJpbmctPmZlX3JpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVF U1QoJnJpbmctPmZlX3JpbmcsIHJjLCAmcmVxKTsKIAkJKytyaW5nLT5mZV9y aW5nLnJlcV9jb25zOwogCi0JCWlkeCAgPSByZXEtPmlkOworCQlpZHggID0g cmVxLmlkOwogCQl2cmVxID0gJnZiZC0+cmVxdWVzdF9saXN0W2lkeF07CiAK IAkJQVNTRVJUKGxpc3RfZW1wdHkoJnZyZXEtPm5leHQpKTsKIAkJQVNTRVJU KHZyZXEtPnNlY3NfcGVuZGluZyA9PSAwKTsKIAotCQltZW1jcHkoJnZyZXEt PnJlcSwgcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7CisJCW1lbWNw eSgmdnJlcS0+cmVxLCAmcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7 CiAJCXZiZC0+cmVjZWl2ZWQrKzsKIAkJdnJlcS0+dmJkID0gdmJkOwogCi0t IAoyLjEuNAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBjMWZjZTY1ZTJiNzIwNjg0ZWE2YmE3NmFlNTk5MjE1NDJiZDE1NGJi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIIDMv M10gbGlidmNoYW46IFJlYWQgcHJvZC9jb25zIG9ubHkgb25jZS4KCldlIG11 c3QgZW5zdXJlIHRoYXQgdGhlIHByb2QvY29ucyBhcmUgb25seSByZWFkIG9u Y2UgYW5kIHRoYXQKdGhlIGNvbXBpbGVyIHdvbid0IHRyeSB0byBvcHRpbWl6 ZSB0aGUgcmVhZHMuIFRoYXQgaXMgc3BsaXQKdGhlIHJlYWQgb2YgdGhlc2Ug aW4gbXVsdGlwbGUgaW5zdHJ1Y3Rpb25zIGluZmx1ZW5jaW5nIGxhdGVyCmJy YW5jaCBjb2RlLiBBcyBzdWNoIGluc2VydCBiYXJyaWVycyB3aGVuIGZldGNo aW5nIHRoZSBjb25zCmFuZCBwcm9kIGluZGV4LgoKVGhpcyBpcyBwYXJ0IG9m IFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiB0b29scy9saWJ2Y2hh bi9pby5jIHwgMiArKwogMSBmaWxlIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygr KQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMgYi90b29scy9s aWJ2Y2hhbi9pby5jCmluZGV4IDhhOTYyOWIuLjM4MWNjMDUgMTAwNjQ0Ci0t LSBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMKKysrIGIvdG9vbHMvbGlidmNoYW4v aW8uYwpAQCAtMTE3LDYgKzExNyw3IEBAIHN0YXRpYyBpbmxpbmUgaW50IHNl bmRfbm90aWZ5KHN0cnVjdCBsaWJ4ZW52Y2hhbiAqY3RybCwgdWludDhfdCBi aXQpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0X2RhdGFfcmVhZHkoc3Ry dWN0IGxpYnhlbnZjaGFuICpjdHJsKQogewogCXVpbnQzMl90IHJlYWR5ID0g cmRfcHJvZChjdHJsKSAtIHJkX2NvbnMoY3RybCk7CisJeGVuX21iKCk7IC8q IEVuc3VyZSAncmVhZHknIGlzIHJlYWQgb25seSBvbmNlLiAqLwogCWlmIChy ZWFkeSA+IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3 YXkgdG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMK IAkJICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1 OCw2ICsxNTksNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1 Y3QgbGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdf Z2V0X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7 CiAJdWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3Jf cHJvZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBF bnN1cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVh ZHkgPiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5 IHRvIHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJ CSAqIGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEu MAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBlZjg2YWQwYjYwZmUxNzliMWE2ZmEzOTBlMDVjMzM5ZmI0NGI5Y2M5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIXSBs aWJ2Y2hhbjogUmVhZCBwcm9kL2NvbnMgb25seSBvbmNlLgoKV2UgbXVzdCBl bnN1cmUgdGhhdCB0aGUgcHJvZC9jb25zIGFyZSBvbmx5IHJlYWQgb25jZSBh bmQgdGhhdAp0aGUgY29tcGlsZXIgd29uJ3QgdHJ5IHRvIG9wdGltaXplIHRo ZSByZWFkcy4gVGhhdCBpcyBzcGxpdAp0aGUgcmVhZCBvZiB0aGVzZSBpbiBt dWx0aXBsZSBpbnN0cnVjdGlvbnMgaW5mbHVlbmNpbmcgbGF0ZXIKYnJhbmNo IGNvZGUuIEFzIHN1Y2ggaW5zZXJ0IGJhcnJpZXJzIHdoZW4gZmV0Y2hpbmcg dGhlIGNvbnMKYW5kIHByb2QgaW5kZXguCgpUaGlzIGlzIHBhcnQgb2YgWFNB MTU1LgoKU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIHRvb2xzL2xpYnZjaGFuL2lv LmMgfCAyICsrCiAxIGZpbGUgY2hhbmdlZCwgMiBpbnNlcnRpb25zKCspCgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlidmNoYW4vaW8uYyBiL3Rvb2xzL2xpYnZj aGFuL2lvLmMKaW5kZXggODA0YzYzYy4uOGIzM2Y0MCAxMDA2NDQKLS0tIGEv dG9vbHMvbGlidmNoYW4vaW8uYworKysgYi90b29scy9saWJ2Y2hhbi9pby5j CkBAIC0xMTgsNiArMTE4LDcgQEAgc3RhdGljIGlubGluZSBpbnQgc2VuZF9u b3RpZnkoc3RydWN0IGxpYnhlbnZjaGFuICpjdHJsLCB1aW50OF90IGJpdCkK IHN0YXRpYyBpbmxpbmUgaW50IHJhd19nZXRfZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiB7CiAJdWludDMyX3QgcmVhZHkgPSByZF9w cm9kKGN0cmwpIC0gcmRfY29ucyhjdHJsKTsKKwl4ZW5fbWIoKTsgLyogRW5z dXJlICdyZWFkeScgaXMgcmVhZCBvbmx5IG9uY2UuICovCiAJaWYgKHJlYWR5 ID49IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3YXkg dG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMKIAkJ ICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1OSw2 ICsxNjAsNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0 X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7CiAJ dWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3JfcHJv ZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBFbnN1 cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVhZHkg PiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5IHRv IHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJCSAq IGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 13:38:03 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 13:38:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Yjt-0006KN-Dg; Thu, 17 Dec 2015 13:37:01 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Yjr-0006KB-Ve; Thu, 17 Dec 2015 13:37:00 +0000 Received: from [85.158.139.211] by server-17.bemta-5.messagelabs.com id C9/38-21901-B7AB2765; Thu, 17 Dec 2015 13:36:59 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-9.tower-206.messagelabs.com!1450359415!11389878!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10176 invoked from network); 17 Dec 2015 13:36:56 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-9.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 13:36:56 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Yjf-0001bD-OJ; Thu, 17 Dec 2015 13:36:47 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Yjf-0007YQ-4Y; Thu, 17 Dec 2015 13:36:47 +0000 Date: Thu, 17 Dec 2015 13:36:47 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8550 / XSA-155 version 6 paravirtualized drivers incautious about shared memory contents UPDATES IN VERSION 6 ==================== Correct CREDITS section. ISSUE DESCRIPTION ================= The compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice (during which time the frontend can alter the contents) possibly leading to arbitrary code execution in backend. IMPACT ====== Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact can be a host crash, or privilege escalation. VULNERABLE SYSTEMS ================== Systems running PV or HVM guests are vulnerable. ARM and x86 systems are vulnerable. All OSes providing PV backends are susceptible, this includes Linux and NetBSD. By default the Linux distributions compile kernels with optimizations. MITIGATION ========== There is no mitigation. CREDITS ======= This issue was discovered by Felix Wilhelm (ERNW Research, KIT / Operating Systems Group). RESOLUTION ========== Applying the appropriate attached patches should fix the problem for PV backends. Note only that PV backends are fixed; PV frontend patches will be developed and released (publicly) after the embargo date. Please note that there is a bug in some versions of gcc, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 which can cause the construct used in RING_COPY_REQUEST() to be ineffective in some circumstances. We have determined that this is only the case when the structure being copied consists purely of bitfields. The Xen PV protocols updated here do not use bitfields in this way and therefore these patches are not subject to that bug. However authors of third party PV protocols should take this into consideration. Linux v4.4: xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch Linux v4.[0,1,2,3] All the above patches except #5 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch Linux v3.19: All the above patches except #5 and #6 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux319-0006-xen-scsiback-safely-copy-requests.patch qemu-xen: xsa155-qemu-qdisk-double-access.patch xsa155-qemu-xenfb.patch qemu-traditional: xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch NetBSD 7.0: xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch xen: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xen 4.4: All patches except #3 will apply, please use: xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ sha256sum xsa155* d9fbc104ab2ae797971e351ee0e04e7b7e9c7c33385309bb406c7941dc9a33b4 xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch 590656d83ad7b6052b54659eccb3469658b3942c0dc1366423a66f2f5ac643e1 xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2bd18632178e09394c5cd06aded2c14bcc6b6e360ad6e81827d24860fe3e8ca4 xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch cecdeccb8e2551252c81fc5f164a8298005df714a574a7ba18b84e8ed5f2bb70 xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch 3916b847243047f0e1053233ade742c14a7f29243584e60bf5db4842a8068855 xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch 746c8eb0aeb200d76156c88dfbbd49db79f567b88b07eda70f7c7d095721f05a xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch 18517a184a02f7441065b8d3423086320ec4c2345c00d551231f7976381767f5 xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2e6d556d25b1cc16e71afde665ae3908f4fa8eab7e0d96283fc78400301baf92 xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch 5e130d8b61906015c6a94f8edd3cce97b172f96a265d97ecf370e7b45125b73d xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch 08c2d0f95dcc215165afbce623b6972b81dd45b091b5f40017579b00c8612e03 xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch 0a66010f736092f91f70bb0fd220685e4395efef1db6d23a3d1eace31d144f51 xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch 5e913a8427cab6b4d384d1246e05116afc301eb117edd838101eb53a82c2f2ff xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch 3b8f14eafaed3a7bc66245753a37af4249acf8129fbedb70653192252dc47dc9 xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch 81ae5fa998243a78dad749fc561be647dc1dc1be799e8f18484fdf0989469705 xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch 044ff74fa048df820d528f64f2791ec9cb3940bd313c1179020bd49a6cde2ca3 xsa155-qemu-qdisk-double-access.patch 1150504589eb7bfa108c80ce63395e57d0e627b12d9201219d968fdd026919a6 xsa155-qemut-qdisk-double-access.patch 63186246ab6913b54bfef5f09f33e815935ac40ff821c27a3efda62339bbbd5f xsa155-qemut-xenfb.patch e53b4ac298648cde79344192d5a58ca8d8724344f5105bec7c09eef095c668f6 xsa155-qemu-xenfb.patch e52467fcec73bcc86d3e96d06f8ca8085ae56a83d2c42a30c16bc3dc630d8f8a xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch eae34c8ccc096ad93a74190506b3d55020a88afb0cc504a3a514590e9fd746fd xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch 42780265014085a4221ad32b026214693d751789eb5219e2e83862c0006c66f4 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch dfcaddb8a908a4fc1b048a43187e885117e67dc566f5c841037ee366dcd437d1 xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcrpdAAoJEIP+FMlX6CvZ9soIALqQ/GHP6bZn2LqJTD9DIzsm zVB4yCPiVfDqHSOq9QNCzBzqpvOX+RhKTzRH1jsZczr8CSnkePxaCrmZgH8SAygB hFcF9xJGlJDjs647sgpQmYs++3mgD/57uml7IW/8NX46tXUelVByW7muNgUN2xlm kjeD8auJEs+jK1iwpt/hOmYe4moRx3+3ujfgqMCNAWtqZz9D9wM5tao+p6yKYlhM u8hSi1V3b7sAbf92mwzpzfpbwdgg25xeHtZ/oJxp/ZY0FhqDEsTxV+h8HjD/Eink GwqPS19O77tMmz9fUUTyJDSsU7ayFRI0HyYmXju4eJktJkhXagjAdCSyGky9z5g= =FlX2 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSBmOWM3MWU4OTJkNTE0MmEzMTQ0ODFkZjZiYWEyNmIzNGU2YTZiYTQ1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuLXNjc2li YWNrOiBzYWZlbHkgY29weSByZXF1ZXN0cwoKVGhlIGNvcHkgb2YgdGhlIHJp bmcgcmVxdWVzdCB3YXMgbGFja2luZyBhIGZvbGxvd2luZyBiYXJyaWVyKCks CnBvdGVudGlhbGx5IGFsbG93aW5nIHRoZSBjb21waWxlciB0byBvcHRpbWl6 ZSB0aGUgY29weSBhd2F5LgoKVXNlIFJJTkdfQ09QWV9SRVFVRVNUKCkgdG8g ZW5zdXJlIHRoZSByZXF1ZXN0IGlzIGNvcGllZCB0byBsb2NhbAptZW1vcnku CgpUaGlzIGlzIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3Jn ClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNp dHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCnYyOiBUaGlzIGlzIGEg YWdhaW5zdCB2My4xOQotLS0KIGRyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5j IHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94ZW4veGVuLXNjc2li YWNrLmMgYi9kcml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYwppbmRleCBlOTk5 NDk2ZS4uZDg2ZjZlMSAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXNj c2liYWNrLmMKKysrIGIvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKQEAg LTczNCw3ICs3MzQsNyBAQCBzdGF0aWMgaW50IHNjc2liYWNrX2RvX2NtZF9m bihzdHJ1Y3QgdnNjc2lia19pbmZvICppbmZvKQogCQlpZiAoIXBlbmRpbmdf cmVxKQogCQkJcmV0dXJuIDE7CiAKLQkJcmluZ19yZXEgPSBSSU5HX0dFVF9S RVFVRVNUKHJpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVFU1QocmluZywg cmMsICZyaW5nX3JlcSk7CiAJCXJpbmctPnJlcV9jb25zID0gKytyYzsKIAog CQlhY3QgPSByaW5nX3JlcS0+YWN0OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBkNTJmMDA5NjBjMTA3MGM2ODM4MDlmYWRkZDM1YTIyMjNlMmI4YTZl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDYvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0tCnYyOiBUaGlz IGlzIGFnYWluc3QgdjQuMwotLS0KIGRyaXZlcnMvYmxvY2sveGVuLWJsa2Jh Y2svYmxrYmFjay5jIHwgMTIgKysrKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdl ZCwgNyBpbnNlcnRpb25zKCspLCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIGIvZHJp dmVycy9ibG9jay94ZW4tYmxrYmFjay9ibGtiYWNrLmMKaW5kZXggNmE2ODVh ZS4uZjJlN2EzOCAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxr YmFjay9ibGtiYWNrLmMKKysrIGIvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9ibGtiYWNrLmMKQEAgLTk1MCw2ICs5NTAsOCBAQCBzdGF0aWMgaW50IHhl bl9ibGtia19wYXJzZV9pbmRpcmVjdChzdHJ1Y3QgYmxraWZfcmVxdWVzdCAq cmVxLAogCQlnb3RvIHVubWFwOwogCiAJZm9yIChuID0gMCwgaSA9IDA7IG4g PCBuc2VnOyBuKyspIHsKKwkJdWludDhfdCBmaXJzdF9zZWN0LCBsYXN0X3Nl Y3Q7CisKIAkJaWYgKChuICUgU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUUpID09 IDApIHsKIAkJCS8qIE1hcCBpbmRpcmVjdCBzZWdtZW50cyAqLwogCQkJaWYg KHNlZ21lbnRzKQpAQCAtOTU4LDE0ICs5NjAsMTQgQEAgc3RhdGljIGludCB4 ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3RydWN0IGJsa2lmX3JlcXVlc3Qg KnJlcSwKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1F OwogCQlwZW5kaW5nX3JlcS0+c2VnbWVudHNbbl0tPmdyZWYgPSBzZWdtZW50 c1tpXS5ncmVmOwotCQlzZWdbbl0ubnNlYyA9IHNlZ21lbnRzW2ldLmxhc3Rf c2VjdCAtCi0JCQlzZWdtZW50c1tpXS5maXJzdF9zZWN0ICsgMTsKLQkJc2Vn W25dLm9mZnNldCA9IChzZWdtZW50c1tpXS5maXJzdF9zZWN0IDw8IDkpOwot CQlpZiAoKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA+PSAoUEFHRV9TSVpFID4+ IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNlZ21l bnRzW2ldLmZpcnN0X3NlY3QpKSB7CisJCWZpcnN0X3NlY3QgPSBSRUFEX09O Q0Uoc2VnbWVudHNbaV0uZmlyc3Rfc2VjdCk7CisJCWxhc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5sYXN0X3NlY3QpOworCQlpZiAobGFzdF9z ZWN0ID49IChQQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0IDwgZmlyc3Rf c2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1bm1hcDsKIAkJ fQorCQlzZWdbbl0ubnNlYyA9IGxhc3Rfc2VjdCAtIGZpcnN0X3NlY3QgKyAx OworCQlzZWdbbl0ub2Zmc2V0ID0gZmlyc3Rfc2VjdCA8PCA5OwogCQlwcmVx LT5ucl9zZWN0cyArPSBzZWdbbl0ubnNlYzsKIAl9CiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA0ZTJiYzQyM2UwY2VmMGE0MmY5M2Q5ODljMDk4MDMwMWRmMWJkNDYy IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE0OjU4OjA4ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzddIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6IFVwZGF0ZSBhYm91dCBHQ0Mg YW5kIGJpdGZpZWxkcy4KLS0tCiBpbmNsdWRlL3hlbi9pbnRlcmZhY2UvaW8v cmluZy5oIHwgMTQgKysrKysrKysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCAx NCBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvaW5jbHVkZS94ZW4vaW50 ZXJmYWNlL2lvL3JpbmcuaCBiL2luY2x1ZGUveGVuL2ludGVyZmFjZS9pby9y aW5nLmgKaW5kZXggN2QyOGFmZi4uN2RjNjg1YiAxMDA2NDQKLS0tIGEvaW5j bHVkZS94ZW4vaW50ZXJmYWNlL2lvL3JpbmcuaAorKysgYi9pbmNsdWRlL3hl bi9pbnRlcmZhY2UvaW8vcmluZy5oCkBAIC0xODEsNiArMTgxLDIwIEBAIHN0 cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgewkJCQkJCVwKICNkZWZpbmUgUklO R19HRVRfUkVRVUVTVChfciwgX2lkeCkJCQkJCVwKICAgICAoJigoX3IpLT5z cmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAxKSldLnJl cSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVxdWVzdC4K KyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdfR0VUX1JF UVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBvbiBhIGxv Y2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhlIG90aGVy IGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251Lm9yZy9i dWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNlIHRoaXMK KyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBzdHJ1Y3Qg d2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8KKyNkZWZp bmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRvIHsJCQkJ XAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBpbnRvIF9y ZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVvZihfcmVx KSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGlsZSAoMCkK KwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkJCQkJCVwK ICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0la RShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Transfer-Encoding: base64 RnJvbSAxMDBhYzM3MmEwZTA3Y2NjOGM1MDhjMzg4NGZhOTAyMGNmZTA4MDk0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE2OjAxICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzddIHhlbi1u ZXRiYWNrOiBkb24ndCB1c2UgbGFzdCByZXF1ZXN0IHRvIGRldGVybWluZSBt aW5pbXVtCiBUeCBjcmVkaXQKClRoZSBsYXN0IGZyb20gZ3Vlc3QgdHJhbnNt aXR0ZWQgcmVxdWVzdCBnaXZlcyBubyBpbmRpY2F0aW9uIGFib3V0IHRoZQpt aW5pbXVtIGFtb3VudCBvZiBjcmVkaXQgdGhhdCB0aGUgZ3Vlc3QgbWlnaHQg bmVlZCB0byBzZW5kIGEgcGFja2V0CnNpbmNlIHRoZSBsYXN0IHBhY2tldCBt aWdodCBoYXZlIGJlZW4gYSBzbWFsbCBvbmUuCgpJbnN0ZWFkIGFsbG93IGZv ciB0aGUgd29yc3QgY2FzZSAxMjggS2lCIHBhY2tldC4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZp ZXdlZC1ieTogV2VpIExpdSA8d2VpLmxpdTJAY2l0cml4LmNvbT4KU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMvbmV0L3hlbi1uZXRi YWNrL25ldGJhY2suYyB8IDQgKy0tLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5z ZXJ0aW9uKCspLCAzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZl cnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyBiL2RyaXZlcnMvbmV0L3hl bi1uZXRiYWNrL25ldGJhY2suYwppbmRleCBlNDgxZjM3Li5iNjgzNTgxIDEw MDY0NAotLS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMK KysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCkBAIC02 NzksOSArNjc5LDcgQEAgc3RhdGljIHZvaWQgdHhfYWRkX2NyZWRpdChzdHJ1 Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSkKIAkgKiBBbGxvdyBhIGJ1cnN0IGJp ZyBlbm91Z2ggdG8gdHJhbnNtaXQgYSBqdW1ibyBwYWNrZXQgb2YgdXAgdG8g MTI4a0IuCiAJICogT3RoZXJ3aXNlIHRoZSBpbnRlcmZhY2UgY2FuIHNlaXpl IHVwIGR1ZSB0byBpbnN1ZmZpY2llbnQgY3JlZGl0LgogCSAqLwotCW1heF9i dXJzdCA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT50eCwgcXVldWUtPnR4 LnJlcV9jb25zKS0+c2l6ZTsKLQltYXhfYnVyc3QgPSBtaW4obWF4X2J1cnN0 LCAxMzEwNzJVTCk7Ci0JbWF4X2J1cnN0ID0gbWF4KG1heF9idXJzdCwgcXVl dWUtPmNyZWRpdF9ieXRlcyk7CisJbWF4X2J1cnN0ID0gbWF4KDEzMTA3MlVM LCBxdWV1ZS0+Y3JlZGl0X2J5dGVzKTsKIAogCS8qIFRha2UgY2FyZSB0aGF0 IGFkZGluZyBhIG5ldyBjaHVuayBvZiBjcmVkaXQgZG9lc24ndCB3cmFwIHRv IHplcm8uICovCiAJbWF4X2NyZWRpdCA9IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICsgcXVldWUtPmNyZWRpdF9ieXRlczsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Transfer-Encoding: base64 RnJvbSA0MTI3ZTljY2FlMGVkYTYyMjQyMWQyMTEzMjg0NmFiZGY3NGY2NmVk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE3OjA2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAzLzddIHhlbi1u ZXRiYWNrOiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0CgpJ bnN0ZWFkIG9mIG9wZW4tY29kaW5nIG1lbWNweSgpcyBhbmQgZGlyZWN0bHkg YWNjZXNzaW5nIFR4IGFuZCBSeApyZXF1ZXN0cywgdXNlIHRoZSBuZXcgUklO R19DT1BZX1JFUVVFU1QoKSB0aGF0IGVuc3VyZXMgdGhlIGxvY2FsIGNvcHkK aXMgY29ycmVjdC4KClRoaXMgaXMgbW9yZSB0aGFuIGlzIHN0cmljdGx5IG5l Y2Vzc2FyeSBmb3IgZ3Vlc3QgUnggcmVxdWVzdHMgc2luY2UKb25seSB0aGUg aWQgYW5kIGdyZWYgZmllbGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVz cyBpZiB0aGUKZnJvbnRlbmQgbW9kaWZpZXMgdGhlc2UuCgpUaGlzIGlzIHBh cnQgb2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKUmV2 aWV3ZWQtYnk6IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5j b20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2lsayA8a29u cmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgfCAzMCArKysrKysrKysrKysrKy0tLS0tLS0tLS0t LS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAxNCBpbnNlcnRpb25zKCspLCAxNiBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRi YWNrLmMKaW5kZXggYjY4MzU4MS4uMTA0OWMzNCAxMDA2NDQKLS0tIGEvZHJp dmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCisrKyBiL2RyaXZlcnMv bmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYwpAQCAtMjU4LDE4ICsyNTgsMTgg QEAgc3RhdGljIHN0cnVjdCB4ZW52aWZfcnhfbWV0YSAqZ2V0X25leHRfcnhf YnVmZmVyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQkJCQkJIHN0 cnVjdCBuZXRyeF9wZW5kaW5nX29wZXJhdGlvbnMgKm5wbykKIHsKIAlzdHJ1 Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAotCXJlcSA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT5yeCwg cXVldWUtPnJ4LnJlcV9jb25zKyspOworCVJJTkdfQ09QWV9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrLCAmcmVxKTsKIAogCW1l dGEgPSBucG8tPm1ldGEgKyBucG8tPm1ldGFfcHJvZCsrOwogCW1ldGEtPmdz b190eXBlID0gWEVOX05FVElGX0dTT19UWVBFX05PTkU7CiAJbWV0YS0+Z3Nv X3NpemUgPSAwOwogCW1ldGEtPnNpemUgPSAwOwotCW1ldGEtPmlkID0gcmVx LT5pZDsKKwltZXRhLT5pZCA9IHJlcS5pZDsKIAogCW5wby0+Y29weV9vZmYg PSAwOwotCW5wby0+Y29weV9ncmVmID0gcmVxLT5ncmVmOworCW5wby0+Y29w eV9ncmVmID0gcmVxLmdyZWY7CiAKIAlyZXR1cm4gbWV0YTsKIH0KQEAgLTQy NCw3ICs0MjQsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVj dCBza19idWZmICpza2IsCiAJc3RydWN0IHhlbnZpZiAqdmlmID0gbmV0ZGV2 X3ByaXYoc2tiLT5kZXYpOwogCWludCBucl9mcmFncyA9IHNrYl9zaGluZm8o c2tiKS0+bnJfZnJhZ3M7CiAJaW50IGk7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAlzdHJ1Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7CiAJdW5zaWdu ZWQgY2hhciAqZGF0YTsKIAlpbnQgaGVhZCA9IDE7CkBAIC00NDMsMTUgKzQ0 MywxNSBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVjdCBza19i dWZmICpza2IsCiAKIAkvKiBTZXQgdXAgYSBHU08gcHJlZml4IGRlc2NyaXB0 b3IsIGlmIG5lY2Vzc2FyeSAqLwogCWlmICgoMSA8PCBnc29fdHlwZSkgJiB2 aWYtPmdzb19wcmVmaXhfbWFzaykgewotCQlyZXEgPSBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwkJUklO R19DT1BZX1JFUVVFU1QoJnF1ZXVlLT5yeCwgcXVldWUtPnJ4LnJlcV9jb25z KyssICZyZXEpOwogCQltZXRhID0gbnBvLT5tZXRhICsgbnBvLT5tZXRhX3By b2QrKzsKIAkJbWV0YS0+Z3NvX3R5cGUgPSBnc29fdHlwZTsKIAkJbWV0YS0+ Z3NvX3NpemUgPSBza2Jfc2hpbmZvKHNrYiktPmdzb19zaXplOwogCQltZXRh LT5zaXplID0gMDsKLQkJbWV0YS0+aWQgPSByZXEtPmlkOworCQltZXRhLT5p ZCA9IHJlcS5pZDsKIAl9CiAKLQlyZXEgPSBSSU5HX0dFVF9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnJ4LCBxdWV1ZS0+cngucmVxX2NvbnMrKywgJnJl cSk7CiAJbWV0YSA9IG5wby0+bWV0YSArIG5wby0+bWV0YV9wcm9kKys7CiAK IAlpZiAoKDEgPDwgZ3NvX3R5cGUpICYgdmlmLT5nc29fbWFzaykgewpAQCAt NDYzLDkgKzQ2Myw5IEBAIHN0YXRpYyBpbnQgeGVudmlmX2dvcF9za2Ioc3Ry dWN0IHNrX2J1ZmYgKnNrYiwKIAl9CiAKIAltZXRhLT5zaXplID0gMDsKLQlt ZXRhLT5pZCA9IHJlcS0+aWQ7CisJbWV0YS0+aWQgPSByZXEuaWQ7CiAJbnBv LT5jb3B5X29mZiA9IDA7Ci0JbnBvLT5jb3B5X2dyZWYgPSByZXEtPmdyZWY7 CisJbnBvLT5jb3B5X2dyZWYgPSByZXEuZ3JlZjsKIAogCWRhdGEgPSBza2It PmRhdGE7CiAJd2hpbGUgKGRhdGEgPCBza2JfdGFpbF9wb2ludGVyKHNrYikp IHsKQEAgLTcwOSw3ICs3MDksNyBAQCBzdGF0aWMgdm9pZCB4ZW52aWZfdHhf ZXJyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQlzcGluX3VubG9j a19pcnFyZXN0b3JlKCZxdWV1ZS0+cmVzcG9uc2VfbG9jaywgZmxhZ3MpOwog CQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKLQkJdHhwID0gUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyspOworCQlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyssIHR4cCk7CiAJfSB3aGlsZSAo MSk7CiAJcXVldWUtPnR4LnJlcV9jb25zID0gY29uczsKIH0KQEAgLTc3Niw4 ICs3NzYsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9jb3VudF9yZXF1ZXN0cyhz dHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJaWYgKGRyb3BfZXJyKQog CQkJdHhwID0gJmRyb3BwZWRfdHg7CiAKLQkJbWVtY3B5KHR4cCwgUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zICsgc2xvdHMpLAotCQkgICAg ICAgc2l6ZW9mKCp0eHApKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVl LT50eCwgY29ucyArIHNsb3RzLCB0eHApOwogCiAJCS8qIElmIHRoZSBndWVz dCBzdWJtaXR0ZWQgYSBmcmFtZSA+PSA2NCBLaUIgdGhlbgogCQkgKiBmaXJz dC0+c2l6ZSBvdmVyZmxvd2VkIGFuZCBmb2xsb3dpbmcgc2xvdHMgd2lsbApA QCAtMTExMCw4ICsxMTA5LDcgQEAgc3RhdGljIGludCB4ZW52aWZfZ2V0X2V4 dHJhcyhzdHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJCXJldHVybiAt RUJBRFI7CiAJCX0KIAotCQltZW1jcHkoJmV4dHJhLCBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+dHgsIGNvbnMpLAotCQkgICAgICAgc2l6ZW9mKGV4dHJh KSk7CisJCVJJTkdfQ09QWV9SRVFVRVNUKCZxdWV1ZS0+dHgsIGNvbnMsICZl eHRyYSk7CiAJCWlmICh1bmxpa2VseSghZXh0cmEudHlwZSB8fAogCQkJICAg ICBleHRyYS50eXBlID49IFhFTl9ORVRJRl9FWFRSQV9UWVBFX01BWCkpIHsK IAkJCXF1ZXVlLT50eC5yZXFfY29ucyA9ICsrY29uczsKQEAgLTEzMjAsNyAr MTMxOCw3IEBAIHN0YXRpYyB2b2lkIHhlbnZpZl90eF9idWlsZF9nb3BzKHN0 cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCiAJCWlkeCA9IHF1ZXVlLT50 eC5yZXFfY29uczsKIAkJcm1iKCk7IC8qIEVuc3VyZSB0aGF0IHdlIHNlZSB0 aGUgcmVxdWVzdCBiZWZvcmUgd2UgY29weSBpdC4gKi8KLQkJbWVtY3B5KCZ0 eHJlcSwgUklOR19HRVRfUkVRVUVTVCgmcXVldWUtPnR4LCBpZHgpLCBzaXpl b2YodHhyZXEpKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVlLT50eCwg aWR4LCAmdHhyZXEpOwogCiAJCS8qIENyZWRpdC1iYXNlZCBzY2hlZHVsaW5n LiAqLwogCQlpZiAodHhyZXEuc2l6ZSA+IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICYmCi0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Transfer-Encoding: base64 RnJvbSAwODRiOGMyZTc3ZjFhYzA3ZTRhM2ExMjFmZjk1N2M0OWE5Mzc5Mzg1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6MzQ6MDkgKzAwMDAKU3ViamVj dDogW1BBVENIIDQvN10geGVuLWJsa2JhY2s6IG9ubHkgcmVhZCByZXF1ZXN0 IG9wZXJhdGlvbiBmcm9tIHNoYXJlZCByaW5nCiBvbmNlCk1JTUUtVmVyc2lv bjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYt OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgpBIGNvbXBpbGVy IG1heSBsb2FkIGEgc3dpdGNoIHN0YXRlbWVudCB2YWx1ZSBtdWx0aXBsZSB0 aW1lcywgd2hpY2ggY291bGQKYmUgYmFkIHdoZW4gdGhlIHZhbHVlIGlzIGlu IG1lbW9yeSBzaGFyZWQgd2l0aCB0aGUgZnJvbnRlbmQuCgpXaGVuIGNvbnZl cnRpbmcgYSBub24tbmF0aXZlIHJlcXVlc3QgdG8gYSBuYXRpdmUgb25lLCBl bnN1cmUgdGhhdApzcmMtPm9wZXJhdGlvbiBpcyBvbmx5IGxvYWRlZCBvbmNl IGJ5IHVzaW5nIFJFQURfT05DRSgpLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1 NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3JnClNpZ25lZC1vZmYtYnk6 IFJvZ2VyIFBhdSBNb25uw6kgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpTaWdu ZWQtb2ZmLWJ5OiBEYXZpZCBWcmFiZWwgPGRhdmlkLnZyYWJlbEBjaXRyaXgu Y29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtv bnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogZHJpdmVycy9ibG9jay94ZW4t YmxrYmFjay9jb21tb24uaCB8IDggKysrKy0tLS0KIDEgZmlsZSBjaGFuZ2Vk LCA0IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFjay9jb21tb24uaCBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svY29tbW9uLmgKaW5kZXggNjhlODdhMC4u YzkyOWFlMiAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9jb21tb24uaAorKysgYi9kcml2ZXJzL2Jsb2NrL3hlbi1ibGtiYWNrL2Nv bW1vbi5oCkBAIC00MDgsOCArNDA4LDggQEAgc3RhdGljIGlubGluZSB2b2lk IGJsa2lmX2dldF94ODZfMzJfcmVxKHN0cnVjdCBibGtpZl9yZXF1ZXN0ICpk c3QsCiAJCQkJCXN0cnVjdCBibGtpZl94ODZfMzJfcmVxdWVzdCAqc3JjKQog ewogCWludCBpLCBuID0gQkxLSUZfTUFYX1NFR01FTlRTX1BFUl9SRVFVRVNU LCBqOwotCWRzdC0+b3BlcmF0aW9uID0gc3JjLT5vcGVyYXRpb247Ci0Jc3dp dGNoIChzcmMtPm9wZXJhdGlvbikgeworCWRzdC0+b3BlcmF0aW9uID0gUkVB RF9PTkNFKHNyYy0+b3BlcmF0aW9uKTsKKwlzd2l0Y2ggKGRzdC0+b3BlcmF0 aW9uKSB7CiAJY2FzZSBCTEtJRl9PUF9SRUFEOgogCWNhc2UgQkxLSUZfT1Bf V1JJVEU6CiAJY2FzZSBCTEtJRl9PUF9XUklURV9CQVJSSUVSOgpAQCAtNDU2 LDggKzQ1Niw4IEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBibGtpZl9nZXRfeDg2 XzY0X3JlcShzdHJ1Y3QgYmxraWZfcmVxdWVzdCAqZHN0LAogCQkJCQlzdHJ1 Y3QgYmxraWZfeDg2XzY0X3JlcXVlc3QgKnNyYykKIHsKIAlpbnQgaSwgbiA9 IEJMS0lGX01BWF9TRUdNRU5UU19QRVJfUkVRVUVTVCwgajsKLQlkc3QtPm9w ZXJhdGlvbiA9IHNyYy0+b3BlcmF0aW9uOwotCXN3aXRjaCAoc3JjLT5vcGVy YXRpb24pIHsKKwlkc3QtPm9wZXJhdGlvbiA9IFJFQURfT05DRShzcmMtPm9w ZXJhdGlvbik7CisJc3dpdGNoIChkc3QtPm9wZXJhdGlvbikgewogCWNhc2Ug QkxLSUZfT1BfUkVBRDoKIAljYXNlIEJMS0lGX09QX1dSSVRFOgogCWNhc2Ug QkxLSUZfT1BfV1JJVEVfQkFSUklFUjoKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSAwNmVlN2M3YmViMGI1MjQ1YjFkODc5Yzk3NTNmYWEyY2Y1YWQ5ODkx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDUvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMv YmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIHwgMTUgKysrKysrKysrKy0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMTAgaW5zZXJ0aW9ucygrKSwgNSBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL2Jsb2NrL3hlbi1ibGti YWNrL2Jsa2JhY2suYyBiL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxr YmFjay5jCmluZGV4IGY5MDk5OTQuLjQxZmIxYTkgMTAwNjQ0Ci0tLSBhL2Ry aXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCisrKyBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCkBAIC05NTAsNiArOTUw LDggQEAgc3RhdGljIGludCB4ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3Ry dWN0IGJsa2lmX3JlcXVlc3QgKnJlcSwKIAkJZ290byB1bm1hcDsKIAogCWZv ciAobiA9IDAsIGkgPSAwOyBuIDwgbnNlZzsgbisrKSB7CisJCXVpbnQ4X3Qg Zmlyc3Rfc2VjdCwgbGFzdF9zZWN0OworCiAJCWlmICgobiAlIFNFR1NfUEVS X0lORElSRUNUX0ZSQU1FKSA9PSAwKSB7CiAJCQkvKiBNYXAgaW5kaXJlY3Qg c2VnbWVudHMgKi8KIAkJCWlmIChzZWdtZW50cykKQEAgLTk1NywxNSArOTU5 LDE4IEBAIHN0YXRpYyBpbnQgeGVuX2Jsa2JrX3BhcnNlX2luZGlyZWN0KHN0 cnVjdCBibGtpZl9yZXF1ZXN0ICpyZXEsCiAJCQlzZWdtZW50cyA9IGttYXBf YXRvbWljKHBhZ2VzW24vU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUVdLT5wYWdl KTsKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1FOwor CiAJCXBlbmRpbmdfcmVxLT5zZWdtZW50c1tuXS0+Z3JlZiA9IHNlZ21lbnRz W2ldLmdyZWY7Ci0JCXNlZ1tuXS5uc2VjID0gc2VnbWVudHNbaV0ubGFzdF9z ZWN0IC0KLQkJCXNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgKyAxOwotCQlzZWdb bl0ub2Zmc2V0ID0gKHNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgPDwgOSk7Ci0J CWlmICgoc2VnbWVudHNbaV0ubGFzdF9zZWN0ID49IChYRU5fUEFHRV9TSVpF ID4+IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNl Z21lbnRzW2ldLmZpcnN0X3NlY3QpKSB7CisKKwkJZmlyc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5maXJzdF9zZWN0KTsKKwkJbGFzdF9zZWN0 ID0gUkVBRF9PTkNFKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCk7CisJCWlmIChs YXN0X3NlY3QgPj0gKFhFTl9QQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0 IDwgZmlyc3Rfc2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1 bm1hcDsKIAkJfQorCisJCXNlZ1tuXS5uc2VjID0gbGFzdF9zZWN0IC0gZmly c3Rfc2VjdCArIDE7CisJCXNlZ1tuXS5vZmZzZXQgPSBmaXJzdF9zZWN0IDw8 IDk7CiAJCXByZXEtPm5yX3NlY3RzICs9IHNlZ1tuXS5uc2VjOwogCX0KIAot LSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSA4OTczOWMxNGM3MmU1YzE2MjZhNWNkNWUwOWNiYjJlZmVhYWRiNmQ4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSCA2LzddIHhlbi1z Y3NpYmFjazogc2FmZWx5IGNvcHkgcmVxdWVzdHMKClRoZSBjb3B5IG9mIHRo ZSByaW5nIHJlcXVlc3Qgd2FzIGxhY2tpbmcgYSBmb2xsb3dpbmcgYmFycmll cigpLApwb3RlbnRpYWxseSBhbGxvd2luZyB0aGUgY29tcGlsZXIgdG8gb3B0 aW1pemUgdGhlIGNvcHkgYXdheS4KClVzZSBSSU5HX0NPUFlfUkVRVUVTVCgp IHRvIGVuc3VyZSB0aGUgcmVxdWVzdCBpcyBjb3BpZWQgdG8gbG9jYWwKbWVt b3J5LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdl ci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jv c3NAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2 aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBS emVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBk cml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYyB8IDIgKy0KIDEgZmlsZSBjaGFu Z2VkLCAxIGluc2VydGlvbigrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5jIGIvZHJpdmVycy94ZW4v eGVuLXNjc2liYWNrLmMKaW5kZXggNDNiY2FlOC4uYWQ0ZWIxMCAxMDA2NDQK LS0tIGEvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKKysrIGIvZHJpdmVy cy94ZW4veGVuLXNjc2liYWNrLmMKQEAgLTcyNiw3ICs3MjYsNyBAQCBzdGF0 aWMgaW50IHNjc2liYWNrX2RvX2NtZF9mbihzdHJ1Y3QgdnNjc2lia19pbmZv ICppbmZvKQogCQlpZiAoIXBlbmRpbmdfcmVxKQogCQkJcmV0dXJuIDE7CiAK LQkJcmluZ19yZXEgPSAqUklOR19HRVRfUkVRVUVTVChyaW5nLCByYyk7CisJ CVJJTkdfQ09QWV9SRVFVRVNUKHJpbmcsIHJjLCAmcmluZ19yZXEpOwogCQly aW5nLT5yZXFfY29ucyA9ICsrcmM7CiAKIAkJZXJyID0gcHJlcGFyZV9wZW5k aW5nX3JlcXMoaW5mbywgJnJpbmdfcmVxLCBwZW5kaW5nX3JlcSk7Ci0tIAoy LjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Transfer-Encoding: base64 RnJvbSBmNmY0Mzg4YzkxN2NlOTZiMDc1YTIzOWE0NTM1YjhlZmM2MDY0ZDE0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MTYgTm92IDIwMTUgMTI6NDA6NDggLTA1MDAKU3ViamVjdDogW1BBVENIIDcv N10geGVuL3BjaWJhY2s6IFNhdmUgeGVuX3BjaV9vcCBjb21tYW5kcyBiZWZv cmUgcHJvY2Vzc2luZwogaXQKCkRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXRp ZXMgdGhhdCBoYXBwZW4gd2hlbiBhIHZhcmlhYmxlIGlzCmZldGNoZWQgdHdp Y2UgZnJvbSBzaGFyZWQgbWVtb3J5IGJ1dCBhIHNlY3VyaXR5IGNoZWNrIGlz IG9ubHkKcGVyZm9ybWVkIHRoZSBmaXJzdCB0aW1lLgoKVGhlIHhlbl9wY2li a19kb19vcCBmdW5jdGlvbiBwZXJmb3JtcyBhIHN3aXRjaCBzdGF0ZW1lbnRz IG9uIHRoZSBvcC0+Y21kCnZhbHVlIHdoaWNoIGlzIHN0b3JlZCBpbiBzaGFy ZWQgbWVtb3J5LiBJbnRlcmVzdGluZ2x5IHRoaXMgY2FuIHJlc3VsdAppbiBh IGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5IGRlcGVuZGluZyBvbiB0aGUg cGVyZm9ybWVkIGNvbXBpbGVyCm9wdGltaXphdGlvbi4KClRoaXMgcGF0Y2gg Zml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5fcGNpX29wIGNvbW1hbmQgYmVm b3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28gdXNlICdiYXJyaWVyJyB0byBt YWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIgZG9lcyBub3QgcGVyZm9ybSBh bnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkND OiBzdGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxKQmV1bGljaEBzdXNlLmNvbT4KU2ln bmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaCAgICAgfCAgMSArCiBkcml2ZXJzL3hlbi94ZW4t cGNpYmFjay9wY2liYWNrX29wcy5jIHwgMTUgKysrKysrKysrKysrKystCiAy IGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24o LSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2li YWNrLmggYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrLmgKaW5k ZXggNThlMzhkNS4uNGQ1MjlmMyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4v eGVuLXBjaWJhY2svcGNpYmFjay5oCisrKyBiL2RyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaApAQCAtMzcsNiArMzcsNyBAQCBzdHJ1Y3QgeGVu X3BjaWJrX2RldmljZSB7CiAJc3RydWN0IHhlbl9wY2lfc2hhcmVkaW5mbyAq c2hfaW5mbzsKIAl1bnNpZ25lZCBsb25nIGZsYWdzOwogCXN0cnVjdCB3b3Jr X3N0cnVjdCBvcF93b3JrOworCXN0cnVjdCB4ZW5fcGNpX29wIG9wOwogfTsK IAogc3RydWN0IHhlbl9wY2lia19kZXZfZGF0YSB7CmRpZmYgLS1naXQgYS9k cml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCBjNGEwNjY2 Li5hMGUwZTNlIDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFj ay9wY2liYWNrX29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMKQEAgLTI5OCw5ICsyOTgsMTEgQEAgdm9pZCB4ZW5f cGNpYmtfZG9fb3Aoc3RydWN0IHdvcmtfc3RydWN0ICpkYXRhKQogCQljb250 YWluZXJfb2YoZGF0YSwgc3RydWN0IHhlbl9wY2lia19kZXZpY2UsIG9wX3dv cmspOwogCXN0cnVjdCBwY2lfZGV2ICpkZXY7CiAJc3RydWN0IHhlbl9wY2li a19kZXZfZGF0YSAqZGV2X2RhdGEgPSBOVUxMOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwZGV2LT5zaF9pbmZvLT5vcDsKKwlzdHJ1Y3QgeGVuX3Bj aV9vcCAqb3AgPSAmcGRldi0+b3A7CiAJaW50IHRlc3RfaW50eCA9IDA7CiAK Kwkqb3AgPSBwZGV2LT5zaF9pbmZvLT5vcDsKKwliYXJyaWVyKCk7CiAJZGV2 ID0geGVuX3BjaWJrX2dldF9wY2lfZGV2KHBkZXYsIG9wLT5kb21haW4sIG9w LT5idXMsIG9wLT5kZXZmbik7CiAKIAlpZiAoZGV2ID09IE5VTEwpCkBAIC0z NDIsNiArMzQ0LDE3IEBAIHZvaWQgeGVuX3BjaWJrX2RvX29wKHN0cnVjdCB3 b3JrX3N0cnVjdCAqZGF0YSkKIAkJaWYgKChkZXZfZGF0YS0+ZW5hYmxlX2lu dHggIT0gdGVzdF9pbnR4KSkKIAkJCXhlbl9wY2lia19jb250cm9sX2lzcihk ZXYsIDAgLyogbm8gcmVzZXQgKi8pOwogCX0KKwlwZGV2LT5zaF9pbmZvLT5v cC5lcnIgPSBvcC0+ZXJyOworCXBkZXYtPnNoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworI2lmZGVmIENPTkZJR19QQ0lfTVNJCisJaWYgKG9wLT5j bWQgPT0gWEVOX1BDSV9PUF9lbmFibGVfbXNpeCAmJiBvcC0+ZXJyID09IDAp IHsKKwkJdW5zaWduZWQgaW50IGk7CisKKwkJZm9yIChpID0gMDsgaSA8IG9w LT52YWx1ZTsgaSsrKQorCQkJcGRldi0+c2hfaW5mby0+b3AubXNpeF9lbnRy aWVzW2ldLnZlY3RvciA9CisJCQkJb3AtPm1zaXhfZW50cmllc1tpXS52ZWN0 b3I7CisJfQorI2VuZGlmCiAJLyogVGVsbCB0aGUgZHJpdmVyIGRvbWFpbiB0 aGF0IHdlJ3JlIGRvbmUuICovCiAJd21iKCk7CiAJY2xlYXJfYml0KF9YRU5f UENJRl9hY3RpdmUsICh1bnNpZ25lZCBsb25nICopJnBkZXYtPnNoX2luZm8t PmZsYWdzKTsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSBhNTY0NTZhYzNkZjI4NDMyZmZmNDRhOWE5NjIzZTJkZGZjODI2MTA2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDI0IE5vdiAy MDE1IDAyOjUxOjU2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzVdIG5ldGJz ZC94ZW46IEFkZCBSSU5HX0NPUFlfUkVRVUVTVCgpCgpVc2luZyBSSU5HX0dF VF9SRVFVRVNUKCkgb24gYSBzaGFyZWQgcmluZyBpcyBlYXN5IHRvIHVzZSBp bmNvcnJlY3RseQooaS5lLiwgYnkgbm90IGNvbnNpZGVyaW5nIHRoYXQgdGhl IG90aGVyIGVuZCBtYXkgYWx0ZXIgdGhlIGRhdGEgaW4gdGhlCnNoYXJlZCBy aW5nIHdoaWxlIGl0IGlzIGJlaW5nIGluc3BlY3RlZCkuICBTYWZlIHVzYWdl IG9mIGEgcmVxdWVzdApnZW5lcmFsbHkgcmVxdWlyZXMgdGFraW5nIGEgbG9j YWwgY29weS4KClByb3ZpZGUgYSBSSU5HX0NPUFlfUkVRVUVTVCgpIG1hY3Jv IHRvIHVzZSBpbnN0ZWFkIG9mClJJTkdfR0VUX1JFUVVFU1QoKSBhbmQgYW4g b3Blbi1jb2RlZCBtZW1jcHkoKS4gIFRoaXMgdGFrZXMgY2FyZSBvZgplbnN1 cmluZyB0aGF0IHRoZSBjb3B5IGlzIGRvbmUgY29ycmVjdGx5IHJlZ2FyZGxl c3Mgb2YgYW55IHBvc3NpYmxlCmNvbXBpbGVyIG9wdGltaXphdGlvbnMuCgpV c2UgYSB2b2xhdGlsZSBzb3VyY2UgdG8gcHJldmVudCB0aGUgY29tcGlsZXIg ZnJvbSByZW9yZGVyaW5nIG9yCm9taXR0aW5nIHRoZSBjb3B5LgoKVGhpcyBp cyBwYXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJl bCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtv bnJhZCBSemVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4K LS0tCnYyOiBVcGRhdGUgY29tbWVudCBhYm91dCBHQ0MgYnVnLgotLS0KIGFy Y2gveGVuL2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmggfCAxNCArKysr KysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDE0IGluc2VydGlvbnMoKykK CmRpZmYgLS1naXQgYS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8v cmluZy5oIGIvYXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3Jpbmcu aAppbmRleCAwOWMxODZjLi42MzBiODBlIDEwMDY0NAotLS0gYS9hcmNoL3hl bi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVu L2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmgKQEAgLTIzNiw2ICsyMzYs MjAgQEAgdHlwZWRlZiBzdHJ1Y3QgX19uYW1lIyNfYmFja19yaW5nIF9fbmFt ZSMjX2JhY2tfcmluZ190CiAjZGVmaW5lIFJJTkdfR0VUX1JFUVVFU1QoX3Is IF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgKCYoKF9yKS0+c3JpbmctPnJpbmdbKChfaWR4KSAmIChSSU5HX1NJ WkUoX3IpIC0gMSkpXS5yZXEpKQogCisvKgorICogR2V0IGEgbG9jYWwgY29w eSBvZiBhIHJlcXVlc3QuCisgKgorICogVXNlIHRoaXMgaW4gcHJlZmVyZW5j ZSB0byBSSU5HX0dFVF9SRVFVRVNUKCkgc28gYWxsIHByb2Nlc3NpbmcgaXMK KyAqIGRvbmUgb24gYSBsb2NhbCBjb3B5IHRoYXQgY2Fubm90IGJlIG1vZGlm aWVkIGJ5IHRoZSBvdGhlciBlbmQuCisgKgorICogTm90ZSB0aGF0IGh0dHBz Oi8vZ2NjLmdudS5vcmcvYnVnemlsbGEvc2hvd19idWcuY2dpP2lkPTU4MTQ1 IG1heSBjYXVzZSB0aGlzCisgKiB0byBiZSBpbmVmZmVjdGl2ZSB3aGVyZSBf cmVxIGlzIGEgc3RydWN0IHdoaWNoIGNvbnNpc3RzIG9mIG9ubHkgYml0Zmll bGRzLgorICovCisjZGVmaW5lIFJJTkdfQ09QWV9SRVFVRVNUKF9yLCBfaWR4 LCBfcmVxKSBkbyB7CQkJCVwKKwkvKiBVc2Ugdm9sYXRpbGUgdG8gZm9yY2Ug dGhlIGNvcHkgaW50byBfcmVxLiAqLwkJCVwKKwkqKF9yZXEpID0gKih2b2xh dGlsZSB0eXBlb2YoX3JlcSkpUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCk7 CVwKK30gd2hpbGUgKDApCisKICNkZWZpbmUgUklOR19HRVRfUkVTUE9OU0Uo X3IsIF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFwKICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdf U0laRShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuNS4yCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Transfer-Encoding: base64 RnJvbSAxYzY5N2NhNzZhNjcwYjA4ODNjZDZhMjAzODI4YzMzY2NmNGVjYjFl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTM6MTYgKzAwMDAKU3ViamVjdDogW1BBVENIIDIv NV0gbmV0YnNkL25ldGJhY2s6IFVzZSBSSU5HX0NPUFlfUkVRVUVTVCBpbnN0 ZWFkIG9mCiBSSU5HX1JFUV9SRVFVRVNUCgpUaGlzIHdheSB3ZSBvcGVyYXRl IG9uIGEgbG9jYWwgY29weSBvZiB0aGUgZ3Vlc3QgUnguIFRoaXMgaXMgbW9y ZSB0aGFuCm5lY2Nlc3NhcnkgYXMgb25seSB0aGUgaWQgYW5kIGdyZWYgZmll bGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVzcwppZiB0aGUgZnJvbnRl bmQgbW9kaWZpZXMgdGhlc2UuCgpGb3IgdGhlIFRYIHdlIGFsc28gY29weSB0 aGUgcmVxdWVzdCBhbmQgbWFrZSBzdXJlIHRvIHVzZSBvbmx5IHRoZQpsb2Nh bCBjb3B5LgoKVGhpcyBpcyBiYXNlZCBvZmYgTGludXggJ3hlbi1uZXRiYWNr OiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0JwpwYXRjaC4K ClRoaXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25y YWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0t LQogYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMgfCA3OCArKysr KysrKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUg Y2hhbmdlZCwgNDAgaW5zZXJ0aW9ucygrKSwgMzggZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMg Yi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194ZW5idXMuYwppbmRleCA3Y2Mx NGFmLi4wZWYyMzUzIDEwMDY0NAotLS0gYS9hcmNoL3hlbi94ZW4veGVubmV0 YmFja194ZW5idXMuYworKysgYi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194 ZW5idXMuYwpAQCAtNzE1LDcgKzcxNSw3IEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiB7CiAJc3RydWN0IHhuZXRiYWNrX2luc3RhbmNl ICp4bmV0aSA9IGFyZzsKIAlzdHJ1Y3QgaWZuZXQgKmlmcCA9ICZ4bmV0aS0+ eG5pX2lmOwotCW5ldGlmX3R4X3JlcXVlc3RfdCAqdHhyZXE7CisJbmV0aWZf dHhfcmVxdWVzdF90IHR4cmVxOwogCXN0cnVjdCB4bmlfcGt0ICpwa3Q7CiAJ dmFkZHJfdCBwa3RfdmE7CiAJc3RydWN0IG1idWYgKm07CkBAIC03MzMsMzYg KzczMywzNiBAQCB4ZW5uZXRiYWNrX2V2dGhhbmRsZXIodm9pZCAqYXJnKQog CQkgICAgcmVjZWl2ZV9wZW5kaW5nKTsKIAkJaWYgKHJlY2VpdmVfcGVuZGlu ZyA9PSAwKQogCQkJYnJlYWs7Ci0JCXR4cmVxID0gUklOR19HRVRfUkVRVUVT VCgmeG5ldGktPnhuaV90eHJpbmcsIHJlcV9jb25zKTsKKwkJUklOR19DT1BZ X1JFUVVFU1QoJnhuZXRpLT54bmlfdHhyaW5nLCByZXFfY29ucywgJnR4cmVx KTsKIAkJeGVuX3JtYigpOwogCQlYRU5QUklOVEYoKCIlcyBwa3Qgc2l6ZSAl ZFxuIiwgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwKLQkJICAgIHR4cmVxLT5z aXplKSk7CisJCSAgICB0eHJlcS5zaXplKSk7CiAJCXJlcV9jb25zKys7CiAJ CWlmIChfX3ByZWRpY3RfZmFsc2UoKGlmcC0+aWZfZmxhZ3MgJiAoSUZGX1VQ IHwgSUZGX1JVTk5JTkcpKSAhPQogCQkgICAgKElGRl9VUCB8IElGRl9SVU5O SU5HKSkpIHsKIAkJCS8qIGludGVyZmFjZSBub3QgdXAsIGRyb3AgKi8KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWNvbnRpbnVlOwogCQl9CiAJ CS8qCiAJCSAqIERvIHNvbWUgc2FuaXR5IGNoZWNrcywgYW5kIG1hcCB0aGUg cGFja2V0J3MgcGFnZS4KIAkJICovCi0JCWlmIChfX3ByZWRpY3RfZmFsc2Uo dHhyZXEtPnNpemUgPCBFVEhFUl9IRFJfTEVOIHx8Ci0JCSAgIHR4cmVxLT5z aXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhFUl9DUkNfTEVOKSkpIHsKKwkJ aWYgKF9fcHJlZGljdF9mYWxzZSh0eHJlcS5zaXplIDwgRVRIRVJfSERSX0xF TiB8fAorCQkgICB0eHJlcS5zaXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhF Ul9DUkNfTEVOKSkpIHsKIAkJCXByaW50ZigiJXM6IHBhY2tldCBzaXplICVk IHRvbyBiaWdcbiIsCi0JCQkgICAgaWZwLT5pZl94bmFtZSwgdHhyZXEtPnNp emUpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEt PmlkLAorCQkJICAgIGlmcC0+aWZfeG5hbWUsIHR4cmVxLnNpemUpOworCQkJ eGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkg ICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlmcC0+aWZfaWVycm9ycysrOwog CQkJY29udGludWU7CiAJCX0KIAkJLyogZG9uJ3QgY3Jvc3MgcGFnZSBib3Vu ZGFyaWVzICovCiAJCWlmIChfX3ByZWRpY3RfZmFsc2UoCi0JCSAgICB0eHJl cS0+b2Zmc2V0ICsgdHhyZXEtPnNpemUgPiBQQUdFX1NJWkUpKSB7CisJCSAg ICB0eHJlcS5vZmZzZXQgKyB0eHJlcS5zaXplID4gUEFHRV9TSVpFKSkgewog CQkJcHJpbnRmKCIlczogcGFja2V0IGNyb3NzIHBhZ2UgYm91bmRhcnlcbiIs CiAJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9SU1BfRVJS T1IpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQljb250aW51ZTsKQEAg LTc3NCwxNSArNzc0LDE1IEBAIHhlbm5ldGJhY2tfZXZ0aGFuZGxlcih2b2lk ICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZsYXN0dGltZSwgJnhuaV9wb29s X2VycmludHZsKSkKIAkJCQlwcmludGYoIiVzOiBtYnVmIGFsbG9jIGZhaWxl ZFxuIiwKIAkJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9S U1BfRFJPUFBFRCk7CiAJCQlpZnAtPmlmX2llcnJvcnMrKzsKIAkJCWNvbnRp bnVlOwogCQl9CiAKIAkJWEVOUFJJTlRGKCgiJXMgcGt0IG9mZnNldCAlZCBz aXplICVkIGlkICVkIHJlcV9jb25zICVkXG4iLAotCQkgICAgeG5ldGktPnhu aV9pZi5pZl94bmFtZSwgdHhyZXEtPm9mZnNldCwKLQkJICAgIHR4cmVxLT5z aXplLCB0eHJlcS0+aWQsIE1BU0tfTkVUSUZfVFhfSURYKHJlcV9jb25zKSkp OworCQkgICAgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwgdHhyZXEub2Zmc2V0 LAorCQkgICAgdHhyZXEuc2l6ZSwgdHhyZXEuaWQsIE1BU0tfTkVUSUZfVFhf SURYKHJlcV9jb25zKSkpOwogCQkKIAkJcGt0ID0gcG9vbF9nZXQoJnhuaV9w a3RfcG9vbCwgUFJfTk9XQUlUKTsKIAkJaWYgKF9fcHJlZGljdF9mYWxzZShw a3QgPT0gTlVMTCkpIHsKQEAgLTc5MCwxNiArNzkwLDE2IEBAIHhlbm5ldGJh Y2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZs YXN0dGltZSwgJnhuaV9wb29sX2VycmludHZsKSkKIAkJCQlwcmludGYoIiVz OiB4bmJwa3QgYWxsb2MgZmFpbGVkXG4iLAogCQkJCSAgICBpZnAtPmlmX3hu YW1lKTsKLQkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LT5pZCwKKwkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LmlkLAogCQkJICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWlmcC0+aWZf aWVycm9ycysrOwogCQkJbV9mcmVlbShtKTsKIAkJCWNvbnRpbnVlOwogCQl9 Ci0JCWVyciA9IHhlbl9zaG1fbWFwKDEsIHhuZXRpLT54bmlfZG9taWQsICZ0 eHJlcS0+Z3JlZiwgJnBrdF92YSwKKwkJZXJyID0geGVuX3NobV9tYXAoMSwg eG5ldGktPnhuaV9kb21pZCwgJnR4cmVxLmdyZWYsICZwa3RfdmEsCiAJCSAg ICAmcGt0LT5wa3RfaGFuZGxlLCBYU0hNX1JPKTsKIAkJaWYgKF9fcHJlZGlj dF9mYWxzZShlcnIgPT0gRU5PTUVNKSkgewotCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0RS T1BQRUQpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQlwb29sX3B1dCgm eG5pX3BrdF9wb29sLCBwa3QpOwpAQCAtODEwLDcgKzgxMCw3IEBAIHhlbm5l dGJhY2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCWlmIChfX3ByZWRpY3Rf ZmFsc2UoZXJyKSkgewogCQkJcHJpbnRmKCIlczogbWFwcGluZyBmb3JlaW5n IHBhZ2UgZmFpbGVkOiAlZFxuIiwKIAkJCSAgICB4bmV0aS0+eG5pX2lmLmlm X3huYW1lLCBlcnIpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlm cC0+aWZfaWVycm9ycysrOwogCQkJcG9vbF9wdXQoJnhuaV9wa3RfcG9vbCwg cGt0KTsKQEAgLTgyMCwxMyArODIwLDEzIEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiAKIAkJaWYgKChpZnAtPmlmX2ZsYWdzICYgSUZG X1BST01JU0MpID09IDApIHsKIAkJCXN0cnVjdCBldGhlcl9oZWFkZXIgKmVo ID0KLQkJCSAgICAodm9pZCopKHBrdF92YSArIHR4cmVxLT5vZmZzZXQpOwor CQkJICAgICh2b2lkKikocGt0X3ZhICsgdHhyZXEub2Zmc2V0KTsKIAkJCWlm IChFVEhFUl9JU19NVUxUSUNBU1QoZWgtPmV0aGVyX2Rob3N0KSA9PSAwICYm CiAJCQkgICAgbWVtY21wKENMTEFERFIoaWZwLT5pZl9zYWRsKSwgZWgtPmV0 aGVyX2Rob3N0LAogCQkJICAgIEVUSEVSX0FERFJfTEVOKSAhPSAwKSB7CiAJ CQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92YSk7CiAJCQkJbV9mcmVlbSht KTsKLQkJCQl4ZW5uZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+ aWQsCisJCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEu aWQsCiAJCQkJICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJCQljb250aW51ZTsg LyogcGFja2V0IGlzIG5vdCBmb3IgdXMgKi8KIAkJCX0KQEAgLTg0NSwzMSAr ODQ1LDMxIEBAIHNvIGFsd2F5cyBjb3B5IGZvciBub3cuCiAJCQkgKiBhY2sg aXQuIERlbGF5aW5nIGl0IHVudGlsIHRoZSBtYnVmIGlzCiAJCQkgKiBmcmVl ZCB3aWxsIHN0YWxsIHRyYW5zbWl0LgogCQkJICovCi0JCQltLT5tX2xlbiA9 IG1pbihNSExFTiwgdHhyZXEtPnNpemUpOworCQkJbS0+bV9sZW4gPSBtaW4o TUhMRU4sIHR4cmVxLnNpemUpOwogCQkJbS0+bV9wa3RoZHIubGVuID0gMDsK LQkJCW1fY29weWJhY2sobSwgMCwgdHhyZXEtPnNpemUsCi0JCQkgICAgKHZv aWQgKikocGt0X3ZhICsgdHhyZXEtPm9mZnNldCkpOworCQkJbV9jb3B5YmFj ayhtLCAwLCB0eHJlcS5zaXplLAorCQkJICAgICh2b2lkICopKHBrdF92YSAr IHR4cmVxLm9mZnNldCkpOwogCQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92 YSk7Ci0JCQlpZiAobS0+bV9wa3RoZHIubGVuIDwgdHhyZXEtPnNpemUpIHsK KwkJCWlmIChtLT5tX3BrdGhkci5sZW4gPCB0eHJlcS5zaXplKSB7CiAJCQkJ aWZwLT5pZl9pZXJyb3JzKys7CiAJCQkJbV9mcmVlbShtKTsKLQkJCQl4ZW5u ZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQkJeGVu bmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkJICAg IE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCQljb250aW51ZTsKIAkJCX0KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJfSBlbHNlIHsKIAotCQkJcGt0LT5w a3RfaWQgPSB0eHJlcS0+aWQ7CisJCQlwa3QtPnBrdF9pZCA9IHR4cmVxLmlk OwogCQkJcGt0LT5wa3RfeG5ldGkgPSB4bmV0aTsKIAotCQkJTUVYVEFERCht LCBwa3RfdmEgKyB0eHJlcS0+b2Zmc2V0LAotCQkJICAgIHR4cmVxLT5zaXpl LCBNX0RFVkJVRiwgeGVubmV0YmFja190eF9mcmVlLCBwa3QpOwotCQkJbS0+ bV9wa3RoZHIubGVuID0gbS0+bV9sZW4gPSB0eHJlcS0+c2l6ZTsKKwkJCU1F WFRBREQobSwgcGt0X3ZhICsgdHhyZXEub2Zmc2V0LAorCQkJICAgIHR4cmVx LnNpemUsIE1fREVWQlVGLCB4ZW5uZXRiYWNrX3R4X2ZyZWUsIHBrdCk7CisJ CQltLT5tX3BrdGhkci5sZW4gPSBtLT5tX2xlbiA9IHR4cmVxLnNpemU7CiAJ CQltLT5tX2ZsYWdzIHw9IE1fRVhUX1JPTUFQOwogCQl9Ci0JCWlmICgodHhy ZXEtPmZsYWdzICYgTkVUVFhGX2NzdW1fYmxhbmspICE9IDApIHsKKwkJaWYg KCh0eHJlcS5mbGFncyAmIE5FVFRYRl9jc3VtX2JsYW5rKSAhPSAwKSB7CiAJ CQl4ZW5uZXRfY2hlY2tzdW1fZmlsbCgmbSk7CiAJCQlpZiAobSA9PSBOVUxM KSB7CiAJCQkJaWZwLT5pZl9pZXJyb3JzKys7CkBAIC05NTMsNiArOTUzLDcg QEAgeGVubmV0YmFja19pZnNvZnRzdGFydF90cmFuc2Zlcih2b2lkICphcmcp CiAJbW11X3VwZGF0ZV90ICptbXVwOwogCW11bHRpY2FsbF9lbnRyeV90ICpt Y2xwOwogCW5ldGlmX3J4X3Jlc3BvbnNlX3QgKnJ4cmVzcDsKKwluZXRpZl9y eF9yZXF1ZXN0X3QgcnhyZXE7CiAJUklOR19JRFggcmVxX3Byb2QsIHJlc3Bf cHJvZDsKIAlpbnQgZG9fZXZlbnQgPSAwOwogCWdudHRhYl90cmFuc2Zlcl90 ICpnb3A7CkBAIC0xMDI4LDEwICsxMDI5LDEwIEBAIHhlbm5ldGJhY2tfaWZz b2Z0c3RhcnRfdHJhbnNmZXIodm9pZCAqYXJnKQogCQkJCW5wcGl0ZW1zKys7 CiAJCQl9CiAJCQkvKiBzdGFydCBmaWxsaW5nIHJpbmcgKi8KLQkJCWdvcC0+ cmVmID0gUklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0J CQkgICAgeG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5ncmVmOwotCQkJ aWQgPSBSSU5HX0dFVF9SRVFVRVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKLQkJ CSAgICB4bmV0aS0+eG5pX3J4cmluZy5yZXFfY29ucyktPmlkOworCQkJUklO R19DT1BZX1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAorCQkJICAgIHhu ZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zLCAmcnhyZXEpOworCQkJZ29wLT5y ZWYgPSByeHJlcS5ncmVmOworCQkJaWQgPSByeHJlcS5pZDsKIAkJCXhlbl9y bWIoKTsKIAkJCXhuZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zKys7CiAJCQly eHJlc3AgPSBSSU5HX0dFVF9SRVNQT05TRSgmeG5ldGktPnhuaV9yeHJpbmcs CkBAIC0xMTk4LDYgKzExOTksNyBAQCB4ZW5uZXRiYWNrX2lmc29mdHN0YXJ0 X2NvcHkodm9pZCAqYXJnKQogCXBhZGRyX3QgeG1pdF9tYTsKIAlpbnQgaSwg ajsKIAluZXRpZl9yeF9yZXNwb25zZV90ICpyeHJlc3A7CisJbmV0aWZfcnhf cmVxdWVzdF90IHJ4cmVxOwogCVJJTkdfSURYIHJlcV9wcm9kLCByZXNwX3By b2Q7CiAJaW50IGRvX2V2ZW50ID0gMDsKIAlnbnR0YWJfY29weV90ICpnb3A7 CkBAIC0xMzA5LDE2ICsxMzExLDE2IEBAIHhlbm5ldGJhY2tfaWZzb2Z0c3Rh cnRfY29weSh2b2lkICphcmcpCiAJCQlnb3AtPnNvdXJjZS5kb21pZCA9IERP TUlEX1NFTEY7CiAJCQlnb3AtPnNvdXJjZS51LmdtZm4gPSB4bWl0X21hID4+ IFBBR0VfU0hJRlQ7CiAKLQkJCWdvcC0+ZGVzdC51LnJlZiA9IFJJTkdfR0VU X1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAotCQkJICAgIHhuZXRpLT54 bmlfcnhyaW5nLnJlcV9jb25zKS0+Z3JlZjsKKwkJCVJJTkdfQ09QWV9SRVFV RVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKKwkJCSAgICB4bmV0aS0+eG5pX3J4 cmluZy5yZXFfY29ucywgJnJ4cmVxKTsKKwkJCWdvcC0+ZGVzdC51LnJlZiA9 IHJ4cmVxLmdyZWY7CiAJCQlnb3AtPmRlc3Qub2Zmc2V0ID0gMDsKIAkJCWdv cC0+ZGVzdC5kb21pZCA9IHhuZXRpLT54bmlfZG9taWQ7CiAKIAkJCWdvcC0+ bGVuID0gbS0+bV9wa3RoZHIubGVuOwogCQkJZ29wKys7CiAKLQkJCWlkID0g UklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0JCQkgICAg eG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5pZDsKKwkJCWlkID0gcnhy ZXEuaWQ7CiAJCQl4ZW5fcm1iKCk7CiAJCQl4bmV0aS0+eG5pX3J4cmluZy5y ZXFfY29ucysrOwogCQkJcnhyZXNwID0gUklOR19HRVRfUkVTUE9OU0UoJnhu ZXRpLT54bmlfcnhyaW5nLAotLSAKMi41LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Transfer-Encoding: base64 RnJvbSBiMzY3Y2RiYTBjYzNlMmRlNDIzN2NhNzRmMzEwNDMxNDFkZWRhODky IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTQ6NDUgKzAwMDAKU3ViamVjdDogW1BBVENIIDMv NV0gbmV0YnNkL3Jpbmc6IEFkZCAnYmFycmllcicgdG8gcHJvdmlkZSBhbiBj b21waWxlcgogYmFycmllci4KCldlIG5lZWQgYW4gbWVjaGFuaXNtIHRvIGRp c2FibGUgdGhlIGNvbXBpbGVyIGZyb20gZ2VuZXJhdGluZyB0byBtdWNoCm9w dGltaXphdGlvbi4gVXNpbmcgdGhlICdiYXJyaWVyJyBtYWNybyB3aWxsIG1h a2UgdGhlIGNvbXBpbGVyIG5vdApvcHRpbWl6ZSB2YXJpYWJsZXMgcGFzdCB0 aGUgJ2JhcnJpZXInIChhcyBpbiwgcmUtdXNlIHRoZSByZWdpc3RlcnMKb3Ig b25seSByZWFkIHBhcnQgb2YgYSB2YWx1ZSBmcm9tIGEgbWVtb3J5KS4KClRo aXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog YXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaCB8IDIgKysK IDEgZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQg YS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oIGIvYXJj aC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaAppbmRleCAzMTZi Y2ViLi41Mjc4ZDA2IDEwMDY0NAotLS0gYS9hcmNoL3hlbi9pbmNsdWRlL3hl bi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVuL2luY2x1ZGUveGVu LXB1YmxpYy9pby9yaW5nLmgKQEAgLTM1LDYgKzM1LDcgQEAKICNkZWZpbmUg eGVuX21iKCkgIG1iKCkKICNkZWZpbmUgeGVuX3JtYigpIHJtYigpCiAjZGVm aW5lIHhlbl93bWIoKSB3bWIoKQorI2RlZmluZSBiYXJyaWVyKCkgICAgIF9f YXNtX18gX192b2xhdGlsZV9fKCIiOiA6IDoibWVtb3J5IikKICNlbmRpZgog I2VuZGlmCiAKQEAgLTQyLDYgKzQzLDcgQEAKICNkZWZpbmUgeGVuX21iKCkg IHg4Nl9tZmVuY2UoKQogI2RlZmluZSB4ZW5fcm1iKCkgeDg2X2xmZW5jZSgp CiAjZGVmaW5lIHhlbl93bWIoKSB4ODZfc2ZlbmNlKCkKKyNkZWZpbmUgYmFy cmllcigpICAgICBfX2FzbV9fIF9fdm9sYXRpbGVfXygiIjogOiA6Im1lbW9y eSIpCiAjZW5kaWYKIAogdHlwZWRlZiB1bnNpZ25lZCBpbnQgUklOR19JRFg7 Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Transfer-Encoding: base64 RnJvbSBhMGM1MjgyYWZmNTFkNWU2NTIwY2FhOTA0MjA3Yjk3MzU2N2Q5MjBk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTY6MDcgKzAwMDAKU3ViamVjdDogW1BBVENIIDQv NV0gbmV0YnNkL2Jsb2NrOiBvbmx5IHJlYWQgcmVxdWVzdCBvcGVyYXRpb24g ZnJvbSBzaGFyZWQKIHJpbmcgb25jZQoKVGhlIGNvbXBpbGVyIG1heSBsb2Fk IGEgc3dpdGNoIHN0YXRlbWVudCBtdWx0aXBsZSB0aW1lcyBmcm9tIHRoZSBz aGFyZWQKc3BhY2UuIFRoaXMgY291bGQgbGVhZCB0byB0aGUgZnJvbnRlbmQg bWFuaXB1bGF0aW5nIHRoZSBiYWNrZW5kIGludG8KdW5mb3JzZWVuIGJyYW5j aGVzLgoKV2Ugd2FudCB0byBlbnN1cmUgdGhhdCB0aGUgcmVxLT5vcGVyYXRp b24gaXMgb25seSByZWFkIG9uY2UgYW5kIHdlCmRvIHRoYXQgYnkgdXNpbmcg YW4gY29tcGlsZXIgYmFycmllci4KClRoaXMgaXMgcGFydCBvZiBYU0ExNTUu CgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJh ZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMgfCAxICsKIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigr KQoKZGlmZiAtLWdpdCBhL2FyY2gveGVuL3hlbi94YmRiYWNrX3hlbmJ1cy5j IGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMKaW5kZXggOWVlMDc1 OC4uM2QxODAyMSAxMDA2NDQKLS0tIGEvYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMKKysrIGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMK QEAgLTEwMjIsNiArMTAyMiw3IEBAIHhiZGJhY2tfY29fbWFpbl9sb29wKHN0 cnVjdCB4YmRiYWNrX2luc3RhbmNlICp4YmRpLCB2b2lkICpvYmopCiAJCQly ZXEtPnNlY3Rvcl9udW1iZXIgPSByZXE2NC0+c2VjdG9yX251bWJlcjsKIAkJ CWJyZWFrOwogCQl9CisJCWJhcnJpZXIoKTsKIAkJWEVOUFJJTlRGKCgieGJk YmFjayBvcCAlZCByZXFfY29ucyAweCV4IHJlcV9wcm9kIDB4JXggIgogCQkg ICAgInJlc3BfcHJvZCAweCV4IGlkICUiIFBSSXU2NCAiXG4iLCByZXEtPm9w ZXJhdGlvbiwKIAkJCXhiZGktPnhiZGlfcmluZy5yaW5nX24ucmVxX2NvbnMs Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Transfer-Encoding: base64 RnJvbSAzZjM5ZTA1MWIyMzRiNGJkOGUzNmI4MjBhOTMyNTkxYWZkNjQxM2Ix IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTc6MjIgKzAwMDAKU3ViamVjdDogW1BBVENIIDUv NV0gbmV0YnNkL3BjaWJhY2s6IE9wZXJhdGUgb24gbG9jYWwgdmVyc2lvbiBv ZiB4ZW5fcGNpX29wCgpEb3VibGUgZmV0Y2ggdnVsbmVyYWJpbGl0aWVzIHRo YXQgaGFwcGVuIHdoZW4gYSB2YXJpYWJsZSBpcwpmZXRjaGVkIHR3aWNlIGZy b20gc2hhcmVkIG1lbW9yeSBidXQgYSBzZWN1cml0eSBjaGVjayBpcyBvbmx5 CnBlcmZvcm1lZCB0aGUgZmlyc3QgdGltZS4KClRoZSBwY2liYWNrX3hlbmJ1 c19ldnRoYW5kbGVyIGZ1bmN0aW9uIHBlcmZvcm1zIGEgc3dpdGNoIHN0YXRl bWVudHMgb24gdGhlCm9wLT5zaXplIGFuZCBvcC0+Y21kIHZhbHVlIHdoaWNo IGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5LgpJbnRlcmVzdGluZ2x5IHRo aXMgY2FuIHJlc3VsdCBpbiBhIGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5 IGRlcGVuZGluZyBvbgp0aGUgcGVyZm9ybWVkIGNvbXBpbGVyIG9wdGltaXph dGlvbi4KClRoaXMgcGF0Y2ggZml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5f cGNpX29wIGNvbW1hbmQgYmVmb3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28g dXNlICdiYXJyaWVyJyB0byBtYWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIg ZG9lcyBub3QgcGVyZm9ybSBhbnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBw YXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0 ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBhcmNoL3hl bi94ZW4vcGNpYmFjay5jIHwgOCArKysrKysrLQogMSBmaWxlIGNoYW5nZWQs IDcgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBh L2FyY2gveGVuL3hlbi9wY2liYWNrLmMgYi9hcmNoL3hlbi94ZW4vcGNpYmFj ay5jCmluZGV4IDA0MmM4YzkuLjQ2YzgyMWMgMTAwNjQ0Ci0tLSBhL2FyY2gv eGVuL3hlbi9wY2liYWNrLmMKKysrIGIvYXJjaC94ZW4veGVuL3BjaWJhY2su YwpAQCAtMTg4LDYgKzE4OCw3IEBAIHN0cnVjdCBwYl94ZW5idXNfaW5zdGFu Y2UgewogCS8qIGNvbW11bmljYXRpb24gd2l0aCB0aGUgZG9tVSAqLwogICAg ICAgICB1bnNpZ25lZCBpbnQgcGJ4X2V2dGNobjsgLyogb3VyIGV2ZW4gY2hh bm5lbCAqLwogICAgICAgICBzdHJ1Y3QgeGVuX3BjaV9zaGFyZWRpbmZvICpw Ynhfc2hfaW5mbzsKKyAgICAgICAgc3RydWN0IHhlbl9wY2lfb3Agb3A7CiAg ICAgICAgIGdyYW50X2hhbmRsZV90IHBieF9zaGluZm9faGFuZGxlOyAvKiB0 byB1bm1hcCBzaGFyZWQgcGFnZSAqLwogfTsKIApAQCAtNzIxLDEzICs3MjIs MTYgQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJnKQog ewogCXN0cnVjdCBwYl94ZW5idXNfaW5zdGFuY2UgKnBieGkgPSBhcmc7CiAJ c3RydWN0IHBjaWJhY2tfcGNpX2RldiAqcGJkOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwYnhpLT5wYnhfc2hfaW5mby0+b3A7CisJc3RydWN0IHhl bl9wY2lfb3AgKm9wID0gJnBieGktPm9wOwogCXVfaW50IGJ1cywgZGV2LCBm dW5jOwogCiAJaHlwZXJ2aXNvcl9jbGVhcl9ldmVudChwYnhpLT5wYnhfZXZ0 Y2huKTsKIAlpZiAoeGVuX2F0b21pY190ZXN0X2JpdCgmcGJ4aS0+cGJ4X3No X2luZm8tPmZsYWdzLAogCSAgICBfWEVOX1BDSUZfYWN0aXZlKSA9PSAwKQog CQlyZXR1cm4gMDsKKworCW1lbWNweShvcCwgJnBieGktPnBieF9zaF9pbmZv LT5vcCwgc2l6ZW9mIChzdHJ1Y3QgeGVuX3BjaV9vcCkpOworCWJhcnJpZXIo KTsKIAlpZiAob3AtPmRvbWFpbiAhPSAwKSB7CiAJCWFwcmludF9lcnJvcigi cGNpYmFjazogZG9tYWluICVkICE9IDAiLCBvcC0+ZG9tYWluKTsKIAkJb3At PmVyciA9IFhFTl9QQ0lfRVJSX2Rldl9ub3RfZm91bmQ7CkBAIC03OTQsNiAr Nzk4LDggQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJn KQogCQlhcHJpbnRfZXJyb3IoInBjaWJhY2s6IHVua25vd24gY21kICVkXG4i LCBvcC0+Y21kKTsKIAkJb3AtPmVyciA9IFhFTl9QQ0lfRVJSX25vdF9pbXBs ZW1lbnRlZDsKIAl9CisJcGJ4aS0+cGJ4X3NoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworCXBieGktPnBieF9zaF9pbmZvLT5vcC5lcnIgPSBvcC0+ ZXJyOwogZW5kOgogCXhlbl9hdG9taWNfY2xlYXJfYml0KCZwYnhpLT5wYnhf c2hfaW5mby0+ZmxhZ3MsIF9YRU5fUENJRl9hY3RpdmUpOwogCWh5cGVydmlz b3Jfbm90aWZ5X3ZpYV9ldnRjaG4ocGJ4aS0+cGJ4X2V2dGNobik7Ci0tIAoy LjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemu-qdisk-double-access.patch" Content-Transfer-Encoding: base64 eGVuL2Jsa2lmOiBBdm9pZCBkb3VibGUgYWNjZXNzIHRvIHNyYy0+bnJfc2Vn bWVudHMKCnNyYyBpcyBzdG9yZWQgaW4gc2hhcmVkIG1lbW9yeSBhbmQgc3Jj LT5ucl9zZWdtZW50cyBpcyBkZXJlZmVyZW5jZWQKdHdpY2UgYXQgdGhlIGVu ZCBvZiB0aGUgZnVuY3Rpb24uICBJZiBhIGNvbXBpbGVyIGRlY2lkZXMgdG8g Y29tcGlsZSB0aGlzCmludG8gdHdvIHNlcGFyYXRlIG1lbW9yeSBhY2Nlc3Nl cyB0aGVuIHRoZSBzaXplIGxpbWl0YXRpb24gY291bGQgYmUKYnlwYXNzZWQu CgpGaXggaXQgYnkgcmVtb3ZpbmcgdGhlIGRvdWJsZSBhY2Nlc3MgdG8gc3Jj LT5ucl9zZWdtZW50cy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoKU2ln bmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJl bGxpbmlAZXUuY2l0cml4LmNvbT4KCmRpZmYgLS1naXQgYS9ody9ibG9jay94 ZW5fYmxraWYuaCBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCmluZGV4IDcxMWI2 OTIuLjllNzFlMDAgMTAwNjQ0Ci0tLSBhL2h3L2Jsb2NrL3hlbl9ibGtpZi5o CisrKyBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCkBAIC04NSw4ICs4NSwxMCBA QCBzdGF0aWMgaW5saW5lIHZvaWQgYmxraWZfZ2V0X3g4Nl8zMl9yZXEoYmxr aWZfcmVxdWVzdF90ICpkc3QsIGJsa2lmX3g4Nl8zMl9yZXF1ZQogCQlkLT5u cl9zZWN0b3JzID0gcy0+bnJfc2VjdG9yczsKIAkJcmV0dXJuOwogCX0KLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJYmFycmllcigpOworCWlmIChuID4gZHN0LT5ucl9zZWdtZW50cykK KwkJbiA9IGRzdC0+bnJfc2VnbWVudHM7CiAJZm9yIChpID0gMDsgaSA8IG47 IGkrKykKIAkJZHN0LT5zZWdbaV0gPSBzcmMtPnNlZ1tpXTsKIH0KQEAgLTEw Niw4ICsxMDgsMTAgQEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94 ODZfNjRfcmVxKGJsa2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRf cmVxdWUKIAkJZC0+bnJfc2VjdG9ycyA9IHMtPm5yX3NlY3RvcnM7CiAJCXJl dHVybjsKIAl9Ci0JaWYgKG4gPiBzcmMtPm5yX3NlZ21lbnRzKQotCQluID0g c3JjLT5ucl9zZWdtZW50czsKKwkvKiBwcmV2ZW50IHRoZSBjb21waWxlciBm cm9tIG9wdGltaXppbmcgdGhlIGNvZGUgYW5kIHVzaW5nIHNyYy0+bnJfc2Vn bWVudHMgaW5zdGVhZCAqLworCWJhcnJpZXIoKTsKKwlpZiAobiA+IGRzdC0+ bnJfc2VnbWVudHMpCisJCW4gPSBkc3QtPm5yX3NlZ21lbnRzOwogCWZvciAo aSA9IDA7IGkgPCBuOyBpKyspCiAJCWRzdC0+c2VnW2ldID0gc3JjLT5zZWdb aV07CiB9Cg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemut-qdisk-double-access.patch" Content-Transfer-Encoding: base64 RnJvbSAyNzk0MmIwY2IyMzI3ZTkzZGViMTIzMjZiYmU3YjM2YzgxZjlmYTdi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjU2OjAwIC0wNTAwClN1YmplY3Q6IFtQ QVRDSF0gYmxraWY6IEF2b2lkIGRvdWJsZSBhY2Nlc3MgdG8gc3JjLT5ucl9z ZWdtZW50cwoKc3JjIGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5IGFuZCBz cmMtPm5yX3NlZ21lbnRzIGlzIGRlcmVmZXJlbmNlZAp0d2ljZSBhdCB0aGUg ZW5kIG9mIHRoZSBmdW5jdGlvbi4gIElmIGEgY29tcGlsZXIgZGVjaWRlcyB0 byBjb21waWxlIHRoaXMKaW50byB0d28gc2VwYXJhdGUgbWVtb3J5IGFjY2Vz c2VzIHRoZW4gdGhlIHNpemUgbGltaXRhdGlvbiBjb3VsZCBiZQpieXBhc3Nl ZC4KCkZpeCBpdCBieSByZW1vdmluZyB0aGUgZG91YmxlIGFjY2VzcyB0byBz cmMtPm5yX3NlZ21lbnRzLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0xNTUuCgpT aWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3Rh YmVsbGluaUBldS5jaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog aHcveGVuX2Jsa2lmLmggfCAxMiArKysrKysrKy0tLS0KIDEgZmlsZSBjaGFu Z2VkLCA4IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0t Z2l0IGEvaHcveGVuX2Jsa2lmLmggYi9ody94ZW5fYmxraWYuaAppbmRleCBj YTNhNjViLi5lYjI5Y2IxIDEwMDY0NAotLS0gYS9ody94ZW5fYmxraWYuaAor KysgYi9ody94ZW5fYmxraWYuaApAQCAtNzksOCArNzksMTAgQEAgc3RhdGlj IGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfMzJfcmVxKGJsa2lmX3JlcXVl c3RfdCAqZHN0LCBibGtpZl94ODZfMzJfcmVxdWUKIAlkc3QtPmhhbmRsZSA9 IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwogCWRzdC0+c2Vj dG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlpZiAobiA+IHNy Yy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21lbnRzOworCS8q IHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemluZyB0aGUgY29k ZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFkICovCisJeGVu X21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQorCQluID0gZHN0 LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsgaSsrKQogCQlk c3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQpAQCAtOTQsOCArOTYsMTAg QEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfNjRfcmVxKGJs a2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRfcmVxdWUKIAlkc3Qt PmhhbmRsZSA9IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwog CWRzdC0+c2VjdG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJeGVuX21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQor CQluID0gZHN0LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsg aSsrKQogCQlkc3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQotLSAKMi40 LjMKCg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemut-xenfb.patch" Content-Transfer-Encoding: base64 RnJvbSAwZmZkNDU0NzY2NWQyZmVjNjQ4YWIyYzlmZjg1NmM1ZDlkYjliMDdj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjM3OjA4IC0wNTAwClN1YmplY3Q6IFtQ QVRDSCAyLzJdIHhlbmZiOiBhdm9pZCByZWFkaW5nIHR3aWNlIHRoZSBzYW1l IGZpZWxkcyBmcm9tIHRoZQogc2hhcmVkIHBhZ2UKClJlYWRpbmcgdHdpY2Ug dGhlIHNhbWUgZmllbGQgY291bGQgZ2l2ZSB0aGUgZ3Vlc3QgYW4gYXR0YWNr IG9mCm9wcG9ydHVuaXR5LiBJbiB0aGUgY2FzZSBvZiBldmVudC0+dHlwZSwg Z2NjIGNvdWxkIGNvbXBpbGUgdGhlIHN3aXRjaApzdGF0ZW1lbnQgaW50byBh IGp1bXAgdGFibGUsIGVmZmVjdGl2ZWx5IGVuZGluZyB1cCByZWFkaW5nIHRo ZSB0eXBlCmZpZWxkIG11bHRpcGxlIHRpbWVzLgoKVGhpcyBpcyBwYXJ0IG9m IFhTQS0xNTUuCgpTaWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkg PHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgotLS0KIGh3L3hl bmZiLmMgfCAxMCArKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgNiBpbnNl cnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2h3L3hl bmZiLmMgYi9ody94ZW5mYi5jCmluZGV4IDc1YjJiYzIuLjM2OWQ0NWQgMTAw NjQ0Ci0tLSBhL2h3L3hlbmZiLmMKKysrIGIvaHcveGVuZmIuYwpAQCAtODI3 LDE4ICs4MjcsMjAgQEAgc3RhdGljIHZvaWQgeGVuZmJfaW52YWxpZGF0ZSh2 b2lkICpvcGFxdWUpCiAKIHN0YXRpYyB2b2lkIHhlbmZiX2hhbmRsZV9ldmVu dHMoc3RydWN0IFhlbkZCICp4ZW5mYikKIHsKLSAgICB1aW50MzJfdCBwcm9k LCBjb25zOworICAgIHVpbnQzMl90IHByb2QsIGNvbnMsIG91dF9jb25zOwog ICAgIHN0cnVjdCB4ZW5mYl9wYWdlICpwYWdlID0geGVuZmItPmMucGFnZTsK IAogICAgIHByb2QgPSBwYWdlLT5vdXRfcHJvZDsKLSAgICBpZiAocHJvZCA9 PSBwYWdlLT5vdXRfY29ucykKKyAgICBvdXRfY29ucyA9IHBhZ2UtPm91dF9j b25zOworICAgIGlmIChwcm9kID09IG91dF9jb25zKQogCXJldHVybjsKICAg ICB4ZW5fcm1iKCk7CQkvKiBlbnN1cmUgd2Ugc2VlIHJpbmcgY29udGVudHMg dXAgdG8gcHJvZCAqLwotICAgIGZvciAoY29ucyA9IHBhZ2UtPm91dF9jb25z OyBjb25zICE9IHByb2Q7IGNvbnMrKykgeworICAgIGZvciAoY29ucyA9IG91 dF9jb25zOyBjb25zICE9IHByb2Q7IGNvbnMrKykgewogCXVuaW9uIHhlbmZi X291dF9ldmVudCAqZXZlbnQgPSAmWEVORkJfT1VUX1JJTkdfUkVGKHBhZ2Us IGNvbnMpOworICAgICAgICB1aW50OF90IHR5cGUgPSBldmVudC0+dHlwZTsK IAlpbnQgeCwgeSwgdywgaDsKIAotCXN3aXRjaCAoZXZlbnQtPnR5cGUpIHsK Kwlzd2l0Y2ggKHR5cGUpIHsKIAljYXNlIFhFTkZCX1RZUEVfVVBEQVRFOgog CSAgICBpZiAoeGVuZmItPnVwX2NvdW50ID09IFVQX1FVRVVFKQogCQl4ZW5m Yi0+dXBfZnVsbHNjcmVlbiA9IDE7Ci0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemu-xenfb.patch" Content-Transfer-Encoding: base64 eGVuZmI6IGF2b2lkIHJlYWRpbmcgdHdpY2UgdGhlIHNhbWUgZmllbGRzIGZy b20gdGhlIHNoYXJlZCBwYWdlCgpSZWFkaW5nIHR3aWNlIHRoZSBzYW1lIGZp ZWxkIGNvdWxkIGdpdmUgdGhlIGd1ZXN0IGFuIGF0dGFjayBvZgpvcHBvcnR1 bml0eS4gSW4gdGhlIGNhc2Ugb2YgZXZlbnQtPnR5cGUsIGdjYyBjb3VsZCBj b21waWxlIHRoZSBzd2l0Y2gKc3RhdGVtZW50IGludG8gYSBqdW1wIHRhYmxl LCBlZmZlY3RpdmVseSBlbmRpbmcgdXAgcmVhZGluZyB0aGUgdHlwZQpmaWVs ZCBtdWx0aXBsZSB0aW1lcy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoK U2lnbmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0 YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KCgpkaWZmIC0tZ2l0IGEvaHcvZGlz cGxheS94ZW5mYi5jIGIvaHcvZGlzcGxheS94ZW5mYi5jCmluZGV4IDVlMzI0 ZWYuLjRlMmEyN2EgMTAwNjQ0Ci0tLSBhL2h3L2Rpc3BsYXkveGVuZmIuYwor KysgYi9ody9kaXNwbGF5L3hlbmZiLmMKQEAgLTc4NCwxOCArNzg0LDIwIEBA IHN0YXRpYyB2b2lkIHhlbmZiX2ludmFsaWRhdGUodm9pZCAqb3BhcXVlKQog CiBzdGF0aWMgdm9pZCB4ZW5mYl9oYW5kbGVfZXZlbnRzKHN0cnVjdCBYZW5G QiAqeGVuZmIpCiB7Ci0gICAgdWludDMyX3QgcHJvZCwgY29uczsKKyAgICB1 aW50MzJfdCBwcm9kLCBjb25zLCBvdXRfY29uczsKICAgICBzdHJ1Y3QgeGVu ZmJfcGFnZSAqcGFnZSA9IHhlbmZiLT5jLnBhZ2U7CiAKICAgICBwcm9kID0g cGFnZS0+b3V0X3Byb2Q7Ci0gICAgaWYgKHByb2QgPT0gcGFnZS0+b3V0X2Nv bnMpCisgICAgb3V0X2NvbnMgPSBwYWdlLT5vdXRfY29uczsKKyAgICBpZiAo cHJvZCA9PSBvdXRfY29ucykKIAlyZXR1cm47CiAgICAgeGVuX3JtYigpOwkJ LyogZW5zdXJlIHdlIHNlZSByaW5nIGNvbnRlbnRzIHVwIHRvIHByb2QgKi8K LSAgICBmb3IgKGNvbnMgPSBwYWdlLT5vdXRfY29uczsgY29ucyAhPSBwcm9k OyBjb25zKyspIHsKKyAgICBmb3IgKGNvbnMgPSBvdXRfY29uczsgY29ucyAh PSBwcm9kOyBjb25zKyspIHsKIAl1bmlvbiB4ZW5mYl9vdXRfZXZlbnQgKmV2 ZW50ID0gJlhFTkZCX09VVF9SSU5HX1JFRihwYWdlLCBjb25zKTsKKyAgICAg ICAgdWludDhfdCB0eXBlID0gZXZlbnQtPnR5cGU7CiAJaW50IHgsIHksIHcs IGg7CiAKLQlzd2l0Y2ggKGV2ZW50LT50eXBlKSB7CisJc3dpdGNoICh0eXBl KSB7CiAJY2FzZSBYRU5GQl9UWVBFX1VQREFURToKIAkgICAgaWYgKHhlbmZi LT51cF9jb3VudCA9PSBVUF9RVUVVRSkKIAkJeGVuZmItPnVwX2Z1bGxzY3Jl ZW4gPSAxOwo= --=separator Content-Type: application/octet-stream; name="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSAxMmIxMTY1OGE5ZDZhNjU0YTFlN2FjYmYyZjJkNTZjZTlhMzk2Yzg2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDIwIE5vdiAy MDE1IDExOjU5OjA1IC0wNTAwClN1YmplY3Q6IFtQQVRDSCAxLzNdIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZp ZC52cmFiZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6 ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6 IEFkZCBjb21tZW50IGFib3V0IEdDQyBidWcuCi0tLQogeGVuL2luY2x1ZGUv cHVibGljL2lvL3JpbmcuaCB8IDE0ICsrKysrKysrKysrKysrCiAxIGZpbGUg Y2hhbmdlZCwgMTQgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9p bmNsdWRlL3B1YmxpYy9pby9yaW5nLmggYi94ZW4vaW5jbHVkZS9wdWJsaWMv aW8vcmluZy5oCmluZGV4IGJhOTQwMWIuLjgwMWMwZGEgMTAwNjQ0Ci0tLSBh L3hlbi9pbmNsdWRlL3B1YmxpYy9pby9yaW5nLmgKKysrIGIveGVuL2luY2x1 ZGUvcHVibGljL2lvL3JpbmcuaApAQCAtMjEyLDYgKzIxMiwyMCBAQCB0eXBl ZGVmIHN0cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgX19uYW1lIyNfYmFja19y aW5nX3QKICNkZWZpbmUgUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCkgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAoJigo X3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAx KSldLnJlcSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVx dWVzdC4KKyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdf R0VUX1JFUVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBv biBhIGxvY2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhl IG90aGVyIGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251 Lm9yZy9idWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNl IHRoaXMKKyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBz dHJ1Y3Qgd2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8K KyNkZWZpbmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRv IHsJCQkJXAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBp bnRvIF9yZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVv ZihfcmVxKSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGls ZSAoMCkKKwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICgm KChfciktPnNyaW5nLT5yaW5nWygoX2lkeCkgJiAoUklOR19TSVpFKF9yKSAt IDEpKV0ucnNwKSkKIAotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA4NTFmZmI0ZWVhOTE3ZTI3MDhjOTEyMjkxZGVhNGQxMzMwMjZjMGFj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MTY6MDIgLTA1MDAKU3ViamVjdDogW1BBVENIIDIv M10gYmxrdGFwMjogVXNlIFJJTkdfQ09QWV9SRVFVRVNUCgpJbnN0ZWFkIG9m IFJJTkdfR0VUX1JFUVVFU1QuIFVzaW5nIGEgbG9jYWwgY29weSBvZiB0aGUK cmluZyAoYW5kIGFsc28gd2l0aCBwcm9wZXIgbWVtb3J5IGJhcnJpZXJzKSB3 aWxsIG1lYW4Kd2UgY2FuIGRvIG5vdCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRo ZSBjb21waWxlciBvcHRpbWl6aW5nCnRoZSBjb2RlIGFuZCBkb2luZyBhIGRv dWJsZS1mZXRjaCBpbiB0aGUgc2hhcmVkIG1lbW9yeSBzcGFjZS4KClRoaXMg aXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnpl c3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CgotLS0KdjI6 IEZpeCBjb21waWxlIGlzc3VlcyB3aXRoIHRhcGRpc2stdmJkCi0tLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jICAgfCAzICsrLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMgfCA4ICsrKystLS0t CiAyIGZpbGVzIGNoYW5nZWQsIDYgaW5zZXJ0aW9ucygrKSwgNSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxv Y2stbG9nLmMgYi90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxvY2stbG9nLmMK aW5kZXggNTMzMGNkYy4uNWYzYmQzNSAxMDA2NDQKLS0tIGEvdG9vbHMvYmxr dGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jCisrKyBiL3Rvb2xzL2Jsa3RhcDIv ZHJpdmVycy9ibG9jay1sb2cuYwpAQCAtNDk0LDExICs0OTQsMTIgQEAgc3Rh dGljIGludCBjdGxfa2ljayhzdHJ1Y3QgdGRsb2dfc3RhdGUqIHMsIGludCBm ZCkKICAgcmVxc3RhcnQgPSBzLT5icmluZy5yZXFfY29uczsKICAgcmVxZW5k ID0gcy0+c3JpbmctPnJlcV9wcm9kOwogCisgIHhlbl9tYigpOwogICBCRFBS SU5URigiY3RsOiByaW5nIGtpY2tlZCAoc3RhcnQgPSAldSwgZW5kID0gJXUp IiwgcmVxc3RhcnQsIHJlcWVuZCk7CiAKICAgd2hpbGUgKHJlcXN0YXJ0ICE9 IHJlcWVuZCkgewogICAgIC8qIFhYWCBhY3R1YWxseSBzdWJtaXQgdGhlc2Uh ICovCi0gICAgbWVtY3B5KCZyZXEsIFJJTkdfR0VUX1JFUVVFU1QoJnMtPmJy aW5nLCByZXFzdGFydCksIHNpemVvZihyZXEpKTsKKyAgICBSSU5HX0NPUFlf UkVRVUVTVCgmcy0+YnJpbmcsIHJlcXN0YXJ0LCAmcmVxKTsKICAgICBCRFBS SU5URigiY3RsOiByZWFkIHJlcXVlc3QgJSJQUkl1NjQiOiV1IiwgcmVxLnNl Y3RvciwgcmVxLmNvdW50KTsKICAgICBzLT5icmluZy5yZXFfY29ucyA9ICsr cmVxc3RhcnQ7CiAKZGlmZiAtLWdpdCBhL3Rvb2xzL2Jsa3RhcDIvZHJpdmVy cy90YXBkaXNrLXZiZC5jIGIvdG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRp c2stdmJkLmMKaW5kZXggNmQxZDk0YS4uODllZjllZCAxMDA2NDQKLS0tIGEv dG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKKysrIGIvdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKQEAgLTE1NTUsNyAr MTU1NSw3IEBAIHRhcGRpc2tfdmJkX3B1bGxfcmluZ19yZXF1ZXN0cyh0ZF92 YmRfdCAqdmJkKQogCWludCBpZHg7CiAJUklOR19JRFggcnAsIHJjOwogCXRk X3JpbmdfdCAqcmluZzsKLQlibGtpZl9yZXF1ZXN0X3QgKnJlcTsKKwlibGtp Zl9yZXF1ZXN0X3QgcmVxOwogCXRkX3ZiZF9yZXF1ZXN0X3QgKnZyZXE7CiAK IAlyaW5nID0gJnZiZC0+cmluZzsKQEAgLTE1NjYsMTYgKzE1NjYsMTYgQEAg dGFwZGlza192YmRfcHVsbF9yaW5nX3JlcXVlc3RzKHRkX3ZiZF90ICp2YmQp CiAJeGVuX3JtYigpOwogCiAJZm9yIChyYyA9IHJpbmctPmZlX3JpbmcucmVx X2NvbnM7IHJjICE9IHJwOyByYysrKSB7Ci0JCXJlcSA9IFJJTkdfR0VUX1JF UVVFU1QoJnJpbmctPmZlX3JpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVF U1QoJnJpbmctPmZlX3JpbmcsIHJjLCAmcmVxKTsKIAkJKytyaW5nLT5mZV9y aW5nLnJlcV9jb25zOwogCi0JCWlkeCAgPSByZXEtPmlkOworCQlpZHggID0g cmVxLmlkOwogCQl2cmVxID0gJnZiZC0+cmVxdWVzdF9saXN0W2lkeF07CiAK IAkJQVNTRVJUKGxpc3RfZW1wdHkoJnZyZXEtPm5leHQpKTsKIAkJQVNTRVJU KHZyZXEtPnNlY3NfcGVuZGluZyA9PSAwKTsKIAotCQltZW1jcHkoJnZyZXEt PnJlcSwgcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7CisJCW1lbWNw eSgmdnJlcS0+cmVxLCAmcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7 CiAJCXZiZC0+cmVjZWl2ZWQrKzsKIAkJdnJlcS0+dmJkID0gdmJkOwogCi0t IAoyLjEuNAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBjMWZjZTY1ZTJiNzIwNjg0ZWE2YmE3NmFlNTk5MjE1NDJiZDE1NGJi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIIDMv M10gbGlidmNoYW46IFJlYWQgcHJvZC9jb25zIG9ubHkgb25jZS4KCldlIG11 c3QgZW5zdXJlIHRoYXQgdGhlIHByb2QvY29ucyBhcmUgb25seSByZWFkIG9u Y2UgYW5kIHRoYXQKdGhlIGNvbXBpbGVyIHdvbid0IHRyeSB0byBvcHRpbWl6 ZSB0aGUgcmVhZHMuIFRoYXQgaXMgc3BsaXQKdGhlIHJlYWQgb2YgdGhlc2Ug aW4gbXVsdGlwbGUgaW5zdHJ1Y3Rpb25zIGluZmx1ZW5jaW5nIGxhdGVyCmJy YW5jaCBjb2RlLiBBcyBzdWNoIGluc2VydCBiYXJyaWVycyB3aGVuIGZldGNo aW5nIHRoZSBjb25zCmFuZCBwcm9kIGluZGV4LgoKVGhpcyBpcyBwYXJ0IG9m IFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiB0b29scy9saWJ2Y2hh bi9pby5jIHwgMiArKwogMSBmaWxlIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygr KQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMgYi90b29scy9s aWJ2Y2hhbi9pby5jCmluZGV4IDhhOTYyOWIuLjM4MWNjMDUgMTAwNjQ0Ci0t LSBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMKKysrIGIvdG9vbHMvbGlidmNoYW4v aW8uYwpAQCAtMTE3LDYgKzExNyw3IEBAIHN0YXRpYyBpbmxpbmUgaW50IHNl bmRfbm90aWZ5KHN0cnVjdCBsaWJ4ZW52Y2hhbiAqY3RybCwgdWludDhfdCBi aXQpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0X2RhdGFfcmVhZHkoc3Ry dWN0IGxpYnhlbnZjaGFuICpjdHJsKQogewogCXVpbnQzMl90IHJlYWR5ID0g cmRfcHJvZChjdHJsKSAtIHJkX2NvbnMoY3RybCk7CisJeGVuX21iKCk7IC8q IEVuc3VyZSAncmVhZHknIGlzIHJlYWQgb25seSBvbmNlLiAqLwogCWlmIChy ZWFkeSA+IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3 YXkgdG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMK IAkJICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1 OCw2ICsxNTksNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1 Y3QgbGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdf Z2V0X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7 CiAJdWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3Jf cHJvZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBF bnN1cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVh ZHkgPiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5 IHRvIHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJ CSAqIGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEu MAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBlZjg2YWQwYjYwZmUxNzliMWE2ZmEzOTBlMDVjMzM5ZmI0NGI5Y2M5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIXSBs aWJ2Y2hhbjogUmVhZCBwcm9kL2NvbnMgb25seSBvbmNlLgoKV2UgbXVzdCBl bnN1cmUgdGhhdCB0aGUgcHJvZC9jb25zIGFyZSBvbmx5IHJlYWQgb25jZSBh bmQgdGhhdAp0aGUgY29tcGlsZXIgd29uJ3QgdHJ5IHRvIG9wdGltaXplIHRo ZSByZWFkcy4gVGhhdCBpcyBzcGxpdAp0aGUgcmVhZCBvZiB0aGVzZSBpbiBt dWx0aXBsZSBpbnN0cnVjdGlvbnMgaW5mbHVlbmNpbmcgbGF0ZXIKYnJhbmNo IGNvZGUuIEFzIHN1Y2ggaW5zZXJ0IGJhcnJpZXJzIHdoZW4gZmV0Y2hpbmcg dGhlIGNvbnMKYW5kIHByb2QgaW5kZXguCgpUaGlzIGlzIHBhcnQgb2YgWFNB MTU1LgoKU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIHRvb2xzL2xpYnZjaGFuL2lv LmMgfCAyICsrCiAxIGZpbGUgY2hhbmdlZCwgMiBpbnNlcnRpb25zKCspCgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlidmNoYW4vaW8uYyBiL3Rvb2xzL2xpYnZj aGFuL2lvLmMKaW5kZXggODA0YzYzYy4uOGIzM2Y0MCAxMDA2NDQKLS0tIGEv dG9vbHMvbGlidmNoYW4vaW8uYworKysgYi90b29scy9saWJ2Y2hhbi9pby5j CkBAIC0xMTgsNiArMTE4LDcgQEAgc3RhdGljIGlubGluZSBpbnQgc2VuZF9u b3RpZnkoc3RydWN0IGxpYnhlbnZjaGFuICpjdHJsLCB1aW50OF90IGJpdCkK IHN0YXRpYyBpbmxpbmUgaW50IHJhd19nZXRfZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiB7CiAJdWludDMyX3QgcmVhZHkgPSByZF9w cm9kKGN0cmwpIC0gcmRfY29ucyhjdHJsKTsKKwl4ZW5fbWIoKTsgLyogRW5z dXJlICdyZWFkeScgaXMgcmVhZCBvbmx5IG9uY2UuICovCiAJaWYgKHJlYWR5 ID49IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3YXkg dG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMKIAkJ ICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1OSw2 ICsxNjAsNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0 X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7CiAJ dWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3JfcHJv ZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBFbnN1 cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVhZHkg PiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5IHRv IHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJCSAq IGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Dec 17 13:38:03 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Dec 2015 13:38:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Yjt-0006KN-Dg; Thu, 17 Dec 2015 13:37:01 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Yjr-0006KB-Ve; Thu, 17 Dec 2015 13:37:00 +0000 Received: from [85.158.139.211] by server-17.bemta-5.messagelabs.com id C9/38-21901-B7AB2765; Thu, 17 Dec 2015 13:36:59 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-9.tower-206.messagelabs.com!1450359415!11389878!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10176 invoked from network); 17 Dec 2015 13:36:56 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-9.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 17 Dec 2015 13:36:56 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1a9Yjf-0001bD-OJ; Thu, 17 Dec 2015 13:36:47 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1a9Yjf-0007YQ-4Y; Thu, 17 Dec 2015 13:36:47 +0000 Date: Thu, 17 Dec 2015 13:36:47 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory contents X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8550 / XSA-155 version 6 paravirtualized drivers incautious about shared memory contents UPDATES IN VERSION 6 ==================== Correct CREDITS section. ISSUE DESCRIPTION ================= The compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice (during which time the frontend can alter the contents) possibly leading to arbitrary code execution in backend. IMPACT ====== Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact can be a host crash, or privilege escalation. VULNERABLE SYSTEMS ================== Systems running PV or HVM guests are vulnerable. ARM and x86 systems are vulnerable. All OSes providing PV backends are susceptible, this includes Linux and NetBSD. By default the Linux distributions compile kernels with optimizations. MITIGATION ========== There is no mitigation. CREDITS ======= This issue was discovered by Felix Wilhelm (ERNW Research, KIT / Operating Systems Group). RESOLUTION ========== Applying the appropriate attached patches should fix the problem for PV backends. Note only that PV backends are fixed; PV frontend patches will be developed and released (publicly) after the embargo date. Please note that there is a bug in some versions of gcc, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 which can cause the construct used in RING_COPY_REQUEST() to be ineffective in some circumstances. We have determined that this is only the case when the structure being copied consists purely of bitfields. The Xen PV protocols updated here do not use bitfields in this way and therefore these patches are not subject to that bug. However authors of third party PV protocols should take this into consideration. Linux v4.4: xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch Linux v4.[0,1,2,3] All the above patches except #5 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch Linux v3.19: All the above patches except #5 and #6 will apply, please use: xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch xsa155-linux319-0006-xen-scsiback-safely-copy-requests.patch qemu-xen: xsa155-qemu-qdisk-double-access.patch xsa155-qemu-xenfb.patch qemu-traditional: xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch NetBSD 7.0: xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch xen: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xen 4.4: All patches except #3 will apply, please use: xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ sha256sum xsa155* d9fbc104ab2ae797971e351ee0e04e7b7e9c7c33385309bb406c7941dc9a33b4 xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch 590656d83ad7b6052b54659eccb3469658b3942c0dc1366423a66f2f5ac643e1 xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2bd18632178e09394c5cd06aded2c14bcc6b6e360ad6e81827d24860fe3e8ca4 xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch cecdeccb8e2551252c81fc5f164a8298005df714a574a7ba18b84e8ed5f2bb70 xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch 3916b847243047f0e1053233ade742c14a7f29243584e60bf5db4842a8068855 xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch 746c8eb0aeb200d76156c88dfbbd49db79f567b88b07eda70f7c7d095721f05a xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch 18517a184a02f7441065b8d3423086320ec4c2345c00d551231f7976381767f5 xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch 2e6d556d25b1cc16e71afde665ae3908f4fa8eab7e0d96283fc78400301baf92 xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch 5e130d8b61906015c6a94f8edd3cce97b172f96a265d97ecf370e7b45125b73d xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch 08c2d0f95dcc215165afbce623b6972b81dd45b091b5f40017579b00c8612e03 xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch 0a66010f736092f91f70bb0fd220685e4395efef1db6d23a3d1eace31d144f51 xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch 5e913a8427cab6b4d384d1246e05116afc301eb117edd838101eb53a82c2f2ff xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch 3b8f14eafaed3a7bc66245753a37af4249acf8129fbedb70653192252dc47dc9 xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch 81ae5fa998243a78dad749fc561be647dc1dc1be799e8f18484fdf0989469705 xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch 044ff74fa048df820d528f64f2791ec9cb3940bd313c1179020bd49a6cde2ca3 xsa155-qemu-qdisk-double-access.patch 1150504589eb7bfa108c80ce63395e57d0e627b12d9201219d968fdd026919a6 xsa155-qemut-qdisk-double-access.patch 63186246ab6913b54bfef5f09f33e815935ac40ff821c27a3efda62339bbbd5f xsa155-qemut-xenfb.patch e53b4ac298648cde79344192d5a58ca8d8724344f5105bec7c09eef095c668f6 xsa155-qemu-xenfb.patch e52467fcec73bcc86d3e96d06f8ca8085ae56a83d2c42a30c16bc3dc630d8f8a xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch eae34c8ccc096ad93a74190506b3d55020a88afb0cc504a3a514590e9fd746fd xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch 42780265014085a4221ad32b026214693d751789eb5219e2e83862c0006c66f4 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch dfcaddb8a908a4fc1b048a43187e885117e67dc566f5c841037ee366dcd437d1 xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWcrpdAAoJEIP+FMlX6CvZ9soIALqQ/GHP6bZn2LqJTD9DIzsm zVB4yCPiVfDqHSOq9QNCzBzqpvOX+RhKTzRH1jsZczr8CSnkePxaCrmZgH8SAygB hFcF9xJGlJDjs647sgpQmYs++3mgD/57uml7IW/8NX46tXUelVByW7muNgUN2xlm kjeD8auJEs+jK1iwpt/hOmYe4moRx3+3ujfgqMCNAWtqZz9D9wM5tao+p6yKYlhM u8hSi1V3b7sAbf92mwzpzfpbwdgg25xeHtZ/oJxp/ZY0FhqDEsTxV+h8HjD/Eink GwqPS19O77tMmz9fUUTyJDSsU7ayFRI0HyYmXju4eJktJkhXagjAdCSyGky9z5g= =FlX2 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux319-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSBmOWM3MWU4OTJkNTE0MmEzMTQ0ODFkZjZiYWEyNmIzNGU2YTZiYTQ1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSF0geGVuLXNjc2li YWNrOiBzYWZlbHkgY29weSByZXF1ZXN0cwoKVGhlIGNvcHkgb2YgdGhlIHJp bmcgcmVxdWVzdCB3YXMgbGFja2luZyBhIGZvbGxvd2luZyBiYXJyaWVyKCks CnBvdGVudGlhbGx5IGFsbG93aW5nIHRoZSBjb21waWxlciB0byBvcHRpbWl6 ZSB0aGUgY29weSBhd2F5LgoKVXNlIFJJTkdfQ09QWV9SRVFVRVNUKCkgdG8g ZW5zdXJlIHRoZSByZXF1ZXN0IGlzIGNvcGllZCB0byBsb2NhbAptZW1vcnku CgpUaGlzIGlzIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3Jn ClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNp dHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCnYyOiBUaGlzIGlzIGEg YWdhaW5zdCB2My4xOQotLS0KIGRyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5j IHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94ZW4veGVuLXNjc2li YWNrLmMgYi9kcml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYwppbmRleCBlOTk5 NDk2ZS4uZDg2ZjZlMSAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4veGVuLXNj c2liYWNrLmMKKysrIGIvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKQEAg LTczNCw3ICs3MzQsNyBAQCBzdGF0aWMgaW50IHNjc2liYWNrX2RvX2NtZF9m bihzdHJ1Y3QgdnNjc2lia19pbmZvICppbmZvKQogCQlpZiAoIXBlbmRpbmdf cmVxKQogCQkJcmV0dXJuIDE7CiAKLQkJcmluZ19yZXEgPSBSSU5HX0dFVF9S RVFVRVNUKHJpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVFU1QocmluZywg cmMsICZyaW5nX3JlcSk7CiAJCXJpbmctPnJlcV9jb25zID0gKytyYzsKIAog CQlhY3QgPSByaW5nX3JlcS0+YWN0OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBkNTJmMDA5NjBjMTA3MGM2ODM4MDlmYWRkZDM1YTIyMjNlMmI4YTZl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDYvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0tCnYyOiBUaGlz IGlzIGFnYWluc3QgdjQuMwotLS0KIGRyaXZlcnMvYmxvY2sveGVuLWJsa2Jh Y2svYmxrYmFjay5jIHwgMTIgKysrKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdl ZCwgNyBpbnNlcnRpb25zKCspLCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIGIvZHJp dmVycy9ibG9jay94ZW4tYmxrYmFjay9ibGtiYWNrLmMKaW5kZXggNmE2ODVh ZS4uZjJlN2EzOCAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxr YmFjay9ibGtiYWNrLmMKKysrIGIvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9ibGtiYWNrLmMKQEAgLTk1MCw2ICs5NTAsOCBAQCBzdGF0aWMgaW50IHhl bl9ibGtia19wYXJzZV9pbmRpcmVjdChzdHJ1Y3QgYmxraWZfcmVxdWVzdCAq cmVxLAogCQlnb3RvIHVubWFwOwogCiAJZm9yIChuID0gMCwgaSA9IDA7IG4g PCBuc2VnOyBuKyspIHsKKwkJdWludDhfdCBmaXJzdF9zZWN0LCBsYXN0X3Nl Y3Q7CisKIAkJaWYgKChuICUgU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUUpID09 IDApIHsKIAkJCS8qIE1hcCBpbmRpcmVjdCBzZWdtZW50cyAqLwogCQkJaWYg KHNlZ21lbnRzKQpAQCAtOTU4LDE0ICs5NjAsMTQgQEAgc3RhdGljIGludCB4 ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3RydWN0IGJsa2lmX3JlcXVlc3Qg KnJlcSwKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1F OwogCQlwZW5kaW5nX3JlcS0+c2VnbWVudHNbbl0tPmdyZWYgPSBzZWdtZW50 c1tpXS5ncmVmOwotCQlzZWdbbl0ubnNlYyA9IHNlZ21lbnRzW2ldLmxhc3Rf c2VjdCAtCi0JCQlzZWdtZW50c1tpXS5maXJzdF9zZWN0ICsgMTsKLQkJc2Vn W25dLm9mZnNldCA9IChzZWdtZW50c1tpXS5maXJzdF9zZWN0IDw8IDkpOwot CQlpZiAoKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA+PSAoUEFHRV9TSVpFID4+ IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNlZ21l bnRzW2ldLmZpcnN0X3NlY3QpKSB7CisJCWZpcnN0X3NlY3QgPSBSRUFEX09O Q0Uoc2VnbWVudHNbaV0uZmlyc3Rfc2VjdCk7CisJCWxhc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5sYXN0X3NlY3QpOworCQlpZiAobGFzdF9z ZWN0ID49IChQQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0IDwgZmlyc3Rf c2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1bm1hcDsKIAkJ fQorCQlzZWdbbl0ubnNlYyA9IGxhc3Rfc2VjdCAtIGZpcnN0X3NlY3QgKyAx OworCQlzZWdbbl0ub2Zmc2V0ID0gZmlyc3Rfc2VjdCA8PCA5OwogCQlwcmVx LT5ucl9zZWN0cyArPSBzZWdbbl0ubnNlYzsKIAl9CiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA0ZTJiYzQyM2UwY2VmMGE0MmY5M2Q5ODljMDk4MDMwMWRmMWJkNDYy IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE0OjU4OjA4ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzddIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6IFVwZGF0ZSBhYm91dCBHQ0Mg YW5kIGJpdGZpZWxkcy4KLS0tCiBpbmNsdWRlL3hlbi9pbnRlcmZhY2UvaW8v cmluZy5oIHwgMTQgKysrKysrKysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCAx NCBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0IGEvaW5jbHVkZS94ZW4vaW50 ZXJmYWNlL2lvL3JpbmcuaCBiL2luY2x1ZGUveGVuL2ludGVyZmFjZS9pby9y aW5nLmgKaW5kZXggN2QyOGFmZi4uN2RjNjg1YiAxMDA2NDQKLS0tIGEvaW5j bHVkZS94ZW4vaW50ZXJmYWNlL2lvL3JpbmcuaAorKysgYi9pbmNsdWRlL3hl bi9pbnRlcmZhY2UvaW8vcmluZy5oCkBAIC0xODEsNiArMTgxLDIwIEBAIHN0 cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgewkJCQkJCVwKICNkZWZpbmUgUklO R19HRVRfUkVRVUVTVChfciwgX2lkeCkJCQkJCVwKICAgICAoJigoX3IpLT5z cmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAxKSldLnJl cSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVxdWVzdC4K KyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdfR0VUX1JF UVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBvbiBhIGxv Y2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhlIG90aGVy IGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251Lm9yZy9i dWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNlIHRoaXMK KyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBzdHJ1Y3Qg d2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8KKyNkZWZp bmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRvIHsJCQkJ XAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBpbnRvIF9y ZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVvZihfcmVx KSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGlsZSAoMCkK KwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkJCQkJCVwK ICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0la RShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch" Content-Transfer-Encoding: base64 RnJvbSAxMDBhYzM3MmEwZTA3Y2NjOGM1MDhjMzg4NGZhOTAyMGNmZTA4MDk0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE2OjAxICswMDAwClN1YmplY3Q6IFtQQVRDSCAyLzddIHhlbi1u ZXRiYWNrOiBkb24ndCB1c2UgbGFzdCByZXF1ZXN0IHRvIGRldGVybWluZSBt aW5pbXVtCiBUeCBjcmVkaXQKClRoZSBsYXN0IGZyb20gZ3Vlc3QgdHJhbnNt aXR0ZWQgcmVxdWVzdCBnaXZlcyBubyBpbmRpY2F0aW9uIGFib3V0IHRoZQpt aW5pbXVtIGFtb3VudCBvZiBjcmVkaXQgdGhhdCB0aGUgZ3Vlc3QgbWlnaHQg bmVlZCB0byBzZW5kIGEgcGFja2V0CnNpbmNlIHRoZSBsYXN0IHBhY2tldCBt aWdodCBoYXZlIGJlZW4gYSBzbWFsbCBvbmUuCgpJbnN0ZWFkIGFsbG93IGZv ciB0aGUgd29yc3QgY2FzZSAxMjggS2lCIHBhY2tldC4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpSZXZp ZXdlZC1ieTogV2VpIExpdSA8d2VpLmxpdTJAY2l0cml4LmNvbT4KU2lnbmVk LW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxrb25y YWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMvbmV0L3hlbi1uZXRi YWNrL25ldGJhY2suYyB8IDQgKy0tLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5z ZXJ0aW9uKCspLCAzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZl cnMvbmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYyBiL2RyaXZlcnMvbmV0L3hl bi1uZXRiYWNrL25ldGJhY2suYwppbmRleCBlNDgxZjM3Li5iNjgzNTgxIDEw MDY0NAotLS0gYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRiYWNrLmMK KysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCkBAIC02 NzksOSArNjc5LDcgQEAgc3RhdGljIHZvaWQgdHhfYWRkX2NyZWRpdChzdHJ1 Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSkKIAkgKiBBbGxvdyBhIGJ1cnN0IGJp ZyBlbm91Z2ggdG8gdHJhbnNtaXQgYSBqdW1ibyBwYWNrZXQgb2YgdXAgdG8g MTI4a0IuCiAJICogT3RoZXJ3aXNlIHRoZSBpbnRlcmZhY2UgY2FuIHNlaXpl IHVwIGR1ZSB0byBpbnN1ZmZpY2llbnQgY3JlZGl0LgogCSAqLwotCW1heF9i dXJzdCA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT50eCwgcXVldWUtPnR4 LnJlcV9jb25zKS0+c2l6ZTsKLQltYXhfYnVyc3QgPSBtaW4obWF4X2J1cnN0 LCAxMzEwNzJVTCk7Ci0JbWF4X2J1cnN0ID0gbWF4KG1heF9idXJzdCwgcXVl dWUtPmNyZWRpdF9ieXRlcyk7CisJbWF4X2J1cnN0ID0gbWF4KDEzMTA3MlVM LCBxdWV1ZS0+Y3JlZGl0X2J5dGVzKTsKIAogCS8qIFRha2UgY2FyZSB0aGF0 IGFkZGluZyBhIG5ldyBjaHVuayBvZiBjcmVkaXQgZG9lc24ndCB3cmFwIHRv IHplcm8uICovCiAJbWF4X2NyZWRpdCA9IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICsgcXVldWUtPmNyZWRpdF9ieXRlczsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch" Content-Transfer-Encoding: base64 RnJvbSA0MTI3ZTljY2FlMGVkYTYyMjQyMWQyMTEzMjg0NmFiZGY3NGY2NmVk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDMwIE9jdCAy MDE1IDE1OjE3OjA2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAzLzddIHhlbi1u ZXRiYWNrOiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0CgpJ bnN0ZWFkIG9mIG9wZW4tY29kaW5nIG1lbWNweSgpcyBhbmQgZGlyZWN0bHkg YWNjZXNzaW5nIFR4IGFuZCBSeApyZXF1ZXN0cywgdXNlIHRoZSBuZXcgUklO R19DT1BZX1JFUVVFU1QoKSB0aGF0IGVuc3VyZXMgdGhlIGxvY2FsIGNvcHkK aXMgY29ycmVjdC4KClRoaXMgaXMgbW9yZSB0aGFuIGlzIHN0cmljdGx5IG5l Y2Vzc2FyeSBmb3IgZ3Vlc3QgUnggcmVxdWVzdHMgc2luY2UKb25seSB0aGUg aWQgYW5kIGdyZWYgZmllbGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVz cyBpZiB0aGUKZnJvbnRlbmQgbW9kaWZpZXMgdGhlc2UuCgpUaGlzIGlzIHBh cnQgb2YgWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKUmV2 aWV3ZWQtYnk6IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5j b20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2lsayA8a29u cmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBkcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgfCAzMCArKysrKysrKysrKysrKy0tLS0tLS0tLS0t LS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAxNCBpbnNlcnRpb25zKCspLCAxNiBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL25ldC94ZW4tbmV0 YmFjay9uZXRiYWNrLmMgYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9uZXRi YWNrLmMKaW5kZXggYjY4MzU4MS4uMTA0OWMzNCAxMDA2NDQKLS0tIGEvZHJp dmVycy9uZXQveGVuLW5ldGJhY2svbmV0YmFjay5jCisrKyBiL2RyaXZlcnMv bmV0L3hlbi1uZXRiYWNrL25ldGJhY2suYwpAQCAtMjU4LDE4ICsyNTgsMTgg QEAgc3RhdGljIHN0cnVjdCB4ZW52aWZfcnhfbWV0YSAqZ2V0X25leHRfcnhf YnVmZmVyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQkJCQkJIHN0 cnVjdCBuZXRyeF9wZW5kaW5nX29wZXJhdGlvbnMgKm5wbykKIHsKIAlzdHJ1 Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAotCXJlcSA9IFJJTkdfR0VUX1JFUVVFU1QoJnF1ZXVlLT5yeCwg cXVldWUtPnJ4LnJlcV9jb25zKyspOworCVJJTkdfQ09QWV9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrLCAmcmVxKTsKIAogCW1l dGEgPSBucG8tPm1ldGEgKyBucG8tPm1ldGFfcHJvZCsrOwogCW1ldGEtPmdz b190eXBlID0gWEVOX05FVElGX0dTT19UWVBFX05PTkU7CiAJbWV0YS0+Z3Nv X3NpemUgPSAwOwogCW1ldGEtPnNpemUgPSAwOwotCW1ldGEtPmlkID0gcmVx LT5pZDsKKwltZXRhLT5pZCA9IHJlcS5pZDsKIAogCW5wby0+Y29weV9vZmYg PSAwOwotCW5wby0+Y29weV9ncmVmID0gcmVxLT5ncmVmOworCW5wby0+Y29w eV9ncmVmID0gcmVxLmdyZWY7CiAKIAlyZXR1cm4gbWV0YTsKIH0KQEAgLTQy NCw3ICs0MjQsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVj dCBza19idWZmICpza2IsCiAJc3RydWN0IHhlbnZpZiAqdmlmID0gbmV0ZGV2 X3ByaXYoc2tiLT5kZXYpOwogCWludCBucl9mcmFncyA9IHNrYl9zaGluZm8o c2tiKS0+bnJfZnJhZ3M7CiAJaW50IGk7Ci0Jc3RydWN0IHhlbl9uZXRpZl9y eF9yZXF1ZXN0ICpyZXE7CisJc3RydWN0IHhlbl9uZXRpZl9yeF9yZXF1ZXN0 IHJlcTsKIAlzdHJ1Y3QgeGVudmlmX3J4X21ldGEgKm1ldGE7CiAJdW5zaWdu ZWQgY2hhciAqZGF0YTsKIAlpbnQgaGVhZCA9IDE7CkBAIC00NDMsMTUgKzQ0 MywxNSBAQCBzdGF0aWMgaW50IHhlbnZpZl9nb3Bfc2tiKHN0cnVjdCBza19i dWZmICpza2IsCiAKIAkvKiBTZXQgdXAgYSBHU08gcHJlZml4IGRlc2NyaXB0 b3IsIGlmIG5lY2Vzc2FyeSAqLwogCWlmICgoMSA8PCBnc29fdHlwZSkgJiB2 aWYtPmdzb19wcmVmaXhfbWFzaykgewotCQlyZXEgPSBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwkJUklO R19DT1BZX1JFUVVFU1QoJnF1ZXVlLT5yeCwgcXVldWUtPnJ4LnJlcV9jb25z KyssICZyZXEpOwogCQltZXRhID0gbnBvLT5tZXRhICsgbnBvLT5tZXRhX3By b2QrKzsKIAkJbWV0YS0+Z3NvX3R5cGUgPSBnc29fdHlwZTsKIAkJbWV0YS0+ Z3NvX3NpemUgPSBza2Jfc2hpbmZvKHNrYiktPmdzb19zaXplOwogCQltZXRh LT5zaXplID0gMDsKLQkJbWV0YS0+aWQgPSByZXEtPmlkOworCQltZXRhLT5p ZCA9IHJlcS5pZDsKIAl9CiAKLQlyZXEgPSBSSU5HX0dFVF9SRVFVRVNUKCZx dWV1ZS0+cngsIHF1ZXVlLT5yeC5yZXFfY29ucysrKTsKKwlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnJ4LCBxdWV1ZS0+cngucmVxX2NvbnMrKywgJnJl cSk7CiAJbWV0YSA9IG5wby0+bWV0YSArIG5wby0+bWV0YV9wcm9kKys7CiAK IAlpZiAoKDEgPDwgZ3NvX3R5cGUpICYgdmlmLT5nc29fbWFzaykgewpAQCAt NDYzLDkgKzQ2Myw5IEBAIHN0YXRpYyBpbnQgeGVudmlmX2dvcF9za2Ioc3Ry dWN0IHNrX2J1ZmYgKnNrYiwKIAl9CiAKIAltZXRhLT5zaXplID0gMDsKLQlt ZXRhLT5pZCA9IHJlcS0+aWQ7CisJbWV0YS0+aWQgPSByZXEuaWQ7CiAJbnBv LT5jb3B5X29mZiA9IDA7Ci0JbnBvLT5jb3B5X2dyZWYgPSByZXEtPmdyZWY7 CisJbnBvLT5jb3B5X2dyZWYgPSByZXEuZ3JlZjsKIAogCWRhdGEgPSBza2It PmRhdGE7CiAJd2hpbGUgKGRhdGEgPCBza2JfdGFpbF9wb2ludGVyKHNrYikp IHsKQEAgLTcwOSw3ICs3MDksNyBAQCBzdGF0aWMgdm9pZCB4ZW52aWZfdHhf ZXJyKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCQlzcGluX3VubG9j a19pcnFyZXN0b3JlKCZxdWV1ZS0+cmVzcG9uc2VfbG9jaywgZmxhZ3MpOwog CQlpZiAoY29ucyA9PSBlbmQpCiAJCQlicmVhazsKLQkJdHhwID0gUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyspOworCQlSSU5HX0NPUFlf UkVRVUVTVCgmcXVldWUtPnR4LCBjb25zKyssIHR4cCk7CiAJfSB3aGlsZSAo MSk7CiAJcXVldWUtPnR4LnJlcV9jb25zID0gY29uczsKIH0KQEAgLTc3Niw4 ICs3NzYsNyBAQCBzdGF0aWMgaW50IHhlbnZpZl9jb3VudF9yZXF1ZXN0cyhz dHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJaWYgKGRyb3BfZXJyKQog CQkJdHhwID0gJmRyb3BwZWRfdHg7CiAKLQkJbWVtY3B5KHR4cCwgUklOR19H RVRfUkVRVUVTVCgmcXVldWUtPnR4LCBjb25zICsgc2xvdHMpLAotCQkgICAg ICAgc2l6ZW9mKCp0eHApKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVl LT50eCwgY29ucyArIHNsb3RzLCB0eHApOwogCiAJCS8qIElmIHRoZSBndWVz dCBzdWJtaXR0ZWQgYSBmcmFtZSA+PSA2NCBLaUIgdGhlbgogCQkgKiBmaXJz dC0+c2l6ZSBvdmVyZmxvd2VkIGFuZCBmb2xsb3dpbmcgc2xvdHMgd2lsbApA QCAtMTExMCw4ICsxMTA5LDcgQEAgc3RhdGljIGludCB4ZW52aWZfZ2V0X2V4 dHJhcyhzdHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwKIAkJCXJldHVybiAt RUJBRFI7CiAJCX0KIAotCQltZW1jcHkoJmV4dHJhLCBSSU5HX0dFVF9SRVFV RVNUKCZxdWV1ZS0+dHgsIGNvbnMpLAotCQkgICAgICAgc2l6ZW9mKGV4dHJh KSk7CisJCVJJTkdfQ09QWV9SRVFVRVNUKCZxdWV1ZS0+dHgsIGNvbnMsICZl eHRyYSk7CiAJCWlmICh1bmxpa2VseSghZXh0cmEudHlwZSB8fAogCQkJICAg ICBleHRyYS50eXBlID49IFhFTl9ORVRJRl9FWFRSQV9UWVBFX01BWCkpIHsK IAkJCXF1ZXVlLT50eC5yZXFfY29ucyA9ICsrY29uczsKQEAgLTEzMjAsNyAr MTMxOCw3IEBAIHN0YXRpYyB2b2lkIHhlbnZpZl90eF9idWlsZF9nb3BzKHN0 cnVjdCB4ZW52aWZfcXVldWUgKnF1ZXVlLAogCiAJCWlkeCA9IHF1ZXVlLT50 eC5yZXFfY29uczsKIAkJcm1iKCk7IC8qIEVuc3VyZSB0aGF0IHdlIHNlZSB0 aGUgcmVxdWVzdCBiZWZvcmUgd2UgY29weSBpdC4gKi8KLQkJbWVtY3B5KCZ0 eHJlcSwgUklOR19HRVRfUkVRVUVTVCgmcXVldWUtPnR4LCBpZHgpLCBzaXpl b2YodHhyZXEpKTsKKwkJUklOR19DT1BZX1JFUVVFU1QoJnF1ZXVlLT50eCwg aWR4LCAmdHhyZXEpOwogCiAJCS8qIENyZWRpdC1iYXNlZCBzY2hlZHVsaW5n LiAqLwogCQlpZiAodHhyZXEuc2l6ZSA+IHF1ZXVlLT5yZW1haW5pbmdfY3Jl ZGl0ICYmCi0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch" Content-Transfer-Encoding: base64 RnJvbSAwODRiOGMyZTc3ZjFhYzA3ZTRhM2ExMjFmZjk1N2M0OWE5Mzc5Mzg1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6MzQ6MDkgKzAwMDAKU3ViamVj dDogW1BBVENIIDQvN10geGVuLWJsa2JhY2s6IG9ubHkgcmVhZCByZXF1ZXN0 IG9wZXJhdGlvbiBmcm9tIHNoYXJlZCByaW5nCiBvbmNlCk1JTUUtVmVyc2lv bjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYt OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgpBIGNvbXBpbGVy IG1heSBsb2FkIGEgc3dpdGNoIHN0YXRlbWVudCB2YWx1ZSBtdWx0aXBsZSB0 aW1lcywgd2hpY2ggY291bGQKYmUgYmFkIHdoZW4gdGhlIHZhbHVlIGlzIGlu IG1lbW9yeSBzaGFyZWQgd2l0aCB0aGUgZnJvbnRlbmQuCgpXaGVuIGNvbnZl cnRpbmcgYSBub24tbmF0aXZlIHJlcXVlc3QgdG8gYSBuYXRpdmUgb25lLCBl bnN1cmUgdGhhdApzcmMtPm9wZXJhdGlvbiBpcyBvbmx5IGxvYWRlZCBvbmNl IGJ5IHVzaW5nIFJFQURfT05DRSgpLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1 NS4KCkNDOiBzdGFibGVAdmdlci5rZXJuZWwub3JnClNpZ25lZC1vZmYtYnk6 IFJvZ2VyIFBhdSBNb25uw6kgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpTaWdu ZWQtb2ZmLWJ5OiBEYXZpZCBWcmFiZWwgPGRhdmlkLnZyYWJlbEBjaXRyaXgu Y29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtv bnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogZHJpdmVycy9ibG9jay94ZW4t YmxrYmFjay9jb21tb24uaCB8IDggKysrKy0tLS0KIDEgZmlsZSBjaGFuZ2Vk LCA0IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFjay9jb21tb24uaCBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svY29tbW9uLmgKaW5kZXggNjhlODdhMC4u YzkyOWFlMiAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFj ay9jb21tb24uaAorKysgYi9kcml2ZXJzL2Jsb2NrL3hlbi1ibGtiYWNrL2Nv bW1vbi5oCkBAIC00MDgsOCArNDA4LDggQEAgc3RhdGljIGlubGluZSB2b2lk IGJsa2lmX2dldF94ODZfMzJfcmVxKHN0cnVjdCBibGtpZl9yZXF1ZXN0ICpk c3QsCiAJCQkJCXN0cnVjdCBibGtpZl94ODZfMzJfcmVxdWVzdCAqc3JjKQog ewogCWludCBpLCBuID0gQkxLSUZfTUFYX1NFR01FTlRTX1BFUl9SRVFVRVNU LCBqOwotCWRzdC0+b3BlcmF0aW9uID0gc3JjLT5vcGVyYXRpb247Ci0Jc3dp dGNoIChzcmMtPm9wZXJhdGlvbikgeworCWRzdC0+b3BlcmF0aW9uID0gUkVB RF9PTkNFKHNyYy0+b3BlcmF0aW9uKTsKKwlzd2l0Y2ggKGRzdC0+b3BlcmF0 aW9uKSB7CiAJY2FzZSBCTEtJRl9PUF9SRUFEOgogCWNhc2UgQkxLSUZfT1Bf V1JJVEU6CiAJY2FzZSBCTEtJRl9PUF9XUklURV9CQVJSSUVSOgpAQCAtNDU2 LDggKzQ1Niw4IEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBibGtpZl9nZXRfeDg2 XzY0X3JlcShzdHJ1Y3QgYmxraWZfcmVxdWVzdCAqZHN0LAogCQkJCQlzdHJ1 Y3QgYmxraWZfeDg2XzY0X3JlcXVlc3QgKnNyYykKIHsKIAlpbnQgaSwgbiA9 IEJMS0lGX01BWF9TRUdNRU5UU19QRVJfUkVRVUVTVCwgajsKLQlkc3QtPm9w ZXJhdGlvbiA9IHNyYy0+b3BlcmF0aW9uOwotCXN3aXRjaCAoc3JjLT5vcGVy YXRpb24pIHsKKwlkc3QtPm9wZXJhdGlvbiA9IFJFQURfT05DRShzcmMtPm9w ZXJhdGlvbik7CisJc3dpdGNoIChkc3QtPm9wZXJhdGlvbikgewogCWNhc2Ug QkxLSUZfT1BfUkVBRDoKIAljYXNlIEJMS0lGX09QX1dSSVRFOgogCWNhc2Ug QkxLSUZfT1BfV1JJVEVfQkFSUklFUjoKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSAwNmVlN2M3YmViMGI1MjQ1YjFkODc5Yzk3NTNmYWEyY2Y1YWQ5ODkx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/Um9n ZXI9MjBQYXU9MjBNb25uPUMzPUE5Pz0gPHJvZ2VyLnBhdUBjaXRyaXguY29t PgpEYXRlOiBUdWUsIDMgTm92IDIwMTUgMTY6NDA6NDMgKzAwMDAKU3ViamVj dDogW1BBVENIIDUvN10geGVuLWJsa2JhY2s6IHJlYWQgZnJvbSBpbmRpcmVj dCBkZXNjcmlwdG9ycyBvbmx5IG9uY2UKTUlNRS1WZXJzaW9uOiAxLjAKQ29u dGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04CkNvbnRlbnQt VHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQKClNpbmNlIGluZGlyZWN0IGRlc2Ny aXB0b3JzIGFyZSBpbiBtZW1vcnkgc2hhcmVkIHdpdGggdGhlIGZyb250ZW5k LCB0aGUKZnJvbnRlbmQgY291bGQgYWx0ZXIgdGhlIGZpcnN0X3NlY3QgYW5k IGxhc3Rfc2VjdCB2YWx1ZXMgYWZ0ZXIgdGhleSBoYXZlCmJlZW4gdmFsaWRh dGVkIGJ1dCBiZWZvcmUgdGhleSBhcmUgcmVjb3JkZWQgaW4gdGhlIHJlcXVl c3QuICBUaGlzIG1heQpyZXN1bHQgaW4gSS9PIHJlcXVlc3RzIHRoYXQgb3Zl cmZsb3cgdGhlIGZvcmVpZ24gcGFnZSwgcG9zc2libHkKb3ZlcndyaXRpbmcg bG9jYWwgcGFnZXMgd2hlbiB0aGUgSS9PIHJlcXVlc3QgaXMgZXhlY3V0ZWQu CgpXaGVuIHBhcnNpbmcgaW5kaXJlY3QgZGVzY3JpcHRvcnMsIG9ubHkgcmVh ZCBmaXJzdF9zZWN0IGFuZCBsYXN0X3NlY3QKb25jZS4KClRoaXMgaXMgcGFy dCBvZiBYU0ExNTUuCgpDQzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwpTaWdu ZWQtb2ZmLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFi ZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRl ayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMv YmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jIHwgMTUgKysrKysrKysrKy0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMTAgaW5zZXJ0aW9ucygrKSwgNSBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL2Jsb2NrL3hlbi1ibGti YWNrL2Jsa2JhY2suYyBiL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxr YmFjay5jCmluZGV4IGY5MDk5OTQuLjQxZmIxYTkgMTAwNjQ0Ci0tLSBhL2Ry aXZlcnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCisrKyBiL2RyaXZl cnMvYmxvY2sveGVuLWJsa2JhY2svYmxrYmFjay5jCkBAIC05NTAsNiArOTUw LDggQEAgc3RhdGljIGludCB4ZW5fYmxrYmtfcGFyc2VfaW5kaXJlY3Qoc3Ry dWN0IGJsa2lmX3JlcXVlc3QgKnJlcSwKIAkJZ290byB1bm1hcDsKIAogCWZv ciAobiA9IDAsIGkgPSAwOyBuIDwgbnNlZzsgbisrKSB7CisJCXVpbnQ4X3Qg Zmlyc3Rfc2VjdCwgbGFzdF9zZWN0OworCiAJCWlmICgobiAlIFNFR1NfUEVS X0lORElSRUNUX0ZSQU1FKSA9PSAwKSB7CiAJCQkvKiBNYXAgaW5kaXJlY3Qg c2VnbWVudHMgKi8KIAkJCWlmIChzZWdtZW50cykKQEAgLTk1NywxNSArOTU5 LDE4IEBAIHN0YXRpYyBpbnQgeGVuX2Jsa2JrX3BhcnNlX2luZGlyZWN0KHN0 cnVjdCBibGtpZl9yZXF1ZXN0ICpyZXEsCiAJCQlzZWdtZW50cyA9IGttYXBf YXRvbWljKHBhZ2VzW24vU0VHU19QRVJfSU5ESVJFQ1RfRlJBTUVdLT5wYWdl KTsKIAkJfQogCQlpID0gbiAlIFNFR1NfUEVSX0lORElSRUNUX0ZSQU1FOwor CiAJCXBlbmRpbmdfcmVxLT5zZWdtZW50c1tuXS0+Z3JlZiA9IHNlZ21lbnRz W2ldLmdyZWY7Ci0JCXNlZ1tuXS5uc2VjID0gc2VnbWVudHNbaV0ubGFzdF9z ZWN0IC0KLQkJCXNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgKyAxOwotCQlzZWdb bl0ub2Zmc2V0ID0gKHNlZ21lbnRzW2ldLmZpcnN0X3NlY3QgPDwgOSk7Ci0J CWlmICgoc2VnbWVudHNbaV0ubGFzdF9zZWN0ID49IChYRU5fUEFHRV9TSVpF ID4+IDkpKSB8fAotCQkgICAgKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCA8IHNl Z21lbnRzW2ldLmZpcnN0X3NlY3QpKSB7CisKKwkJZmlyc3Rfc2VjdCA9IFJF QURfT05DRShzZWdtZW50c1tpXS5maXJzdF9zZWN0KTsKKwkJbGFzdF9zZWN0 ID0gUkVBRF9PTkNFKHNlZ21lbnRzW2ldLmxhc3Rfc2VjdCk7CisJCWlmIChs YXN0X3NlY3QgPj0gKFhFTl9QQUdFX1NJWkUgPj4gOSkgfHwgbGFzdF9zZWN0 IDwgZmlyc3Rfc2VjdCkgewogCQkJcmMgPSAtRUlOVkFMOwogCQkJZ290byB1 bm1hcDsKIAkJfQorCisJCXNlZ1tuXS5uc2VjID0gbGFzdF9zZWN0IC0gZmly c3Rfc2VjdCArIDE7CisJCXNlZ1tuXS5vZmZzZXQgPSBmaXJzdF9zZWN0IDw8 IDk7CiAJCXByZXEtPm5yX3NlY3RzICs9IHNlZ1tuXS5uc2VjOwogCX0KIAot LSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch" Content-Transfer-Encoding: base64 RnJvbSA4OTczOWMxNGM3MmU1YzE2MjZhNWNkNWUwOWNiYjJlZmVhYWRiNmQ4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBNb24sIDE2IE5vdiAy MDE1IDE4OjAyOjMyICswMDAwClN1YmplY3Q6IFtQQVRDSCA2LzddIHhlbi1z Y3NpYmFjazogc2FmZWx5IGNvcHkgcmVxdWVzdHMKClRoZSBjb3B5IG9mIHRo ZSByaW5nIHJlcXVlc3Qgd2FzIGxhY2tpbmcgYSBmb2xsb3dpbmcgYmFycmll cigpLApwb3RlbnRpYWxseSBhbGxvd2luZyB0aGUgY29tcGlsZXIgdG8gb3B0 aW1pemUgdGhlIGNvcHkgYXdheS4KClVzZSBSSU5HX0NPUFlfUkVRVUVTVCgp IHRvIGVuc3VyZSB0aGUgcmVxdWVzdCBpcyBjb3BpZWQgdG8gbG9jYWwKbWVt b3J5LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkNDOiBzdGFibGVAdmdl ci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jv c3NAc3VzZS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJlbCA8ZGF2 aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBS emVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBk cml2ZXJzL3hlbi94ZW4tc2NzaWJhY2suYyB8IDIgKy0KIDEgZmlsZSBjaGFu Z2VkLCAxIGluc2VydGlvbigrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdp dCBhL2RyaXZlcnMveGVuL3hlbi1zY3NpYmFjay5jIGIvZHJpdmVycy94ZW4v eGVuLXNjc2liYWNrLmMKaW5kZXggNDNiY2FlOC4uYWQ0ZWIxMCAxMDA2NDQK LS0tIGEvZHJpdmVycy94ZW4veGVuLXNjc2liYWNrLmMKKysrIGIvZHJpdmVy cy94ZW4veGVuLXNjc2liYWNrLmMKQEAgLTcyNiw3ICs3MjYsNyBAQCBzdGF0 aWMgaW50IHNjc2liYWNrX2RvX2NtZF9mbihzdHJ1Y3QgdnNjc2lia19pbmZv ICppbmZvKQogCQlpZiAoIXBlbmRpbmdfcmVxKQogCQkJcmV0dXJuIDE7CiAK LQkJcmluZ19yZXEgPSAqUklOR19HRVRfUkVRVUVTVChyaW5nLCByYyk7CisJ CVJJTkdfQ09QWV9SRVFVRVNUKHJpbmcsIHJjLCAmcmluZ19yZXEpOwogCQly aW5nLT5yZXFfY29ucyA9ICsrcmM7CiAKIAkJZXJyID0gcHJlcGFyZV9wZW5k aW5nX3JlcXMoaW5mbywgJnJpbmdfcmVxLCBwZW5kaW5nX3JlcSk7Ci0tIAoy LjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Disposition: attachment; filename="xsa155-linux-xsa155-0007-xen-pciback-Save-xen_pci_op-commands-before-processi.patch" Content-Transfer-Encoding: base64 RnJvbSBmNmY0Mzg4YzkxN2NlOTZiMDc1YTIzOWE0NTM1YjhlZmM2MDY0ZDE0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IE1vbiwg MTYgTm92IDIwMTUgMTI6NDA6NDggLTA1MDAKU3ViamVjdDogW1BBVENIIDcv N10geGVuL3BjaWJhY2s6IFNhdmUgeGVuX3BjaV9vcCBjb21tYW5kcyBiZWZv cmUgcHJvY2Vzc2luZwogaXQKCkRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXRp ZXMgdGhhdCBoYXBwZW4gd2hlbiBhIHZhcmlhYmxlIGlzCmZldGNoZWQgdHdp Y2UgZnJvbSBzaGFyZWQgbWVtb3J5IGJ1dCBhIHNlY3VyaXR5IGNoZWNrIGlz IG9ubHkKcGVyZm9ybWVkIHRoZSBmaXJzdCB0aW1lLgoKVGhlIHhlbl9wY2li a19kb19vcCBmdW5jdGlvbiBwZXJmb3JtcyBhIHN3aXRjaCBzdGF0ZW1lbnRz IG9uIHRoZSBvcC0+Y21kCnZhbHVlIHdoaWNoIGlzIHN0b3JlZCBpbiBzaGFy ZWQgbWVtb3J5LiBJbnRlcmVzdGluZ2x5IHRoaXMgY2FuIHJlc3VsdAppbiBh IGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5IGRlcGVuZGluZyBvbiB0aGUg cGVyZm9ybWVkIGNvbXBpbGVyCm9wdGltaXphdGlvbi4KClRoaXMgcGF0Y2gg Zml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5fcGNpX29wIGNvbW1hbmQgYmVm b3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28gdXNlICdiYXJyaWVyJyB0byBt YWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIgZG9lcyBub3QgcGVyZm9ybSBh bnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQTE1NS4KCkND OiBzdGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2VkLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxKQmV1bGljaEBzdXNlLmNvbT4KU2ln bmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZpZC52cmFiZWxAY2l0cml4 LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIGRyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaCAgICAgfCAgMSArCiBkcml2ZXJzL3hlbi94ZW4t cGNpYmFjay9wY2liYWNrX29wcy5jIHwgMTUgKysrKysrKysrKysrKystCiAy IGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24o LSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2li YWNrLmggYi9kcml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrLmgKaW5k ZXggNThlMzhkNS4uNGQ1MjlmMyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4v eGVuLXBjaWJhY2svcGNpYmFjay5oCisrKyBiL2RyaXZlcnMveGVuL3hlbi1w Y2liYWNrL3BjaWJhY2suaApAQCAtMzcsNiArMzcsNyBAQCBzdHJ1Y3QgeGVu X3BjaWJrX2RldmljZSB7CiAJc3RydWN0IHhlbl9wY2lfc2hhcmVkaW5mbyAq c2hfaW5mbzsKIAl1bnNpZ25lZCBsb25nIGZsYWdzOwogCXN0cnVjdCB3b3Jr X3N0cnVjdCBvcF93b3JrOworCXN0cnVjdCB4ZW5fcGNpX29wIG9wOwogfTsK IAogc3RydWN0IHhlbl9wY2lia19kZXZfZGF0YSB7CmRpZmYgLS1naXQgYS9k cml2ZXJzL3hlbi94ZW4tcGNpYmFjay9wY2liYWNrX29wcy5jIGIvZHJpdmVy cy94ZW4veGVuLXBjaWJhY2svcGNpYmFja19vcHMuYwppbmRleCBjNGEwNjY2 Li5hMGUwZTNlIDEwMDY0NAotLS0gYS9kcml2ZXJzL3hlbi94ZW4tcGNpYmFj ay9wY2liYWNrX29wcy5jCisrKyBiL2RyaXZlcnMveGVuL3hlbi1wY2liYWNr L3BjaWJhY2tfb3BzLmMKQEAgLTI5OCw5ICsyOTgsMTEgQEAgdm9pZCB4ZW5f cGNpYmtfZG9fb3Aoc3RydWN0IHdvcmtfc3RydWN0ICpkYXRhKQogCQljb250 YWluZXJfb2YoZGF0YSwgc3RydWN0IHhlbl9wY2lia19kZXZpY2UsIG9wX3dv cmspOwogCXN0cnVjdCBwY2lfZGV2ICpkZXY7CiAJc3RydWN0IHhlbl9wY2li a19kZXZfZGF0YSAqZGV2X2RhdGEgPSBOVUxMOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwZGV2LT5zaF9pbmZvLT5vcDsKKwlzdHJ1Y3QgeGVuX3Bj aV9vcCAqb3AgPSAmcGRldi0+b3A7CiAJaW50IHRlc3RfaW50eCA9IDA7CiAK Kwkqb3AgPSBwZGV2LT5zaF9pbmZvLT5vcDsKKwliYXJyaWVyKCk7CiAJZGV2 ID0geGVuX3BjaWJrX2dldF9wY2lfZGV2KHBkZXYsIG9wLT5kb21haW4sIG9w LT5idXMsIG9wLT5kZXZmbik7CiAKIAlpZiAoZGV2ID09IE5VTEwpCkBAIC0z NDIsNiArMzQ0LDE3IEBAIHZvaWQgeGVuX3BjaWJrX2RvX29wKHN0cnVjdCB3 b3JrX3N0cnVjdCAqZGF0YSkKIAkJaWYgKChkZXZfZGF0YS0+ZW5hYmxlX2lu dHggIT0gdGVzdF9pbnR4KSkKIAkJCXhlbl9wY2lia19jb250cm9sX2lzcihk ZXYsIDAgLyogbm8gcmVzZXQgKi8pOwogCX0KKwlwZGV2LT5zaF9pbmZvLT5v cC5lcnIgPSBvcC0+ZXJyOworCXBkZXYtPnNoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworI2lmZGVmIENPTkZJR19QQ0lfTVNJCisJaWYgKG9wLT5j bWQgPT0gWEVOX1BDSV9PUF9lbmFibGVfbXNpeCAmJiBvcC0+ZXJyID09IDAp IHsKKwkJdW5zaWduZWQgaW50IGk7CisKKwkJZm9yIChpID0gMDsgaSA8IG9w LT52YWx1ZTsgaSsrKQorCQkJcGRldi0+c2hfaW5mby0+b3AubXNpeF9lbnRy aWVzW2ldLnZlY3RvciA9CisJCQkJb3AtPm1zaXhfZW50cmllc1tpXS52ZWN0 b3I7CisJfQorI2VuZGlmCiAJLyogVGVsbCB0aGUgZHJpdmVyIGRvbWFpbiB0 aGF0IHdlJ3JlIGRvbmUuICovCiAJd21iKCk7CiAJY2xlYXJfYml0KF9YRU5f UENJRl9hY3RpdmUsICh1bnNpZ25lZCBsb25nICopJnBkZXYtPnNoX2luZm8t PmZsYWdzKTsKLS0gCjIuMS4wCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0001-netbsd-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSBhNTY0NTZhYzNkZjI4NDMyZmZmNDRhOWE5NjIzZTJkZGZjODI2MTA2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDI0IE5vdiAy MDE1IDAyOjUxOjU2ICswMDAwClN1YmplY3Q6IFtQQVRDSCAxLzVdIG5ldGJz ZC94ZW46IEFkZCBSSU5HX0NPUFlfUkVRVUVTVCgpCgpVc2luZyBSSU5HX0dF VF9SRVFVRVNUKCkgb24gYSBzaGFyZWQgcmluZyBpcyBlYXN5IHRvIHVzZSBp bmNvcnJlY3RseQooaS5lLiwgYnkgbm90IGNvbnNpZGVyaW5nIHRoYXQgdGhl IG90aGVyIGVuZCBtYXkgYWx0ZXIgdGhlIGRhdGEgaW4gdGhlCnNoYXJlZCBy aW5nIHdoaWxlIGl0IGlzIGJlaW5nIGluc3BlY3RlZCkuICBTYWZlIHVzYWdl IG9mIGEgcmVxdWVzdApnZW5lcmFsbHkgcmVxdWlyZXMgdGFraW5nIGEgbG9j YWwgY29weS4KClByb3ZpZGUgYSBSSU5HX0NPUFlfUkVRVUVTVCgpIG1hY3Jv IHRvIHVzZSBpbnN0ZWFkIG9mClJJTkdfR0VUX1JFUVVFU1QoKSBhbmQgYW4g b3Blbi1jb2RlZCBtZW1jcHkoKS4gIFRoaXMgdGFrZXMgY2FyZSBvZgplbnN1 cmluZyB0aGF0IHRoZSBjb3B5IGlzIGRvbmUgY29ycmVjdGx5IHJlZ2FyZGxl c3Mgb2YgYW55IHBvc3NpYmxlCmNvbXBpbGVyIG9wdGltaXphdGlvbnMuCgpV c2UgYSB2b2xhdGlsZSBzb3VyY2UgdG8gcHJldmVudCB0aGUgY29tcGlsZXIg ZnJvbSByZW9yZGVyaW5nIG9yCm9taXR0aW5nIHRoZSBjb3B5LgoKVGhpcyBp cyBwYXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IERhdmlkIFZyYWJl bCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEtv bnJhZCBSemVzenV0ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4K LS0tCnYyOiBVcGRhdGUgY29tbWVudCBhYm91dCBHQ0MgYnVnLgotLS0KIGFy Y2gveGVuL2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmggfCAxNCArKysr KysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDE0IGluc2VydGlvbnMoKykK CmRpZmYgLS1naXQgYS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8v cmluZy5oIGIvYXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3Jpbmcu aAppbmRleCAwOWMxODZjLi42MzBiODBlIDEwMDY0NAotLS0gYS9hcmNoL3hl bi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVu L2luY2x1ZGUveGVuLXB1YmxpYy9pby9yaW5nLmgKQEAgLTIzNiw2ICsyMzYs MjAgQEAgdHlwZWRlZiBzdHJ1Y3QgX19uYW1lIyNfYmFja19yaW5nIF9fbmFt ZSMjX2JhY2tfcmluZ190CiAjZGVmaW5lIFJJTkdfR0VUX1JFUVVFU1QoX3Is IF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgKCYoKF9yKS0+c3JpbmctPnJpbmdbKChfaWR4KSAmIChSSU5HX1NJ WkUoX3IpIC0gMSkpXS5yZXEpKQogCisvKgorICogR2V0IGEgbG9jYWwgY29w eSBvZiBhIHJlcXVlc3QuCisgKgorICogVXNlIHRoaXMgaW4gcHJlZmVyZW5j ZSB0byBSSU5HX0dFVF9SRVFVRVNUKCkgc28gYWxsIHByb2Nlc3NpbmcgaXMK KyAqIGRvbmUgb24gYSBsb2NhbCBjb3B5IHRoYXQgY2Fubm90IGJlIG1vZGlm aWVkIGJ5IHRoZSBvdGhlciBlbmQuCisgKgorICogTm90ZSB0aGF0IGh0dHBz Oi8vZ2NjLmdudS5vcmcvYnVnemlsbGEvc2hvd19idWcuY2dpP2lkPTU4MTQ1 IG1heSBjYXVzZSB0aGlzCisgKiB0byBiZSBpbmVmZmVjdGl2ZSB3aGVyZSBf cmVxIGlzIGEgc3RydWN0IHdoaWNoIGNvbnNpc3RzIG9mIG9ubHkgYml0Zmll bGRzLgorICovCisjZGVmaW5lIFJJTkdfQ09QWV9SRVFVRVNUKF9yLCBfaWR4 LCBfcmVxKSBkbyB7CQkJCVwKKwkvKiBVc2Ugdm9sYXRpbGUgdG8gZm9yY2Ug dGhlIGNvcHkgaW50byBfcmVxLiAqLwkJCVwKKwkqKF9yZXEpID0gKih2b2xh dGlsZSB0eXBlb2YoX3JlcSkpUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCk7 CVwKK30gd2hpbGUgKDApCisKICNkZWZpbmUgUklOR19HRVRfUkVTUE9OU0Uo X3IsIF9pZHgpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFwKICAgICAoJigoX3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdf U0laRShfcikgLSAxKSldLnJzcCkpCiAKLS0gCjIuNS4yCgo= --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0002-netbsd-netback-Use-RING_COPY_REQUEST-instead-of-RING.patch" Content-Transfer-Encoding: base64 RnJvbSAxYzY5N2NhNzZhNjcwYjA4ODNjZDZhMjAzODI4YzMzY2NmNGVjYjFl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTM6MTYgKzAwMDAKU3ViamVjdDogW1BBVENIIDIv NV0gbmV0YnNkL25ldGJhY2s6IFVzZSBSSU5HX0NPUFlfUkVRVUVTVCBpbnN0 ZWFkIG9mCiBSSU5HX1JFUV9SRVFVRVNUCgpUaGlzIHdheSB3ZSBvcGVyYXRl IG9uIGEgbG9jYWwgY29weSBvZiB0aGUgZ3Vlc3QgUnguIFRoaXMgaXMgbW9y ZSB0aGFuCm5lY2Nlc3NhcnkgYXMgb25seSB0aGUgaWQgYW5kIGdyZWYgZmll bGRzIGFyZSB1c2VkIGFuZCBpdCBpcyBoYXJtbGVzcwppZiB0aGUgZnJvbnRl bmQgbW9kaWZpZXMgdGhlc2UuCgpGb3IgdGhlIFRYIHdlIGFsc28gY29weSB0 aGUgcmVxdWVzdCBhbmQgbWFrZSBzdXJlIHRvIHVzZSBvbmx5IHRoZQpsb2Nh bCBjb3B5LgoKVGhpcyBpcyBiYXNlZCBvZmYgTGludXggJ3hlbi1uZXRiYWNr OiB1c2UgUklOR19DT1BZX1JFUVVFU1QoKSB0aHJvdWdob3V0JwpwYXRjaC4K ClRoaXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25y YWQgUnplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0t LQogYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMgfCA3OCArKysr KysrKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUg Y2hhbmdlZCwgNDAgaW5zZXJ0aW9ucygrKSwgMzggZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvYXJjaC94ZW4veGVuL3hlbm5ldGJhY2tfeGVuYnVzLmMg Yi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194ZW5idXMuYwppbmRleCA3Y2Mx NGFmLi4wZWYyMzUzIDEwMDY0NAotLS0gYS9hcmNoL3hlbi94ZW4veGVubmV0 YmFja194ZW5idXMuYworKysgYi9hcmNoL3hlbi94ZW4veGVubmV0YmFja194 ZW5idXMuYwpAQCAtNzE1LDcgKzcxNSw3IEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiB7CiAJc3RydWN0IHhuZXRiYWNrX2luc3RhbmNl ICp4bmV0aSA9IGFyZzsKIAlzdHJ1Y3QgaWZuZXQgKmlmcCA9ICZ4bmV0aS0+ eG5pX2lmOwotCW5ldGlmX3R4X3JlcXVlc3RfdCAqdHhyZXE7CisJbmV0aWZf dHhfcmVxdWVzdF90IHR4cmVxOwogCXN0cnVjdCB4bmlfcGt0ICpwa3Q7CiAJ dmFkZHJfdCBwa3RfdmE7CiAJc3RydWN0IG1idWYgKm07CkBAIC03MzMsMzYg KzczMywzNiBAQCB4ZW5uZXRiYWNrX2V2dGhhbmRsZXIodm9pZCAqYXJnKQog CQkgICAgcmVjZWl2ZV9wZW5kaW5nKTsKIAkJaWYgKHJlY2VpdmVfcGVuZGlu ZyA9PSAwKQogCQkJYnJlYWs7Ci0JCXR4cmVxID0gUklOR19HRVRfUkVRVUVT VCgmeG5ldGktPnhuaV90eHJpbmcsIHJlcV9jb25zKTsKKwkJUklOR19DT1BZ X1JFUVVFU1QoJnhuZXRpLT54bmlfdHhyaW5nLCByZXFfY29ucywgJnR4cmVx KTsKIAkJeGVuX3JtYigpOwogCQlYRU5QUklOVEYoKCIlcyBwa3Qgc2l6ZSAl ZFxuIiwgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwKLQkJICAgIHR4cmVxLT5z aXplKSk7CisJCSAgICB0eHJlcS5zaXplKSk7CiAJCXJlcV9jb25zKys7CiAJ CWlmIChfX3ByZWRpY3RfZmFsc2UoKGlmcC0+aWZfZmxhZ3MgJiAoSUZGX1VQ IHwgSUZGX1JVTk5JTkcpKSAhPQogCQkgICAgKElGRl9VUCB8IElGRl9SVU5O SU5HKSkpIHsKIAkJCS8qIGludGVyZmFjZSBub3QgdXAsIGRyb3AgKi8KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWNvbnRpbnVlOwogCQl9CiAJ CS8qCiAJCSAqIERvIHNvbWUgc2FuaXR5IGNoZWNrcywgYW5kIG1hcCB0aGUg cGFja2V0J3MgcGFnZS4KIAkJICovCi0JCWlmIChfX3ByZWRpY3RfZmFsc2Uo dHhyZXEtPnNpemUgPCBFVEhFUl9IRFJfTEVOIHx8Ci0JCSAgIHR4cmVxLT5z aXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhFUl9DUkNfTEVOKSkpIHsKKwkJ aWYgKF9fcHJlZGljdF9mYWxzZSh0eHJlcS5zaXplIDwgRVRIRVJfSERSX0xF TiB8fAorCQkgICB0eHJlcS5zaXplID4gKEVUSEVSX01BWF9MRU4gLSBFVEhF Ul9DUkNfTEVOKSkpIHsKIAkJCXByaW50ZigiJXM6IHBhY2tldCBzaXplICVk IHRvbyBiaWdcbiIsCi0JCQkgICAgaWZwLT5pZl94bmFtZSwgdHhyZXEtPnNp emUpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEt PmlkLAorCQkJICAgIGlmcC0+aWZfeG5hbWUsIHR4cmVxLnNpemUpOworCQkJ eGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkg ICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlmcC0+aWZfaWVycm9ycysrOwog CQkJY29udGludWU7CiAJCX0KIAkJLyogZG9uJ3QgY3Jvc3MgcGFnZSBib3Vu ZGFyaWVzICovCiAJCWlmIChfX3ByZWRpY3RfZmFsc2UoCi0JCSAgICB0eHJl cS0+b2Zmc2V0ICsgdHhyZXEtPnNpemUgPiBQQUdFX1NJWkUpKSB7CisJCSAg ICB0eHJlcS5vZmZzZXQgKyB0eHJlcS5zaXplID4gUEFHRV9TSVpFKSkgewog CQkJcHJpbnRmKCIlczogcGFja2V0IGNyb3NzIHBhZ2UgYm91bmRhcnlcbiIs CiAJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNrX3R4X3Jl c3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9SU1BfRVJS T1IpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQljb250aW51ZTsKQEAg LTc3NCwxNSArNzc0LDE1IEBAIHhlbm5ldGJhY2tfZXZ0aGFuZGxlcih2b2lk ICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZsYXN0dGltZSwgJnhuaV9wb29s X2VycmludHZsKSkKIAkJCQlwcmludGYoIiVzOiBtYnVmIGFsbG9jIGZhaWxl ZFxuIiwKIAkJCQkgICAgaWZwLT5pZl94bmFtZSk7Ci0JCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQl4ZW5uZXRiYWNr X3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS5pZCwKIAkJCSAgICBORVRJRl9S U1BfRFJPUFBFRCk7CiAJCQlpZnAtPmlmX2llcnJvcnMrKzsKIAkJCWNvbnRp bnVlOwogCQl9CiAKIAkJWEVOUFJJTlRGKCgiJXMgcGt0IG9mZnNldCAlZCBz aXplICVkIGlkICVkIHJlcV9jb25zICVkXG4iLAotCQkgICAgeG5ldGktPnhu aV9pZi5pZl94bmFtZSwgdHhyZXEtPm9mZnNldCwKLQkJICAgIHR4cmVxLT5z aXplLCB0eHJlcS0+aWQsIE1BU0tfTkVUSUZfVFhfSURYKHJlcV9jb25zKSkp OworCQkgICAgeG5ldGktPnhuaV9pZi5pZl94bmFtZSwgdHhyZXEub2Zmc2V0 LAorCQkgICAgdHhyZXEuc2l6ZSwgdHhyZXEuaWQsIE1BU0tfTkVUSUZfVFhf SURYKHJlcV9jb25zKSkpOwogCQkKIAkJcGt0ID0gcG9vbF9nZXQoJnhuaV9w a3RfcG9vbCwgUFJfTk9XQUlUKTsKIAkJaWYgKF9fcHJlZGljdF9mYWxzZShw a3QgPT0gTlVMTCkpIHsKQEAgLTc5MCwxNiArNzkwLDE2IEBAIHhlbm5ldGJh Y2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCQlpZiAocmF0ZWNoZWNrKCZs YXN0dGltZSwgJnhuaV9wb29sX2VycmludHZsKSkKIAkJCQlwcmludGYoIiVz OiB4bmJwa3QgYWxsb2MgZmFpbGVkXG4iLAogCQkJCSAgICBpZnAtPmlmX3hu YW1lKTsKLQkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LT5pZCwKKwkJCXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVx LmlkLAogCQkJICAgIE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCWlmcC0+aWZf aWVycm9ycysrOwogCQkJbV9mcmVlbShtKTsKIAkJCWNvbnRpbnVlOwogCQl9 Ci0JCWVyciA9IHhlbl9zaG1fbWFwKDEsIHhuZXRpLT54bmlfZG9taWQsICZ0 eHJlcS0+Z3JlZiwgJnBrdF92YSwKKwkJZXJyID0geGVuX3NobV9tYXAoMSwg eG5ldGktPnhuaV9kb21pZCwgJnR4cmVxLmdyZWYsICZwa3RfdmEsCiAJCSAg ICAmcGt0LT5wa3RfaGFuZGxlLCBYU0hNX1JPKTsKIAkJaWYgKF9fcHJlZGlj dF9mYWxzZShlcnIgPT0gRU5PTUVNKSkgewotCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9y ZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0RS T1BQRUQpOwogCQkJaWZwLT5pZl9pZXJyb3JzKys7CiAJCQlwb29sX3B1dCgm eG5pX3BrdF9wb29sLCBwa3QpOwpAQCAtODEwLDcgKzgxMCw3IEBAIHhlbm5l dGJhY2tfZXZ0aGFuZGxlcih2b2lkICphcmcpCiAJCWlmIChfX3ByZWRpY3Rf ZmFsc2UoZXJyKSkgewogCQkJcHJpbnRmKCIlczogbWFwcGluZyBmb3JlaW5n IHBhZ2UgZmFpbGVkOiAlZFxuIiwKIAkJCSAgICB4bmV0aS0+eG5pX2lmLmlm X3huYW1lLCBlcnIpOwotCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEtPmlkLAorCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0 aSwgdHhyZXEuaWQsCiAJCQkgICAgTkVUSUZfUlNQX0VSUk9SKTsKIAkJCWlm cC0+aWZfaWVycm9ycysrOwogCQkJcG9vbF9wdXQoJnhuaV9wa3RfcG9vbCwg cGt0KTsKQEAgLTgyMCwxMyArODIwLDEzIEBAIHhlbm5ldGJhY2tfZXZ0aGFu ZGxlcih2b2lkICphcmcpCiAKIAkJaWYgKChpZnAtPmlmX2ZsYWdzICYgSUZG X1BST01JU0MpID09IDApIHsKIAkJCXN0cnVjdCBldGhlcl9oZWFkZXIgKmVo ID0KLQkJCSAgICAodm9pZCopKHBrdF92YSArIHR4cmVxLT5vZmZzZXQpOwor CQkJICAgICh2b2lkKikocGt0X3ZhICsgdHhyZXEub2Zmc2V0KTsKIAkJCWlm IChFVEhFUl9JU19NVUxUSUNBU1QoZWgtPmV0aGVyX2Rob3N0KSA9PSAwICYm CiAJCQkgICAgbWVtY21wKENMTEFERFIoaWZwLT5pZl9zYWRsKSwgZWgtPmV0 aGVyX2Rob3N0LAogCQkJICAgIEVUSEVSX0FERFJfTEVOKSAhPSAwKSB7CiAJ CQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92YSk7CiAJCQkJbV9mcmVlbSht KTsKLQkJCQl4ZW5uZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+ aWQsCisJCQkJeGVubmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEu aWQsCiAJCQkJICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJCQljb250aW51ZTsg LyogcGFja2V0IGlzIG5vdCBmb3IgdXMgKi8KIAkJCX0KQEAgLTg0NSwzMSAr ODQ1LDMxIEBAIHNvIGFsd2F5cyBjb3B5IGZvciBub3cuCiAJCQkgKiBhY2sg aXQuIERlbGF5aW5nIGl0IHVudGlsIHRoZSBtYnVmIGlzCiAJCQkgKiBmcmVl ZCB3aWxsIHN0YWxsIHRyYW5zbWl0LgogCQkJICovCi0JCQltLT5tX2xlbiA9 IG1pbihNSExFTiwgdHhyZXEtPnNpemUpOworCQkJbS0+bV9sZW4gPSBtaW4o TUhMRU4sIHR4cmVxLnNpemUpOwogCQkJbS0+bV9wa3RoZHIubGVuID0gMDsK LQkJCW1fY29weWJhY2sobSwgMCwgdHhyZXEtPnNpemUsCi0JCQkgICAgKHZv aWQgKikocGt0X3ZhICsgdHhyZXEtPm9mZnNldCkpOworCQkJbV9jb3B5YmFj ayhtLCAwLCB0eHJlcS5zaXplLAorCQkJICAgICh2b2lkICopKHBrdF92YSAr IHR4cmVxLm9mZnNldCkpOwogCQkJeG5pX3BrdF91bm1hcChwa3QsIHBrdF92 YSk7Ci0JCQlpZiAobS0+bV9wa3RoZHIubGVuIDwgdHhyZXEtPnNpemUpIHsK KwkJCWlmIChtLT5tX3BrdGhkci5sZW4gPCB0eHJlcS5zaXplKSB7CiAJCQkJ aWZwLT5pZl9pZXJyb3JzKys7CiAJCQkJbV9mcmVlbShtKTsKLQkJCQl4ZW5u ZXRiYWNrX3R4X3Jlc3BvbnNlKHhuZXRpLCB0eHJlcS0+aWQsCisJCQkJeGVu bmV0YmFja190eF9yZXNwb25zZSh4bmV0aSwgdHhyZXEuaWQsCiAJCQkJICAg IE5FVElGX1JTUF9EUk9QUEVEKTsKIAkJCQljb250aW51ZTsKIAkJCX0KLQkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLT5pZCwKKwkJ CXhlbm5ldGJhY2tfdHhfcmVzcG9uc2UoeG5ldGksIHR4cmVxLmlkLAogCQkJ ICAgIE5FVElGX1JTUF9PS0FZKTsKIAkJfSBlbHNlIHsKIAotCQkJcGt0LT5w a3RfaWQgPSB0eHJlcS0+aWQ7CisJCQlwa3QtPnBrdF9pZCA9IHR4cmVxLmlk OwogCQkJcGt0LT5wa3RfeG5ldGkgPSB4bmV0aTsKIAotCQkJTUVYVEFERCht LCBwa3RfdmEgKyB0eHJlcS0+b2Zmc2V0LAotCQkJICAgIHR4cmVxLT5zaXpl LCBNX0RFVkJVRiwgeGVubmV0YmFja190eF9mcmVlLCBwa3QpOwotCQkJbS0+ bV9wa3RoZHIubGVuID0gbS0+bV9sZW4gPSB0eHJlcS0+c2l6ZTsKKwkJCU1F WFRBREQobSwgcGt0X3ZhICsgdHhyZXEub2Zmc2V0LAorCQkJICAgIHR4cmVx LnNpemUsIE1fREVWQlVGLCB4ZW5uZXRiYWNrX3R4X2ZyZWUsIHBrdCk7CisJ CQltLT5tX3BrdGhkci5sZW4gPSBtLT5tX2xlbiA9IHR4cmVxLnNpemU7CiAJ CQltLT5tX2ZsYWdzIHw9IE1fRVhUX1JPTUFQOwogCQl9Ci0JCWlmICgodHhy ZXEtPmZsYWdzICYgTkVUVFhGX2NzdW1fYmxhbmspICE9IDApIHsKKwkJaWYg KCh0eHJlcS5mbGFncyAmIE5FVFRYRl9jc3VtX2JsYW5rKSAhPSAwKSB7CiAJ CQl4ZW5uZXRfY2hlY2tzdW1fZmlsbCgmbSk7CiAJCQlpZiAobSA9PSBOVUxM KSB7CiAJCQkJaWZwLT5pZl9pZXJyb3JzKys7CkBAIC05NTMsNiArOTUzLDcg QEAgeGVubmV0YmFja19pZnNvZnRzdGFydF90cmFuc2Zlcih2b2lkICphcmcp CiAJbW11X3VwZGF0ZV90ICptbXVwOwogCW11bHRpY2FsbF9lbnRyeV90ICpt Y2xwOwogCW5ldGlmX3J4X3Jlc3BvbnNlX3QgKnJ4cmVzcDsKKwluZXRpZl9y eF9yZXF1ZXN0X3QgcnhyZXE7CiAJUklOR19JRFggcmVxX3Byb2QsIHJlc3Bf cHJvZDsKIAlpbnQgZG9fZXZlbnQgPSAwOwogCWdudHRhYl90cmFuc2Zlcl90 ICpnb3A7CkBAIC0xMDI4LDEwICsxMDI5LDEwIEBAIHhlbm5ldGJhY2tfaWZz b2Z0c3RhcnRfdHJhbnNmZXIodm9pZCAqYXJnKQogCQkJCW5wcGl0ZW1zKys7 CiAJCQl9CiAJCQkvKiBzdGFydCBmaWxsaW5nIHJpbmcgKi8KLQkJCWdvcC0+ cmVmID0gUklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0J CQkgICAgeG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5ncmVmOwotCQkJ aWQgPSBSSU5HX0dFVF9SRVFVRVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKLQkJ CSAgICB4bmV0aS0+eG5pX3J4cmluZy5yZXFfY29ucyktPmlkOworCQkJUklO R19DT1BZX1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAorCQkJICAgIHhu ZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zLCAmcnhyZXEpOworCQkJZ29wLT5y ZWYgPSByeHJlcS5ncmVmOworCQkJaWQgPSByeHJlcS5pZDsKIAkJCXhlbl9y bWIoKTsKIAkJCXhuZXRpLT54bmlfcnhyaW5nLnJlcV9jb25zKys7CiAJCQly eHJlc3AgPSBSSU5HX0dFVF9SRVNQT05TRSgmeG5ldGktPnhuaV9yeHJpbmcs CkBAIC0xMTk4LDYgKzExOTksNyBAQCB4ZW5uZXRiYWNrX2lmc29mdHN0YXJ0 X2NvcHkodm9pZCAqYXJnKQogCXBhZGRyX3QgeG1pdF9tYTsKIAlpbnQgaSwg ajsKIAluZXRpZl9yeF9yZXNwb25zZV90ICpyeHJlc3A7CisJbmV0aWZfcnhf cmVxdWVzdF90IHJ4cmVxOwogCVJJTkdfSURYIHJlcV9wcm9kLCByZXNwX3By b2Q7CiAJaW50IGRvX2V2ZW50ID0gMDsKIAlnbnR0YWJfY29weV90ICpnb3A7 CkBAIC0xMzA5LDE2ICsxMzExLDE2IEBAIHhlbm5ldGJhY2tfaWZzb2Z0c3Rh cnRfY29weSh2b2lkICphcmcpCiAJCQlnb3AtPnNvdXJjZS5kb21pZCA9IERP TUlEX1NFTEY7CiAJCQlnb3AtPnNvdXJjZS51LmdtZm4gPSB4bWl0X21hID4+ IFBBR0VfU0hJRlQ7CiAKLQkJCWdvcC0+ZGVzdC51LnJlZiA9IFJJTkdfR0VU X1JFUVVFU1QoJnhuZXRpLT54bmlfcnhyaW5nLAotCQkJICAgIHhuZXRpLT54 bmlfcnhyaW5nLnJlcV9jb25zKS0+Z3JlZjsKKwkJCVJJTkdfQ09QWV9SRVFV RVNUKCZ4bmV0aS0+eG5pX3J4cmluZywKKwkJCSAgICB4bmV0aS0+eG5pX3J4 cmluZy5yZXFfY29ucywgJnJ4cmVxKTsKKwkJCWdvcC0+ZGVzdC51LnJlZiA9 IHJ4cmVxLmdyZWY7CiAJCQlnb3AtPmRlc3Qub2Zmc2V0ID0gMDsKIAkJCWdv cC0+ZGVzdC5kb21pZCA9IHhuZXRpLT54bmlfZG9taWQ7CiAKIAkJCWdvcC0+ bGVuID0gbS0+bV9wa3RoZHIubGVuOwogCQkJZ29wKys7CiAKLQkJCWlkID0g UklOR19HRVRfUkVRVUVTVCgmeG5ldGktPnhuaV9yeHJpbmcsCi0JCQkgICAg eG5ldGktPnhuaV9yeHJpbmcucmVxX2NvbnMpLT5pZDsKKwkJCWlkID0gcnhy ZXEuaWQ7CiAJCQl4ZW5fcm1iKCk7CiAJCQl4bmV0aS0+eG5pX3J4cmluZy5y ZXFfY29ucysrOwogCQkJcnhyZXNwID0gUklOR19HRVRfUkVTUE9OU0UoJnhu ZXRpLT54bmlfcnhyaW5nLAotLSAKMi41LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0003-netbsd-ring-Add-barrier-to-provide-an-compiler-barri.patch" Content-Transfer-Encoding: base64 RnJvbSBiMzY3Y2RiYTBjYzNlMmRlNDIzN2NhNzRmMzEwNDMxNDFkZWRhODky IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTQ6NDUgKzAwMDAKU3ViamVjdDogW1BBVENIIDMv NV0gbmV0YnNkL3Jpbmc6IEFkZCAnYmFycmllcicgdG8gcHJvdmlkZSBhbiBj b21waWxlcgogYmFycmllci4KCldlIG5lZWQgYW4gbWVjaGFuaXNtIHRvIGRp c2FibGUgdGhlIGNvbXBpbGVyIGZyb20gZ2VuZXJhdGluZyB0byBtdWNoCm9w dGltaXphdGlvbi4gVXNpbmcgdGhlICdiYXJyaWVyJyBtYWNybyB3aWxsIG1h a2UgdGhlIGNvbXBpbGVyIG5vdApvcHRpbWl6ZSB2YXJpYWJsZXMgcGFzdCB0 aGUgJ2JhcnJpZXInIChhcyBpbiwgcmUtdXNlIHRoZSByZWdpc3RlcnMKb3Ig b25seSByZWFkIHBhcnQgb2YgYSB2YWx1ZSBmcm9tIGEgbWVtb3J5KS4KClRo aXMgaXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog YXJjaC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaCB8IDIgKysK IDEgZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKykKCmRpZmYgLS1naXQg YS9hcmNoL3hlbi9pbmNsdWRlL3hlbi1wdWJsaWMvaW8vcmluZy5oIGIvYXJj aC94ZW4vaW5jbHVkZS94ZW4tcHVibGljL2lvL3JpbmcuaAppbmRleCAzMTZi Y2ViLi41Mjc4ZDA2IDEwMDY0NAotLS0gYS9hcmNoL3hlbi9pbmNsdWRlL3hl bi1wdWJsaWMvaW8vcmluZy5oCisrKyBiL2FyY2gveGVuL2luY2x1ZGUveGVu LXB1YmxpYy9pby9yaW5nLmgKQEAgLTM1LDYgKzM1LDcgQEAKICNkZWZpbmUg eGVuX21iKCkgIG1iKCkKICNkZWZpbmUgeGVuX3JtYigpIHJtYigpCiAjZGVm aW5lIHhlbl93bWIoKSB3bWIoKQorI2RlZmluZSBiYXJyaWVyKCkgICAgIF9f YXNtX18gX192b2xhdGlsZV9fKCIiOiA6IDoibWVtb3J5IikKICNlbmRpZgog I2VuZGlmCiAKQEAgLTQyLDYgKzQzLDcgQEAKICNkZWZpbmUgeGVuX21iKCkg IHg4Nl9tZmVuY2UoKQogI2RlZmluZSB4ZW5fcm1iKCkgeDg2X2xmZW5jZSgp CiAjZGVmaW5lIHhlbl93bWIoKSB4ODZfc2ZlbmNlKCkKKyNkZWZpbmUgYmFy cmllcigpICAgICBfX2FzbV9fIF9fdm9sYXRpbGVfXygiIjogOiA6Im1lbW9y eSIpCiAjZW5kaWYKIAogdHlwZWRlZiB1bnNpZ25lZCBpbnQgUklOR19JRFg7 Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0004-netbsd-block-only-read-request-operation-from-shared.patch" Content-Transfer-Encoding: base64 RnJvbSBhMGM1MjgyYWZmNTFkNWU2NTIwY2FhOTA0MjA3Yjk3MzU2N2Q5MjBk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTY6MDcgKzAwMDAKU3ViamVjdDogW1BBVENIIDQv NV0gbmV0YnNkL2Jsb2NrOiBvbmx5IHJlYWQgcmVxdWVzdCBvcGVyYXRpb24g ZnJvbSBzaGFyZWQKIHJpbmcgb25jZQoKVGhlIGNvbXBpbGVyIG1heSBsb2Fk IGEgc3dpdGNoIHN0YXRlbWVudCBtdWx0aXBsZSB0aW1lcyBmcm9tIHRoZSBz aGFyZWQKc3BhY2UuIFRoaXMgY291bGQgbGVhZCB0byB0aGUgZnJvbnRlbmQg bWFuaXB1bGF0aW5nIHRoZSBiYWNrZW5kIGludG8KdW5mb3JzZWVuIGJyYW5j aGVzLgoKV2Ugd2FudCB0byBlbnN1cmUgdGhhdCB0aGUgcmVxLT5vcGVyYXRp b24gaXMgb25seSByZWFkIG9uY2UgYW5kIHdlCmRvIHRoYXQgYnkgdXNpbmcg YW4gY29tcGlsZXIgYmFycmllci4KClRoaXMgaXMgcGFydCBvZiBYU0ExNTUu CgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnplc3p1dGVrIFdpbGsgPGtvbnJh ZC53aWxrQG9yYWNsZS5jb20+Ci0tLQogYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMgfCAxICsKIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigr KQoKZGlmZiAtLWdpdCBhL2FyY2gveGVuL3hlbi94YmRiYWNrX3hlbmJ1cy5j IGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMKaW5kZXggOWVlMDc1 OC4uM2QxODAyMSAxMDA2NDQKLS0tIGEvYXJjaC94ZW4veGVuL3hiZGJhY2tf eGVuYnVzLmMKKysrIGIvYXJjaC94ZW4veGVuL3hiZGJhY2tfeGVuYnVzLmMK QEAgLTEwMjIsNiArMTAyMiw3IEBAIHhiZGJhY2tfY29fbWFpbl9sb29wKHN0 cnVjdCB4YmRiYWNrX2luc3RhbmNlICp4YmRpLCB2b2lkICpvYmopCiAJCQly ZXEtPnNlY3Rvcl9udW1iZXIgPSByZXE2NC0+c2VjdG9yX251bWJlcjsKIAkJ CWJyZWFrOwogCQl9CisJCWJhcnJpZXIoKTsKIAkJWEVOUFJJTlRGKCgieGJk YmFjayBvcCAlZCByZXFfY29ucyAweCV4IHJlcV9wcm9kIDB4JXggIgogCQkg ICAgInJlc3BfcHJvZCAweCV4IGlkICUiIFBSSXU2NCAiXG4iLCByZXEtPm9w ZXJhdGlvbiwKIAkJCXhiZGktPnhiZGlfcmluZy5yaW5nX24ucmVxX2NvbnMs Ci0tIAoyLjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Disposition: attachment; filename="xsa155-netbsd-xsa155-0005-netbsd-pciback-Operate-on-local-version-of-xen_pci_o.patch" Content-Transfer-Encoding: base64 RnJvbSAzZjM5ZTA1MWIyMzRiNGJkOGUzNmI4MjBhOTMyNTkxYWZkNjQxM2Ix IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IFR1ZSwg MjQgTm92IDIwMTUgMDI6NTc6MjIgKzAwMDAKU3ViamVjdDogW1BBVENIIDUv NV0gbmV0YnNkL3BjaWJhY2s6IE9wZXJhdGUgb24gbG9jYWwgdmVyc2lvbiBv ZiB4ZW5fcGNpX29wCgpEb3VibGUgZmV0Y2ggdnVsbmVyYWJpbGl0aWVzIHRo YXQgaGFwcGVuIHdoZW4gYSB2YXJpYWJsZSBpcwpmZXRjaGVkIHR3aWNlIGZy b20gc2hhcmVkIG1lbW9yeSBidXQgYSBzZWN1cml0eSBjaGVjayBpcyBvbmx5 CnBlcmZvcm1lZCB0aGUgZmlyc3QgdGltZS4KClRoZSBwY2liYWNrX3hlbmJ1 c19ldnRoYW5kbGVyIGZ1bmN0aW9uIHBlcmZvcm1zIGEgc3dpdGNoIHN0YXRl bWVudHMgb24gdGhlCm9wLT5zaXplIGFuZCBvcC0+Y21kIHZhbHVlIHdoaWNo IGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5LgpJbnRlcmVzdGluZ2x5IHRo aXMgY2FuIHJlc3VsdCBpbiBhIGRvdWJsZSBmZXRjaCB2dWxuZXJhYmlsaXR5 IGRlcGVuZGluZyBvbgp0aGUgcGVyZm9ybWVkIGNvbXBpbGVyIG9wdGltaXph dGlvbi4KClRoaXMgcGF0Y2ggZml4ZXMgaXQgYnkgc2F2aW5nIHRoZSB4ZW5f cGNpX29wIGNvbW1hbmQgYmVmb3JlCnByb2Nlc3NpbmcgaXQuIFdlIGFsc28g dXNlICdiYXJyaWVyJyB0byBtYWtlIHN1cmUgdGhhdCB0aGUKY29tcGlsZXIg ZG9lcyBub3QgcGVyZm9ybSBhbnkgb3B0aW1pemF0aW9uLgoKVGhpcyBpcyBw YXJ0IG9mIFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0 ZWsgV2lsayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiBhcmNoL3hl bi94ZW4vcGNpYmFjay5jIHwgOCArKysrKysrLQogMSBmaWxlIGNoYW5nZWQs IDcgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBh L2FyY2gveGVuL3hlbi9wY2liYWNrLmMgYi9hcmNoL3hlbi94ZW4vcGNpYmFj ay5jCmluZGV4IDA0MmM4YzkuLjQ2YzgyMWMgMTAwNjQ0Ci0tLSBhL2FyY2gv eGVuL3hlbi9wY2liYWNrLmMKKysrIGIvYXJjaC94ZW4veGVuL3BjaWJhY2su YwpAQCAtMTg4LDYgKzE4OCw3IEBAIHN0cnVjdCBwYl94ZW5idXNfaW5zdGFu Y2UgewogCS8qIGNvbW11bmljYXRpb24gd2l0aCB0aGUgZG9tVSAqLwogICAg ICAgICB1bnNpZ25lZCBpbnQgcGJ4X2V2dGNobjsgLyogb3VyIGV2ZW4gY2hh bm5lbCAqLwogICAgICAgICBzdHJ1Y3QgeGVuX3BjaV9zaGFyZWRpbmZvICpw Ynhfc2hfaW5mbzsKKyAgICAgICAgc3RydWN0IHhlbl9wY2lfb3Agb3A7CiAg ICAgICAgIGdyYW50X2hhbmRsZV90IHBieF9zaGluZm9faGFuZGxlOyAvKiB0 byB1bm1hcCBzaGFyZWQgcGFnZSAqLwogfTsKIApAQCAtNzIxLDEzICs3MjIs MTYgQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJnKQog ewogCXN0cnVjdCBwYl94ZW5idXNfaW5zdGFuY2UgKnBieGkgPSBhcmc7CiAJ c3RydWN0IHBjaWJhY2tfcGNpX2RldiAqcGJkOwotCXN0cnVjdCB4ZW5fcGNp X29wICpvcCA9ICZwYnhpLT5wYnhfc2hfaW5mby0+b3A7CisJc3RydWN0IHhl bl9wY2lfb3AgKm9wID0gJnBieGktPm9wOwogCXVfaW50IGJ1cywgZGV2LCBm dW5jOwogCiAJaHlwZXJ2aXNvcl9jbGVhcl9ldmVudChwYnhpLT5wYnhfZXZ0 Y2huKTsKIAlpZiAoeGVuX2F0b21pY190ZXN0X2JpdCgmcGJ4aS0+cGJ4X3No X2luZm8tPmZsYWdzLAogCSAgICBfWEVOX1BDSUZfYWN0aXZlKSA9PSAwKQog CQlyZXR1cm4gMDsKKworCW1lbWNweShvcCwgJnBieGktPnBieF9zaF9pbmZv LT5vcCwgc2l6ZW9mIChzdHJ1Y3QgeGVuX3BjaV9vcCkpOworCWJhcnJpZXIo KTsKIAlpZiAob3AtPmRvbWFpbiAhPSAwKSB7CiAJCWFwcmludF9lcnJvcigi cGNpYmFjazogZG9tYWluICVkICE9IDAiLCBvcC0+ZG9tYWluKTsKIAkJb3At PmVyciA9IFhFTl9QQ0lfRVJSX2Rldl9ub3RfZm91bmQ7CkBAIC03OTQsNiAr Nzk4LDggQEAgcGNpYmFja194ZW5idXNfZXZ0aGFuZGxlcih2b2lkICogYXJn KQogCQlhcHJpbnRfZXJyb3IoInBjaWJhY2s6IHVua25vd24gY21kICVkXG4i LCBvcC0+Y21kKTsKIAkJb3AtPmVyciA9IFhFTl9QQ0lfRVJSX25vdF9pbXBs ZW1lbnRlZDsKIAl9CisJcGJ4aS0+cGJ4X3NoX2luZm8tPm9wLnZhbHVlID0g b3AtPnZhbHVlOworCXBieGktPnBieF9zaF9pbmZvLT5vcC5lcnIgPSBvcC0+ ZXJyOwogZW5kOgogCXhlbl9hdG9taWNfY2xlYXJfYml0KCZwYnhpLT5wYnhf c2hfaW5mby0+ZmxhZ3MsIF9YRU5fUENJRl9hY3RpdmUpOwogCWh5cGVydmlz b3Jfbm90aWZ5X3ZpYV9ldnRjaG4ocGJ4aS0+cGJ4X2V2dGNobik7Ci0tIAoy LjUuMgoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemu-qdisk-double-access.patch" Content-Transfer-Encoding: base64 eGVuL2Jsa2lmOiBBdm9pZCBkb3VibGUgYWNjZXNzIHRvIHNyYy0+bnJfc2Vn bWVudHMKCnNyYyBpcyBzdG9yZWQgaW4gc2hhcmVkIG1lbW9yeSBhbmQgc3Jj LT5ucl9zZWdtZW50cyBpcyBkZXJlZmVyZW5jZWQKdHdpY2UgYXQgdGhlIGVu ZCBvZiB0aGUgZnVuY3Rpb24uICBJZiBhIGNvbXBpbGVyIGRlY2lkZXMgdG8g Y29tcGlsZSB0aGlzCmludG8gdHdvIHNlcGFyYXRlIG1lbW9yeSBhY2Nlc3Nl cyB0aGVuIHRoZSBzaXplIGxpbWl0YXRpb24gY291bGQgYmUKYnlwYXNzZWQu CgpGaXggaXQgYnkgcmVtb3ZpbmcgdGhlIGRvdWJsZSBhY2Nlc3MgdG8gc3Jj LT5ucl9zZWdtZW50cy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoKU2ln bmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJl bGxpbmlAZXUuY2l0cml4LmNvbT4KCmRpZmYgLS1naXQgYS9ody9ibG9jay94 ZW5fYmxraWYuaCBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCmluZGV4IDcxMWI2 OTIuLjllNzFlMDAgMTAwNjQ0Ci0tLSBhL2h3L2Jsb2NrL3hlbl9ibGtpZi5o CisrKyBiL2h3L2Jsb2NrL3hlbl9ibGtpZi5oCkBAIC04NSw4ICs4NSwxMCBA QCBzdGF0aWMgaW5saW5lIHZvaWQgYmxraWZfZ2V0X3g4Nl8zMl9yZXEoYmxr aWZfcmVxdWVzdF90ICpkc3QsIGJsa2lmX3g4Nl8zMl9yZXF1ZQogCQlkLT5u cl9zZWN0b3JzID0gcy0+bnJfc2VjdG9yczsKIAkJcmV0dXJuOwogCX0KLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJYmFycmllcigpOworCWlmIChuID4gZHN0LT5ucl9zZWdtZW50cykK KwkJbiA9IGRzdC0+bnJfc2VnbWVudHM7CiAJZm9yIChpID0gMDsgaSA8IG47 IGkrKykKIAkJZHN0LT5zZWdbaV0gPSBzcmMtPnNlZ1tpXTsKIH0KQEAgLTEw Niw4ICsxMDgsMTAgQEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94 ODZfNjRfcmVxKGJsa2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRf cmVxdWUKIAkJZC0+bnJfc2VjdG9ycyA9IHMtPm5yX3NlY3RvcnM7CiAJCXJl dHVybjsKIAl9Ci0JaWYgKG4gPiBzcmMtPm5yX3NlZ21lbnRzKQotCQluID0g c3JjLT5ucl9zZWdtZW50czsKKwkvKiBwcmV2ZW50IHRoZSBjb21waWxlciBm cm9tIG9wdGltaXppbmcgdGhlIGNvZGUgYW5kIHVzaW5nIHNyYy0+bnJfc2Vn bWVudHMgaW5zdGVhZCAqLworCWJhcnJpZXIoKTsKKwlpZiAobiA+IGRzdC0+ bnJfc2VnbWVudHMpCisJCW4gPSBkc3QtPm5yX3NlZ21lbnRzOwogCWZvciAo aSA9IDA7IGkgPCBuOyBpKyspCiAJCWRzdC0+c2VnW2ldID0gc3JjLT5zZWdb aV07CiB9Cg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-qdisk-double-access.patch" Content-Disposition: attachment; filename="xsa155-qemut-qdisk-double-access.patch" Content-Transfer-Encoding: base64 RnJvbSAyNzk0MmIwY2IyMzI3ZTkzZGViMTIzMjZiYmU3YjM2YzgxZjlmYTdi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjU2OjAwIC0wNTAwClN1YmplY3Q6IFtQ QVRDSF0gYmxraWY6IEF2b2lkIGRvdWJsZSBhY2Nlc3MgdG8gc3JjLT5ucl9z ZWdtZW50cwoKc3JjIGlzIHN0b3JlZCBpbiBzaGFyZWQgbWVtb3J5IGFuZCBz cmMtPm5yX3NlZ21lbnRzIGlzIGRlcmVmZXJlbmNlZAp0d2ljZSBhdCB0aGUg ZW5kIG9mIHRoZSBmdW5jdGlvbi4gIElmIGEgY29tcGlsZXIgZGVjaWRlcyB0 byBjb21waWxlIHRoaXMKaW50byB0d28gc2VwYXJhdGUgbWVtb3J5IGFjY2Vz c2VzIHRoZW4gdGhlIHNpemUgbGltaXRhdGlvbiBjb3VsZCBiZQpieXBhc3Nl ZC4KCkZpeCBpdCBieSByZW1vdmluZyB0aGUgZG91YmxlIGFjY2VzcyB0byBz cmMtPm5yX3NlZ21lbnRzLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0xNTUuCgpT aWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3Rh YmVsbGluaUBldS5jaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQg Unplc3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+Ci0tLQog aHcveGVuX2Jsa2lmLmggfCAxMiArKysrKysrKy0tLS0KIDEgZmlsZSBjaGFu Z2VkLCA4IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0t Z2l0IGEvaHcveGVuX2Jsa2lmLmggYi9ody94ZW5fYmxraWYuaAppbmRleCBj YTNhNjViLi5lYjI5Y2IxIDEwMDY0NAotLS0gYS9ody94ZW5fYmxraWYuaAor KysgYi9ody94ZW5fYmxraWYuaApAQCAtNzksOCArNzksMTAgQEAgc3RhdGlj IGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfMzJfcmVxKGJsa2lmX3JlcXVl c3RfdCAqZHN0LCBibGtpZl94ODZfMzJfcmVxdWUKIAlkc3QtPmhhbmRsZSA9 IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwogCWRzdC0+c2Vj dG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlpZiAobiA+IHNy Yy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21lbnRzOworCS8q IHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemluZyB0aGUgY29k ZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFkICovCisJeGVu X21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQorCQluID0gZHN0 LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsgaSsrKQogCQlk c3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQpAQCAtOTQsOCArOTYsMTAg QEAgc3RhdGljIGlubGluZSB2b2lkIGJsa2lmX2dldF94ODZfNjRfcmVxKGJs a2lmX3JlcXVlc3RfdCAqZHN0LCBibGtpZl94ODZfNjRfcmVxdWUKIAlkc3Qt PmhhbmRsZSA9IHNyYy0+aGFuZGxlOwogCWRzdC0+aWQgPSBzcmMtPmlkOwog CWRzdC0+c2VjdG9yX251bWJlciA9IHNyYy0+c2VjdG9yX251bWJlcjsKLQlp ZiAobiA+IHNyYy0+bnJfc2VnbWVudHMpCi0JCW4gPSBzcmMtPm5yX3NlZ21l bnRzOworCS8qIHByZXZlbnQgdGhlIGNvbXBpbGVyIGZyb20gb3B0aW1pemlu ZyB0aGUgY29kZSBhbmQgdXNpbmcgc3JjLT5ucl9zZWdtZW50cyBpbnN0ZWFk ICovCisJeGVuX21iKCk7CisJaWYgKG4gPiBkc3QtPm5yX3NlZ21lbnRzKQor CQluID0gZHN0LT5ucl9zZWdtZW50czsKIAlmb3IgKGkgPSAwOyBpIDwgbjsg aSsrKQogCQlkc3QtPnNlZ1tpXSA9IHNyYy0+c2VnW2ldOwogfQotLSAKMi40 LjMKCg== --=separator Content-Type: application/octet-stream; name="xsa155-qemut-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemut-xenfb.patch" Content-Transfer-Encoding: base64 RnJvbSAwZmZkNDU0NzY2NWQyZmVjNjQ4YWIyYzlmZjg1NmM1ZDlkYjliMDdj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVmYW5vIFN0YWJl bGxpbmkgPHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpEYXRl OiBGcmksIDIwIE5vdiAyMDE1IDEwOjM3OjA4IC0wNTAwClN1YmplY3Q6IFtQ QVRDSCAyLzJdIHhlbmZiOiBhdm9pZCByZWFkaW5nIHR3aWNlIHRoZSBzYW1l IGZpZWxkcyBmcm9tIHRoZQogc2hhcmVkIHBhZ2UKClJlYWRpbmcgdHdpY2Ug dGhlIHNhbWUgZmllbGQgY291bGQgZ2l2ZSB0aGUgZ3Vlc3QgYW4gYXR0YWNr IG9mCm9wcG9ydHVuaXR5LiBJbiB0aGUgY2FzZSBvZiBldmVudC0+dHlwZSwg Z2NjIGNvdWxkIGNvbXBpbGUgdGhlIHN3aXRjaApzdGF0ZW1lbnQgaW50byBh IGp1bXAgdGFibGUsIGVmZmVjdGl2ZWx5IGVuZGluZyB1cCByZWFkaW5nIHRo ZSB0eXBlCmZpZWxkIG11bHRpcGxlIHRpbWVzLgoKVGhpcyBpcyBwYXJ0IG9m IFhTQS0xNTUuCgpTaWduZWQtb2ZmLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkg PHN0ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgotLS0KIGh3L3hl bmZiLmMgfCAxMCArKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgNiBpbnNl cnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2h3L3hl bmZiLmMgYi9ody94ZW5mYi5jCmluZGV4IDc1YjJiYzIuLjM2OWQ0NWQgMTAw NjQ0Ci0tLSBhL2h3L3hlbmZiLmMKKysrIGIvaHcveGVuZmIuYwpAQCAtODI3 LDE4ICs4MjcsMjAgQEAgc3RhdGljIHZvaWQgeGVuZmJfaW52YWxpZGF0ZSh2 b2lkICpvcGFxdWUpCiAKIHN0YXRpYyB2b2lkIHhlbmZiX2hhbmRsZV9ldmVu dHMoc3RydWN0IFhlbkZCICp4ZW5mYikKIHsKLSAgICB1aW50MzJfdCBwcm9k LCBjb25zOworICAgIHVpbnQzMl90IHByb2QsIGNvbnMsIG91dF9jb25zOwog ICAgIHN0cnVjdCB4ZW5mYl9wYWdlICpwYWdlID0geGVuZmItPmMucGFnZTsK IAogICAgIHByb2QgPSBwYWdlLT5vdXRfcHJvZDsKLSAgICBpZiAocHJvZCA9 PSBwYWdlLT5vdXRfY29ucykKKyAgICBvdXRfY29ucyA9IHBhZ2UtPm91dF9j b25zOworICAgIGlmIChwcm9kID09IG91dF9jb25zKQogCXJldHVybjsKICAg ICB4ZW5fcm1iKCk7CQkvKiBlbnN1cmUgd2Ugc2VlIHJpbmcgY29udGVudHMg dXAgdG8gcHJvZCAqLwotICAgIGZvciAoY29ucyA9IHBhZ2UtPm91dF9jb25z OyBjb25zICE9IHByb2Q7IGNvbnMrKykgeworICAgIGZvciAoY29ucyA9IG91 dF9jb25zOyBjb25zICE9IHByb2Q7IGNvbnMrKykgewogCXVuaW9uIHhlbmZi X291dF9ldmVudCAqZXZlbnQgPSAmWEVORkJfT1VUX1JJTkdfUkVGKHBhZ2Us IGNvbnMpOworICAgICAgICB1aW50OF90IHR5cGUgPSBldmVudC0+dHlwZTsK IAlpbnQgeCwgeSwgdywgaDsKIAotCXN3aXRjaCAoZXZlbnQtPnR5cGUpIHsK Kwlzd2l0Y2ggKHR5cGUpIHsKIAljYXNlIFhFTkZCX1RZUEVfVVBEQVRFOgog CSAgICBpZiAoeGVuZmItPnVwX2NvdW50ID09IFVQX1FVRVVFKQogCQl4ZW5m Yi0+dXBfZnVsbHNjcmVlbiA9IDE7Ci0tIAoyLjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa155-qemu-xenfb.patch" Content-Disposition: attachment; filename="xsa155-qemu-xenfb.patch" Content-Transfer-Encoding: base64 eGVuZmI6IGF2b2lkIHJlYWRpbmcgdHdpY2UgdGhlIHNhbWUgZmllbGRzIGZy b20gdGhlIHNoYXJlZCBwYWdlCgpSZWFkaW5nIHR3aWNlIHRoZSBzYW1lIGZp ZWxkIGNvdWxkIGdpdmUgdGhlIGd1ZXN0IGFuIGF0dGFjayBvZgpvcHBvcnR1 bml0eS4gSW4gdGhlIGNhc2Ugb2YgZXZlbnQtPnR5cGUsIGdjYyBjb3VsZCBj b21waWxlIHRoZSBzd2l0Y2gKc3RhdGVtZW50IGludG8gYSBqdW1wIHRhYmxl LCBlZmZlY3RpdmVseSBlbmRpbmcgdXAgcmVhZGluZyB0aGUgdHlwZQpmaWVs ZCBtdWx0aXBsZSB0aW1lcy4KClRoaXMgaXMgcGFydCBvZiBYU0EtMTU1LgoK U2lnbmVkLW9mZi1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0 YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KCgpkaWZmIC0tZ2l0IGEvaHcvZGlz cGxheS94ZW5mYi5jIGIvaHcvZGlzcGxheS94ZW5mYi5jCmluZGV4IDVlMzI0 ZWYuLjRlMmEyN2EgMTAwNjQ0Ci0tLSBhL2h3L2Rpc3BsYXkveGVuZmIuYwor KysgYi9ody9kaXNwbGF5L3hlbmZiLmMKQEAgLTc4NCwxOCArNzg0LDIwIEBA IHN0YXRpYyB2b2lkIHhlbmZiX2ludmFsaWRhdGUodm9pZCAqb3BhcXVlKQog CiBzdGF0aWMgdm9pZCB4ZW5mYl9oYW5kbGVfZXZlbnRzKHN0cnVjdCBYZW5G QiAqeGVuZmIpCiB7Ci0gICAgdWludDMyX3QgcHJvZCwgY29uczsKKyAgICB1 aW50MzJfdCBwcm9kLCBjb25zLCBvdXRfY29uczsKICAgICBzdHJ1Y3QgeGVu ZmJfcGFnZSAqcGFnZSA9IHhlbmZiLT5jLnBhZ2U7CiAKICAgICBwcm9kID0g cGFnZS0+b3V0X3Byb2Q7Ci0gICAgaWYgKHByb2QgPT0gcGFnZS0+b3V0X2Nv bnMpCisgICAgb3V0X2NvbnMgPSBwYWdlLT5vdXRfY29uczsKKyAgICBpZiAo cHJvZCA9PSBvdXRfY29ucykKIAlyZXR1cm47CiAgICAgeGVuX3JtYigpOwkJ LyogZW5zdXJlIHdlIHNlZSByaW5nIGNvbnRlbnRzIHVwIHRvIHByb2QgKi8K LSAgICBmb3IgKGNvbnMgPSBwYWdlLT5vdXRfY29uczsgY29ucyAhPSBwcm9k OyBjb25zKyspIHsKKyAgICBmb3IgKGNvbnMgPSBvdXRfY29uczsgY29ucyAh PSBwcm9kOyBjb25zKyspIHsKIAl1bmlvbiB4ZW5mYl9vdXRfZXZlbnQgKmV2 ZW50ID0gJlhFTkZCX09VVF9SSU5HX1JFRihwYWdlLCBjb25zKTsKKyAgICAg ICAgdWludDhfdCB0eXBlID0gZXZlbnQtPnR5cGU7CiAJaW50IHgsIHksIHcs IGg7CiAKLQlzd2l0Y2ggKGV2ZW50LT50eXBlKSB7CisJc3dpdGNoICh0eXBl KSB7CiAJY2FzZSBYRU5GQl9UWVBFX1VQREFURToKIAkgICAgaWYgKHhlbmZi LT51cF9jb3VudCA9PSBVUF9RVUVVRSkKIAkJeGVuZmItPnVwX2Z1bGxzY3Jl ZW4gPSAxOwo= --=separator Content-Type: application/octet-stream; name="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSAxMmIxMTY1OGE5ZDZhNjU0YTFlN2FjYmYyZjJkNTZjZTlhMzk2Yzg2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBWcmFiZWwg PGRhdmlkLnZyYWJlbEBjaXRyaXguY29tPgpEYXRlOiBGcmksIDIwIE5vdiAy MDE1IDExOjU5OjA1IC0wNTAwClN1YmplY3Q6IFtQQVRDSCAxLzNdIHhlbjog QWRkIFJJTkdfQ09QWV9SRVFVRVNUKCkKClVzaW5nIFJJTkdfR0VUX1JFUVVF U1QoKSBvbiBhIHNoYXJlZCByaW5nIGlzIGVhc3kgdG8gdXNlIGluY29ycmVj dGx5CihpLmUuLCBieSBub3QgY29uc2lkZXJpbmcgdGhhdCB0aGUgb3RoZXIg ZW5kIG1heSBhbHRlciB0aGUgZGF0YSBpbiB0aGUKc2hhcmVkIHJpbmcgd2hp bGUgaXQgaXMgYmVpbmcgaW5zcGVjdGVkKS4gIFNhZmUgdXNhZ2Ugb2YgYSBy ZXF1ZXN0CmdlbmVyYWxseSByZXF1aXJlcyB0YWtpbmcgYSBsb2NhbCBjb3B5 LgoKUHJvdmlkZSBhIFJJTkdfQ09QWV9SRVFVRVNUKCkgbWFjcm8gdG8gdXNl IGluc3RlYWQgb2YKUklOR19HRVRfUkVRVUVTVCgpIGFuZCBhbiBvcGVuLWNv ZGVkIG1lbWNweSgpLiAgVGhpcyB0YWtlcyBjYXJlIG9mCmVuc3VyaW5nIHRo YXQgdGhlIGNvcHkgaXMgZG9uZSBjb3JyZWN0bHkgcmVnYXJkbGVzcyBvZiBh bnkgcG9zc2libGUKY29tcGlsZXIgb3B0aW1pemF0aW9ucy4KClVzZSBhIHZv bGF0aWxlIHNvdXJjZSB0byBwcmV2ZW50IHRoZSBjb21waWxlciBmcm9tIHJl b3JkZXJpbmcgb3IKb21pdHRpbmcgdGhlIGNvcHkuCgpUaGlzIGlzIHBhcnQg b2YgWFNBMTU1LgoKU2lnbmVkLW9mZi1ieTogRGF2aWQgVnJhYmVsIDxkYXZp ZC52cmFiZWxAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6 ZXN6dXRlayBXaWxrIDxrb25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KdjI6 IEFkZCBjb21tZW50IGFib3V0IEdDQyBidWcuCi0tLQogeGVuL2luY2x1ZGUv cHVibGljL2lvL3JpbmcuaCB8IDE0ICsrKysrKysrKysrKysrCiAxIGZpbGUg Y2hhbmdlZCwgMTQgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9p bmNsdWRlL3B1YmxpYy9pby9yaW5nLmggYi94ZW4vaW5jbHVkZS9wdWJsaWMv aW8vcmluZy5oCmluZGV4IGJhOTQwMWIuLjgwMWMwZGEgMTAwNjQ0Ci0tLSBh L3hlbi9pbmNsdWRlL3B1YmxpYy9pby9yaW5nLmgKKysrIGIveGVuL2luY2x1 ZGUvcHVibGljL2lvL3JpbmcuaApAQCAtMjEyLDYgKzIxMiwyMCBAQCB0eXBl ZGVmIHN0cnVjdCBfX25hbWUjI19iYWNrX3JpbmcgX19uYW1lIyNfYmFja19y aW5nX3QKICNkZWZpbmUgUklOR19HRVRfUkVRVUVTVChfciwgX2lkeCkgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAoJigo X3IpLT5zcmluZy0+cmluZ1soKF9pZHgpICYgKFJJTkdfU0laRShfcikgLSAx KSldLnJlcSkpCiAKKy8qCisgKiBHZXQgYSBsb2NhbCBjb3B5IG9mIGEgcmVx dWVzdC4KKyAqCisgKiBVc2UgdGhpcyBpbiBwcmVmZXJlbmNlIHRvIFJJTkdf R0VUX1JFUVVFU1QoKSBzbyBhbGwgcHJvY2Vzc2luZyBpcworICogZG9uZSBv biBhIGxvY2FsIGNvcHkgdGhhdCBjYW5ub3QgYmUgbW9kaWZpZWQgYnkgdGhl IG90aGVyIGVuZC4KKyAqCisgKiBOb3RlIHRoYXQgaHR0cHM6Ly9nY2MuZ251 Lm9yZy9idWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9NTgxNDUgbWF5IGNhdXNl IHRoaXMKKyAqIHRvIGJlIGluZWZmZWN0aXZlIHdoZXJlIF9yZXEgaXMgYSBz dHJ1Y3Qgd2hpY2ggY29uc2lzdHMgb2Ygb25seSBiaXRmaWVsZHMuCisgKi8K KyNkZWZpbmUgUklOR19DT1BZX1JFUVVFU1QoX3IsIF9pZHgsIF9yZXEpIGRv IHsJCQkJXAorCS8qIFVzZSB2b2xhdGlsZSB0byBmb3JjZSB0aGUgY29weSBp bnRvIF9yZXEuICovCQkJXAorCSooX3JlcSkgPSAqKHZvbGF0aWxlIHR5cGVv ZihfcmVxKSlSSU5HX0dFVF9SRVFVRVNUKF9yLCBfaWR4KTsJXAorfSB3aGls ZSAoMCkKKwogI2RlZmluZSBSSU5HX0dFVF9SRVNQT05TRShfciwgX2lkeCkg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICgm KChfciktPnNyaW5nLT5yaW5nWygoX2lkeCkgJiAoUklOR19TSVpFKF9yKSAt IDEpKV0ucnNwKSkKIAotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Disposition: attachment; filename="xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch" Content-Transfer-Encoding: base64 RnJvbSA4NTFmZmI0ZWVhOTE3ZTI3MDhjOTEyMjkxZGVhNGQxMzMwMjZjMGFj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MTY6MDIgLTA1MDAKU3ViamVjdDogW1BBVENIIDIv M10gYmxrdGFwMjogVXNlIFJJTkdfQ09QWV9SRVFVRVNUCgpJbnN0ZWFkIG9m IFJJTkdfR0VUX1JFUVVFU1QuIFVzaW5nIGEgbG9jYWwgY29weSBvZiB0aGUK cmluZyAoYW5kIGFsc28gd2l0aCBwcm9wZXIgbWVtb3J5IGJhcnJpZXJzKSB3 aWxsIG1lYW4Kd2UgY2FuIGRvIG5vdCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRo ZSBjb21waWxlciBvcHRpbWl6aW5nCnRoZSBjb2RlIGFuZCBkb2luZyBhIGRv dWJsZS1mZXRjaCBpbiB0aGUgc2hhcmVkIG1lbW9yeSBzcGFjZS4KClRoaXMg aXMgcGFydCBvZiBYU0ExNTUuCgpTaWduZWQtb2ZmLWJ5OiBLb25yYWQgUnpl c3p1dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CgotLS0KdjI6 IEZpeCBjb21waWxlIGlzc3VlcyB3aXRoIHRhcGRpc2stdmJkCi0tLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jICAgfCAzICsrLQogdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMgfCA4ICsrKystLS0t CiAyIGZpbGVzIGNoYW5nZWQsIDYgaW5zZXJ0aW9ucygrKSwgNSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxv Y2stbG9nLmMgYi90b29scy9ibGt0YXAyL2RyaXZlcnMvYmxvY2stbG9nLmMK aW5kZXggNTMzMGNkYy4uNWYzYmQzNSAxMDA2NDQKLS0tIGEvdG9vbHMvYmxr dGFwMi9kcml2ZXJzL2Jsb2NrLWxvZy5jCisrKyBiL3Rvb2xzL2Jsa3RhcDIv ZHJpdmVycy9ibG9jay1sb2cuYwpAQCAtNDk0LDExICs0OTQsMTIgQEAgc3Rh dGljIGludCBjdGxfa2ljayhzdHJ1Y3QgdGRsb2dfc3RhdGUqIHMsIGludCBm ZCkKICAgcmVxc3RhcnQgPSBzLT5icmluZy5yZXFfY29uczsKICAgcmVxZW5k ID0gcy0+c3JpbmctPnJlcV9wcm9kOwogCisgIHhlbl9tYigpOwogICBCRFBS SU5URigiY3RsOiByaW5nIGtpY2tlZCAoc3RhcnQgPSAldSwgZW5kID0gJXUp IiwgcmVxc3RhcnQsIHJlcWVuZCk7CiAKICAgd2hpbGUgKHJlcXN0YXJ0ICE9 IHJlcWVuZCkgewogICAgIC8qIFhYWCBhY3R1YWxseSBzdWJtaXQgdGhlc2Uh ICovCi0gICAgbWVtY3B5KCZyZXEsIFJJTkdfR0VUX1JFUVVFU1QoJnMtPmJy aW5nLCByZXFzdGFydCksIHNpemVvZihyZXEpKTsKKyAgICBSSU5HX0NPUFlf UkVRVUVTVCgmcy0+YnJpbmcsIHJlcXN0YXJ0LCAmcmVxKTsKICAgICBCRFBS SU5URigiY3RsOiByZWFkIHJlcXVlc3QgJSJQUkl1NjQiOiV1IiwgcmVxLnNl Y3RvciwgcmVxLmNvdW50KTsKICAgICBzLT5icmluZy5yZXFfY29ucyA9ICsr cmVxc3RhcnQ7CiAKZGlmZiAtLWdpdCBhL3Rvb2xzL2Jsa3RhcDIvZHJpdmVy cy90YXBkaXNrLXZiZC5jIGIvdG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRp c2stdmJkLmMKaW5kZXggNmQxZDk0YS4uODllZjllZCAxMDA2NDQKLS0tIGEv dG9vbHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKKysrIGIvdG9v bHMvYmxrdGFwMi9kcml2ZXJzL3RhcGRpc2stdmJkLmMKQEAgLTE1NTUsNyAr MTU1NSw3IEBAIHRhcGRpc2tfdmJkX3B1bGxfcmluZ19yZXF1ZXN0cyh0ZF92 YmRfdCAqdmJkKQogCWludCBpZHg7CiAJUklOR19JRFggcnAsIHJjOwogCXRk X3JpbmdfdCAqcmluZzsKLQlibGtpZl9yZXF1ZXN0X3QgKnJlcTsKKwlibGtp Zl9yZXF1ZXN0X3QgcmVxOwogCXRkX3ZiZF9yZXF1ZXN0X3QgKnZyZXE7CiAK IAlyaW5nID0gJnZiZC0+cmluZzsKQEAgLTE1NjYsMTYgKzE1NjYsMTYgQEAg dGFwZGlza192YmRfcHVsbF9yaW5nX3JlcXVlc3RzKHRkX3ZiZF90ICp2YmQp CiAJeGVuX3JtYigpOwogCiAJZm9yIChyYyA9IHJpbmctPmZlX3JpbmcucmVx X2NvbnM7IHJjICE9IHJwOyByYysrKSB7Ci0JCXJlcSA9IFJJTkdfR0VUX1JF UVVFU1QoJnJpbmctPmZlX3JpbmcsIHJjKTsKKwkJUklOR19DT1BZX1JFUVVF U1QoJnJpbmctPmZlX3JpbmcsIHJjLCAmcmVxKTsKIAkJKytyaW5nLT5mZV9y aW5nLnJlcV9jb25zOwogCi0JCWlkeCAgPSByZXEtPmlkOworCQlpZHggID0g cmVxLmlkOwogCQl2cmVxID0gJnZiZC0+cmVxdWVzdF9saXN0W2lkeF07CiAK IAkJQVNTRVJUKGxpc3RfZW1wdHkoJnZyZXEtPm5leHQpKTsKIAkJQVNTRVJU KHZyZXEtPnNlY3NfcGVuZGluZyA9PSAwKTsKIAotCQltZW1jcHkoJnZyZXEt PnJlcSwgcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7CisJCW1lbWNw eSgmdnJlcS0+cmVxLCAmcmVxLCBzaXplb2YoYmxraWZfcmVxdWVzdF90KSk7 CiAJCXZiZC0+cmVjZWl2ZWQrKzsKIAkJdnJlcS0+dmJkID0gdmJkOwogCi0t IAoyLjEuNAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBjMWZjZTY1ZTJiNzIwNjg0ZWE2YmE3NmFlNTk5MjE1NDJiZDE1NGJi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIIDMv M10gbGlidmNoYW46IFJlYWQgcHJvZC9jb25zIG9ubHkgb25jZS4KCldlIG11 c3QgZW5zdXJlIHRoYXQgdGhlIHByb2QvY29ucyBhcmUgb25seSByZWFkIG9u Y2UgYW5kIHRoYXQKdGhlIGNvbXBpbGVyIHdvbid0IHRyeSB0byBvcHRpbWl6 ZSB0aGUgcmVhZHMuIFRoYXQgaXMgc3BsaXQKdGhlIHJlYWQgb2YgdGhlc2Ug aW4gbXVsdGlwbGUgaW5zdHJ1Y3Rpb25zIGluZmx1ZW5jaW5nIGxhdGVyCmJy YW5jaCBjb2RlLiBBcyBzdWNoIGluc2VydCBiYXJyaWVycyB3aGVuIGZldGNo aW5nIHRoZSBjb25zCmFuZCBwcm9kIGluZGV4LgoKVGhpcyBpcyBwYXJ0IG9m IFhTQTE1NS4KClNpZ25lZC1vZmYtYnk6IEtvbnJhZCBSemVzenV0ZWsgV2ls ayA8a29ucmFkLndpbGtAb3JhY2xlLmNvbT4KLS0tCiB0b29scy9saWJ2Y2hh bi9pby5jIHwgMiArKwogMSBmaWxlIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygr KQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMgYi90b29scy9s aWJ2Y2hhbi9pby5jCmluZGV4IDhhOTYyOWIuLjM4MWNjMDUgMTAwNjQ0Ci0t LSBhL3Rvb2xzL2xpYnZjaGFuL2lvLmMKKysrIGIvdG9vbHMvbGlidmNoYW4v aW8uYwpAQCAtMTE3LDYgKzExNyw3IEBAIHN0YXRpYyBpbmxpbmUgaW50IHNl bmRfbm90aWZ5KHN0cnVjdCBsaWJ4ZW52Y2hhbiAqY3RybCwgdWludDhfdCBi aXQpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0X2RhdGFfcmVhZHkoc3Ry dWN0IGxpYnhlbnZjaGFuICpjdHJsKQogewogCXVpbnQzMl90IHJlYWR5ID0g cmRfcHJvZChjdHJsKSAtIHJkX2NvbnMoY3RybCk7CisJeGVuX21iKCk7IC8q IEVuc3VyZSAncmVhZHknIGlzIHJlYWQgb25seSBvbmNlLiAqLwogCWlmIChy ZWFkeSA+IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3 YXkgdG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMK IAkJICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1 OCw2ICsxNTksNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1 Y3QgbGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdf Z2V0X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7 CiAJdWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3Jf cHJvZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBF bnN1cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVh ZHkgPiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5 IHRvIHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJ CSAqIGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEu MAoK --=separator Content-Type: application/octet-stream; name="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Disposition: attachment; filename="xsa155-xen44-0003-libvchan-Read-prod-cons-only-once.patch" Content-Transfer-Encoding: base64 RnJvbSBlZjg2YWQwYjYwZmUxNzliMWE2ZmEzOTBlMDVjMzM5ZmI0NGI5Y2M5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLb25yYWQgUnplc3p1 dGVrIFdpbGsgPGtvbnJhZC53aWxrQG9yYWNsZS5jb20+CkRhdGU6IEZyaSwg MjAgTm92IDIwMTUgMTI6MjI6MTQgLTA1MDAKU3ViamVjdDogW1BBVENIXSBs aWJ2Y2hhbjogUmVhZCBwcm9kL2NvbnMgb25seSBvbmNlLgoKV2UgbXVzdCBl bnN1cmUgdGhhdCB0aGUgcHJvZC9jb25zIGFyZSBvbmx5IHJlYWQgb25jZSBh bmQgdGhhdAp0aGUgY29tcGlsZXIgd29uJ3QgdHJ5IHRvIG9wdGltaXplIHRo ZSByZWFkcy4gVGhhdCBpcyBzcGxpdAp0aGUgcmVhZCBvZiB0aGVzZSBpbiBt dWx0aXBsZSBpbnN0cnVjdGlvbnMgaW5mbHVlbmNpbmcgbGF0ZXIKYnJhbmNo IGNvZGUuIEFzIHN1Y2ggaW5zZXJ0IGJhcnJpZXJzIHdoZW4gZmV0Y2hpbmcg dGhlIGNvbnMKYW5kIHByb2QgaW5kZXguCgpUaGlzIGlzIHBhcnQgb2YgWFNB MTU1LgoKU2lnbmVkLW9mZi1ieTogS29ucmFkIFJ6ZXN6dXRlayBXaWxrIDxr b25yYWQud2lsa0BvcmFjbGUuY29tPgotLS0KIHRvb2xzL2xpYnZjaGFuL2lv LmMgfCAyICsrCiAxIGZpbGUgY2hhbmdlZCwgMiBpbnNlcnRpb25zKCspCgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlidmNoYW4vaW8uYyBiL3Rvb2xzL2xpYnZj aGFuL2lvLmMKaW5kZXggODA0YzYzYy4uOGIzM2Y0MCAxMDA2NDQKLS0tIGEv dG9vbHMvbGlidmNoYW4vaW8uYworKysgYi90b29scy9saWJ2Y2hhbi9pby5j CkBAIC0xMTgsNiArMTE4LDcgQEAgc3RhdGljIGlubGluZSBpbnQgc2VuZF9u b3RpZnkoc3RydWN0IGxpYnhlbnZjaGFuICpjdHJsLCB1aW50OF90IGJpdCkK IHN0YXRpYyBpbmxpbmUgaW50IHJhd19nZXRfZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiB7CiAJdWludDMyX3QgcmVhZHkgPSByZF9w cm9kKGN0cmwpIC0gcmRfY29ucyhjdHJsKTsKKwl4ZW5fbWIoKTsgLyogRW5z dXJlICdyZWFkeScgaXMgcmVhZCBvbmx5IG9uY2UuICovCiAJaWYgKHJlYWR5 ID49IHJkX3Jpbmdfc2l6ZShjdHJsKSkKIAkJLyogV2UgaGF2ZSBubyB3YXkg dG8gcmV0dXJuIGVycm9ycy4gIExvY2tpbmcgdXAgdGhlIHJpbmcgaXMKIAkJ ICogYmV0dGVyIHRoYW4gdGhlIGFsdGVybmF0aXZlcy4gKi8KQEAgLTE1OSw2 ICsxNjAsNyBAQCBpbnQgbGlieGVudmNoYW5fZGF0YV9yZWFkeShzdHJ1Y3Qg bGlieGVudmNoYW4gKmN0cmwpCiBzdGF0aWMgaW5saW5lIGludCByYXdfZ2V0 X2J1ZmZlcl9zcGFjZShzdHJ1Y3QgbGlieGVudmNoYW4gKmN0cmwpCiB7CiAJ dWludDMyX3QgcmVhZHkgPSB3cl9yaW5nX3NpemUoY3RybCkgLSAod3JfcHJv ZChjdHJsKSAtIHdyX2NvbnMoY3RybCkpOworCXhlbl9tYigpOyAvKiBFbnN1 cmUgJ3JlYWR5JyBpcyByZWFkIG9ubHkgb25jZS4gKi8KIAlpZiAocmVhZHkg PiB3cl9yaW5nX3NpemUoY3RybCkpCiAJCS8qIFdlIGhhdmUgbm8gd2F5IHRv IHJldHVybiBlcnJvcnMuICBMb2NraW5nIHVwIHRoZSByaW5nIGlzCiAJCSAq IGJldHRlciB0aGFuIHRoZSBhbHRlcm5hdGl2ZXMuICovCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Mon Dec 21 11:19:10 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Dec 2015 11:19:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aAyTR-0008OY-5w; Mon, 21 Dec 2015 11:17:53 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aAyTP-0008OF-D8; Mon, 21 Dec 2015 11:17:51 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id 1F/B2-21571-EDFD7765; Mon, 21 Dec 2015 11:17:50 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-15.tower-21.messagelabs.com!1450696664!6458547!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 43963 invoked from network); 21 Dec 2015 11:17:50 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-15.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 21 Dec 2015 11:17:50 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aAyTA-00005W-HU; Mon, 21 Dec 2015 11:17:36 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1aAyT9-0007Rq-Mv; Mon, 21 Dec 2015 11:17:36 +0000 Date: Mon, 21 Dec 2015 11:17:36 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 169 - x86: unintentional logging upon guest changing callback method X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-169 x86: unintentional logging upon guest changing callback method ISSUE DESCRIPTION ================= HYPERVISOR_hvm_op sub-op HVMOP_set_param's HVM_PARAM_CALLBACK_IRQ operation intends to log the new callback method in debug builds only. The full message, however, is split into two parts, the second one of which didn't get suppressed on non-debug builds as would have been intended. These log messages are not rate-limited and can be triggered by guests. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen version 4.6 is affected. Older Xen versions are unaffected. ARM systems are not affected. Only x86 HVM guests can expose this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which do not excessively invoke this operation will also prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. NOTE REGARDING LACK OF EMBARGO ============================== The fix for this bug was publicly posted on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= This issue was discovered as a bug by Malcolm Crossley of Citrix; the security impact was recognised by Jan Beulich of SuSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa169.patch xen-unstable, Xen 4.6.x $ sha256sum xsa169* b818922880313cdbc12ea68ae757da5eabed9b3c9e1f8acefe1653683545ccbe xsa169.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWd96OAAoJEIP+FMlX6CvZm18H/Rtth2qo/064hqkTrU8S2/Oo vbQQxPdRaOZ4T7pGQf58JAVTNuY/nZB56h+t5N0SBV4O1+PvKm/2yY86HyJ1D0Ia 98XmxDuxKQU00LSHy3Jtri+/Nu23bdOsD4fk8Fd62J3EJnbWe8nuSy+Pns5ju/8X HxWkbw5Ek4UR5MGU/UJLNjUGR+VY8WwqNJvtXGm36DOpZw86GlPN87QeubhhXeog nWt/a6aYRUVy05auItY5oHNIKQiJicBdqIxdxss1E43tQjHi1RwAAiYLrbImGZOu etqJaaab+7vJqqvQgHJqlF/vLSvuaol/CrKPurfwFnKxn2x4KIYG2xtWrRa3Y5w= =hg+4 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa169.patch" Content-Disposition: attachment; filename="xsa169.patch" Content-Transfer-Encoding: base64 eDg2OiBtYWtlIGRlYnVnIG91dHB1dCBjb25zaXN0ZW50IGluIGh2bV9zZXRf Y2FsbGJhY2tfdmlhCgpUaGUgdW5jb25kaXRpb25hbCBwcmludGtzIGluIHRo ZSBzd2l0Y2ggc3RhdGVtZW50IG9mIHRoZQpodm1fc2V0X2NhbGxiYWNrX3Zp YSBmdW5jdGlvbiByZXN1bHRzIGluIFhlbiBsb2cgc3BhbSBpbiBub24gZGVi dWcKdmVyc2lvbnMgb2YgWGVuLiBUaGUgcHJpbnRrcyBhcmUgZm9yIGRlYnVn IG91dHB1dCBvbmx5IHNvIGNvbmRpdGlvbmFsbHkKY29tcGlsZSB0aGUgZW50 aXJlIHN3aXRjaCBzdGF0ZW1lbnQgb24gZGVidWcgdmVyc2lvbnMgb2YgWGVu IG9ubHkuCgpUaGlzIGlzIFhTQS0xNjkuCgpTaWduZWQtb2ZmLWJ5OiBNYWxj b2xtIENyb3NzbGV5IDxtYWxjb2xtLmNyb3NzbGV5QGNpdHJpeC5jb20+ClJl dmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFj a2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29t PgoKLS0tIGEveGVuL2FyY2gveDg2L2h2bS9pcnEuYworKysgYi94ZW4vYXJj aC94ODYvaHZtL2lycS5jCkBAIC0zODYsNyArMzg2LDggQEAgdm9pZCBodm1f c2V0X2NhbGxiYWNrX3ZpYShzdHJ1Y3QgZG9tYWluCiAKICAgICBzcGluX3Vu bG9jaygmZC0+YXJjaC5odm1fZG9tYWluLmlycV9sb2NrKTsKIAotICAgIGRw cmludGsoWEVOTE9HX0dfSU5GTywgIkRvbSV1IGNhbGxiYWNrIHZpYSBjaGFu Z2VkIHRvICIsIGQtPmRvbWFpbl9pZCk7CisjaWZuZGVmIE5ERUJVRworICAg IHByaW50ayhYRU5MT0dfR19JTkZPICJEb20ldSBjYWxsYmFjayB2aWEgY2hh bmdlZCB0byAiLCBkLT5kb21haW5faWQpOwogICAgIHN3aXRjaCAoIHZpYV90 eXBlICkKICAgICB7CiAgICAgY2FzZSBIVk1JUlFfY2FsbGJhY2tfZ3NpOgpA QCAtNDAyLDYgKzQwMyw3IEBAIHZvaWQgaHZtX3NldF9jYWxsYmFja192aWEo c3RydWN0IGRvbWFpbgogICAgICAgICBwcmludGsoIk5vbmVcbiIpOwogICAg ICAgICBicmVhazsKICAgICB9CisjZW5kaWYKIH0KIAogc3RydWN0IGh2bV9p bnRhY2sgaHZtX3ZjcHVfaGFzX3BlbmRpbmdfaXJxKHN0cnVjdCB2Y3B1ICp2 KQo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Mon Dec 21 11:19:10 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Dec 2015 11:19:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aAyTR-0008OY-5w; Mon, 21 Dec 2015 11:17:53 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aAyTP-0008OF-D8; Mon, 21 Dec 2015 11:17:51 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id 1F/B2-21571-EDFD7765; Mon, 21 Dec 2015 11:17:50 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-15.tower-21.messagelabs.com!1450696664!6458547!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 43963 invoked from network); 21 Dec 2015 11:17:50 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-15.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 21 Dec 2015 11:17:50 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aAyTA-00005W-HU; Mon, 21 Dec 2015 11:17:36 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1aAyT9-0007Rq-Mv; Mon, 21 Dec 2015 11:17:36 +0000 Date: Mon, 21 Dec 2015 11:17:36 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 169 - x86: unintentional logging upon guest changing callback method X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-169 x86: unintentional logging upon guest changing callback method ISSUE DESCRIPTION ================= HYPERVISOR_hvm_op sub-op HVMOP_set_param's HVM_PARAM_CALLBACK_IRQ operation intends to log the new callback method in debug builds only. The full message, however, is split into two parts, the second one of which didn't get suppressed on non-debug builds as would have been intended. These log messages are not rate-limited and can be triggered by guests. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen version 4.6 is affected. Older Xen versions are unaffected. ARM systems are not affected. Only x86 HVM guests can expose this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which do not excessively invoke this operation will also prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. NOTE REGARDING LACK OF EMBARGO ============================== The fix for this bug was publicly posted on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= This issue was discovered as a bug by Malcolm Crossley of Citrix; the security impact was recognised by Jan Beulich of SuSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa169.patch xen-unstable, Xen 4.6.x $ sha256sum xsa169* b818922880313cdbc12ea68ae757da5eabed9b3c9e1f8acefe1653683545ccbe xsa169.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWd96OAAoJEIP+FMlX6CvZm18H/Rtth2qo/064hqkTrU8S2/Oo vbQQxPdRaOZ4T7pGQf58JAVTNuY/nZB56h+t5N0SBV4O1+PvKm/2yY86HyJ1D0Ia 98XmxDuxKQU00LSHy3Jtri+/Nu23bdOsD4fk8Fd62J3EJnbWe8nuSy+Pns5ju/8X HxWkbw5Ek4UR5MGU/UJLNjUGR+VY8WwqNJvtXGm36DOpZw86GlPN87QeubhhXeog nWt/a6aYRUVy05auItY5oHNIKQiJicBdqIxdxss1E43tQjHi1RwAAiYLrbImGZOu etqJaaab+7vJqqvQgHJqlF/vLSvuaol/CrKPurfwFnKxn2x4KIYG2xtWrRa3Y5w= =hg+4 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa169.patch" Content-Disposition: attachment; filename="xsa169.patch" Content-Transfer-Encoding: base64 eDg2OiBtYWtlIGRlYnVnIG91dHB1dCBjb25zaXN0ZW50IGluIGh2bV9zZXRf Y2FsbGJhY2tfdmlhCgpUaGUgdW5jb25kaXRpb25hbCBwcmludGtzIGluIHRo ZSBzd2l0Y2ggc3RhdGVtZW50IG9mIHRoZQpodm1fc2V0X2NhbGxiYWNrX3Zp YSBmdW5jdGlvbiByZXN1bHRzIGluIFhlbiBsb2cgc3BhbSBpbiBub24gZGVi dWcKdmVyc2lvbnMgb2YgWGVuLiBUaGUgcHJpbnRrcyBhcmUgZm9yIGRlYnVn IG91dHB1dCBvbmx5IHNvIGNvbmRpdGlvbmFsbHkKY29tcGlsZSB0aGUgZW50 aXJlIHN3aXRjaCBzdGF0ZW1lbnQgb24gZGVidWcgdmVyc2lvbnMgb2YgWGVu IG9ubHkuCgpUaGlzIGlzIFhTQS0xNjkuCgpTaWduZWQtb2ZmLWJ5OiBNYWxj b2xtIENyb3NzbGV5IDxtYWxjb2xtLmNyb3NzbGV5QGNpdHJpeC5jb20+ClJl dmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFj a2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29t PgoKLS0tIGEveGVuL2FyY2gveDg2L2h2bS9pcnEuYworKysgYi94ZW4vYXJj aC94ODYvaHZtL2lycS5jCkBAIC0zODYsNyArMzg2LDggQEAgdm9pZCBodm1f c2V0X2NhbGxiYWNrX3ZpYShzdHJ1Y3QgZG9tYWluCiAKICAgICBzcGluX3Vu bG9jaygmZC0+YXJjaC5odm1fZG9tYWluLmlycV9sb2NrKTsKIAotICAgIGRw cmludGsoWEVOTE9HX0dfSU5GTywgIkRvbSV1IGNhbGxiYWNrIHZpYSBjaGFu Z2VkIHRvICIsIGQtPmRvbWFpbl9pZCk7CisjaWZuZGVmIE5ERUJVRworICAg IHByaW50ayhYRU5MT0dfR19JTkZPICJEb20ldSBjYWxsYmFjayB2aWEgY2hh bmdlZCB0byAiLCBkLT5kb21haW5faWQpOwogICAgIHN3aXRjaCAoIHZpYV90 eXBlICkKICAgICB7CiAgICAgY2FzZSBIVk1JUlFfY2FsbGJhY2tfZ3NpOgpA QCAtNDAyLDYgKzQwMyw3IEBAIHZvaWQgaHZtX3NldF9jYWxsYmFja192aWEo c3RydWN0IGRvbWFpbgogICAgICAgICBwcmludGsoIk5vbmVcbiIpOwogICAg ICAgICBicmVhazsKICAgICB9CisjZW5kaWYKIH0KIAogc3RydWN0IGh2bV9p bnRhY2sgaHZtX3ZjcHVfaGFzX3BlbmRpbmdfaXJxKHN0cnVjdCB2Y3B1ICp2 KQo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 22 18:48:34 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Dec 2015 18:48:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aBRy5-0003ry-4Q; Tue, 22 Dec 2015 18:47:29 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aBRy4-0003ph-3O; Tue, 22 Dec 2015 18:47:28 +0000 Received: from [85.158.137.68] by server-4.bemta-3.messagelabs.com id 03/3F-09570-FBA99765; Tue, 22 Dec 2015 18:47:27 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-31.messagelabs.com!1450810045!12312367!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 53576 invoked from network); 22 Dec 2015 18:47:26 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 22 Dec 2015 18:47:26 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aBRxv-0002zl-8b; Tue, 22 Dec 2015 18:47:19 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1aBRxu-0003xS-QB; Tue, 22 Dec 2015 18:47:19 +0000 Date: Tue, 22 Dec 2015 18:47:18 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 169 (CVE-2015-8615) - x86: unintentional logging upon guest changing callback method X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8615 / XSA-169 version 2 x86: unintentional logging upon guest changing callback method UPDATES IN VERSION 2 ==================== CVE assigned. ISSUE DESCRIPTION ================= HYPERVISOR_hvm_op sub-op HVMOP_set_param's HVM_PARAM_CALLBACK_IRQ operation intends to log the new callback method in debug builds only. The full message, however, is split into two parts, the second one of which didn't get suppressed on non-debug builds as would have been intended. These log messages are not rate-limited and can be triggered by guests. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen version 4.6 is affected. Older Xen versions are unaffected. ARM systems are not affected. Only x86 HVM guests can expose this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which do not excessively invoke this operation will also prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. NOTE REGARDING LACK OF EMBARGO ============================== The fix for this bug was publicly posted on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= This issue was discovered as a bug by Malcolm Crossley of Citrix; the security impact was recognised by Jan Beulich of SuSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa169.patch xen-unstable, Xen 4.6.x $ sha256sum xsa169* b818922880313cdbc12ea68ae757da5eabed9b3c9e1f8acefe1653683545ccbe xsa169.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWeZqAAAoJEIP+FMlX6CvZ/HcIAMLIVFDrwUahqNkGIaS0rXrn LJG6+oMewioAm05NEKI+2wkJn6T4ycJsn+rVWMyOTHpS39vA1kMZK3/Pb/smV3B1 2K+g8avmSjB22VEhjEoKIGniozkPIInB5Pvchf0GY6C30/LJM2ef3hJeQHUA+W9q 68HiXZrwFUUBRcpjoSX3ru954Fcfe0VDpEvIRJRS1O4v/XXJeesavt/0/5PnaP34 sRXr9+l7Ku+Q9z7sh9V87W9Lv98qXnuVns7c3GKIcmDEcvWDihwazCbvuVOZsvQW UoV4/LTiJ2bTqnGp2woUqlTfe7MIOHPzjmR88Pj+/ibveObkcVMDxyz4r34wyxw= =D97B -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa169.patch" Content-Disposition: attachment; filename="xsa169.patch" Content-Transfer-Encoding: base64 eDg2OiBtYWtlIGRlYnVnIG91dHB1dCBjb25zaXN0ZW50IGluIGh2bV9zZXRf Y2FsbGJhY2tfdmlhCgpUaGUgdW5jb25kaXRpb25hbCBwcmludGtzIGluIHRo ZSBzd2l0Y2ggc3RhdGVtZW50IG9mIHRoZQpodm1fc2V0X2NhbGxiYWNrX3Zp YSBmdW5jdGlvbiByZXN1bHRzIGluIFhlbiBsb2cgc3BhbSBpbiBub24gZGVi dWcKdmVyc2lvbnMgb2YgWGVuLiBUaGUgcHJpbnRrcyBhcmUgZm9yIGRlYnVn IG91dHB1dCBvbmx5IHNvIGNvbmRpdGlvbmFsbHkKY29tcGlsZSB0aGUgZW50 aXJlIHN3aXRjaCBzdGF0ZW1lbnQgb24gZGVidWcgdmVyc2lvbnMgb2YgWGVu IG9ubHkuCgpUaGlzIGlzIFhTQS0xNjkuCgpTaWduZWQtb2ZmLWJ5OiBNYWxj b2xtIENyb3NzbGV5IDxtYWxjb2xtLmNyb3NzbGV5QGNpdHJpeC5jb20+ClJl dmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFj a2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29t PgoKLS0tIGEveGVuL2FyY2gveDg2L2h2bS9pcnEuYworKysgYi94ZW4vYXJj aC94ODYvaHZtL2lycS5jCkBAIC0zODYsNyArMzg2LDggQEAgdm9pZCBodm1f c2V0X2NhbGxiYWNrX3ZpYShzdHJ1Y3QgZG9tYWluCiAKICAgICBzcGluX3Vu bG9jaygmZC0+YXJjaC5odm1fZG9tYWluLmlycV9sb2NrKTsKIAotICAgIGRw cmludGsoWEVOTE9HX0dfSU5GTywgIkRvbSV1IGNhbGxiYWNrIHZpYSBjaGFu Z2VkIHRvICIsIGQtPmRvbWFpbl9pZCk7CisjaWZuZGVmIE5ERUJVRworICAg IHByaW50ayhYRU5MT0dfR19JTkZPICJEb20ldSBjYWxsYmFjayB2aWEgY2hh bmdlZCB0byAiLCBkLT5kb21haW5faWQpOwogICAgIHN3aXRjaCAoIHZpYV90 eXBlICkKICAgICB7CiAgICAgY2FzZSBIVk1JUlFfY2FsbGJhY2tfZ3NpOgpA QCAtNDAyLDYgKzQwMyw3IEBAIHZvaWQgaHZtX3NldF9jYWxsYmFja192aWEo c3RydWN0IGRvbWFpbgogICAgICAgICBwcmludGsoIk5vbmVcbiIpOwogICAg ICAgICBicmVhazsKICAgICB9CisjZW5kaWYKIH0KIAogc3RydWN0IGh2bV9p bnRhY2sgaHZtX3ZjcHVfaGFzX3BlbmRpbmdfaXJxKHN0cnVjdCB2Y3B1ICp2 KQo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 22 18:48:34 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Dec 2015 18:48:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aBRy5-0003ry-4Q; Tue, 22 Dec 2015 18:47:29 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aBRy4-0003ph-3O; Tue, 22 Dec 2015 18:47:28 +0000 Received: from [85.158.137.68] by server-4.bemta-3.messagelabs.com id 03/3F-09570-FBA99765; Tue, 22 Dec 2015 18:47:27 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-31.messagelabs.com!1450810045!12312367!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 53576 invoked from network); 22 Dec 2015 18:47:26 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 22 Dec 2015 18:47:26 -0000 Received: from xenbits.xenproject.org ([50.57.170.242] helo=xenbits.xen.org) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aBRxv-0002zl-8b; Tue, 22 Dec 2015 18:47:19 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1aBRxu-0003xS-QB; Tue, 22 Dec 2015 18:47:19 +0000 Date: Tue, 22 Dec 2015 18:47:18 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 169 (CVE-2015-8615) - x86: unintentional logging upon guest changing callback method X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-8615 / XSA-169 version 2 x86: unintentional logging upon guest changing callback method UPDATES IN VERSION 2 ==================== CVE assigned. ISSUE DESCRIPTION ================= HYPERVISOR_hvm_op sub-op HVMOP_set_param's HVM_PARAM_CALLBACK_IRQ operation intends to log the new callback method in debug builds only. The full message, however, is split into two parts, the second one of which didn't get suppressed on non-debug builds as would have been intended. These log messages are not rate-limited and can be triggered by guests. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen version 4.6 is affected. Older Xen versions are unaffected. ARM systems are not affected. Only x86 HVM guests can expose this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which do not excessively invoke this operation will also prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. NOTE REGARDING LACK OF EMBARGO ============================== The fix for this bug was publicly posted on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= This issue was discovered as a bug by Malcolm Crossley of Citrix; the security impact was recognised by Jan Beulich of SuSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa169.patch xen-unstable, Xen 4.6.x $ sha256sum xsa169* b818922880313cdbc12ea68ae757da5eabed9b3c9e1f8acefe1653683545ccbe xsa169.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWeZqAAAoJEIP+FMlX6CvZ/HcIAMLIVFDrwUahqNkGIaS0rXrn LJG6+oMewioAm05NEKI+2wkJn6T4ycJsn+rVWMyOTHpS39vA1kMZK3/Pb/smV3B1 2K+g8avmSjB22VEhjEoKIGniozkPIInB5Pvchf0GY6C30/LJM2ef3hJeQHUA+W9q 68HiXZrwFUUBRcpjoSX3ru954Fcfe0VDpEvIRJRS1O4v/XXJeesavt/0/5PnaP34 sRXr9+l7Ku+Q9z7sh9V87W9Lv98qXnuVns7c3GKIcmDEcvWDihwazCbvuVOZsvQW UoV4/LTiJ2bTqnGp2woUqlTfe7MIOHPzjmR88Pj+/ibveObkcVMDxyz4r34wyxw= =D97B -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa169.patch" Content-Disposition: attachment; filename="xsa169.patch" Content-Transfer-Encoding: base64 eDg2OiBtYWtlIGRlYnVnIG91dHB1dCBjb25zaXN0ZW50IGluIGh2bV9zZXRf Y2FsbGJhY2tfdmlhCgpUaGUgdW5jb25kaXRpb25hbCBwcmludGtzIGluIHRo ZSBzd2l0Y2ggc3RhdGVtZW50IG9mIHRoZQpodm1fc2V0X2NhbGxiYWNrX3Zp YSBmdW5jdGlvbiByZXN1bHRzIGluIFhlbiBsb2cgc3BhbSBpbiBub24gZGVi dWcKdmVyc2lvbnMgb2YgWGVuLiBUaGUgcHJpbnRrcyBhcmUgZm9yIGRlYnVn IG91dHB1dCBvbmx5IHNvIGNvbmRpdGlvbmFsbHkKY29tcGlsZSB0aGUgZW50 aXJlIHN3aXRjaCBzdGF0ZW1lbnQgb24gZGVidWcgdmVyc2lvbnMgb2YgWGVu IG9ubHkuCgpUaGlzIGlzIFhTQS0xNjkuCgpTaWduZWQtb2ZmLWJ5OiBNYWxj b2xtIENyb3NzbGV5IDxtYWxjb2xtLmNyb3NzbGV5QGNpdHJpeC5jb20+ClJl dmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFj a2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29t PgoKLS0tIGEveGVuL2FyY2gveDg2L2h2bS9pcnEuYworKysgYi94ZW4vYXJj aC94ODYvaHZtL2lycS5jCkBAIC0zODYsNyArMzg2LDggQEAgdm9pZCBodm1f c2V0X2NhbGxiYWNrX3ZpYShzdHJ1Y3QgZG9tYWluCiAKICAgICBzcGluX3Vu bG9jaygmZC0+YXJjaC5odm1fZG9tYWluLmlycV9sb2NrKTsKIAotICAgIGRw cmludGsoWEVOTE9HX0dfSU5GTywgIkRvbSV1IGNhbGxiYWNrIHZpYSBjaGFu Z2VkIHRvICIsIGQtPmRvbWFpbl9pZCk7CisjaWZuZGVmIE5ERUJVRworICAg IHByaW50ayhYRU5MT0dfR19JTkZPICJEb20ldSBjYWxsYmFjayB2aWEgY2hh bmdlZCB0byAiLCBkLT5kb21haW5faWQpOwogICAgIHN3aXRjaCAoIHZpYV90 eXBlICkKICAgICB7CiAgICAgY2FzZSBIVk1JUlFfY2FsbGJhY2tfZ3NpOgpA QCAtNDAyLDYgKzQwMyw3IEBAIHZvaWQgaHZtX3NldF9jYWxsYmFja192aWEo c3RydWN0IGRvbWFpbgogICAgICAgICBwcmludGsoIk5vbmVcbiIpOwogICAg ICAgICBicmVhazsKICAgICB9CisjZW5kaWYKIH0KIAogc3RydWN0IGh2bV9p bnRhY2sgaHZtX3ZjcHVfaGFzX3BlbmRpbmdfaXJxKHN0cnVjdCB2Y3B1ICp2 KQo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator--