From xen-announce-bounces@lists.xenproject.org Thu Nov 01 11:11:59 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 01 Nov 2018 11:11:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gIAsN-0000kP-NF; Thu, 01 Nov 2018 11:10:59 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gIAsL-0000js-QW for xen-announce@lists.xen.org; Thu, 01 Nov 2018 11:10:57 +0000 X-Inumbo-ID: cd8c81b2-ddc6-11e8-87d6-bc764e045a96 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id cd8c81b2-ddc6-11e8-87d6-bc764e045a96; Thu, 01 Nov 2018 11:10:56 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gIAsB-00085w-16; Thu, 01 Nov 2018 11:10:47 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gIAsA-0005QG-UG; Thu, 01 Nov 2018 11:10:46 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 01 Nov 2018 11:10:46 +0000 Subject: [Xen-announce] Xen Security Advisory 278 v2 (CVE-2018-18883) - x86: Nested VT-x usable even when disabled X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-18883 / XSA-278 version 2 x86: Nested VT-x usable even when disabled UPDATES IN VERSION 2 ==================== CVE assigned. ISSUE DESCRIPTION ================= When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing. In the case that the guest hasn't followed the correct (virtual) configuration procedure, it shouldn't be able to use the instructions, and Xen should respond with #UD exception. When nested virtualisation is disabled for the guest, it is not permitted to complete the configuration procedure. Unfortunately, when nested virtualisation is intended to be disabled for the guest, an incorrect default value leads Xen to believe that the configuration procedure has already been completed. IMPACT ====== Guest software which blindly plays with the VT-x instructions can cause Xen to operate on uninitialised data. As the backing memory is zeroed, this causes Xen to suffer a NULL pointer dereference, causing a host Denial of Service. Other behaviours such as memory corruption or privilege escalation have not been ruled out. VULNERABLE SYSTEMS ================== Systems running Xen 4.9 or later are vulnerable. Systems running Xen 4.8 or earlier are not vulnerable. Only Intel x86 systems are vulnerable. Systems from other x86 vendors, and other hardware vendors are not vulnerable. Only x86 HVM and PVH guests can leverage this vulnerability. x86 PV guests cannot leverage this vulnerability. MITIGATION ========== Running only x86 PV guests will avoid the issue. For x86 HVM guests, while enabling nested virtualisation for affected guests does work around this particular DoS, it is not a security supported configuration and has other know DoS and suspected privilege escalation vulnerabilities. Therefore, it is not a mitigation. CREDITS ======= This issue was discovered by Sergey Dyasli of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa278.patch xen-unstable xsa278-4.11.patch Xen 4.11, 4.10, 4.9 $ sha256sum xsa278* d94c59ee170f96af14f0cf696221ba8b9447b86820fe99fba1815ab93cc89cd7 xsa278.patch 22686a9bbfbd38bb74292a28a452012d263875c9064815d4afd3fd6c62df0c3a xsa278-4.11.patch $ NOTE CONCERNING LACK OF EMBARGO =============================== This issue was first reported in private and was in the usual XSA process. It was later independently reported in public with enough detail for the issue to be considered fully public. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlva3xQMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ2DUIAKIKRyJ9tb1+t8FVECYVR6L5JjhVjyiC1HKnmmGO o+Fl1glQZqK1b5oKkV58jNf32wUOjhlHut1iXJmuE7VGrBsSzj4ew3wIwFcAeTyL nykIFtS8YBlodQfcd7XRyh030bQ5f5JtJYTyJTpAwor8JQrVJH+lYdv+zddPfVbp sUMXFrSxAmnzhrYKuUHNZ438O6+PwunPROTng6VRmreutqnxjnvxtmLqJLk23gvI jfg8THSawEREg9R6cjpO8ZmfouukTJp7t5mmte1g8kJm/UJ4iRWAS67tYF6m4V+K 1H7Sc0E4yV8I/PL46V+53r43NcCtPFP+GM/AaIzggov2Hn0= =el52 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa278.patch" Content-Disposition: attachment; filename="xsa278.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L3Z2bXg6IERpc2FsbG93IHRoZSB1c2Ugb2YgVlQt eCBpbnN0cnVjdGlvbnMgd2hlbiBuZXN0ZWQgdmlydCBpcyBkaXNhYmxlZAoK Yy9zIGFjNmE0NTAwYiAidnZteDogc2V0IHZteG9uX3JlZ2lvbl9wYSBvZiB2 Y3B1IG91dCBvZiBWTVggb3BlcmF0aW9uIHRvIGFuCmludmFsaWQgYWRkcmVz cyIgd2FzIGEgcmVhbCBidWdmaXggYXMgZGVzY3JpYmVkLCBidXQgaGFzIGEg dmVyeSBzdWJ0bGUgYnVnCndoaWNoIHJlc3VsdHMgaW4gYWxsIFZULXggaW5z dHJ1Y3Rpb25zIGJlaW5nIHVzYWJsZSBieSBhIGd1ZXN0LgoKVGhlIHRvb2xz dGFjayBjb25zdHJ1Y3RzIGEgZ3Vlc3QgYnkgaXNzdWluZzoKCiAgWEVOX0RP TUNUTF9jcmVhdGVkb21haW4KICBYRU5fRE9NQ1RMX21heF92Y3B1cwoKYW5k IG9wdGlvbmFsbHkgbGF0ZXIsIEhWTU9QX3NldF9wYXJhbSB0byBlbmFibGUg bmVzdGVkIHZpcnQuCgpBcyBhIHJlc3VsdCwgdGhlIGNhbGwgdG8gbnZteF92 Y3B1X2luaXRpYWxpc2UoKSBpbiBodm1fdmNwdV9pbml0aWFsaXNlKCkKKHdo aWNoIGlzIHdoYXQgbWFrZXMgdGhlIGFib3ZlIHBhdGNoIGxvb2sgY29ycmVj dCBkdXJpbmcgcmV2aWV3KSBpcyBhY3R1YWxseQpkZWFkIGNvZGUuICBJbiBw cmFjdGljZSwgbnZteF92Y3B1X2luaXRpYWxpc2UoKSBmaXJzdCBnZXRzIGNh bGxlZCB3aGVuIG5lc3RlZAp2aXJ0IGlzIGVuYWJsZWQsIHdoaWNoIGlzIHR5 cGljYWxseSBuZXZlci4KCkFzIGEgcmVzdWx0LCB0aGUgemVyb2VkIG1lbW9y eSBvZiBzdHJ1Y3QgdmNwdSBjYXVzZXMgbnZteF92Y3B1X2luX3ZteCgpIHRv CnJldHVybiB0cnVlIGJlZm9yZSBuZXN0ZWQgdmlydCBpcyBlbmFibGVkIGZv ciB0aGUgZ3Vlc3QuCgpGaXhpbmcgdGhlIG9yZGVyIG9mIGluaXRpYWxpc2F0 aW9uIGlzIGEgd29yayBpbiBwcm9ncmVzcyBmb3Igb3RoZXIgcmVhc29ucywK YnV0IG5vdCB2aWFibGUgZm9yIHNlY3VyaXR5IGJhY2twb3J0cy4KCkEgY29t cG91bmRpbmcgZmFjdG9yIGlzIHRoYXQgdGhlIHZtZXhpdCBoYW5kbGVycyBm b3IgYWxsIGluc3RydWN0aW9ucywgb3RoZXIKdGhhbiBWTVhPTiwgcGFzcyAw IGludG8gdm14X2luc3RfY2hlY2tfcHJpdmlsZWdlKCkncyB2bXhvcF9jaGVj ayBwYXJhbWV0ZXIsCndoaWNoIHNraXBzIHRoZSBDUjQuVk1YRSBjaGVjay4g IChUaGlzIGlzIG9uZSBvZiBtYW55IHJlYXNvbnMgd2h5IG5lc3RlZCB2aXJ0 Cmlzbid0IGEgc3VwcG9ydGVkIGZlYXR1cmUgeWV0LikKCkhvd2V2ZXIsIHRo ZSBvdmVyYWxsIHJlc3VsdCBpcyB0aGF0IHdoZW4gbmVzdGVkIHZpcnQgaXMg bm90IGVuYWJsZWQgYnkgdGhlCnRvb2xzdGFjayAoaS5lLiB0aGUgZGVmYXVs dCBjb25maWd1cmF0aW9uIGZvciBhbGwgcHJvZHVjdGlvbiBndWVzdHMpLCB0 aGUgVlQteAppbnN0cnVjdGlvbnMgKG90aGVyIHRoYW4gVk1YT04pIGFyZSBh Y3R1YWxseSB1c2FibGUsIGFuZCBYZW4gdmVyeSBxdWlja2x5CmZhbGxzIG92 ZXIgdGhlIGZhY3QgdGhhdCB0aGUgbnZteCBzdHJ1Y3R1cmUgaXMgdW5pbml0 aWFsaXNlZC4KCkluIG9yZGVyIHRvIGZhaWwgc2FmZSBpbiB0aGUgc3VwcG9y dGVkIGNhc2UsIHJlLWltcGxlbWVudCBhbGwgdGhlIFZULXgKaW5zdHJ1Y3Rp b24gaGFuZGxpbmcgdXNpbmcgYSBzaW5nbGUgZnVuY3Rpb24gd2l0aCBhIGNv bW1vbiBwcm9sb2d1ZSwgY292ZXJpbmcKYWxsIHRoZSBjaGVja3Mgd2hpY2gg c2hvdWxkIGNhdXNlICNVRCBvciAjR1AgZmF1bHRzLiAgVGhpcyBkZWxpYmVy YXRlbHkKZG9lc24ndCB1c2UgYW55IHN0YXRlIGZyb20gdGhlIG52bXggc3Ry dWN0dXJlLCBpbiBjYXNlIHRoZXJlIGFyZSBvdGhlciBsdXJraW5nCmlzc3Vl cy4KClRoaXMgaXMgWFNBLTI3OAoKUmVwb3J0ZWQtYnk6IFNlcmdleSBEeWFz bGkgPHNlcmdleS5keWFzbGlAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTog QW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2 aWV3ZWQtYnk6IFNlcmdleSBEeWFzbGkgPHNlcmdleS5keWFzbGlAY2l0cml4 LmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvaHZtL3ZteC92bXgu YyBiL3hlbi9hcmNoL3g4Ni9odm0vdm14L3ZteC5jCmluZGV4IGQxNjEyOWYu LjdhNDkwNzUgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0vdm14L3Zt eC5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vdm14L3ZteC5jCkBAIC00MDAz LDU3ICs0MDAzLDE3IEBAIHZvaWQgdm14X3ZtZXhpdF9oYW5kbGVyKHN0cnVj dCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgICAgICBicmVhazsKIAogICAg IGNhc2UgRVhJVF9SRUFTT05fVk1YT0ZGOgotICAgICAgICBpZiAoIG52bXhf aGFuZGxlX3ZteG9mZihyZWdzKSA9PSBYODZFTVVMX09LQVkgKQotICAgICAg ICAgICAgdXBkYXRlX2d1ZXN0X2VpcCgpOwotICAgICAgICBicmVhazsKLQog ICAgIGNhc2UgRVhJVF9SRUFTT05fVk1YT046Ci0gICAgICAgIGlmICggbnZt eF9oYW5kbGVfdm14b24ocmVncykgPT0gWDg2RU1VTF9PS0FZICkKLSAgICAg ICAgICAgIHVwZGF0ZV9ndWVzdF9laXAoKTsKLSAgICAgICAgYnJlYWs7Ci0K ICAgICBjYXNlIEVYSVRfUkVBU09OX1ZNQ0xFQVI6Ci0gICAgICAgIGlmICgg bnZteF9oYW5kbGVfdm1jbGVhcihyZWdzKSA9PSBYODZFTVVMX09LQVkgKQot ICAgICAgICAgICAgdXBkYXRlX2d1ZXN0X2VpcCgpOwotICAgICAgICBicmVh azsKLSAKICAgICBjYXNlIEVYSVRfUkVBU09OX1ZNUFRSTEQ6Ci0gICAgICAg IGlmICggbnZteF9oYW5kbGVfdm1wdHJsZChyZWdzKSA9PSBYODZFTVVMX09L QVkgKQotICAgICAgICAgICAgdXBkYXRlX2d1ZXN0X2VpcCgpOwotICAgICAg ICBicmVhazsKLQogICAgIGNhc2UgRVhJVF9SRUFTT05fVk1QVFJTVDoKLSAg ICAgICAgaWYgKCBudm14X2hhbmRsZV92bXB0cnN0KHJlZ3MpID09IFg4NkVN VUxfT0tBWSApCi0gICAgICAgICAgICB1cGRhdGVfZ3Vlc3RfZWlwKCk7Ci0g ICAgICAgIGJyZWFrOwotCiAgICAgY2FzZSBFWElUX1JFQVNPTl9WTVJFQUQ6 Ci0gICAgICAgIGlmICggbnZteF9oYW5kbGVfdm1yZWFkKHJlZ3MpID09IFg4 NkVNVUxfT0tBWSApCi0gICAgICAgICAgICB1cGRhdGVfZ3Vlc3RfZWlwKCk7 Ci0gICAgICAgIGJyZWFrOwotIAogICAgIGNhc2UgRVhJVF9SRUFTT05fVk1X UklURToKLSAgICAgICAgaWYgKCBudm14X2hhbmRsZV92bXdyaXRlKHJlZ3Mp ID09IFg4NkVNVUxfT0tBWSApCi0gICAgICAgICAgICB1cGRhdGVfZ3Vlc3Rf ZWlwKCk7Ci0gICAgICAgIGJyZWFrOwotCiAgICAgY2FzZSBFWElUX1JFQVNP Tl9WTUxBVU5DSDoKLSAgICAgICAgaWYgKCBudm14X2hhbmRsZV92bWxhdW5j aChyZWdzKSA9PSBYODZFTVVMX09LQVkgKQotICAgICAgICAgICAgdXBkYXRl X2d1ZXN0X2VpcCgpOwotICAgICAgICBicmVhazsKLQogICAgIGNhc2UgRVhJ VF9SRUFTT05fVk1SRVNVTUU6Ci0gICAgICAgIGlmICggbnZteF9oYW5kbGVf dm1yZXN1bWUocmVncykgPT0gWDg2RU1VTF9PS0FZICkKLSAgICAgICAgICAg IHVwZGF0ZV9ndWVzdF9laXAoKTsKLSAgICAgICAgYnJlYWs7Ci0KICAgICBj YXNlIEVYSVRfUkVBU09OX0lOVkVQVDoKLSAgICAgICAgaWYgKCBudm14X2hh bmRsZV9pbnZlcHQocmVncykgPT0gWDg2RU1VTF9PS0FZICkKLSAgICAgICAg ICAgIHVwZGF0ZV9ndWVzdF9laXAoKTsKLSAgICAgICAgYnJlYWs7Ci0KICAg ICBjYXNlIEVYSVRfUkVBU09OX0lOVlZQSUQ6Ci0gICAgICAgIGlmICggbnZt eF9oYW5kbGVfaW52dnBpZChyZWdzKSA9PSBYODZFTVVMX09LQVkgKQorICAg ICAgICBpZiAoIG52bXhfaGFuZGxlX3ZteF9pbnNuKHJlZ3MsIGV4aXRfcmVh c29uKSA9PSBYODZFTVVMX09LQVkgKQogICAgICAgICAgICAgdXBkYXRlX2d1 ZXN0X2VpcCgpOwogICAgICAgICBicmVhazsKIApkaWZmIC0tZ2l0IGEveGVu L2FyY2gveDg2L2h2bS92bXgvdnZteC5jIGIveGVuL2FyY2gveDg2L2h2bS92 bXgvdnZteC5jCmluZGV4IDBlNDVkYjguLmFhMjAyZTAgMTAwNjQ0Ci0tLSBh L3hlbi9hcmNoL3g4Ni9odm0vdm14L3Z2bXguYworKysgYi94ZW4vYXJjaC94 ODYvaHZtL3ZteC92dm14LmMKQEAgLTE0NzAsNyArMTQ3MCw3IEBAIHZvaWQg bnZteF9zd2l0Y2hfZ3Vlc3Qodm9pZCkKICAqIFZNWCBpbnN0cnVjdGlvbnMg aGFuZGxpbmcKICAqLwogCi1pbnQgbnZteF9oYW5kbGVfdm14b24oc3RydWN0 IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCitzdGF0aWMgaW50IG52bXhfaGFuZGxl X3ZteG9uKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogewogICAgIHN0 cnVjdCB2Y3B1ICp2PWN1cnJlbnQ7CiAgICAgc3RydWN0IG5lc3RlZHZteCAq bnZteCA9ICZ2Y3B1XzJfbnZteCh2KTsKQEAgLTE1MjIsNyArMTUyMiw3IEBA IGludCBudm14X2hhbmRsZV92bXhvbihzdHJ1Y3QgY3B1X3VzZXJfcmVncyAq cmVncykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCi1pbnQgbnZt eF9oYW5kbGVfdm14b2ZmKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQor c3RhdGljIGludCBudm14X2hhbmRsZV92bXhvZmYoc3RydWN0IGNwdV91c2Vy X3JlZ3MgKnJlZ3MpCiB7CiAgICAgc3RydWN0IHZjcHUgKnY9Y3VycmVudDsK ICAgICBzdHJ1Y3QgbmVzdGVkdm14ICpudm14ID0gJnZjcHVfMl9udm14KHYp OwpAQCAtMTYxMSw3ICsxNjExLDcgQEAgc3RhdGljIGludCBudm14X3ZtcmVz dW1lKHN0cnVjdCB2Y3B1ICp2LCBzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVn cykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCi1pbnQgbnZteF9o YW5kbGVfdm1yZXN1bWUoc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCitz dGF0aWMgaW50IG52bXhfaGFuZGxlX3ZtcmVzdW1lKHN0cnVjdCBjcHVfdXNl cl9yZWdzICpyZWdzKQogewogICAgIGJvb2xfdCBsYXVuY2hlZDsKICAgICBz dHJ1Y3QgdmNwdSAqdiA9IGN1cnJlbnQ7CkBAIC0xNjQ1LDcgKzE2NDUsNyBA QCBpbnQgbnZteF9oYW5kbGVfdm1yZXN1bWUoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpCiAgICAgcmV0dXJuIG52bXhfdm1yZXN1bWUodixyZWdzKTsK IH0KIAotaW50IG52bXhfaGFuZGxlX3ZtbGF1bmNoKHN0cnVjdCBjcHVfdXNl cl9yZWdzICpyZWdzKQorc3RhdGljIGludCBudm14X2hhbmRsZV92bWxhdW5j aChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncykKIHsKICAgICBib29sX3Qg bGF1bmNoZWQ7CiAgICAgc3RydWN0IHZjcHUgKnYgPSBjdXJyZW50OwpAQCAt MTY4OCw3ICsxNjg4LDcgQEAgaW50IG52bXhfaGFuZGxlX3ZtbGF1bmNoKHN0 cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgIHJldHVybiByYzsKIH0K IAotaW50IG52bXhfaGFuZGxlX3ZtcHRybGQoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpCitzdGF0aWMgaW50IG52bXhfaGFuZGxlX3ZtcHRybGQoc3Ry dWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiB7CiAgICAgc3RydWN0IHZjcHUg KnYgPSBjdXJyZW50OwogICAgIHN0cnVjdCB2bXhfaW5zdF9kZWNvZGVkIGRl Y29kZTsKQEAgLTE3NTksNyArMTc1OSw3IEBAIGludCBudm14X2hhbmRsZV92 bXB0cmxkKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgIHJldHVy biBYODZFTVVMX09LQVk7CiB9CiAKLWludCBudm14X2hhbmRsZV92bXB0cnN0 KHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQorc3RhdGljIGludCBudm14 X2hhbmRsZV92bXB0cnN0KHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQog ewogICAgIHN0cnVjdCB2Y3B1ICp2ID0gY3VycmVudDsKICAgICBzdHJ1Y3Qg dm14X2luc3RfZGVjb2RlZCBkZWNvZGU7CkBAIC0xNzg0LDcgKzE3ODQsNyBA QCBpbnQgbnZteF9oYW5kbGVfdm1wdHJzdChzdHJ1Y3QgY3B1X3VzZXJfcmVn cyAqcmVncykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCi1pbnQg bnZteF9oYW5kbGVfdm1jbGVhcihzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVn cykKK3N0YXRpYyBpbnQgbnZteF9oYW5kbGVfdm1jbGVhcihzdHJ1Y3QgY3B1 X3VzZXJfcmVncyAqcmVncykKIHsKICAgICBzdHJ1Y3QgdmNwdSAqdiA9IGN1 cnJlbnQ7CiAgICAgc3RydWN0IHZteF9pbnN0X2RlY29kZWQgZGVjb2RlOwpA QCAtMTgzNiw3ICsxODM2LDcgQEAgaW50IG52bXhfaGFuZGxlX3ZtY2xlYXIo c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiAgICAgcmV0dXJuIFg4NkVN VUxfT0tBWTsKIH0KIAotaW50IG52bXhfaGFuZGxlX3ZtcmVhZChzdHJ1Y3Qg Y3B1X3VzZXJfcmVncyAqcmVncykKK3N0YXRpYyBpbnQgbnZteF9oYW5kbGVf dm1yZWFkKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogewogICAgIHN0 cnVjdCB2Y3B1ICp2ID0gY3VycmVudDsKICAgICBzdHJ1Y3Qgdm14X2luc3Rf ZGVjb2RlZCBkZWNvZGU7CkBAIC0xODc4LDcgKzE4NzgsNyBAQCBpbnQgbnZt eF9oYW5kbGVfdm1yZWFkKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQog ICAgIHJldHVybiBYODZFTVVMX09LQVk7CiB9CiAKLWludCBudm14X2hhbmRs ZV92bXdyaXRlKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQorc3RhdGlj IGludCBudm14X2hhbmRsZV92bXdyaXRlKHN0cnVjdCBjcHVfdXNlcl9yZWdz ICpyZWdzKQogewogICAgIHN0cnVjdCB2Y3B1ICp2ID0gY3VycmVudDsKICAg ICBzdHJ1Y3Qgdm14X2luc3RfZGVjb2RlZCBkZWNvZGU7CkBAIC0xOTI2LDcg KzE5MjYsNyBAQCBpbnQgbnZteF9oYW5kbGVfdm13cml0ZShzdHJ1Y3QgY3B1 X3VzZXJfcmVncyAqcmVncykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwog fQogCi1pbnQgbnZteF9oYW5kbGVfaW52ZXB0KHN0cnVjdCBjcHVfdXNlcl9y ZWdzICpyZWdzKQorc3RhdGljIGludCBudm14X2hhbmRsZV9pbnZlcHQoc3Ry dWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiB7CiAgICAgc3RydWN0IHZteF9p bnN0X2RlY29kZWQgZGVjb2RlOwogICAgIHVuc2lnbmVkIGxvbmcgZXB0cDsK QEAgLTE5NTQsNyArMTk1NCw3IEBAIGludCBudm14X2hhbmRsZV9pbnZlcHQo c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiAgICAgcmV0dXJuIFg4NkVN VUxfT0tBWTsKIH0KIAotaW50IG52bXhfaGFuZGxlX2ludnZwaWQoc3RydWN0 IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCitzdGF0aWMgaW50IG52bXhfaGFuZGxl X2ludnZwaWQoc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiB7CiAgICAg c3RydWN0IHZteF9pbnN0X2RlY29kZWQgZGVjb2RlOwogICAgIHVuc2lnbmVk IGxvbmcgdnBpZDsKQEAgLTE5ODAsNiArMTk4MCw4MSBAQCBpbnQgbnZteF9o YW5kbGVfaW52dnBpZChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncykKICAg ICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCitpbnQgbnZteF9oYW5kbGVf dm14X2luc24oc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MsIHVuc2lnbmVk IGludCBleGl0X3JlYXNvbikKK3sKKyAgICBzdHJ1Y3QgdmNwdSAqY3VyciA9 IGN1cnJlbnQ7CisgICAgaW50IHJldDsKKworICAgIGlmICggIShjdXJyLT5h cmNoLmh2bS5ndWVzdF9jcls0XSAmIFg4Nl9DUjRfVk1YRSkgfHwKKyAgICAg ICAgICFuZXN0ZWRodm1fZW5hYmxlZChjdXJyLT5kb21haW4pIHx8CisgICAg ICAgICAodm14X2d1ZXN0X3g4Nl9tb2RlKGN1cnIpIDwgKGh2bV9sb25nX21v ZGVfYWN0aXZlKGN1cnIpID8gOCA6IDIpKSApCisgICAgeworICAgICAgICBo dm1faW5qZWN0X2h3X2V4Y2VwdGlvbihUUkFQX2ludmFsaWRfb3AsIFg4Nl9F VkVOVF9OT19FQyk7CisgICAgICAgIHJldHVybiBYODZFTVVMX0VYQ0VQVElP TjsKKyAgICB9CisKKyAgICBpZiAoIHZteF9nZXRfY3BsKCkgPiAwICkKKyAg ICB7CisgICAgICAgIGh2bV9pbmplY3RfaHdfZXhjZXB0aW9uKFRSQVBfZ3Bf ZmF1bHQsIDApOworICAgICAgICByZXR1cm4gWDg2RU1VTF9FWENFUFRJT047 CisgICAgfQorCisgICAgc3dpdGNoICggZXhpdF9yZWFzb24gKQorICAgIHsK KyAgICBjYXNlIEVYSVRfUkVBU09OX1ZNWE9GRjoKKyAgICAgICAgcmV0ID0g bnZteF9oYW5kbGVfdm14b2ZmKHJlZ3MpOworICAgICAgICBicmVhazsKKwor ICAgIGNhc2UgRVhJVF9SRUFTT05fVk1YT046CisgICAgICAgIHJldCA9IG52 bXhfaGFuZGxlX3ZteG9uKHJlZ3MpOworICAgICAgICBicmVhazsKKworICAg IGNhc2UgRVhJVF9SRUFTT05fVk1DTEVBUjoKKyAgICAgICAgcmV0ID0gbnZt eF9oYW5kbGVfdm1jbGVhcihyZWdzKTsKKyAgICAgICAgYnJlYWs7CisKKyAg ICBjYXNlIEVYSVRfUkVBU09OX1ZNUFRSTEQ6CisgICAgICAgIHJldCA9IG52 bXhfaGFuZGxlX3ZtcHRybGQocmVncyk7CisgICAgICAgIGJyZWFrOworCisg ICAgY2FzZSBFWElUX1JFQVNPTl9WTVBUUlNUOgorICAgICAgICByZXQgPSBu dm14X2hhbmRsZV92bXB0cnN0KHJlZ3MpOworICAgICAgICBicmVhazsKKwor ICAgIGNhc2UgRVhJVF9SRUFTT05fVk1SRUFEOgorICAgICAgICByZXQgPSBu dm14X2hhbmRsZV92bXJlYWQocmVncyk7CisgICAgICAgIGJyZWFrOworCisg ICAgY2FzZSBFWElUX1JFQVNPTl9WTVdSSVRFOgorICAgICAgICByZXQgPSBu dm14X2hhbmRsZV92bXdyaXRlKHJlZ3MpOworICAgICAgICBicmVhazsKKwor ICAgIGNhc2UgRVhJVF9SRUFTT05fVk1MQVVOQ0g6CisgICAgICAgIHJldCA9 IG52bXhfaGFuZGxlX3ZtbGF1bmNoKHJlZ3MpOworICAgICAgICBicmVhazsK KworICAgIGNhc2UgRVhJVF9SRUFTT05fVk1SRVNVTUU6CisgICAgICAgIHJl dCA9IG52bXhfaGFuZGxlX3ZtcmVzdW1lKHJlZ3MpOworICAgICAgICBicmVh azsKKworICAgIGNhc2UgRVhJVF9SRUFTT05fSU5WRVBUOgorICAgICAgICBy ZXQgPSBudm14X2hhbmRsZV9pbnZlcHQocmVncyk7CisgICAgICAgIGJyZWFr OworCisgICAgY2FzZSBFWElUX1JFQVNPTl9JTlZWUElEOgorICAgICAgICBy ZXQgPSBudm14X2hhbmRsZV9pbnZ2cGlkKHJlZ3MpOworICAgICAgICBicmVh azsKKworICAgIGRlZmF1bHQ6CisgICAgICAgIEFTU0VSVF9VTlJFQUNIQUJM RSgpOworICAgICAgICBkb21haW5fY3Jhc2goY3Vyci0+ZG9tYWluKTsKKyAg ICAgICAgcmV0ID0gWDg2RU1VTF9VTkhBTkRMRUFCTEU7CisgICAgICAgIGJy ZWFrOworICAgIH0KKworICAgIHJldHVybiByZXQ7Cit9CisKICNkZWZpbmUg X19lbXVsX3ZhbHVlKGVuYWJsZTEsIGRlZmF1bHQxKSBcCiAgICAgKChlbmFi bGUxIHwgZGVmYXVsdDEpIDw8IDMyIHwgKGRlZmF1bHQxKSkKIApkaWZmIC0t Z2l0IGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9odm0vdm14L3Z2bXguaCBiL3hl bi9pbmNsdWRlL2FzbS14ODYvaHZtL3ZteC92dm14LmgKaW5kZXggYTIwYmQ5 ZS4uNmI5YzRhZSAxMDA2NDQKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9o dm0vdm14L3Z2bXguaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L2h2bS92 bXgvdnZteC5oCkBAIC05NCw5ICs5NCw2IEBAIHZvaWQgbnZteF9kb21haW5f cmVsaW5xdWlzaF9yZXNvdXJjZXMoc3RydWN0IGRvbWFpbiAqZCk7CiAKIGJv b2xfdCBudm14X2VwdF9lbmFibGVkKHN0cnVjdCB2Y3B1ICp2KTsKIAotaW50 IG52bXhfaGFuZGxlX3ZteG9uKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdz KTsKLWludCBudm14X2hhbmRsZV92bXhvZmYoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpOwotCiAjZGVmaW5lIEVQVF9UUkFOU0xBVEVfU1VDQ0VFRCAg ICAgICAwCiAjZGVmaW5lIEVQVF9UUkFOU0xBVEVfVklPTEFUSU9OICAgICAx CiAjZGVmaW5lIEVQVF9UUkFOU0xBVEVfTUlTQ09ORklHICAgICAyCkBAIC0x ODksMTUgKzE4Niw3IEBAIGVudW0gdm14X2luc25fZXJybm8gc2V0X3Z2bWNz X3JlYWxfc2FmZShjb25zdCBzdHJ1Y3QgdmNwdSAqLCB1MzIgZW5jb2Rpbmcs CiAgICBzZXRfdnZtY3NfdmlydHVhbF9zYWZlKHZjcHVfbmVzdGVkaHZtKHZj cHUpLm52X3Z2bWN4LCBlbmNvZGluZywgdmFsKSkKIAogdm9pZCBudm14X2Rl c3Ryb3lfdm1jcyhzdHJ1Y3QgdmNwdSAqdik7Ci1pbnQgbnZteF9oYW5kbGVf dm1wdHJsZChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncyk7Ci1pbnQgbnZt eF9oYW5kbGVfdm1wdHJzdChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncyk7 Ci1pbnQgbnZteF9oYW5kbGVfdm1jbGVhcihzdHJ1Y3QgY3B1X3VzZXJfcmVn cyAqcmVncyk7Ci1pbnQgbnZteF9oYW5kbGVfdm1yZWFkKHN0cnVjdCBjcHVf dXNlcl9yZWdzICpyZWdzKTsKLWludCBudm14X2hhbmRsZV92bXdyaXRlKHN0 cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKTsKLWludCBudm14X2hhbmRsZV92 bXJlc3VtZShzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncyk7Ci1pbnQgbnZt eF9oYW5kbGVfdm1sYXVuY2goc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3Mp OwotaW50IG52bXhfaGFuZGxlX2ludmVwdChzdHJ1Y3QgY3B1X3VzZXJfcmVn cyAqcmVncyk7Ci1pbnQgbnZteF9oYW5kbGVfaW52dnBpZChzdHJ1Y3QgY3B1 X3VzZXJfcmVncyAqcmVncyk7CitpbnQgbnZteF9oYW5kbGVfdm14X2luc24o c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MsIHVuc2lnbmVkIGludCBleGl0 X3JlYXNvbik7CiBpbnQgbnZteF9tc3JfcmVhZF9pbnRlcmNlcHQodW5zaWdu ZWQgaW50IG1zciwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dTY0ICptc3JfY29udGVudCk7CiAK --=separator Content-Type: application/octet-stream; name="xsa278-4.11.patch" Content-Disposition: attachment; filename="xsa278-4.11.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L3Z2bXg6IERpc2FsbG93IHRoZSB1c2Ugb2YgVlQt eCBpbnN0cnVjdGlvbnMgd2hlbiBuZXN0ZWQgdmlydCBpcyBkaXNhYmxlZAoK Yy9zIGFjNmE0NTAwYiAidnZteDogc2V0IHZteG9uX3JlZ2lvbl9wYSBvZiB2 Y3B1IG91dCBvZiBWTVggb3BlcmF0aW9uIHRvIGFuCmludmFsaWQgYWRkcmVz cyIgd2FzIGEgcmVhbCBidWdmaXggYXMgZGVzY3JpYmVkLCBidXQgaGFzIGEg dmVyeSBzdWJ0bGUgYnVnCndoaWNoIHJlc3VsdHMgaW4gYWxsIFZULXggaW5z dHJ1Y3Rpb25zIGJlaW5nIHVzYWJsZSBieSBhIGd1ZXN0LgoKVGhlIHRvb2xz dGFjayBjb25zdHJ1Y3RzIGEgZ3Vlc3QgYnkgaXNzdWluZzoKCiAgWEVOX0RP TUNUTF9jcmVhdGVkb21haW4KICBYRU5fRE9NQ1RMX21heF92Y3B1cwoKYW5k IG9wdGlvbmFsbHkgbGF0ZXIsIEhWTU9QX3NldF9wYXJhbSB0byBlbmFibGUg bmVzdGVkIHZpcnQuCgpBcyBhIHJlc3VsdCwgdGhlIGNhbGwgdG8gbnZteF92 Y3B1X2luaXRpYWxpc2UoKSBpbiBodm1fdmNwdV9pbml0aWFsaXNlKCkKKHdo aWNoIGlzIHdoYXQgbWFrZXMgdGhlIGFib3ZlIHBhdGNoIGxvb2sgY29ycmVj dCBkdXJpbmcgcmV2aWV3KSBpcyBhY3R1YWxseQpkZWFkIGNvZGUuICBJbiBw cmFjdGljZSwgbnZteF92Y3B1X2luaXRpYWxpc2UoKSBmaXJzdCBnZXRzIGNh bGxlZCB3aGVuIG5lc3RlZAp2aXJ0IGlzIGVuYWJsZWQsIHdoaWNoIGlzIHR5 cGljYWxseSBuZXZlci4KCkFzIGEgcmVzdWx0LCB0aGUgemVyb2VkIG1lbW9y eSBvZiBzdHJ1Y3QgdmNwdSBjYXVzZXMgbnZteF92Y3B1X2luX3ZteCgpIHRv CnJldHVybiB0cnVlIGJlZm9yZSBuZXN0ZWQgdmlydCBpcyBlbmFibGVkIGZv ciB0aGUgZ3Vlc3QuCgpGaXhpbmcgdGhlIG9yZGVyIG9mIGluaXRpYWxpc2F0 aW9uIGlzIGEgd29yayBpbiBwcm9ncmVzcyBmb3Igb3RoZXIgcmVhc29ucywK YnV0IG5vdCB2aWFibGUgZm9yIHNlY3VyaXR5IGJhY2twb3J0cy4KCkEgY29t cG91bmRpbmcgZmFjdG9yIGlzIHRoYXQgdGhlIHZtZXhpdCBoYW5kbGVycyBm b3IgYWxsIGluc3RydWN0aW9ucywgb3RoZXIKdGhhbiBWTVhPTiwgcGFzcyAw IGludG8gdm14X2luc3RfY2hlY2tfcHJpdmlsZWdlKCkncyB2bXhvcF9jaGVj ayBwYXJhbWV0ZXIsCndoaWNoIHNraXBzIHRoZSBDUjQuVk1YRSBjaGVjay4g IChUaGlzIGlzIG9uZSBvZiBtYW55IHJlYXNvbnMgd2h5IG5lc3RlZCB2aXJ0 Cmlzbid0IGEgc3VwcG9ydGVkIGZlYXR1cmUgeWV0LikKCkhvd2V2ZXIsIHRo ZSBvdmVyYWxsIHJlc3VsdCBpcyB0aGF0IHdoZW4gbmVzdGVkIHZpcnQgaXMg bm90IGVuYWJsZWQgYnkgdGhlCnRvb2xzdGFjayAoaS5lLiB0aGUgZGVmYXVs dCBjb25maWd1cmF0aW9uIGZvciBhbGwgcHJvZHVjdGlvbiBndWVzdHMpLCB0 aGUgVlQteAppbnN0cnVjdGlvbnMgKG90aGVyIHRoYW4gVk1YT04pIGFyZSBh Y3R1YWxseSB1c2FibGUsIGFuZCBYZW4gdmVyeSBxdWlja2x5CmZhbGxzIG92 ZXIgdGhlIGZhY3QgdGhhdCB0aGUgbnZteCBzdHJ1Y3R1cmUgaXMgdW5pbml0 aWFsaXNlZC4KCkluIG9yZGVyIHRvIGZhaWwgc2FmZSBpbiB0aGUgc3VwcG9y dGVkIGNhc2UsIHJlLWltcGxlbWVudCBhbGwgdGhlIFZULXgKaW5zdHJ1Y3Rp b24gaGFuZGxpbmcgdXNpbmcgYSBzaW5nbGUgZnVuY3Rpb24gd2l0aCBhIGNv bW1vbiBwcm9sb2d1ZSwgY292ZXJpbmcKYWxsIHRoZSBjaGVja3Mgd2hpY2gg c2hvdWxkIGNhdXNlICNVRCBvciAjR1AgZmF1bHRzLiAgVGhpcyBkZWxpYmVy YXRlbHkKZG9lc24ndCB1c2UgYW55IHN0YXRlIGZyb20gdGhlIG52bXggc3Ry dWN0dXJlLCBpbiBjYXNlIHRoZXJlIGFyZSBvdGhlciBsdXJraW5nCmlzc3Vl cy4KClRoaXMgaXMgWFNBLTI3OAoKUmVwb3J0ZWQtYnk6IFNlcmdleSBEeWFz bGkgPHNlcmdleS5keWFzbGlAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTog QW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2 aWV3ZWQtYnk6IFNlcmdleSBEeWFzbGkgPHNlcmdleS5keWFzbGlAY2l0cml4 LmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvaHZtL3ZteC92bXgu YyBiL3hlbi9hcmNoL3g4Ni9odm0vdm14L3ZteC5jCmluZGV4IGE2NDE1ZjAu LmE0ZDI4MjkgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0vdm14L3Zt eC5jCisrKyBiL3hlbi9hcmNoL3g4Ni9odm0vdm14L3ZteC5jCkBAIC0zOTgy LDU3ICszOTgyLDE3IEBAIHZvaWQgdm14X3ZtZXhpdF9oYW5kbGVyKHN0cnVj dCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgICAgICBicmVhazsKIAogICAg IGNhc2UgRVhJVF9SRUFTT05fVk1YT0ZGOgotICAgICAgICBpZiAoIG52bXhf aGFuZGxlX3ZteG9mZihyZWdzKSA9PSBYODZFTVVMX09LQVkgKQotICAgICAg ICAgICAgdXBkYXRlX2d1ZXN0X2VpcCgpOwotICAgICAgICBicmVhazsKLQog ICAgIGNhc2UgRVhJVF9SRUFTT05fVk1YT046Ci0gICAgICAgIGlmICggbnZt eF9oYW5kbGVfdm14b24ocmVncykgPT0gWDg2RU1VTF9PS0FZICkKLSAgICAg ICAgICAgIHVwZGF0ZV9ndWVzdF9laXAoKTsKLSAgICAgICAgYnJlYWs7Ci0K ICAgICBjYXNlIEVYSVRfUkVBU09OX1ZNQ0xFQVI6Ci0gICAgICAgIGlmICgg bnZteF9oYW5kbGVfdm1jbGVhcihyZWdzKSA9PSBYODZFTVVMX09LQVkgKQot ICAgICAgICAgICAgdXBkYXRlX2d1ZXN0X2VpcCgpOwotICAgICAgICBicmVh azsKLSAKICAgICBjYXNlIEVYSVRfUkVBU09OX1ZNUFRSTEQ6Ci0gICAgICAg IGlmICggbnZteF9oYW5kbGVfdm1wdHJsZChyZWdzKSA9PSBYODZFTVVMX09L QVkgKQotICAgICAgICAgICAgdXBkYXRlX2d1ZXN0X2VpcCgpOwotICAgICAg ICBicmVhazsKLQogICAgIGNhc2UgRVhJVF9SRUFTT05fVk1QVFJTVDoKLSAg ICAgICAgaWYgKCBudm14X2hhbmRsZV92bXB0cnN0KHJlZ3MpID09IFg4NkVN VUxfT0tBWSApCi0gICAgICAgICAgICB1cGRhdGVfZ3Vlc3RfZWlwKCk7Ci0g ICAgICAgIGJyZWFrOwotCiAgICAgY2FzZSBFWElUX1JFQVNPTl9WTVJFQUQ6 Ci0gICAgICAgIGlmICggbnZteF9oYW5kbGVfdm1yZWFkKHJlZ3MpID09IFg4 NkVNVUxfT0tBWSApCi0gICAgICAgICAgICB1cGRhdGVfZ3Vlc3RfZWlwKCk7 Ci0gICAgICAgIGJyZWFrOwotIAogICAgIGNhc2UgRVhJVF9SRUFTT05fVk1X UklURToKLSAgICAgICAgaWYgKCBudm14X2hhbmRsZV92bXdyaXRlKHJlZ3Mp ID09IFg4NkVNVUxfT0tBWSApCi0gICAgICAgICAgICB1cGRhdGVfZ3Vlc3Rf ZWlwKCk7Ci0gICAgICAgIGJyZWFrOwotCiAgICAgY2FzZSBFWElUX1JFQVNP Tl9WTUxBVU5DSDoKLSAgICAgICAgaWYgKCBudm14X2hhbmRsZV92bWxhdW5j aChyZWdzKSA9PSBYODZFTVVMX09LQVkgKQotICAgICAgICAgICAgdXBkYXRl X2d1ZXN0X2VpcCgpOwotICAgICAgICBicmVhazsKLQogICAgIGNhc2UgRVhJ VF9SRUFTT05fVk1SRVNVTUU6Ci0gICAgICAgIGlmICggbnZteF9oYW5kbGVf dm1yZXN1bWUocmVncykgPT0gWDg2RU1VTF9PS0FZICkKLSAgICAgICAgICAg IHVwZGF0ZV9ndWVzdF9laXAoKTsKLSAgICAgICAgYnJlYWs7Ci0KICAgICBj YXNlIEVYSVRfUkVBU09OX0lOVkVQVDoKLSAgICAgICAgaWYgKCBudm14X2hh bmRsZV9pbnZlcHQocmVncykgPT0gWDg2RU1VTF9PS0FZICkKLSAgICAgICAg ICAgIHVwZGF0ZV9ndWVzdF9laXAoKTsKLSAgICAgICAgYnJlYWs7Ci0KICAg ICBjYXNlIEVYSVRfUkVBU09OX0lOVlZQSUQ6Ci0gICAgICAgIGlmICggbnZt eF9oYW5kbGVfaW52dnBpZChyZWdzKSA9PSBYODZFTVVMX09LQVkgKQorICAg ICAgICBpZiAoIG52bXhfaGFuZGxlX3ZteF9pbnNuKHJlZ3MsIGV4aXRfcmVh c29uKSA9PSBYODZFTVVMX09LQVkgKQogICAgICAgICAgICAgdXBkYXRlX2d1 ZXN0X2VpcCgpOwogICAgICAgICBicmVhazsKIApkaWZmIC0tZ2l0IGEveGVu L2FyY2gveDg2L2h2bS92bXgvdnZteC5jIGIveGVuL2FyY2gveDg2L2h2bS92 bXgvdnZteC5jCmluZGV4IGU5N2RiMzMuLjg4Y2I1OGMgMTAwNjQ0Ci0tLSBh L3hlbi9hcmNoL3g4Ni9odm0vdm14L3Z2bXguYworKysgYi94ZW4vYXJjaC94 ODYvaHZtL3ZteC92dm14LmMKQEAgLTE0NzAsNyArMTQ3MCw3IEBAIHZvaWQg bnZteF9zd2l0Y2hfZ3Vlc3Qodm9pZCkKICAqIFZNWCBpbnN0cnVjdGlvbnMg aGFuZGxpbmcKICAqLwogCi1pbnQgbnZteF9oYW5kbGVfdm14b24oc3RydWN0 IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCitzdGF0aWMgaW50IG52bXhfaGFuZGxl X3ZteG9uKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogewogICAgIHN0 cnVjdCB2Y3B1ICp2PWN1cnJlbnQ7CiAgICAgc3RydWN0IG5lc3RlZHZteCAq bnZteCA9ICZ2Y3B1XzJfbnZteCh2KTsKQEAgLTE1MjIsNyArMTUyMiw3IEBA IGludCBudm14X2hhbmRsZV92bXhvbihzdHJ1Y3QgY3B1X3VzZXJfcmVncyAq cmVncykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCi1pbnQgbnZt eF9oYW5kbGVfdm14b2ZmKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQor c3RhdGljIGludCBudm14X2hhbmRsZV92bXhvZmYoc3RydWN0IGNwdV91c2Vy X3JlZ3MgKnJlZ3MpCiB7CiAgICAgc3RydWN0IHZjcHUgKnY9Y3VycmVudDsK ICAgICBzdHJ1Y3QgbmVzdGVkdm14ICpudm14ID0gJnZjcHVfMl9udm14KHYp OwpAQCAtMTYxMSw3ICsxNjExLDcgQEAgc3RhdGljIGludCBudm14X3ZtcmVz dW1lKHN0cnVjdCB2Y3B1ICp2LCBzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVn cykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCi1pbnQgbnZteF9o YW5kbGVfdm1yZXN1bWUoc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCitz dGF0aWMgaW50IG52bXhfaGFuZGxlX3ZtcmVzdW1lKHN0cnVjdCBjcHVfdXNl cl9yZWdzICpyZWdzKQogewogICAgIGJvb2xfdCBsYXVuY2hlZDsKICAgICBz dHJ1Y3QgdmNwdSAqdiA9IGN1cnJlbnQ7CkBAIC0xNjQ1LDcgKzE2NDUsNyBA QCBpbnQgbnZteF9oYW5kbGVfdm1yZXN1bWUoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpCiAgICAgcmV0dXJuIG52bXhfdm1yZXN1bWUodixyZWdzKTsK IH0KIAotaW50IG52bXhfaGFuZGxlX3ZtbGF1bmNoKHN0cnVjdCBjcHVfdXNl cl9yZWdzICpyZWdzKQorc3RhdGljIGludCBudm14X2hhbmRsZV92bWxhdW5j aChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncykKIHsKICAgICBib29sX3Qg bGF1bmNoZWQ7CiAgICAgc3RydWN0IHZjcHUgKnYgPSBjdXJyZW50OwpAQCAt MTY4OCw3ICsxNjg4LDcgQEAgaW50IG52bXhfaGFuZGxlX3ZtbGF1bmNoKHN0 cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgIHJldHVybiByYzsKIH0K IAotaW50IG52bXhfaGFuZGxlX3ZtcHRybGQoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpCitzdGF0aWMgaW50IG52bXhfaGFuZGxlX3ZtcHRybGQoc3Ry dWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiB7CiAgICAgc3RydWN0IHZjcHUg KnYgPSBjdXJyZW50OwogICAgIHN0cnVjdCB2bXhfaW5zdF9kZWNvZGVkIGRl Y29kZTsKQEAgLTE3NTksNyArMTc1OSw3IEBAIGludCBudm14X2hhbmRsZV92 bXB0cmxkKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgIHJldHVy biBYODZFTVVMX09LQVk7CiB9CiAKLWludCBudm14X2hhbmRsZV92bXB0cnN0 KHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQorc3RhdGljIGludCBudm14 X2hhbmRsZV92bXB0cnN0KHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQog ewogICAgIHN0cnVjdCB2Y3B1ICp2ID0gY3VycmVudDsKICAgICBzdHJ1Y3Qg dm14X2luc3RfZGVjb2RlZCBkZWNvZGU7CkBAIC0xNzg0LDcgKzE3ODQsNyBA QCBpbnQgbnZteF9oYW5kbGVfdm1wdHJzdChzdHJ1Y3QgY3B1X3VzZXJfcmVn cyAqcmVncykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCi1pbnQg bnZteF9oYW5kbGVfdm1jbGVhcihzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVn cykKK3N0YXRpYyBpbnQgbnZteF9oYW5kbGVfdm1jbGVhcihzdHJ1Y3QgY3B1 X3VzZXJfcmVncyAqcmVncykKIHsKICAgICBzdHJ1Y3QgdmNwdSAqdiA9IGN1 cnJlbnQ7CiAgICAgc3RydWN0IHZteF9pbnN0X2RlY29kZWQgZGVjb2RlOwpA QCAtMTgzNiw3ICsxODM2LDcgQEAgaW50IG52bXhfaGFuZGxlX3ZtY2xlYXIo c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiAgICAgcmV0dXJuIFg4NkVN VUxfT0tBWTsKIH0KIAotaW50IG52bXhfaGFuZGxlX3ZtcmVhZChzdHJ1Y3Qg Y3B1X3VzZXJfcmVncyAqcmVncykKK3N0YXRpYyBpbnQgbnZteF9oYW5kbGVf dm1yZWFkKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogewogICAgIHN0 cnVjdCB2Y3B1ICp2ID0gY3VycmVudDsKICAgICBzdHJ1Y3Qgdm14X2luc3Rf ZGVjb2RlZCBkZWNvZGU7CkBAIC0xODc4LDcgKzE4NzgsNyBAQCBpbnQgbnZt eF9oYW5kbGVfdm1yZWFkKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQog ICAgIHJldHVybiBYODZFTVVMX09LQVk7CiB9CiAKLWludCBudm14X2hhbmRs ZV92bXdyaXRlKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQorc3RhdGlj IGludCBudm14X2hhbmRsZV92bXdyaXRlKHN0cnVjdCBjcHVfdXNlcl9yZWdz ICpyZWdzKQogewogICAgIHN0cnVjdCB2Y3B1ICp2ID0gY3VycmVudDsKICAg ICBzdHJ1Y3Qgdm14X2luc3RfZGVjb2RlZCBkZWNvZGU7CkBAIC0xOTI2LDcg KzE5MjYsNyBAQCBpbnQgbnZteF9oYW5kbGVfdm13cml0ZShzdHJ1Y3QgY3B1 X3VzZXJfcmVncyAqcmVncykKICAgICByZXR1cm4gWDg2RU1VTF9PS0FZOwog fQogCi1pbnQgbnZteF9oYW5kbGVfaW52ZXB0KHN0cnVjdCBjcHVfdXNlcl9y ZWdzICpyZWdzKQorc3RhdGljIGludCBudm14X2hhbmRsZV9pbnZlcHQoc3Ry dWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiB7CiAgICAgc3RydWN0IHZteF9p bnN0X2RlY29kZWQgZGVjb2RlOwogICAgIHVuc2lnbmVkIGxvbmcgZXB0cDsK QEAgLTE5NTQsNyArMTk1NCw3IEBAIGludCBudm14X2hhbmRsZV9pbnZlcHQo c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiAgICAgcmV0dXJuIFg4NkVN VUxfT0tBWTsKIH0KIAotaW50IG52bXhfaGFuZGxlX2ludnZwaWQoc3RydWN0 IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCitzdGF0aWMgaW50IG52bXhfaGFuZGxl X2ludnZwaWQoc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpCiB7CiAgICAg c3RydWN0IHZteF9pbnN0X2RlY29kZWQgZGVjb2RlOwogICAgIHVuc2lnbmVk IGxvbmcgdnBpZDsKQEAgLTE5ODAsNiArMTk4MCw4MSBAQCBpbnQgbnZteF9o YW5kbGVfaW52dnBpZChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncykKICAg ICByZXR1cm4gWDg2RU1VTF9PS0FZOwogfQogCitpbnQgbnZteF9oYW5kbGVf dm14X2luc24oc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MsIHVuc2lnbmVk IGludCBleGl0X3JlYXNvbikKK3sKKyAgICBzdHJ1Y3QgdmNwdSAqY3VyciA9 IGN1cnJlbnQ7CisgICAgaW50IHJldDsKKworICAgIGlmICggIShjdXJyLT5h cmNoLmh2bV92Y3B1Lmd1ZXN0X2NyWzRdICYgWDg2X0NSNF9WTVhFKSB8fAor ICAgICAgICAgIW5lc3RlZGh2bV9lbmFibGVkKGN1cnItPmRvbWFpbikgfHwK KyAgICAgICAgICh2bXhfZ3Vlc3RfeDg2X21vZGUoY3VycikgPCAoaHZtX2xv bmdfbW9kZV9hY3RpdmUoY3VycikgPyA4IDogMikpICkKKyAgICB7CisgICAg ICAgIGh2bV9pbmplY3RfaHdfZXhjZXB0aW9uKFRSQVBfaW52YWxpZF9vcCwg WDg2X0VWRU5UX05PX0VDKTsKKyAgICAgICAgcmV0dXJuIFg4NkVNVUxfRVhD RVBUSU9OOworICAgIH0KKworICAgIGlmICggdm14X2dldF9jcGwoKSA+IDAg KQorICAgIHsKKyAgICAgICAgaHZtX2luamVjdF9od19leGNlcHRpb24oVFJB UF9ncF9mYXVsdCwgMCk7CisgICAgICAgIHJldHVybiBYODZFTVVMX0VYQ0VQ VElPTjsKKyAgICB9CisKKyAgICBzd2l0Y2ggKCBleGl0X3JlYXNvbiApCisg ICAgeworICAgIGNhc2UgRVhJVF9SRUFTT05fVk1YT0ZGOgorICAgICAgICBy ZXQgPSBudm14X2hhbmRsZV92bXhvZmYocmVncyk7CisgICAgICAgIGJyZWFr OworCisgICAgY2FzZSBFWElUX1JFQVNPTl9WTVhPTjoKKyAgICAgICAgcmV0 ID0gbnZteF9oYW5kbGVfdm14b24ocmVncyk7CisgICAgICAgIGJyZWFrOwor CisgICAgY2FzZSBFWElUX1JFQVNPTl9WTUNMRUFSOgorICAgICAgICByZXQg PSBudm14X2hhbmRsZV92bWNsZWFyKHJlZ3MpOworICAgICAgICBicmVhazsK KworICAgIGNhc2UgRVhJVF9SRUFTT05fVk1QVFJMRDoKKyAgICAgICAgcmV0 ID0gbnZteF9oYW5kbGVfdm1wdHJsZChyZWdzKTsKKyAgICAgICAgYnJlYWs7 CisKKyAgICBjYXNlIEVYSVRfUkVBU09OX1ZNUFRSU1Q6CisgICAgICAgIHJl dCA9IG52bXhfaGFuZGxlX3ZtcHRyc3QocmVncyk7CisgICAgICAgIGJyZWFr OworCisgICAgY2FzZSBFWElUX1JFQVNPTl9WTVJFQUQ6CisgICAgICAgIHJl dCA9IG52bXhfaGFuZGxlX3ZtcmVhZChyZWdzKTsKKyAgICAgICAgYnJlYWs7 CisKKyAgICBjYXNlIEVYSVRfUkVBU09OX1ZNV1JJVEU6CisgICAgICAgIHJl dCA9IG52bXhfaGFuZGxlX3Ztd3JpdGUocmVncyk7CisgICAgICAgIGJyZWFr OworCisgICAgY2FzZSBFWElUX1JFQVNPTl9WTUxBVU5DSDoKKyAgICAgICAg cmV0ID0gbnZteF9oYW5kbGVfdm1sYXVuY2gocmVncyk7CisgICAgICAgIGJy ZWFrOworCisgICAgY2FzZSBFWElUX1JFQVNPTl9WTVJFU1VNRToKKyAgICAg ICAgcmV0ID0gbnZteF9oYW5kbGVfdm1yZXN1bWUocmVncyk7CisgICAgICAg IGJyZWFrOworCisgICAgY2FzZSBFWElUX1JFQVNPTl9JTlZFUFQ6CisgICAg ICAgIHJldCA9IG52bXhfaGFuZGxlX2ludmVwdChyZWdzKTsKKyAgICAgICAg YnJlYWs7CisKKyAgICBjYXNlIEVYSVRfUkVBU09OX0lOVlZQSUQ6CisgICAg ICAgIHJldCA9IG52bXhfaGFuZGxlX2ludnZwaWQocmVncyk7CisgICAgICAg IGJyZWFrOworCisgICAgZGVmYXVsdDoKKyAgICAgICAgQVNTRVJUX1VOUkVB Q0hBQkxFKCk7CisgICAgICAgIGRvbWFpbl9jcmFzaChjdXJyLT5kb21haW4p OworICAgICAgICByZXQgPSBYODZFTVVMX1VOSEFORExFQUJMRTsKKyAgICAg ICAgYnJlYWs7CisgICAgfQorCisgICAgcmV0dXJuIHJldDsKK30KKwogI2Rl ZmluZSBfX2VtdWxfdmFsdWUoZW5hYmxlMSwgZGVmYXVsdDEpIFwKICAgICAo KGVuYWJsZTEgfCBkZWZhdWx0MSkgPDwgMzIgfCAoZGVmYXVsdDEpKQogCmRp ZmYgLS1naXQgYS94ZW4vaW5jbHVkZS9hc20teDg2L2h2bS92bXgvdnZteC5o IGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9odm0vdm14L3Z2bXguaAppbmRleCA5 ZWEzNWViLi5mYzRhOGQxIDEwMDY0NAotLS0gYS94ZW4vaW5jbHVkZS9hc20t eDg2L2h2bS92bXgvdnZteC5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14ODYv aHZtL3ZteC92dm14LmgKQEAgLTk0LDkgKzk0LDYgQEAgdm9pZCBudm14X2Rv bWFpbl9yZWxpbnF1aXNoX3Jlc291cmNlcyhzdHJ1Y3QgZG9tYWluICpkKTsK IAogYm9vbF90IG52bXhfZXB0X2VuYWJsZWQoc3RydWN0IHZjcHUgKnYpOwog Ci1pbnQgbnZteF9oYW5kbGVfdm14b24oc3RydWN0IGNwdV91c2VyX3JlZ3Mg KnJlZ3MpOwotaW50IG52bXhfaGFuZGxlX3ZteG9mZihzdHJ1Y3QgY3B1X3Vz ZXJfcmVncyAqcmVncyk7Ci0KICNkZWZpbmUgRVBUX1RSQU5TTEFURV9TVUND RUVEICAgICAgIDAKICNkZWZpbmUgRVBUX1RSQU5TTEFURV9WSU9MQVRJT04g ICAgIDEKICNkZWZpbmUgRVBUX1RSQU5TTEFURV9NSVNDT05GSUcgICAgIDIK QEAgLTE5MSwxNSArMTg4LDcgQEAgZW51bSB2bXhfaW5zbl9lcnJubyBzZXRf dnZtY3NfcmVhbF9zYWZlKGNvbnN0IHN0cnVjdCB2Y3B1ICosIHUzMiBlbmNv ZGluZywKIHVpbnQ2NF90IGdldF9zaGFkb3dfZXB0cChzdHJ1Y3QgdmNwdSAq dik7CiAKIHZvaWQgbnZteF9kZXN0cm95X3ZtY3Moc3RydWN0IHZjcHUgKnYp OwotaW50IG52bXhfaGFuZGxlX3ZtcHRybGQoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpOwotaW50IG52bXhfaGFuZGxlX3ZtcHRyc3Qoc3RydWN0IGNw dV91c2VyX3JlZ3MgKnJlZ3MpOwotaW50IG52bXhfaGFuZGxlX3ZtY2xlYXIo c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpOwotaW50IG52bXhfaGFuZGxl X3ZtcmVhZChzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncyk7Ci1pbnQgbnZt eF9oYW5kbGVfdm13cml0ZShzdHJ1Y3QgY3B1X3VzZXJfcmVncyAqcmVncyk7 Ci1pbnQgbnZteF9oYW5kbGVfdm1yZXN1bWUoc3RydWN0IGNwdV91c2VyX3Jl Z3MgKnJlZ3MpOwotaW50IG52bXhfaGFuZGxlX3ZtbGF1bmNoKHN0cnVjdCBj cHVfdXNlcl9yZWdzICpyZWdzKTsKLWludCBudm14X2hhbmRsZV9pbnZlcHQo c3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpOwotaW50IG52bXhfaGFuZGxl X2ludnZwaWQoc3RydWN0IGNwdV91c2VyX3JlZ3MgKnJlZ3MpOworaW50IG52 bXhfaGFuZGxlX3ZteF9pbnNuKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdz LCB1bnNpZ25lZCBpbnQgZXhpdF9yZWFzb24pOwogaW50IG52bXhfbXNyX3Jl YWRfaW50ZXJjZXB0KHVuc2lnbmVkIGludCBtc3IsCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHU2NCAqbXNyX2NvbnRlbnQpOwogCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Nov 06 18:42:21 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 06 Nov 2018 18:42:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gK6Ht-0000II-Rr; Tue, 06 Nov 2018 18:41:17 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gK6Hs-0000Hz-Iu for xen-announce@lists.xen.org; Tue, 06 Nov 2018 18:41:16 +0000 X-Inumbo-ID: 89eb00f7-e1f3-11e8-9a16-bc764e045a96 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 89eb00f7-e1f3-11e8-9a16-bc764e045a96; Tue, 06 Nov 2018 18:41:14 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gK6Hg-0005FR-Ro; Tue, 06 Nov 2018 18:41:04 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gK6Hg-0002Qd-P3; Tue, 06 Nov 2018 18:41:04 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 06 Nov 2018 18:41:04 +0000 Subject: [Xen-announce] Xen Security Advisory 282 v1 - guest use of HLE constructs may lock up host X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-282 guest use of HLE constructs may lock up host ISSUE DESCRIPTION ================= Various Intel CPU models have an erratum listed under the title "Processor May Hang When Executing Code In an HLE Transaction". It describes a potential hang when using instructions with the XACQUIRE prefix on the host physical memory range covering the first 4 MiB starting at the 1GiB boundary. IMPACT ====== A malicious or buggy guest may cause a CPU to hang, resulting in a DoS (Denial of Service) affecting the entire host. VULNERABLE SYSTEMS ================== All Xen versions are affected. Only Intel based x86 systems are affected. Please refer to Intel documentation as to which specific CPU models are affected. AMD x86 systems as well as Arm ones are not affected. MITIGATION ========== There is no known mitigation. A BIOS update may be available for some systems, working around the issue at the firmware level. RESOLUTION ========== Applying the appropriate pair of attached patches works around this issue for the CPU models known to be affected at the time of writing. xsa282-?.patch xen-unstable xsa282-4.11-1.patch + xsa282-2.patch Xen 4.11.x, Xen 4.10.x xsa282-4.9-1.patch + xsa282-2.patch Xen 4.9.x xsa282-4.9-1.patch + xsa282-4.8-2.patch Xen 4.8.x, Xen 4.7.x $ sha256sum xsa282* 6ef64ca920a58ed9185e81fad3dfa9ca5f6316f1e72ddd4f411f3e79eaf79903 xsa282.meta ad7093e00b3d6650530c95427ef0e68880883f0cec7229b5f41c9e2dc497ffd5 xsa282-1.patch 7ce7fa105026b189500a31bd3978ec0c6fd9d7c95f688463c25ecce76366be35 xsa282-2.patch fbff734d678700864563f8214361f391c0cbda9b67ed7256535ed3db388c8feb xsa282-4.8-2.patch df833cbe9b8798104a65d44b737c46f97399b86b0ffd03c99fda4c8ecf5a353c xsa282-4.9-1.patch 68eab296a7124662cbe3c6df8835aff9b4a26160fdbe970e206a7a6ef8d27ec7 xsa282-4.11-1.patch $ NOTE REGARDING LACK OF EMBARGO ============================== The issue has been documented publicly in Specification Updates for at least some of the affected processors for quite some time. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlvh3+0MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ48QIALQ1hLMewraf+URzsd36EUJNPP+1C8Dg35PavdJ1 mrqBljy/bIYCiLvLm1RwinUPL5vrvkB97/6AjmnpZM83AA3/PLTbh3tpP8fiLUcF YL7wJogvjv51Q3N8mYHjxGGl5YYVdrgxwxbQIuzRnw2gi/ikd0oAoNce/QIF6iFz P2I8VjKuQZ6qEzdKXTTiPNQQzL+OfVGQ+RcsthQieWce53p+n1pI1QqbPOwdYtca /cOhP+vGRzh+4QP50JuN5ikdC/C9KpyjEo5mZVlrZQYPIqzI+vomueCJLPGN3cSY LBcJc/lT/w/LRgygpbUB/OO8RwK5XB9T4Jm/ssXGpCOTs3Y= =Ipfd -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa282.meta" Content-Disposition: attachment; filename="xsa282.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyODIsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMSIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwK ICAgICI0LjgiLAogICAgIjQuNyIKICBdLAogICJUcmVlcyI6IFsKICAgICJ4 ZW4iCiAgXSwKICAiUmVjaXBlcyI6IHsKICAgICI0LjEwIjogewogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICJjODQxYzgyYTUzNDljZDU2YWRiOGZkNDkwN2JmNWFkOTU2M2Vh YTdlIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgXSwKICAg ICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjgyLTQuMTEt MS5wYXRjaCIsCiAgICAgICAgICAgICJ4c2EyODItMi5wYXRjaCIKICAgICAg ICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC4xMSI6IHsK ICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAg ICJTdGFibGVSZWYiOiAiOGFkNDYyYTM0ZjA2NTRjMjU2YzE5NzQwNjU4NzY4 NmZlNDIyODU0NiIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAg IF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI4 Mi00LjExLTEucGF0Y2giLAogICAgICAgICAgICAieHNhMjgyLTIucGF0Y2gi CiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQu NyI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiM2QzM2NjNmRkZjM3MDI2YjU1MzBmODNm NWZhM2FmMDViMjJmOWU0MyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAg InhzYTI4Mi00LjktMS5wYXRjaCIsCiAgICAgICAgICAgICJ4c2EyODItNC44 LTIucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9 LAogICAgIjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhl biI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiODhiNWUzNjhjZTA4YWFm Zjc4ZGI1ZTNlZGM0YzQ4ODk0NTgzNzc1MCIsCiAgICAgICAgICAiUHJlcmVx cyI6IFsKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAg ICAgICAgICAgInhzYTI4Mi00LjktMS5wYXRjaCIsCiAgICAgICAgICAgICJ4 c2EyODItNC44LTIucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAg ICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiMWJkN2Mx N2M1ZTk3NmZlYzRhZDBkOGJhNzg1YWM3OGYzNmVlZjYyOCIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFsKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hl cyI6IFsKICAgICAgICAgICAgInhzYTI4Mi00LjktMS5wYXRjaCIsCiAgICAg ICAgICAgICJ4c2EyODItMi5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9 CiAgICAgIH0KICAgIH0sCiAgICAibWFzdGVyIjogewogICAgICAiUmVjaXBl cyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6 ICJjZTJmNDI2MDU4ODhmMThmNjNmZjlmZTBkNDVkZDY5YWU4MzA0NWJiIiwK ICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgXSwKICAgICAgICAg ICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjgyLT8ucGF0Y2giCiAg ICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa282-1.patch" Content-Disposition: attachment; filename="xsa282-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGV4dGVuZCBnZXRfcGxhdGZvcm1fYmFkcGFnZXMoKSBpbnRlcmZh Y2UKClVzZSBhIHN0cnVjdHVyZSBzbyBhbG9uZyB3aXRoIGFuIGFkZHJlc3Mg KG5vdyBmcmFtZSBudW1iZXIpIGFuIG9yZGVyIGNhbgphbHNvIGJlIHNwZWNp ZmllZC4KClRoaXMgaXMgcGFydCBvZiBYU0EtMjgyLgoKU2lnbmVkLW9mZi1i eTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1i eTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4K Ci0tLSBhL3hlbi9hcmNoL3g4Ni9ndWVzdC94ZW4uYworKysgYi94ZW4vYXJj aC94ODYvZ3Vlc3QveGVuLmMKQEAgLTQwLDcgKzQwLDcgQEAgYm9vbCBfX3Jl YWRfbW9zdGx5IHhlbl9ndWVzdDsKIHN0YXRpYyBfX3JlYWRfbW9zdGx5IHVp bnQzMl90IHhlbl9jcHVpZF9iYXNlOwogZXh0ZXJuIGNoYXIgaHlwZXJjYWxs X3BhZ2VbXTsKIHN0YXRpYyBzdHJ1Y3QgcmFuZ2VzZXQgKm1lbTsKLXN0YXRp YyB1bnNpZ25lZCBsb25nIF9faW5pdGRhdGEgcmVzZXJ2ZWRfcGFnZXNbMl07 CitzdGF0aWMgc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdlIF9faW5pdGRhdGEg cmVzZXJ2ZWRfcGFnZXNbMl07CiAKIERFRklORV9QRVJfQ1BVKHVuc2lnbmVk IGludCwgdmNwdV9pZCk7CiAKQEAgLTMyNiw3ICszMjYsNyBAQCB2b2lkIF9f aW5pdCBoeXBlcnZpc29yX2ZpeHVwX2U4MjAoc3RydWN0CiAgICAgICAgIHBh bmljKCJVbmFibGUgdG8gZ2V0ICIgI3AgIlxuIik7ICAgICAgICBcCiAgICAg bWFya19wZm5fYXNfcmFtKGU4MjAsIHBmbik7ICAgICAgICAgICAgICAgICBc CiAgICAgQVNTRVJUKGkgPCBBUlJBWV9TSVpFKHJlc2VydmVkX3BhZ2VzKSk7 ICAgICBcCi0gICAgcmVzZXJ2ZWRfcGFnZXNbaSsrXSA9IHBmbiA8PCBQQUdF X1NISUZUOyAgICBcCisgICAgcmVzZXJ2ZWRfcGFnZXNbaSsrXS5tZm4gPSBw Zm47ICAgICAgICAgICAgICBcCiB9KQogICAgIE1BUktfUEFSQU1fUkFNKEhW TV9QQVJBTV9TVE9SRV9QRk4pOwogICAgIGlmICggIXB2X2NvbnNvbGUgKQpA QCAtMzM0LDcgKzMzNCw3IEBAIHZvaWQgX19pbml0IGh5cGVydmlzb3JfZml4 dXBfZTgyMChzdHJ1Y3QKICN1bmRlZiBNQVJLX1BBUkFNX1JBTQogfQogCi1j b25zdCB1bnNpZ25lZCBsb25nICpfX2luaXQgaHlwZXJ2aXNvcl9yZXNlcnZl ZF9wYWdlcyh1bnNpZ25lZCBpbnQgKnNpemUpCitjb25zdCBzdHJ1Y3QgcGxh dGZvcm1fYmFkX3BhZ2UgKl9faW5pdCBoeXBlcnZpc29yX3Jlc2VydmVkX3Bh Z2VzKHVuc2lnbmVkIGludCAqc2l6ZSkKIHsKICAgICBBU1NFUlQoeGVuX2d1 ZXN0KTsKIAotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJj aC94ODYvbW0uYwpAQCAtNTg0MywyMyArNTg0MywyMyBAQCB2b2lkIGFyY2hf ZHVtcF9zaGFyZWRfbWVtX2luZm8odm9pZCkKICAgICAgICAgICAgIG1lbV9z aGFyaW5nX2dldF9ucl9zYXZlZF9tZm5zKCkpOwogfQogCi1jb25zdCB1bnNp Z25lZCBsb25nICpfX2luaXQgZ2V0X3BsYXRmb3JtX2JhZHBhZ2VzKHVuc2ln bmVkIGludCAqYXJyYXlfc2l6ZSkKK2NvbnN0IHN0cnVjdCBwbGF0Zm9ybV9i YWRfcGFnZSAqX19pbml0IGdldF9wbGF0Zm9ybV9iYWRwYWdlcyh1bnNpZ25l ZCBpbnQgKmFycmF5X3NpemUpCiB7CiAgICAgdTMyIGlnZF9pZDsKLSAgICBz dGF0aWMgdW5zaWduZWQgbG9uZyBfX2luaXRkYXRhIGJhZF9wYWdlc1tdID0g ewotICAgICAgICAweDIwMDUwMDAwLAotICAgICAgICAweDIwMTEwMDAwLAot ICAgICAgICAweDIwMTMwMDAwLAotICAgICAgICAweDIwMTM4MDAwLAotICAg ICAgICAweDQwMDA0MDAwLAorICAgIHN0YXRpYyBjb25zdCBzdHJ1Y3QgcGxh dGZvcm1fYmFkX3BhZ2UgX19pbml0Y29uc3Qgc25iX2JhZF9wYWdlc1tdID0g eworICAgICAgICB7IC5tZm4gPSAweDIwMDUwMDAwID4+IFBBR0VfU0hJRlQg fSwKKyAgICAgICAgeyAubWZuID0gMHgyMDExMDAwMCA+PiBQQUdFX1NISUZU IH0sCisgICAgICAgIHsgLm1mbiA9IDB4MjAxMzAwMDAgPj4gUEFHRV9TSElG VCB9LAorICAgICAgICB7IC5tZm4gPSAweDIwMTM4MDAwID4+IFBBR0VfU0hJ RlQgfSwKKyAgICAgICAgeyAubWZuID0gMHg0MDAwNDAwMCA+PiBQQUdFX1NI SUZUIH0sCiAgICAgfTsKIAotICAgICphcnJheV9zaXplID0gQVJSQVlfU0la RShiYWRfcGFnZXMpOworICAgICphcnJheV9zaXplID0gQVJSQVlfU0laRShz bmJfYmFkX3BhZ2VzKTsKICAgICBpZ2RfaWQgPSBwY2lfY29uZl9yZWFkMzIo MCwgMCwgMiwgMCwgMCk7Ci0gICAgaWYgKCAhSVNfU05CX0dGWChpZ2RfaWQp ICkKLSAgICAgICAgcmV0dXJuIE5VTEw7CisgICAgaWYgKCBJU19TTkJfR0ZY KGlnZF9pZCkgKQorICAgICAgICByZXR1cm4gc25iX2JhZF9wYWdlczsKIAot ICAgIHJldHVybiBiYWRfcGFnZXM7CisgICAgcmV0dXJuIE5VTEw7CiB9CiAK IHZvaWQgcGFnaW5nX2ludmxwZyhzdHJ1Y3QgdmNwdSAqdiwgdW5zaWduZWQg bG9uZyBsaW5lYXIpCi0tLSBhL3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCisr KyBiL3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCkBAIC0yNzAsNyArMjcwLDcg QEAgdm9pZCBfX2luaXQgaW5pdF9ib290X3BhZ2VzKHBhZGRyX3QgcHMsCiAg ICAgdW5zaWduZWQgbG9uZyBiYWRfc3BmbiwgYmFkX2VwZm47CiAgICAgY29u c3QgY2hhciAqcDsKICNpZmRlZiBDT05GSUdfWDg2Ci0gICAgY29uc3QgdW5z aWduZWQgbG9uZyAqYmFkcGFnZSA9IE5VTEw7CisgICAgY29uc3Qgc3RydWN0 IHBsYXRmb3JtX2JhZF9wYWdlICpiYWRwYWdlOwogICAgIHVuc2lnbmVkIGlu dCBpLCBhcnJheV9zaXplOwogCiAgICAgQlVJTERfQlVHX09OKDggKiBzaXpl b2YoZnJhbWVfdGFibGUtPnUuZnJlZS5maXJzdF9kaXJ0eSkgPApAQCAtMjk5 LDggKzI5OSw4IEBAIHZvaWQgX19pbml0IGluaXRfYm9vdF9wYWdlcyhwYWRk cl90IHBzLAogICAgIHsKICAgICAgICAgZm9yICggaSA9IDA7IGkgPCBhcnJh eV9zaXplOyBpKysgKQogICAgICAgICB7Ci0gICAgICAgICAgICBib290bWVt X3JlZ2lvbl96YXAoKmJhZHBhZ2UgPj4gUEFHRV9TSElGVCwKLSAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAoKmJhZHBhZ2UgPj4gUEFHRV9TSElG VCkgKyAxKTsKKyAgICAgICAgICAgIGJvb3RtZW1fcmVnaW9uX3phcChiYWRw YWdlLT5tZm4sCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYmFk cGFnZS0+bWZuICsgKDFVIDw8IGJhZHBhZ2UtPm9yZGVyKSk7CiAgICAgICAg ICAgICBiYWRwYWdlKys7CiAgICAgICAgIH0KICAgICB9CkBAIC0zMTIsOCAr MzEyLDggQEAgdm9pZCBfX2luaXQgaW5pdF9ib290X3BhZ2VzKHBhZGRyX3Qg cHMsCiAgICAgICAgIHsKICAgICAgICAgICAgIGZvciAoIGkgPSAwOyBpIDwg YXJyYXlfc2l6ZTsgaSsrICkKICAgICAgICAgICAgIHsKLSAgICAgICAgICAg ICAgICBib290bWVtX3JlZ2lvbl96YXAoKmJhZHBhZ2UgPj4gUEFHRV9TSElG VCwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKCpiYWRw YWdlID4+IFBBR0VfU0hJRlQpICsgMSk7CisgICAgICAgICAgICAgICAgYm9v dG1lbV9yZWdpb25femFwKGJhZHBhZ2UtPm1mbiwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgYmFkcGFnZS0+bWZuICsgKDFVIDw8IGJh ZHBhZ2UtPm9yZGVyKSk7CiAgICAgICAgICAgICAgICAgYmFkcGFnZSsrOwog ICAgICAgICAgICAgfQogICAgICAgICB9Ci0tLSBhL3hlbi9pbmNsdWRlL2Fz bS14ODYvZ3Vlc3QveGVuLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9n dWVzdC94ZW4uaApAQCAtMzcsNyArMzcsNyBAQCB2b2lkIGh5cGVydmlzb3Jf YXBfc2V0dXAodm9pZCk7CiBpbnQgaHlwZXJ2aXNvcl9hbGxvY191bnVzZWRf cGFnZShtZm5fdCAqbWZuKTsKIGludCBoeXBlcnZpc29yX2ZyZWVfdW51c2Vk X3BhZ2UobWZuX3QgbWZuKTsKIHZvaWQgaHlwZXJ2aXNvcl9maXh1cF9lODIw KHN0cnVjdCBlODIwbWFwICplODIwKTsKLWNvbnN0IHVuc2lnbmVkIGxvbmcg Kmh5cGVydmlzb3JfcmVzZXJ2ZWRfcGFnZXModW5zaWduZWQgaW50ICpzaXpl KTsKK2NvbnN0IHN0cnVjdCBwbGF0Zm9ybV9iYWRfcGFnZSAqaHlwZXJ2aXNv cl9yZXNlcnZlZF9wYWdlcyh1bnNpZ25lZCBpbnQgKnNpemUpOwogdWludDMy X3QgaHlwZXJ2aXNvcl9jcHVpZF9iYXNlKHZvaWQpOwogdm9pZCBoeXBlcnZp c29yX3Jlc3VtZSh2b2lkKTsKIApAQCAtNjUsNyArNjUsNyBAQCBzdGF0aWMg aW5saW5lIHZvaWQgaHlwZXJ2aXNvcl9maXh1cF9lODIwCiAgICAgQVNTRVJU X1VOUkVBQ0hBQkxFKCk7CiB9CiAKLXN0YXRpYyBpbmxpbmUgY29uc3QgdW5z aWduZWQgbG9uZyAqaHlwZXJ2aXNvcl9yZXNlcnZlZF9wYWdlcyh1bnNpZ25l ZCBpbnQgKnNpemUpCitzdGF0aWMgaW5saW5lIGNvbnN0IHN0cnVjdCBwbGF0 Zm9ybV9iYWRfcGFnZSAqaHlwZXJ2aXNvcl9yZXNlcnZlZF9wYWdlcyh1bnNp Z25lZCBpbnQgKnNpemUpCiB7CiAgICAgQVNTRVJUX1VOUkVBQ0hBQkxFKCk7 CiAgICAgcmV0dXJuIE5VTEw7Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS14ODYv bW0uaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L21tLmgKQEAgLTM0MSw3 ICszNDEsMTMgQEAgdm9pZCB6YXBfcm9fbXB0KG1mbl90IG1mbik7CiAKIGJv b2wgaXNfaW9tZW1fcGFnZShtZm5fdCBtZm4pOwogCi1jb25zdCB1bnNpZ25l ZCBsb25nICpnZXRfcGxhdGZvcm1fYmFkcGFnZXModW5zaWduZWQgaW50ICph cnJheV9zaXplKTsKK3N0cnVjdCBwbGF0Zm9ybV9iYWRfcGFnZSB7CisgICAg dW5zaWduZWQgbG9uZyBtZm47CisgICAgdW5zaWduZWQgaW50IG9yZGVyOwor fTsKKworY29uc3Qgc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdlICpnZXRfcGxh dGZvcm1fYmFkcGFnZXModW5zaWduZWQgaW50ICphcnJheV9zaXplKTsKKwog LyogUGVyIHBhZ2UgbG9ja3M6CiAgKiBwYWdlX2xvY2soKSBpcyB1c2VkIGZv ciB0d28gcHVycG9zZXM6IHB0ZSBzZXJpYWxpemF0aW9uLCBhbmQgbWVtb3J5 IHNoYXJpbmcuCiAgKgo= --=separator Content-Type: application/octet-stream; name="xsa282-2.patch" Content-Disposition: attachment; filename="xsa282-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IHdvcmsgYXJvdW5kIEhMRSBob3N0IGxvY2t1cCBlcnJhdHVtCgpY QUNRVUlSRSBwcmVmaXhlZCBhY2Nlc3NlcyB0byB0aGUgNE1iIHJhbmdlIG9m IG1lbW9yeSBzdGFydGluZyBhdCAxR2IKYXJlIGxpYWJsZSB0byBsb2NrIHVw IHRoZSBwcm9jZXNzb3IuIERpc2FsbG93IHVzZSBvZiB0aGlzIG1lbW9yeSBy YW5nZS4KClVuZm9ydHVuYXRlbHkgdGhlIGF2YWlsYWJsZSBDb3JlIEdlbjcg YW5kIEdlbjggc3BlYyB1cGRhdGVzIGFyZSBwcmV0dHkKb2xkLCBzbyBJIGNh biBvbmx5IGd1ZXNzIHRoYXQgdGhleSdyZSBzaW1pbGFybHkgYWZmZWN0ZWQg d2hlbiBDb3JlIEdlbjYKaXMgYW5kIHRoZSBYZW9uIGNvdW50ZXJwYXJ0cyBh cmUsIHRvby4KClRoaXMgaXMgcGFydCBvZiBYU0EtMjgyLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KLS0tCnYyOiBEb24ndCBhcHBseSB0aGUgd29ya2Fyb3VuZCB3aGVuIHJ1 bm5pbmcgb3Vyc2VsdmVzIHZpcnR1YWxpemVkLgoKLS0tIGEveGVuL2FyY2gv eDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2L21tLmMKQEAgLTU4NTMsNiAr NTg1MywyMiBAQCBjb25zdCBzdHJ1Y3QgcGxhdGZvcm1fYmFkX3BhZ2UgKl9f aW5pdCBnCiAgICAgICAgIHsgLm1mbiA9IDB4MjAxMzgwMDAgPj4gUEFHRV9T SElGVCB9LAogICAgICAgICB7IC5tZm4gPSAweDQwMDA0MDAwID4+IFBBR0Vf U0hJRlQgfSwKICAgICB9OworICAgIHN0YXRpYyBjb25zdCBzdHJ1Y3QgcGxh dGZvcm1fYmFkX3BhZ2UgX19pbml0Y29uc3QgaGxlX2JhZF9wYWdlID0gewor ICAgICAgICAubWZuID0gMHg0MDAwMDAwMCA+PiBQQUdFX1NISUZULCAub3Jk ZXIgPSAxMAorICAgIH07CisKKyAgICBzd2l0Y2ggKCBjcHVpZF9lYXgoMSkg JiAweDAwMGYzZmYwICkKKyAgICB7CisgICAgY2FzZSAweDAwMDQwNmUwOiAv KiBlcnJhdHVtIFNLTDE2NyAqLworICAgIGNhc2UgMHgwMDA1MDY1MDogLyog ZXJyYXR1bSBTS1o2MyAqLworICAgIGNhc2UgMHgwMDA1MDZlMDogLyogZXJy YXRhIFNLTDE2NyAvIFNLVzE1OSAqLworICAgIGNhc2UgMHgwMDA4MDZlMDog LyogZXJyYXR1bSBLQkw/Pz8gKi8KKyAgICBjYXNlIDB4MDAwOTA2ZTA6IC8q IGVycmF0YSBLQkw/Pz8gLyBLQlcxMTQgLyBDRlcxMDMgKi8KKyAgICAgICAg KmFycmF5X3NpemUgPSAoY3B1aWRfZWF4KDApID49IDcgJiYKKyAgICAgICAg ICAgICAgICAgICAgICAgIShjcHVpZF9lY3goMSkgJiBjcHVmZWF0X21hc2so WDg2X0ZFQVRVUkVfSFlQRVJWSVNPUikpICYmCisgICAgICAgICAgICAgICAg ICAgICAgIChjcHVpZF9jb3VudF9lYngoNywgMCkgJiBjcHVmZWF0X21hc2so WDg2X0ZFQVRVUkVfSExFKSkpOworICAgICAgICByZXR1cm4gJmhsZV9iYWRf cGFnZTsKKyAgICB9CiAKICAgICAqYXJyYXlfc2l6ZSA9IEFSUkFZX1NJWkUo c25iX2JhZF9wYWdlcyk7CiAgICAgaWdkX2lkID0gcGNpX2NvbmZfcmVhZDMy KDAsIDAsIDIsIDAsIDApOwo= --=separator Content-Type: application/octet-stream; name="xsa282-4.8-2.patch" Content-Disposition: attachment; filename="xsa282-4.8-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IHdvcmsgYXJvdW5kIEhMRSBob3N0IGxvY2t1cCBlcnJhdHVtCgpY QUNRVUlSRSBwcmVmaXhlZCBhY2Nlc3NlcyB0byB0aGUgNE1iIHJhbmdlIG9m IG1lbW9yeSBzdGFydGluZyBhdCAxR2IKYXJlIGxpYWJsZSB0byBsb2NrIHVw IHRoZSBwcm9jZXNzb3IuIERpc2FsbG93IHVzZSBvZiB0aGlzIG1lbW9yeSBy YW5nZS4KClVuZm9ydHVuYXRlbHkgdGhlIGF2YWlsYWJsZSBDb3JlIEdlbjcg YW5kIEdlbjggc3BlYyB1cGRhdGVzIGFyZSBwcmV0dHkKb2xkLCBzbyBJIGNh biBvbmx5IGd1ZXNzIHRoYXQgdGhleSdyZSBzaW1pbGFybHkgYWZmZWN0ZWQg d2hlbiBDb3JlIEdlbjYKaXMgYW5kIHRoZSBYZW9uIGNvdW50ZXJwYXJ0cyBh cmUsIHRvby4KClRoaXMgaXMgcGFydCBvZiBYU0EtMjgyLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS5jCisrKyBiL3hlbi9hcmNoL3g4 Ni9tbS5jCkBAIC02OTg5LDYgKzY5ODksMjUgQEAgY29uc3Qgc3RydWN0IHBs YXRmb3JtX2JhZF9wYWdlICpfX2luaXQgZwogICAgICAgICB7IC5tZm4gPSAw eDIwMTM4MDAwID4+IFBBR0VfU0hJRlQgfSwKICAgICAgICAgeyAubWZuID0g MHg0MDAwNDAwMCA+PiBQQUdFX1NISUZUIH0sCiAgICAgfTsKKyAgICBzdGF0 aWMgY29uc3Qgc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdlIF9faW5pdGNvbnN0 IGhsZV9iYWRfcGFnZSA9IHsKKyAgICAgICAgLm1mbiA9IDB4NDAwMDAwMDAg Pj4gUEFHRV9TSElGVCwgLm9yZGVyID0gMTAKKyAgICB9OworCisgICAgc3dp dGNoICggY3B1aWRfZWF4KDEpICYgMHgwMDBmM2ZmMCApCisgICAgeworICAg ICAgICB1bnNpZ25lZCBpbnQgZWJ4LCBkdW1teTsKKworICAgIGNhc2UgMHgw MDA0MDZlMDogLyogZXJyYXR1bSBTS0wxNjcgKi8KKyAgICBjYXNlIDB4MDAw NTA2NTA6IC8qIGVycmF0dW0gU0taNjMgKi8KKyAgICBjYXNlIDB4MDAwNTA2 ZTA6IC8qIGVycmF0YSBTS0wxNjcgLyBTS1cxNTkgKi8KKyAgICBjYXNlIDB4 MDAwODA2ZTA6IC8qIGVycmF0dW0gS0JMPz8/ICovCisgICAgY2FzZSAweDAw MDkwNmUwOiAvKiBlcnJhdGEgS0JMPz8/IC8gS0JXMTE0IC8gQ0ZXMTAzICov CisgICAgICAgICphcnJheV9zaXplID0gKGNwdWlkX2VheCgwKSA+PSA3ICYm CisgICAgICAgICAgICAgICAgICAgICAgICEoY3B1aWRfZWN4KDEpICYgY3B1 ZmVhdF9tYXNrKFg4Nl9GRUFUVVJFX0hZUEVSVklTT1IpKSAmJgorICAgICAg ICAgICAgICAgICAgICAgICAoY3B1aWRfY291bnQoNywgMCwgJmR1bW15LCAm ZWJ4LCAmZHVtbXksICZkdW1teSksCisgICAgICAgICAgICAgICAgICAgICAg ICBlYnggJiBjcHVmZWF0X21hc2soWDg2X0ZFQVRVUkVfSExFKSkpOworICAg ICAgICByZXR1cm4gJmhsZV9iYWRfcGFnZTsKKyAgICB9CiAKICAgICAqYXJy YXlfc2l6ZSA9IEFSUkFZX1NJWkUoc25iX2JhZF9wYWdlcyk7CiAgICAgaWdk X2lkID0gcGNpX2NvbmZfcmVhZDMyKDAsIDAsIDIsIDAsIDApOwo= --=separator Content-Type: application/octet-stream; name="xsa282-4.9-1.patch" Content-Disposition: attachment; filename="xsa282-4.9-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGV4dGVuZCBnZXRfcGxhdGZvcm1fYmFkcGFnZXMoKSBpbnRlcmZh Y2UKClVzZSBhIHN0cnVjdHVyZSBzbyBhbG9uZyB3aXRoIGFuIGFkZHJlc3Mg KG5vdyBmcmFtZSBudW1iZXIpIGFuIG9yZGVyIGNhbgphbHNvIGJlIHNwZWNp ZmllZC4KClRoaXMgaXMgcGFydCBvZiBYU0EtMjgyLgoKU2lnbmVkLW9mZi1i eTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1i eTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4K Ci0tLSBhL3hlbi9hcmNoL3g4Ni9tbS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9t bS5jCkBAIC03MTExLDIzICs3MTExLDIzIEBAIHZvaWQgYXJjaF9kdW1wX3No YXJlZF9tZW1faW5mbyh2b2lkKQogICAgICAgICAgICAgbWVtX3NoYXJpbmdf Z2V0X25yX3NhdmVkX21mbnMoKSk7CiB9CiAKLWNvbnN0IHVuc2lnbmVkIGxv bmcgKl9faW5pdCBnZXRfcGxhdGZvcm1fYmFkcGFnZXModW5zaWduZWQgaW50 ICphcnJheV9zaXplKQorY29uc3Qgc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdl ICpfX2luaXQgZ2V0X3BsYXRmb3JtX2JhZHBhZ2VzKHVuc2lnbmVkIGludCAq YXJyYXlfc2l6ZSkKIHsKICAgICB1MzIgaWdkX2lkOwotICAgIHN0YXRpYyB1 bnNpZ25lZCBsb25nIF9faW5pdGRhdGEgYmFkX3BhZ2VzW10gPSB7Ci0gICAg ICAgIDB4MjAwNTAwMDAsCi0gICAgICAgIDB4MjAxMTAwMDAsCi0gICAgICAg IDB4MjAxMzAwMDAsCi0gICAgICAgIDB4MjAxMzgwMDAsCi0gICAgICAgIDB4 NDAwMDQwMDAsCisgICAgc3RhdGljIGNvbnN0IHN0cnVjdCBwbGF0Zm9ybV9i YWRfcGFnZSBfX2luaXRjb25zdCBzbmJfYmFkX3BhZ2VzW10gPSB7CisgICAg ICAgIHsgLm1mbiA9IDB4MjAwNTAwMDAgPj4gUEFHRV9TSElGVCB9LAorICAg ICAgICB7IC5tZm4gPSAweDIwMTEwMDAwID4+IFBBR0VfU0hJRlQgfSwKKyAg ICAgICAgeyAubWZuID0gMHgyMDEzMDAwMCA+PiBQQUdFX1NISUZUIH0sCisg ICAgICAgIHsgLm1mbiA9IDB4MjAxMzgwMDAgPj4gUEFHRV9TSElGVCB9LAor ICAgICAgICB7IC5tZm4gPSAweDQwMDA0MDAwID4+IFBBR0VfU0hJRlQgfSwK ICAgICB9OwogCi0gICAgKmFycmF5X3NpemUgPSBBUlJBWV9TSVpFKGJhZF9w YWdlcyk7CisgICAgKmFycmF5X3NpemUgPSBBUlJBWV9TSVpFKHNuYl9iYWRf cGFnZXMpOwogICAgIGlnZF9pZCA9IHBjaV9jb25mX3JlYWQzMigwLCAwLCAy LCAwLCAwKTsKLSAgICBpZiAoICFJU19TTkJfR0ZYKGlnZF9pZCkgKQotICAg ICAgICByZXR1cm4gTlVMTDsKKyAgICBpZiAoIElTX1NOQl9HRlgoaWdkX2lk KSApCisgICAgICAgIHJldHVybiBzbmJfYmFkX3BhZ2VzOwogCi0gICAgcmV0 dXJuIGJhZF9wYWdlczsKKyAgICByZXR1cm4gTlVMTDsKIH0KIAogdm9pZCBw YWdpbmdfaW52bHBnKHN0cnVjdCB2Y3B1ICp2LCB1bnNpZ25lZCBsb25nIHZh KQotLS0gYS94ZW4vY29tbW9uL3BhZ2VfYWxsb2MuYworKysgYi94ZW4vY29t bW9uL3BhZ2VfYWxsb2MuYwpAQCAtMjcwLDcgKzI3MCw3IEBAIHZvaWQgX19p bml0IGluaXRfYm9vdF9wYWdlcyhwYWRkcl90IHBzLAogICAgIHVuc2lnbmVk IGxvbmcgYmFkX3NwZm4sIGJhZF9lcGZuOwogICAgIGNvbnN0IGNoYXIgKnA7 CiAjaWZkZWYgQ09ORklHX1g4NgotICAgIGNvbnN0IHVuc2lnbmVkIGxvbmcg KmJhZHBhZ2UgPSBOVUxMOworICAgIGNvbnN0IHN0cnVjdCBwbGF0Zm9ybV9i YWRfcGFnZSAqYmFkcGFnZTsKICAgICB1bnNpZ25lZCBpbnQgaSwgYXJyYXlf c2l6ZTsKICNlbmRpZgogCkBAIC0yOTUsOCArMjk1LDggQEAgdm9pZCBfX2lu aXQgaW5pdF9ib290X3BhZ2VzKHBhZGRyX3QgcHMsCiAgICAgewogICAgICAg ICBmb3IgKCBpID0gMDsgaSA8IGFycmF5X3NpemU7IGkrKyApCiAgICAgICAg IHsKLSAgICAgICAgICAgIGJvb3RtZW1fcmVnaW9uX3phcCgqYmFkcGFnZSA+ PiBQQUdFX1NISUZULAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICgqYmFkcGFnZSA+PiBQQUdFX1NISUZUKSArIDEpOworICAgICAgICAgICAg Ym9vdG1lbV9yZWdpb25femFwKGJhZHBhZ2UtPm1mbiwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBiYWRwYWdlLT5tZm4gKyAoMVUgPDwgYmFk cGFnZS0+b3JkZXIpKTsKICAgICAgICAgICAgIGJhZHBhZ2UrKzsKICAgICAg ICAgfQogICAgIH0KLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9tbS5oCisr KyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvbW0uaApAQCAtMzUwLDcgKzM1MCwx MyBAQCBib29sIGlzX2lvbWVtX3BhZ2UobWZuX3QgbWZuKTsKIAogdm9pZCBj bGVhcl9zdXBlcnBhZ2VfbWFyayhzdHJ1Y3QgcGFnZV9pbmZvICpwYWdlKTsK IAotY29uc3QgdW5zaWduZWQgbG9uZyAqZ2V0X3BsYXRmb3JtX2JhZHBhZ2Vz KHVuc2lnbmVkIGludCAqYXJyYXlfc2l6ZSk7CitzdHJ1Y3QgcGxhdGZvcm1f YmFkX3BhZ2UgeworICAgIHVuc2lnbmVkIGxvbmcgbWZuOworICAgIHVuc2ln bmVkIGludCBvcmRlcjsKK307CisKK2NvbnN0IHN0cnVjdCBwbGF0Zm9ybV9i YWRfcGFnZSAqZ2V0X3BsYXRmb3JtX2JhZHBhZ2VzKHVuc2lnbmVkIGludCAq YXJyYXlfc2l6ZSk7CisKIC8qIFBlciBwYWdlIGxvY2tzOgogICogcGFnZV9s b2NrKCkgaXMgdXNlZCBmb3IgdHdvIHB1cnBvc2VzOiBwdGUgc2VyaWFsaXph dGlvbiwgYW5kIG1lbW9yeSBzaGFyaW5nLgogICoK --=separator Content-Type: application/octet-stream; name="xsa282-4.11-1.patch" Content-Disposition: attachment; filename="xsa282-4.11-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGV4dGVuZCBnZXRfcGxhdGZvcm1fYmFkcGFnZXMoKSBpbnRlcmZh Y2UKClVzZSBhIHN0cnVjdHVyZSBzbyBhbG9uZyB3aXRoIGFuIGFkZHJlc3Mg KG5vdyBmcmFtZSBudW1iZXIpIGFuIG9yZGVyIGNhbgphbHNvIGJlIHNwZWNp ZmllZC4KClRoaXMgaXMgcGFydCBvZiBYU0EtMjgyLgoKU2lnbmVkLW9mZi1i eTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1i eTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4K Ci0tLSBhL3hlbi9hcmNoL3g4Ni9ndWVzdC94ZW4uYworKysgYi94ZW4vYXJj aC94ODYvZ3Vlc3QveGVuLmMKQEAgLTQwLDcgKzQwLDcgQEAgYm9vbCBfX3Jl YWRfbW9zdGx5IHhlbl9ndWVzdDsKIHN0YXRpYyBfX3JlYWRfbW9zdGx5IHVp bnQzMl90IHhlbl9jcHVpZF9iYXNlOwogZXh0ZXJuIGNoYXIgaHlwZXJjYWxs X3BhZ2VbXTsKIHN0YXRpYyBzdHJ1Y3QgcmFuZ2VzZXQgKm1lbTsKLXN0YXRp YyB1bnNpZ25lZCBsb25nIF9faW5pdGRhdGEgcmVzZXJ2ZWRfcGFnZXNbMl07 CitzdGF0aWMgc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdlIF9faW5pdGRhdGEg cmVzZXJ2ZWRfcGFnZXNbMl07CiAKIERFRklORV9QRVJfQ1BVKHVuc2lnbmVk IGludCwgdmNwdV9pZCk7CiAKQEAgLTMyNiw3ICszMjYsNyBAQCB2b2lkIF9f aW5pdCBoeXBlcnZpc29yX2ZpeHVwX2U4MjAoc3RydWN0CiAgICAgICAgIHBh bmljKCJVbmFibGUgdG8gZ2V0ICIgI3ApOyAgICAgICAgICAgICBcCiAgICAg bWFya19wZm5fYXNfcmFtKGU4MjAsIHBmbik7ICAgICAgICAgICAgICAgICBc CiAgICAgQVNTRVJUKGkgPCBBUlJBWV9TSVpFKHJlc2VydmVkX3BhZ2VzKSk7 ICAgICBcCi0gICAgcmVzZXJ2ZWRfcGFnZXNbaSsrXSA9IHBmbiA8PCBQQUdF X1NISUZUOyAgICBcCisgICAgcmVzZXJ2ZWRfcGFnZXNbaSsrXS5tZm4gPSBw Zm47ICAgICAgICAgICAgICBcCiB9KQogICAgIE1BUktfUEFSQU1fUkFNKEhW TV9QQVJBTV9TVE9SRV9QRk4pOwogICAgIGlmICggIXB2X2NvbnNvbGUgKQpA QCAtMzM0LDcgKzMzNCw3IEBAIHZvaWQgX19pbml0IGh5cGVydmlzb3JfZml4 dXBfZTgyMChzdHJ1Y3QKICN1bmRlZiBNQVJLX1BBUkFNX1JBTQogfQogCi1j b25zdCB1bnNpZ25lZCBsb25nICpfX2luaXQgaHlwZXJ2aXNvcl9yZXNlcnZl ZF9wYWdlcyh1bnNpZ25lZCBpbnQgKnNpemUpCitjb25zdCBzdHJ1Y3QgcGxh dGZvcm1fYmFkX3BhZ2UgKl9faW5pdCBoeXBlcnZpc29yX3Jlc2VydmVkX3Bh Z2VzKHVuc2lnbmVkIGludCAqc2l6ZSkKIHsKICAgICBBU1NFUlQoeGVuX2d1 ZXN0KTsKIAotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJj aC94ODYvbW0uYwpAQCAtNTc2OCwyMyArNTc2OCwyMyBAQCB2b2lkIGFyY2hf ZHVtcF9zaGFyZWRfbWVtX2luZm8odm9pZCkKICAgICAgICAgICAgIG1lbV9z aGFyaW5nX2dldF9ucl9zYXZlZF9tZm5zKCkpOwogfQogCi1jb25zdCB1bnNp Z25lZCBsb25nICpfX2luaXQgZ2V0X3BsYXRmb3JtX2JhZHBhZ2VzKHVuc2ln bmVkIGludCAqYXJyYXlfc2l6ZSkKK2NvbnN0IHN0cnVjdCBwbGF0Zm9ybV9i YWRfcGFnZSAqX19pbml0IGdldF9wbGF0Zm9ybV9iYWRwYWdlcyh1bnNpZ25l ZCBpbnQgKmFycmF5X3NpemUpCiB7CiAgICAgdTMyIGlnZF9pZDsKLSAgICBz dGF0aWMgdW5zaWduZWQgbG9uZyBfX2luaXRkYXRhIGJhZF9wYWdlc1tdID0g ewotICAgICAgICAweDIwMDUwMDAwLAotICAgICAgICAweDIwMTEwMDAwLAot ICAgICAgICAweDIwMTMwMDAwLAotICAgICAgICAweDIwMTM4MDAwLAotICAg ICAgICAweDQwMDA0MDAwLAorICAgIHN0YXRpYyBjb25zdCBzdHJ1Y3QgcGxh dGZvcm1fYmFkX3BhZ2UgX19pbml0Y29uc3Qgc25iX2JhZF9wYWdlc1tdID0g eworICAgICAgICB7IC5tZm4gPSAweDIwMDUwMDAwID4+IFBBR0VfU0hJRlQg fSwKKyAgICAgICAgeyAubWZuID0gMHgyMDExMDAwMCA+PiBQQUdFX1NISUZU IH0sCisgICAgICAgIHsgLm1mbiA9IDB4MjAxMzAwMDAgPj4gUEFHRV9TSElG VCB9LAorICAgICAgICB7IC5tZm4gPSAweDIwMTM4MDAwID4+IFBBR0VfU0hJ RlQgfSwKKyAgICAgICAgeyAubWZuID0gMHg0MDAwNDAwMCA+PiBQQUdFX1NI SUZUIH0sCiAgICAgfTsKIAotICAgICphcnJheV9zaXplID0gQVJSQVlfU0la RShiYWRfcGFnZXMpOworICAgICphcnJheV9zaXplID0gQVJSQVlfU0laRShz bmJfYmFkX3BhZ2VzKTsKICAgICBpZ2RfaWQgPSBwY2lfY29uZl9yZWFkMzIo MCwgMCwgMiwgMCwgMCk7Ci0gICAgaWYgKCAhSVNfU05CX0dGWChpZ2RfaWQp ICkKLSAgICAgICAgcmV0dXJuIE5VTEw7CisgICAgaWYgKCBJU19TTkJfR0ZY KGlnZF9pZCkgKQorICAgICAgICByZXR1cm4gc25iX2JhZF9wYWdlczsKIAot ICAgIHJldHVybiBiYWRfcGFnZXM7CisgICAgcmV0dXJuIE5VTEw7CiB9CiAK IHZvaWQgcGFnaW5nX2ludmxwZyhzdHJ1Y3QgdmNwdSAqdiwgdW5zaWduZWQg bG9uZyB2YSkKLS0tIGEveGVuL2NvbW1vbi9wYWdlX2FsbG9jLmMKKysrIGIv eGVuL2NvbW1vbi9wYWdlX2FsbG9jLmMKQEAgLTI3MCw3ICsyNzAsNyBAQCB2 b2lkIF9faW5pdCBpbml0X2Jvb3RfcGFnZXMocGFkZHJfdCBwcywKICAgICB1 bnNpZ25lZCBsb25nIGJhZF9zcGZuLCBiYWRfZXBmbjsKICAgICBjb25zdCBj aGFyICpwOwogI2lmZGVmIENPTkZJR19YODYKLSAgICBjb25zdCB1bnNpZ25l ZCBsb25nICpiYWRwYWdlID0gTlVMTDsKKyAgICBjb25zdCBzdHJ1Y3QgcGxh dGZvcm1fYmFkX3BhZ2UgKmJhZHBhZ2U7CiAgICAgdW5zaWduZWQgaW50IGks IGFycmF5X3NpemU7CiAKICAgICBCVUlMRF9CVUdfT04oOCAqIHNpemVvZihm cmFtZV90YWJsZS0+dS5mcmVlLmZpcnN0X2RpcnR5KSA8CkBAIC0yOTksOCAr Mjk5LDggQEAgdm9pZCBfX2luaXQgaW5pdF9ib290X3BhZ2VzKHBhZGRyX3Qg cHMsCiAgICAgewogICAgICAgICBmb3IgKCBpID0gMDsgaSA8IGFycmF5X3Np emU7IGkrKyApCiAgICAgICAgIHsKLSAgICAgICAgICAgIGJvb3RtZW1fcmVn aW9uX3phcCgqYmFkcGFnZSA+PiBQQUdFX1NISUZULAotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICgqYmFkcGFnZSA+PiBQQUdFX1NISUZUKSAr IDEpOworICAgICAgICAgICAgYm9vdG1lbV9yZWdpb25femFwKGJhZHBhZ2Ut Pm1mbiwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiYWRwYWdl LT5tZm4gKyAoMVUgPDwgYmFkcGFnZS0+b3JkZXIpKTsKICAgICAgICAgICAg IGJhZHBhZ2UrKzsKICAgICAgICAgfQogICAgIH0KQEAgLTMxMiw4ICszMTIs OCBAQCB2b2lkIF9faW5pdCBpbml0X2Jvb3RfcGFnZXMocGFkZHJfdCBwcywK ICAgICAgICAgewogICAgICAgICAgICAgZm9yICggaSA9IDA7IGkgPCBhcnJh eV9zaXplOyBpKysgKQogICAgICAgICAgICAgewotICAgICAgICAgICAgICAg IGJvb3RtZW1fcmVnaW9uX3phcCgqYmFkcGFnZSA+PiBQQUdFX1NISUZULAot ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoKmJhZHBhZ2Ug Pj4gUEFHRV9TSElGVCkgKyAxKTsKKyAgICAgICAgICAgICAgICBib290bWVt X3JlZ2lvbl96YXAoYmFkcGFnZS0+bWZuLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBiYWRwYWdlLT5tZm4gKyAoMVUgPDwgYmFkcGFn ZS0+b3JkZXIpKTsKICAgICAgICAgICAgICAgICBiYWRwYWdlKys7CiAgICAg ICAgICAgICB9CiAgICAgICAgIH0KLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4 Ni9ndWVzdC94ZW4uaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L2d1ZXN0 L3hlbi5oCkBAIC0zNyw3ICszNyw3IEBAIHZvaWQgaHlwZXJ2aXNvcl9hcF9z ZXR1cCh2b2lkKTsKIGludCBoeXBlcnZpc29yX2FsbG9jX3VudXNlZF9wYWdl KG1mbl90ICptZm4pOwogaW50IGh5cGVydmlzb3JfZnJlZV91bnVzZWRfcGFn ZShtZm5fdCBtZm4pOwogdm9pZCBoeXBlcnZpc29yX2ZpeHVwX2U4MjAoc3Ry dWN0IGU4MjBtYXAgKmU4MjApOwotY29uc3QgdW5zaWduZWQgbG9uZyAqaHlw ZXJ2aXNvcl9yZXNlcnZlZF9wYWdlcyh1bnNpZ25lZCBpbnQgKnNpemUpOwor Y29uc3Qgc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdlICpoeXBlcnZpc29yX3Jl c2VydmVkX3BhZ2VzKHVuc2lnbmVkIGludCAqc2l6ZSk7CiB1aW50MzJfdCBo eXBlcnZpc29yX2NwdWlkX2Jhc2Uodm9pZCk7CiB2b2lkIGh5cGVydmlzb3Jf cmVzdW1lKHZvaWQpOwogCkBAIC02NSw3ICs2NSw3IEBAIHN0YXRpYyBpbmxp bmUgdm9pZCBoeXBlcnZpc29yX2ZpeHVwX2U4MjAKICAgICBBU1NFUlRfVU5S RUFDSEFCTEUoKTsKIH0KIAotc3RhdGljIGlubGluZSBjb25zdCB1bnNpZ25l ZCBsb25nICpoeXBlcnZpc29yX3Jlc2VydmVkX3BhZ2VzKHVuc2lnbmVkIGlu dCAqc2l6ZSkKK3N0YXRpYyBpbmxpbmUgY29uc3Qgc3RydWN0IHBsYXRmb3Jt X2JhZF9wYWdlICpoeXBlcnZpc29yX3Jlc2VydmVkX3BhZ2VzKHVuc2lnbmVk IGludCAqc2l6ZSkKIHsKICAgICBBU1NFUlRfVU5SRUFDSEFCTEUoKTsKICAg ICByZXR1cm4gTlVMTDsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9tbS5o CisrKyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvbW0uaApAQCAtMzQ4LDcgKzM0 OCwxMyBAQCB2b2lkIHphcF9yb19tcHQobWZuX3QgbWZuKTsKIAogYm9vbCBp c19pb21lbV9wYWdlKG1mbl90IG1mbik7CiAKLWNvbnN0IHVuc2lnbmVkIGxv bmcgKmdldF9wbGF0Zm9ybV9iYWRwYWdlcyh1bnNpZ25lZCBpbnQgKmFycmF5 X3NpemUpOworc3RydWN0IHBsYXRmb3JtX2JhZF9wYWdlIHsKKyAgICB1bnNp Z25lZCBsb25nIG1mbjsKKyAgICB1bnNpZ25lZCBpbnQgb3JkZXI7Cit9Owor Citjb25zdCBzdHJ1Y3QgcGxhdGZvcm1fYmFkX3BhZ2UgKmdldF9wbGF0Zm9y bV9iYWRwYWdlcyh1bnNpZ25lZCBpbnQgKmFycmF5X3NpemUpOworCiAvKiBQ ZXIgcGFnZSBsb2NrczoKICAqIHBhZ2VfbG9jaygpIGlzIHVzZWQgZm9yIHR3 byBwdXJwb3NlczogcHRlIHNlcmlhbGl6YXRpb24sIGFuZCBtZW1vcnkgc2hh cmluZy4KICAqCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Nov 20 13:27:29 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Nov 2018 13:27:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP633-00040A-7A; Tue, 20 Nov 2018 13:26:37 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP632-0003za-4d for xen-announce@lists.xen.org; Tue, 20 Nov 2018 13:26:36 +0000 X-Inumbo-ID: e5fe1346-ecc7-11e8-9406-12d6303a7972 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id e5fe1346-ecc7-11e8-9406-12d6303a7972; Tue, 20 Nov 2018 13:26:34 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP62p-0006nJ-Ey; Tue, 20 Nov 2018 13:26:23 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gP62p-0000ba-Bx; Tue, 20 Nov 2018 13:26:23 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 20 Nov 2018 13:26:23 +0000 Subject: [Xen-announce] Xen Security Advisory 275 v2 - insufficient TLB flushing / improper large page mappings with AMD IOMMUs X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-275 version 2 insufficient TLB flushing / improper large page mappings with AMD IOMMUs UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= In order to be certain that no undue access to memory is possible anymore after IOMMU mappings of this memory have been removed, Translation Lookaside Buffers (TLBs) need to be flushed after most changes to such mappings. Xen bypassed certain IOMMU flushes on AMD x86 hardware. Furthermore logic exists Xen to re-combine small page mappings into larger ones. Such re-combination could have occured in cases when it was not really safe/correct to do so. IMPACT ====== A malicious or buggy guest may be able to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access (information leak). VULNERABLE SYSTEMS ================== Xen versions from at least 3.2 onwards are affected. Note that the situation is worse in 4.1 and earlier, in that there's no flushing of the TLB at all. Only systems with AMD x86 hardware with enabled IOMMU are affected. ARM and Intel x86 systems, and AMD x86 systems without enabled IOMMU, are not affected. Only systems where physical PCI devices are assigned to untrusted guests are vulnerable. MITIGATION ========== There is no known mitigation for affected system/guest combinations. CREDITS ======= This issue was discovered by Paul Durrant of Citrix. RESOLUTION ========== Applying the appropriate set of attached patches resolves this issue. xsa275-?.patch xen-unstable xsa275-4.11-?.patch Xen 4.11.x ... Xen 4.8.x xsa275-4.7-?.patch Xen 4.7.x $ sha256sum xsa275* b5a02598cd2cffcc2cb59c724eeabb50220fa55f2cbe571726a5228909bf7bfe xsa275.meta 7a3360e61fbb088f7d9f2b92921c9dceb08a1e01563c42ba4cf4a9999fe42fc4 xsa275-1.patch 4783a3abd2d87386ce9a7b790666ad398c5e027a6a146fce6424f0bcbfd8a7c6 xsa275-2.patch 49844d06f24ea129f1a501b4b0d5cb6ec3b288f3a2b41377ce793cc6fc81a788 xsa275-4.7-1.patch 7ea8bf2ff2c8c92cb064a70959a1148229c4577109015bd5aab72603ccb8f7e3 xsa275-4.7-2.patch 15d1aa7528368ed92caf8ea9baf77a406e1de26d0697dafd8a85da0d66eb95dc xsa275-4.11-1.patch 0806e8c904ac9e8eb89404dffd227fcd56da84b7eb0150ee1e9b4bee54a05b4e xsa275-4.11-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlv0C2kMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZEmUIAJh8KKnerBI188shqJlCI2yr3qXG75xsnwQSR4Xd 5lIRLQepG92cPkJa6RPWelJY0rHmPTlFj+apO7k4ZOG4WsZkp8vK16pkOiCGP8wI J7UXfdxj9twOEbvLUE+Xe4bJI7/GQ9UbHefZ5LMdive6jYkq20ZUD7nZOBsXDX7r znb6plF62VzhoGvvL2yLyZRnRJfs91bNfnqPZG54tHDPXFTntVZghrIYKW8kboNF LZNi8fMrk0URy6uUkF2YpzLZ+JoMlPMVPEX3c+bx5xFm7xZc37rGmbHaj+L/5ViY 8e+2EEhzIGYI7liTSgKOzlkxolJ08bd/xolVAAo8vNeHjHo= =noV1 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa275.meta" Content-Disposition: attachment; filename="xsa275.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNzUsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMSIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwK ICAgICI0LjgiLAogICAgIjQuNyIKICBdLAogICJUcmVlcyI6IFsKICAgICJ4 ZW4iCiAgXSwKICAiUmVjaXBlcyI6IHsKICAgICI0LjEwIjogewogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICJjODQxYzgyYTUzNDljZDU2YWRiOGZkNDkwN2JmNWFkOTU2M2Vh YTdlIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI3NS00LjExLT8ucGF0Y2giCiAg ICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuMTEi OiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAg ICAgICAiU3RhYmxlUmVmIjogIjhhZDQ2MmEzNGYwNjU0YzI1NmMxOTc0MDY1 ODc2ODZmZTQyMjg1NDYiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAg ICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjc1LTQuMTEt Py5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0s CiAgICAiNC43IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVu IjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzZDMzY2M2ZGRmMzcwMjZi NTUzMGY4M2Y1ZmEzYWYwNWIyMmY5ZTQzIiwKICAgICAgICAgICJQcmVyZXFz IjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhz YTI3NS00LjctPy5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAg IH0KICAgIH0sCiAgICAiNC44IjogewogICAgICAiUmVjaXBlcyI6IHsKICAg ICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI4OGI1ZTM2 OGNlMDhhYWZmNzhkYjVlM2VkYzRjNDg4OTQ1ODM3NzUwIiwKICAgICAgICAg ICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAg ICAgICAgInhzYTI3NS00LjExLT8ucGF0Y2giCiAgICAgICAgICBdCiAgICAg ICAgfQogICAgICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lw ZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYi OiAiMWJkN2MxN2M1ZTk3NmZlYzRhZDBkOGJhNzg1YWM3OGYzNmVlZjYyOCIs CiAgICAgICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMi OiBbCiAgICAgICAgICAgICJ4c2EyNzUtNC4xMS0/LnBhdGNoIgogICAgICAg ICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7 CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAg ICAiU3RhYmxlUmVmIjogImNlMmY0MjYwNTg4OGYxOGY2M2ZmOWZlMGQ0NWRk NjlhZTgzMDQ1YmIiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAg ICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjc1LT8ucGF0Y2gi CiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa275-1.patch" Content-Disposition: attachment; filename="xsa275-1.patch" Content-Transfer-Encoding: base64 RnJvbTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJpeC5jb20+ ClN1YmplY3Q6IGFtZC9pb21tdTogZml4IGZsdXNoIGNoZWNrcwoKRmx1c2gg Y2hlY2tpbmcgZm9yIEFNRCBJT01NVSBkaWRuJ3QgY2hlY2sgd2hldGhlciB0 aGUgcHJldmlvdXMgZW50cnkKd2FzIHByZXNlbnQsIG9yIHdoZXRoZXIgdGhl IGZsYWdzICh3cml0YWJsZS9yZWFkYWJsZSkgY2hhbmdlZCBpbiBvcmRlcgp0 byBkZWNpZGUgd2hldGhlciBhIGZsdXNoIHNob3VsZCBiZSBleGVjdXRlZC4K CkZpeCB0aGlzIGJ5IHRha2luZyB0aGUgd3JpdGFibGUvcmVhZGFibGUvbmV4 dC1sZXZlbCBmaWVsZHMgaW50byBhY2NvdW50LAp0b2dldGhlciB3aXRoIHRo ZSBwcmVzZW50IGJpdC4KCkFsb25nIHRoZXNlIGxpbmVzIHRoZSBmbHVzaGlu ZyBpbiBhbWRfaW9tbXVfbWFwX3BhZ2UoKSBtdXN0IG5vdCBiZQpvbWl0dGVk IGZvciBQViBkb21haW5zLiBUaGUgY29tbWVudCB0aGVyZSB3YXMgc2ltcGx5 IHdyb25nOiBNYXBwaW5ncyBtYXkKdmVyeSB3ZWxsIGNoYW5nZSwgYm90aCB0 aGVpciBhZGRyZXNzZXMgYW5kIHRoZWlyIHBlcm1pc3Npb25zLiBVbHRpbWF0 ZWx5CnRoaXMgc2hvdWxkIGhvbm9yIGlvbW11X2RvbnRfZmx1c2hfaW90bGIs IGJ1dCB0byBhY2hpZXZlIHRoaXMKYW1kX2lvbW11X29wcyBmaXJzdCBuZWVk cyB0byBnYWluIGFuIC5pb3RsYl9mbHVzaCBob29rLgoKQWxzbyBtYWtlIGNs ZWFyX2lvbW11X3B0ZV9wcmVzZW50KCkgc3RhdGljLCB0byBkZW1vbnN0cmF0 ZSB0aGVyZSdzIG5vCmNhbGxlciBvbWl0dGluZyB0aGUgKHN1YnNlcXVlbnQp IGZsdXNoLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzUuCgpSZXBvcnRlZC1i eTogUGF1bCBEdXJyYW50IDxwYXVsLmR1cnJhbnRAY2l0cml4LmNvbT4KU2ln bmVkLW9mZi1ieTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KLS0tCnY0OiBSZS1iYXNlLgp2MzogRHJvcCBib2d1cyAybmQg aXNfaHZtX2RvbWFpbigpIGluIGFtZF9pb21tdV9tYXBfcGFnZSgpLgp2Mjog R2V0IG9sZCBSL1cgYml0cyBmcm9tIHRoZSBjb3JyZWN0IGhhbGYuIEFsc28g Y2hlY2sgY2hhbmdlIG9mIG5leHQtCiAgICBsZXZlbCBmaWVsZCwgcGVyaGFw cyBqdXN0IHRvIGJlIG9uIHRoZSBzYWZlIHNpZGUuIE1ha2UKICAgIGNsZWFy X2lvbW11X3B0ZV9wcmVzZW50KCkgc3RhdGljLiBDb3NtZXRpY3MuCgotLS0g YS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKKysr IGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X21hcC5jCkBA IC0zNSw3ICszNSw3IEBAIHN0YXRpYyB1bnNpZ25lZCBpbnQgcGZuX3RvX3Bk ZV9pZHgodW5zaWcKICAgICByZXR1cm4gaWR4OwogfQogCi12b2lkIGNsZWFy X2lvbW11X3B0ZV9wcmVzZW50KHVuc2lnbmVkIGxvbmcgbDFfbWZuLCB1bnNp Z25lZCBsb25nIGRmbikKK3N0YXRpYyB2b2lkIGNsZWFyX2lvbW11X3B0ZV9w cmVzZW50KHVuc2lnbmVkIGxvbmcgbDFfbWZuLCB1bnNpZ25lZCBsb25nIGRm bikKIHsKICAgICB1NjQgKnRhYmxlLCAqcHRlOwogCkBAIC00OSwyMyArNDks NDIgQEAgc3RhdGljIGJvb2xfdCBzZXRfaW9tbXVfcGRlX3ByZXNlbnQodTMy CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1bnNpZ25l ZCBpbnQgbmV4dF9sZXZlbCwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIGJvb2xfdCBpdywgYm9vbF90IGlyKQogewotICAgIHU2NCBh ZGRyX2xvLCBhZGRyX2hpLCBtYWRkcl9vbGQsIG1hZGRyX25leHQ7CisgICAg dWludDY0X3QgYWRkcl9sbywgYWRkcl9oaSwgbWFkZHJfbmV4dDsKICAgICB1 MzIgZW50cnk7Ci0gICAgYm9vbF90IG5lZWRfZmx1c2ggPSAwOworICAgIGJv b2wgbmVlZF9mbHVzaCA9IGZhbHNlLCBvbGRfcHJlc2VudDsKIAogICAgIG1h ZGRyX25leHQgPSAodTY0KW5leHRfbWZuIDw8IFBBR0VfU0hJRlQ7CiAKLSAg ICBhZGRyX2hpID0gZ2V0X2ZpZWxkX2Zyb21fcmVnX3UzMihwZGVbMV0sCi0g ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRF X0FERFJfSElHSF9NQVNLLAotICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIElPTU1VX1BURV9BRERSX0hJR0hfU0hJRlQpOwotICAgIGFk ZHJfbG8gPSBnZXRfZmllbGRfZnJvbV9yZWdfdTMyKHBkZVswXSwKLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJT01NVV9QVEVfQURE Ul9MT1dfTUFTSywKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBJT01NVV9QVEVfQUREUl9MT1dfU0hJRlQpOwotCi0gICAgbWFkZHJf b2xkID0gKGFkZHJfaGkgPDwgMzIpIHwgKGFkZHJfbG8gPDwgUEFHRV9TSElG VCk7Ci0KLSAgICBpZiAoIG1hZGRyX29sZCAhPSBtYWRkcl9uZXh0ICkKLSAg ICAgICAgbmVlZF9mbHVzaCA9IDE7CisgICAgb2xkX3ByZXNlbnQgPSBnZXRf ZmllbGRfZnJvbV9yZWdfdTMyKHBkZVswXSwgSU9NTVVfUFRFX1BSRVNFTlRf TUFTSywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgSU9NTVVfUFRFX1BSRVNFTlRfU0hJRlQpOworICAgIGlmICggb2xkX3By ZXNlbnQgKQorICAgIHsKKyAgICAgICAgYm9vbCBvbGRfciwgb2xkX3c7Cisg ICAgICAgIHVuc2lnbmVkIGludCBvbGRfbGV2ZWw7CisgICAgICAgIHVpbnQ2 NF90IG1hZGRyX29sZDsKKworICAgICAgICBhZGRyX2hpID0gZ2V0X2ZpZWxk X2Zyb21fcmVnX3UzMihwZGVbMV0sCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIElPTU1VX1BURV9BRERSX0hJR0hfTUFTSywK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9N TVVfUFRFX0FERFJfSElHSF9TSElGVCk7CisgICAgICAgIGFkZHJfbG8gPSBn ZXRfZmllbGRfZnJvbV9yZWdfdTMyKHBkZVswXSwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0FERFJfTE9X X01BU0ssCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIElPTU1VX1BURV9BRERSX0xPV19TSElGVCk7CisgICAgICAgIG9sZF9s ZXZlbCA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRlWzBdLAorICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIElPTU1VX1BE RV9ORVhUX0xFVkVMX01BU0ssCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgSU9NTVVfUERFX05FWFRfTEVWRUxfU0hJRlQp OworICAgICAgICBvbGRfdyA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRl WzFdLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg SU9NTVVfUFRFX0lPX1dSSVRFX1BFUk1JU1NJT05fTUFTSywKKyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIElPTU1VX1BURV9JT19X UklURV9QRVJNSVNTSU9OX1NISUZUKTsKKyAgICAgICAgb2xkX3IgPSBnZXRf ZmllbGRfZnJvbV9yZWdfdTMyKHBkZVsxXSwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIElPTU1VX1BURV9JT19SRUFEX1BFUk1J U1NJT05fTUFTSywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIElPTU1VX1BURV9JT19SRUFEX1BFUk1JU1NJT05fU0hJRlQpOwor CisgICAgICAgIG1hZGRyX29sZCA9IChhZGRyX2hpIDw8IDMyKSB8IChhZGRy X2xvIDw8IFBBR0VfU0hJRlQpOworCisgICAgICAgIGlmICggbWFkZHJfb2xk ICE9IG1hZGRyX25leHQgfHwgaXcgIT0gb2xkX3cgfHwgaXIgIT0gb2xkX3Ig fHwKKyAgICAgICAgICAgICBvbGRfbGV2ZWwgIT0gbmV4dF9sZXZlbCApCisg ICAgICAgICAgICBuZWVkX2ZsdXNoID0gdHJ1ZTsKKyAgICB9CiAKICAgICBh ZGRyX2xvID0gbWFkZHJfbmV4dCAmIERNQV8zMkJJVF9NQVNLOwogICAgIGFk ZHJfaGkgPSBtYWRkcl9uZXh0ID4+IDMyOwpAQCAtNjg0LDEwICs3MDMsNyBA QCBpbnQgYW1kX2lvbW11X21hcF9wYWdlKHN0cnVjdCBkb21haW4gKmQsCiAg ICAgaWYgKCAhbmVlZF9mbHVzaCApCiAgICAgICAgIGdvdG8gb3V0OwogCi0g ICAgLyogNEsgbWFwcGluZyBmb3IgUFYgZ3Vlc3RzIG5ldmVyIGNoYW5nZXMs IAotICAgICAqIG5vIG5lZWQgdG8gZmx1c2ggaWYgd2UgdHJ1c3Qgbm9uLXBy ZXNlbnQgYml0cyAqLwotICAgIGlmICggaXNfaHZtX2RvbWFpbihkKSApCi0g ICAgICAgIGFtZF9pb21tdV9mbHVzaF9wYWdlcyhkLCBkZm5feChkZm4pLCAw KTsKKyAgICBhbWRfaW9tbXVfZmx1c2hfcGFnZXMoZCwgZGZuX3goZGZuKSwg MCk7CiAKICAgICBmb3IgKCBtZXJnZV9sZXZlbCA9IDI7IG1lcmdlX2xldmVs IDw9IGhkLT5hcmNoLnBhZ2luZ19tb2RlOwogICAgICAgICAgIG1lcmdlX2xl dmVsKysgKQo= --=separator Content-Type: application/octet-stream; name="xsa275-2.patch" Content-Disposition: attachment; filename="xsa275-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBBTUQvSU9NTVU6IHN1cHByZXNzIFBURSBtZXJnaW5nIGFmdGVyIGluaXRp YWwgdGFibGUgY3JlYXRpb24KClRoZSBsb2dpYyBpcyBub3QgZml0IGZvciB0 aGlzIHB1cnBvc2UsIHNvIHNpbXBseSBkaXNhYmxlIGl0cyB1c2UgdW50aWwK aXQgY2FuIGJlIGZpeGVkIC8gcmVwbGFjZWQuIE5vdGUgdGhhdCB0aGlzIHJl LWVuYWJsZXMgbWVyZ2luZyBmb3IgdGhlCnRhYmxlIGNyZWF0aW9uIGNhc2Us IHdoaWNoIHdhcyBkaXNhYmxlZCBhcyBhIChwZXJoYXBzIHVuaW50ZW5kZWQp IHNpZGUKZWZmZWN0IG9mIHRoZSBlYXJsaWVyICJhbWQvaW9tbXU6IGZpeCBm bHVzaCBjaGVja3MiLiBJdCByZWxpZXMgb24gbm8KcGFnZSBnZXR0aW5nIG1h cHBlZCBtb3JlIHRoYW4gb25jZSAod2l0aCBkaWZmZXJlbnQgcHJvcGVydGll cykgaW4gdGhpcwpwcm9jZXNzLCBhcyB0aGF0IHdvdWxkIHN0aWxsIGJlIGJl eW9uZCB3aGF0IHRoZSBtZXJnaW5nIGxvZ2ljIGNhbiBjb3BlCndpdGguIEJ1 dCBhcmNoX2lvbW11X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBndWFyYW50ZWVz IHRoaXMgYWZhaWN0LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzUuCgpSZXBv cnRlZC1ieTogUGF1bCBEdXJyYW50IDxwYXVsLmR1cnJhbnRAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2Uu Y29tPgotLS0KdjQ6IFJlLWJhc2UuCgotLS0gYS94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKKysrIGIveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X21hcC5jCkBAIC02OTksMTEgKzY5OSwyNCBA QCBpbnQgYW1kX2lvbW11X21hcF9wYWdlKHN0cnVjdCBkb21haW4gKmQsCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAhIShmbGFn cyAmIElPTU1VRl93cml0YWJsZSksCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAhIShmbGFncyAmIElPTU1VRl9yZWFkYWJsZSkp OwogCi0gICAgLyogRG8gbm90IGluY3JlYXNlIHBkZSBjb3VudCBpZiBpbyBt YXBwaW5nIGhhcyBub3QgYmVlbiBjaGFuZ2VkICovCi0gICAgaWYgKCAhbmVl ZF9mbHVzaCApCi0gICAgICAgIGdvdG8gb3V0OworICAgIGlmICggbmVlZF9m bHVzaCApCisgICAgeworICAgICAgICBhbWRfaW9tbXVfZmx1c2hfcGFnZXMo ZCwgZGZuX3goZGZuKSwgMCk7CisgICAgICAgIC8qIE5vIGZ1cnRoZXIgbWVy Z2luZywgYXMgdGhlIGxvZ2ljIGRvZXNuJ3QgY29wZS4gKi8KKyAgICAgICAg aGQtPmFyY2gubm9fbWVyZ2UgPSB0cnVlOworICAgIH0KIAotICAgIGFtZF9p b21tdV9mbHVzaF9wYWdlcyhkLCBkZm5feChkZm4pLCAwKTsKKyAgICAvKgor ICAgICAqIFN1cHByZXNzIG1lcmdpbmcgb2Ygbm9uLVIvVyBtYXBwaW5ncyBv ciBhZnRlciBpbml0aWFsIHRhYmxlIGNyZWF0aW9uLAorICAgICAqIGFzIHRo ZSBtZXJnZSBsb2dpYyBkb2VzIG5vdCBjb3BlIHdpdGggdGhpcy4KKyAgICAg Ki8KKyAgICBpZiAoIGhkLT5hcmNoLm5vX21lcmdlIHx8IGZsYWdzICE9IChJ T01NVUZfd3JpdGFibGUgfCBJT01NVUZfcmVhZGFibGUpICkKKyAgICAgICAg Z290byBvdXQ7CisgICAgaWYgKCBkLT5jcmVhdGlvbl9maW5pc2hlZCApCisg ICAgeworICAgICAgICBoZC0+YXJjaC5ub19tZXJnZSA9IHRydWU7CisgICAg ICAgIGdvdG8gb3V0OworICAgIH0KIAogICAgIGZvciAoIG1lcmdlX2xldmVs ID0gMjsgbWVyZ2VfbGV2ZWwgPD0gaGQtPmFyY2gucGFnaW5nX21vZGU7CiAg ICAgICAgICAgbWVyZ2VfbGV2ZWwrKyApCkBAIC03ODAsNiArNzkzLDEwIEBA IGludCBhbWRfaW9tbXVfdW5tYXBfcGFnZShzdHJ1Y3QgZG9tYWluICoKIAog ICAgIC8qIG1hcmsgUFRFIGFzICdwYWdlIG5vdCBwcmVzZW50JyAqLwogICAg IGNsZWFyX2lvbW11X3B0ZV9wcmVzZW50KHB0X21mblsxXSwgZGZuX3goZGZu KSk7CisKKyAgICAvKiBObyBmdXJ0aGVyIG1lcmdpbmcgaW4gYW1kX2lvbW11 X21hcF9wYWdlKCksIGFzIHRoZSBsb2dpYyBkb2Vzbid0IGNvcGUuICovCisg ICAgaGQtPmFyY2gubm9fbWVyZ2UgPSB0cnVlOworCiAgICAgc3Bpbl91bmxv Y2soJmhkLT5hcmNoLm1hcHBpbmdfbG9jayk7CiAKICAgICBhbWRfaW9tbXVf Zmx1c2hfcGFnZXMoZCwgZGZuX3goZGZuKSwgMCk7Ci0tLSBhL3hlbi9pbmNs dWRlL2FzbS14ODYvaW9tbXUuaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2 L2lvbW11LmgKQEAgLTUyLDYgKzUyLDcgQEAgc3RydWN0IGFyY2hfaW9tbXUK IAogICAgIC8qIGFtZCBpb21tdSBzdXBwb3J0ICovCiAgICAgaW50IHBhZ2lu Z19tb2RlOworICAgIGJvb2wgbm9fbWVyZ2U7CiAgICAgc3RydWN0IHBhZ2Vf aW5mbyAqcm9vdF90YWJsZTsKICAgICBzdHJ1Y3QgZ3Vlc3RfaW9tbXUgKmdf aW9tbXU7CiB9Owo= --=separator Content-Type: application/octet-stream; name="xsa275-4.7-1.patch" Content-Disposition: attachment; filename="xsa275-4.7-1.patch" Content-Transfer-Encoding: base64 RnJvbTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJpeC5jb20+ ClN1YmplY3Q6IGFtZC9pb21tdTogZml4IGZsdXNoIGNoZWNrcwoKRmx1c2gg Y2hlY2tpbmcgZm9yIEFNRCBJT01NVSBkaWRuJ3QgY2hlY2sgd2hldGhlciB0 aGUgcHJldmlvdXMgZW50cnkKd2FzIHByZXNlbnQsIG9yIHdoZXRoZXIgdGhl IGZsYWdzICh3cml0YWJsZS9yZWFkYWJsZSkgY2hhbmdlZCBpbiBvcmRlcgp0 byBkZWNpZGUgd2hldGhlciBhIGZsdXNoIHNob3VsZCBiZSBleGVjdXRlZC4K CkZpeCB0aGlzIGJ5IHRha2luZyB0aGUgd3JpdGFibGUvcmVhZGFibGUvbmV4 dC1sZXZlbCBmaWVsZHMgaW50byBhY2NvdW50LAp0b2dldGhlciB3aXRoIHRo ZSBwcmVzZW50IGJpdC4KCkFsb25nIHRoZXNlIGxpbmVzIHRoZSBmbHVzaGlu ZyBpbiBhbWRfaW9tbXVfbWFwX3BhZ2UoKSBtdXN0IG5vdCBiZQpvbWl0dGVk IGZvciBQViBkb21haW5zLiBUaGUgY29tbWVudCB0aGVyZSB3YXMgc2ltcGx5 IHdyb25nOiBNYXBwaW5ncyBtYXkKdmVyeSB3ZWxsIGNoYW5nZSwgYm90aCB0 aGVpciBhZGRyZXNzZXMgYW5kIHRoZWlyIHBlcm1pc3Npb25zLiBVbHRpbWF0 ZWx5CnRoaXMgc2hvdWxkIGhvbm9yIGlvbW11X2RvbnRfZmx1c2hfaW90bGIs IGJ1dCB0byBhY2hpZXZlIHRoaXMKYW1kX2lvbW11X29wcyBmaXJzdCBuZWVk cyB0byBnYWluIGFuIC5pb3RsYl9mbHVzaCBob29rLgoKQWxzbyBtYWtlIGNs ZWFyX2lvbW11X3B0ZV9wcmVzZW50KCkgc3RhdGljLCB0byBkZW1vbnN0cmF0 ZSB0aGVyZSdzIG5vCmNhbGxlciBvbWl0dGluZyB0aGUgKHN1YnNlcXVlbnQp IGZsdXNoLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzUuCgpSZXBvcnRlZC1i eTogUGF1bCBEdXJyYW50IDxwYXVsLmR1cnJhbnRAY2l0cml4LmNvbT4KU2ln bmVkLW9mZi1ieTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9p b21tdV9tYXAuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfbWFwLmMKQEAgLTM2LDcgKzM2LDcgQEAgc3RhdGljIHVuc2lnbmVk IGludCBwZm5fdG9fcGRlX2lkeCh1bnNpZwogICAgIHJldHVybiBpZHg7CiB9 CiAKLXZvaWQgY2xlYXJfaW9tbXVfcHRlX3ByZXNlbnQodW5zaWduZWQgbG9u ZyBsMV9tZm4sIHVuc2lnbmVkIGxvbmcgZ2ZuKQorc3RhdGljIHZvaWQgY2xl YXJfaW9tbXVfcHRlX3ByZXNlbnQodW5zaWduZWQgbG9uZyBsMV9tZm4sIHVu c2lnbmVkIGxvbmcgZ2ZuKQogewogICAgIHU2NCAqdGFibGUsICpwdGU7CiAK QEAgLTUwLDIzICs1MCw0MiBAQCBzdGF0aWMgYm9vbF90IHNldF9pb21tdV9w ZGVfcHJlc2VudCh1MzIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHVuc2lnbmVkIGludCBuZXh0X2xldmVsLAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgYm9vbF90IGl3LCBib29sX3QgaXIp CiB7Ci0gICAgdTY0IGFkZHJfbG8sIGFkZHJfaGksIG1hZGRyX29sZCwgbWFk ZHJfbmV4dDsKKyAgICB1aW50NjRfdCBhZGRyX2xvLCBhZGRyX2hpLCBtYWRk cl9uZXh0OwogICAgIHUzMiBlbnRyeTsKLSAgICBib29sX3QgbmVlZF9mbHVz aCA9IDA7CisgICAgYm9vbF90IG5lZWRfZmx1c2ggPSAwLCBvbGRfcHJlc2Vu dDsKIAogICAgIG1hZGRyX25leHQgPSAodTY0KW5leHRfbWZuIDw8IFBBR0Vf U0hJRlQ7CiAKLSAgICBhZGRyX2hpID0gZ2V0X2ZpZWxkX2Zyb21fcmVnX3Uz MihwZGVbMV0sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgSU9NTVVfUFRFX0FERFJfSElHSF9NQVNLLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIElPTU1VX1BURV9BRERSX0hJR0hfU0hJ RlQpOwotICAgIGFkZHJfbG8gPSBnZXRfZmllbGRfZnJvbV9yZWdfdTMyKHBk ZVswXSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJ T01NVV9QVEVfQUREUl9MT1dfTUFTSywKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBJT01NVV9QVEVfQUREUl9MT1dfU0hJRlQpOwot Ci0gICAgbWFkZHJfb2xkID0gKGFkZHJfaGkgPDwgMzIpIHwgKGFkZHJfbG8g PDwgUEFHRV9TSElGVCk7Ci0KLSAgICBpZiAoIG1hZGRyX29sZCAhPSBtYWRk cl9uZXh0ICkKLSAgICAgICAgbmVlZF9mbHVzaCA9IDE7CisgICAgb2xkX3By ZXNlbnQgPSBnZXRfZmllbGRfZnJvbV9yZWdfdTMyKHBkZVswXSwgSU9NTVVf UFRFX1BSRVNFTlRfTUFTSywKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgSU9NTVVfUFRFX1BSRVNFTlRfU0hJRlQpOworICAg IGlmICggb2xkX3ByZXNlbnQgKQorICAgIHsKKyAgICAgICAgYm9vbF90IG9s ZF9yLCBvbGRfdzsKKyAgICAgICAgdW5zaWduZWQgaW50IG9sZF9sZXZlbDsK KyAgICAgICAgdWludDY0X3QgbWFkZHJfb2xkOworCisgICAgICAgIGFkZHJf aGkgPSBnZXRfZmllbGRfZnJvbV9yZWdfdTMyKHBkZVsxXSwKKyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0FE RFJfSElHSF9NQVNLLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBJT01NVV9QVEVfQUREUl9ISUdIX1NISUZUKTsKKyAgICAg ICAgYWRkcl9sbyA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRlWzBdLAor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJT01N VV9QVEVfQUREUl9MT1dfTUFTSywKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0FERFJfTE9XX1NISUZUKTsK KyAgICAgICAgb2xkX2xldmVsID0gZ2V0X2ZpZWxkX2Zyb21fcmVnX3UzMihw ZGVbMF0sCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgSU9NTVVfUERFX05FWFRfTEVWRUxfTUFTSywKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJT01NVV9QREVfTkVY VF9MRVZFTF9TSElGVCk7CisgICAgICAgIG9sZF93ID0gZ2V0X2ZpZWxkX2Zy b21fcmVnX3UzMihwZGVbMV0sCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBJT01NVV9QVEVfSU9fV1JJVEVfUEVSTUlTU0lPTl9N QVNLLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg SU9NTVVfUFRFX0lPX1dSSVRFX1BFUk1JU1NJT05fU0hJRlQpOworICAgICAg ICBvbGRfciA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRlWzFdLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRF X0lPX1JFQURfUEVSTUlTU0lPTl9NQVNLLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0lPX1JFQURfUEVSTUlT U0lPTl9TSElGVCk7CisKKyAgICAgICAgbWFkZHJfb2xkID0gKGFkZHJfaGkg PDwgMzIpIHwgKGFkZHJfbG8gPDwgUEFHRV9TSElGVCk7CisKKyAgICAgICAg aWYgKCBtYWRkcl9vbGQgIT0gbWFkZHJfbmV4dCB8fCBpdyAhPSBvbGRfdyB8 fCBpciAhPSBvbGRfciB8fAorICAgICAgICAgICAgIG9sZF9sZXZlbCAhPSBu ZXh0X2xldmVsICkKKyAgICAgICAgICAgIG5lZWRfZmx1c2ggPSAxOworICAg IH0KIAogICAgIGFkZHJfbG8gPSBtYWRkcl9uZXh0ICYgRE1BXzMyQklUX01B U0s7CiAgICAgYWRkcl9oaSA9IG1hZGRyX25leHQgPj4gMzI7CkBAIC02ODAs MTAgKzY5OSw3IEBAIGludCBhbWRfaW9tbXVfbWFwX3BhZ2Uoc3RydWN0IGRv bWFpbiAqZCwKICAgICBpZiAoICFuZWVkX2ZsdXNoICkKICAgICAgICAgZ290 byBvdXQ7CiAKLSAgICAvKiA0SyBtYXBwaW5nIGZvciBQViBndWVzdHMgbmV2 ZXIgY2hhbmdlcywgCi0gICAgICogbm8gbmVlZCB0byBmbHVzaCBpZiB3ZSB0 cnVzdCBub24tcHJlc2VudCBiaXRzICovCi0gICAgaWYgKCBpc19odm1fZG9t YWluKGQpICkKLSAgICAgICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQsIGdm biwgMCk7CisgICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQsIGdmbiwgMCk7 CiAKICAgICBmb3IgKCBtZXJnZV9sZXZlbCA9IElPTU1VX1BBR0lOR19NT0RF X0xFVkVMXzI7CiAgICAgICAgICAgbWVyZ2VfbGV2ZWwgPD0gaGQtPmFyY2gu cGFnaW5nX21vZGU7IG1lcmdlX2xldmVsKysgKQo= --=separator Content-Type: application/octet-stream; name="xsa275-4.7-2.patch" Content-Disposition: attachment; filename="xsa275-4.7-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBBTUQvSU9NTVU6IHN1cHByZXNzIFBURSBtZXJnaW5nIGFmdGVyIGluaXRp YWwgdGFibGUgY3JlYXRpb24KClRoZSBsb2dpYyBpcyBub3QgZml0IGZvciB0 aGlzIHB1cnBvc2UsIHNvIHNpbXBseSBkaXNhYmxlIGl0cyB1c2UgdW50aWwK aXQgY2FuIGJlIGZpeGVkIC8gcmVwbGFjZWQuIE5vdGUgdGhhdCB0aGlzIHJl LWVuYWJsZXMgbWVyZ2luZyBmb3IgdGhlCnRhYmxlIGNyZWF0aW9uIGNhc2Us IHdoaWNoIHdhcyBkaXNhYmxlZCBhcyBhIChwZXJoYXBzIHVuaW50ZW5kZWQp IHNpZGUKZWZmZWN0IG9mIHRoZSBlYXJsaWVyICJhbWQvaW9tbXU6IGZpeCBm bHVzaCBjaGVja3MiLiBJdCByZWxpZXMgb24gbm8KcGFnZSBnZXR0aW5nIG1h cHBlZCBtb3JlIHRoYW4gb25jZSAod2l0aCBkaWZmZXJlbnQgcHJvcGVydGll cykgaW4gdGhpcwpwcm9jZXNzLCBhcyB0aGF0IHdvdWxkIHN0aWxsIGJlIGJl eW9uZCB3aGF0IHRoZSBtZXJnaW5nIGxvZ2ljIGNhbiBjb3BlCndpdGguIEJ1 dCBhcmNoX2lvbW11X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBndWFyYW50ZWVz IHRoaXMgYWZhaWN0LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzUuCgpSZXBv cnRlZC1ieTogUGF1bCBEdXJyYW50IDxwYXVsLmR1cnJhbnRAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2Uu Y29tPgoKLS0tIGEveGVuL2NvbW1vbi9kb21haW4uYworKysgYi94ZW4vY29t bW9uL2RvbWFpbi5jCkBAIC0xMDMxLDYgKzEwMzEsMjAgQEAgaW50IGRvbWFp bl91bnBhdXNlX2J5X3N5c3RlbWNvbnRyb2xsZXIocwogICAgICAgICBwcmV2 ID0gY21weGNoZygmZC0+Y29udHJvbGxlcl9wYXVzZV9jb3VudCwgb2xkLCBu ZXcpOwogICAgIH0gd2hpbGUgKCBwcmV2ICE9IG9sZCApOwogCisgICAgLyoK KyAgICAgKiBkLT5jb250cm9sbGVyX3BhdXNlX2NvdW50IGlzIGluaXRpYWxp c2VkIHRvIDEsIGFuZCB0aGUgdG9vbHN0YWNrIGlzCisgICAgICogcmVzcG9u c2libGUgZm9yIG1ha2luZyBvbmUgdW5wYXVzZSBoeXBlcmNhbGwgd2hlbiBp dCB3aXNoZXMgdGhlIGd1ZXN0CisgICAgICogdG8gc3RhcnQgcnVubmluZy4K KyAgICAgKgorICAgICAqIEFsbCBvdGhlciB0b29sc3RhY2sgb3BlcmF0aW9u cyBzaG91bGQgbWFrZSBhIHBhaXIgb2YgcGF1c2UvdW5wYXVzZQorICAgICAq IGNhbGxzIGFuZCByZWx5IG9uIHRoZSByZWZlcmVuY2UgY291bnRpbmcgaGVy ZS4KKyAgICAgKgorICAgICAqIENyZWF0aW9uIGlzIGNvbnNpZGVyZWQgZmlu aXNoZWQgd2hlbiB0aGUgY29udHJvbGxlciByZWZlcmVuY2UgY291bnQKKyAg ICAgKiBmaXJzdCBkcm9wcyB0byAwLgorICAgICAqLworICAgIGlmICggbmV3 ID09IDAgKQorICAgICAgICBkLT5jcmVhdGlvbl9maW5pc2hlZCA9IDE7CisK ICAgICBkb21haW5fdW5wYXVzZShkKTsKIAogICAgIHJldHVybiAwOwotLS0g YS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKKysr IGIveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11X21hcC5jCkBA IC02OTUsMTEgKzY5NSwyNCBAQCBpbnQgYW1kX2lvbW11X21hcF9wYWdlKHN0 cnVjdCBkb21haW4gKmQsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAhIShmbGFncyAmIElPTU1VRl93cml0YWJsZSksCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAhIShmbGFncyAm IElPTU1VRl9yZWFkYWJsZSkpOwogCi0gICAgLyogRG8gbm90IGluY3JlYXNl IHBkZSBjb3VudCBpZiBpbyBtYXBwaW5nIGhhcyBub3QgYmVlbiBjaGFuZ2Vk ICovCi0gICAgaWYgKCAhbmVlZF9mbHVzaCApCi0gICAgICAgIGdvdG8gb3V0 OworICAgIGlmICggbmVlZF9mbHVzaCApCisgICAgeworICAgICAgICBhbWRf aW9tbXVfZmx1c2hfcGFnZXMoZCwgZ2ZuLCAwKTsKKyAgICAgICAgLyogTm8g ZnVydGhlciBtZXJnaW5nLCBhcyB0aGUgbG9naWMgZG9lc24ndCBjb3BlLiAq LworICAgICAgICBoZC0+YXJjaC5ub19tZXJnZSA9IDE7CisgICAgfQogCi0g ICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQsIGdmbiwgMCk7CisgICAgLyoK KyAgICAgKiBTdXBwcmVzcyBtZXJnaW5nIG9mIG5vbi1SL1cgbWFwcGluZ3Mg b3IgYWZ0ZXIgaW5pdGlhbCB0YWJsZSBjcmVhdGlvbiwKKyAgICAgKiBhcyB0 aGUgbWVyZ2UgbG9naWMgZG9lcyBub3QgY29wZSB3aXRoIHRoaXMuCisgICAg ICovCisgICAgaWYgKCBoZC0+YXJjaC5ub19tZXJnZSB8fCBmbGFncyAhPSAo SU9NTVVGX3dyaXRhYmxlIHwgSU9NTVVGX3JlYWRhYmxlKSApCisgICAgICAg IGdvdG8gb3V0OworICAgIGlmICggZC0+Y3JlYXRpb25fZmluaXNoZWQgKQor ICAgIHsKKyAgICAgICAgaGQtPmFyY2gubm9fbWVyZ2UgPSAxOworICAgICAg ICBnb3RvIG91dDsKKyAgICB9CiAKICAgICBmb3IgKCBtZXJnZV9sZXZlbCA9 IElPTU1VX1BBR0lOR19NT0RFX0xFVkVMXzI7CiAgICAgICAgICAgbWVyZ2Vf bGV2ZWwgPD0gaGQtPmFyY2gucGFnaW5nX21vZGU7IG1lcmdlX2xldmVsKysg KQpAQCAtNzY5LDYgKzc4MiwxMCBAQCBpbnQgYW1kX2lvbW11X3VubWFwX3Bh Z2Uoc3RydWN0IGRvbWFpbiAqCiAKICAgICAvKiBtYXJrIFBURSBhcyAncGFn ZSBub3QgcHJlc2VudCcgKi8KICAgICBjbGVhcl9pb21tdV9wdGVfcHJlc2Vu dChwdF9tZm5bMV0sIGdmbik7CisKKyAgICAvKiBObyBmdXJ0aGVyIG1lcmdp bmcgaW4gYW1kX2lvbW11X21hcF9wYWdlKCksIGFzIHRoZSBsb2dpYyBkb2Vz bid0IGNvcGUuICovCisgICAgaGQtPmFyY2gubm9fbWVyZ2UgPSAxOworCiAg ICAgc3Bpbl91bmxvY2soJmhkLT5hcmNoLm1hcHBpbmdfbG9jayk7CiAKICAg ICBhbWRfaW9tbXVfZmx1c2hfcGFnZXMoZCwgZ2ZuLCAwKTsKLS0tIGEveGVu L2luY2x1ZGUvYXNtLXg4Ni9odm0vaW9tbXUuaAorKysgYi94ZW4vaW5jbHVk ZS9hc20teDg2L2h2bS9pb21tdS5oCkBAIC01OSw2ICs1OSw3IEBAIHN0cnVj dCBhcmNoX2lvbW11CiAKICAgICAvKiBhbWQgaW9tbXUgc3VwcG9ydCAqLwog ICAgIGludCBwYWdpbmdfbW9kZTsKKyAgICBib29sX3Qgbm9fbWVyZ2U7CiAg ICAgc3RydWN0IHBhZ2VfaW5mbyAqcm9vdF90YWJsZTsKICAgICBzdHJ1Y3Qg Z3Vlc3RfaW9tbXUgKmdfaW9tbXU7CiB9OwotLS0gYS94ZW4vaW5jbHVkZS94 ZW4vc2NoZWQuaAorKysgYi94ZW4vaW5jbHVkZS94ZW4vc2NoZWQuaApAQCAt Mzg3LDYgKzM4NywxMiBAQCBzdHJ1Y3QgZG9tYWluCiAgICAgYm9vbF90ICAg ICAgICAgICBkaXNhYmxlX21pZ3JhdGU7CiAgICAgLyogSXMgdGhpcyBndWVz dCBiZWluZyBkZWJ1Z2dlZCBieSBkb20wPyAqLwogICAgIGJvb2xfdCAgICAg ICAgICAgZGVidWdnZXJfYXR0YWNoZWQ7CisgICAgLyoKKyAgICAgKiBTZXQg dG8gdHJ1ZSBhdCB0aGUgdmVyeSBlbmQgb2YgZG9tYWluIGNyZWF0aW9uLCB3 aGVuIHRoZSBkb21haW4gaXMKKyAgICAgKiB1bnBhdXNlZCBmb3IgdGhlIGZp cnN0IHRpbWUgYnkgdGhlIHN5c3RlbWNvbnRyb2xsZXIuCisgICAgICovCisg ICAgYm9vbF90ICAgICAgICAgICBjcmVhdGlvbl9maW5pc2hlZDsKKwogICAg IC8qIFdoaWNoIGd1ZXN0IHRoaXMgZ3Vlc3QgaGFzIHByaXZpbGVnZXMgb24g Ki8KICAgICBzdHJ1Y3QgZG9tYWluICAgKnRhcmdldDsKIAo= --=separator Content-Type: application/octet-stream; name="xsa275-4.11-1.patch" Content-Disposition: attachment; filename="xsa275-4.11-1.patch" Content-Transfer-Encoding: base64 RnJvbTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJpeC5jb20+ ClN1YmplY3Q6IGFtZC9pb21tdTogZml4IGZsdXNoIGNoZWNrcwoKRmx1c2gg Y2hlY2tpbmcgZm9yIEFNRCBJT01NVSBkaWRuJ3QgY2hlY2sgd2hldGhlciB0 aGUgcHJldmlvdXMgZW50cnkKd2FzIHByZXNlbnQsIG9yIHdoZXRoZXIgdGhl IGZsYWdzICh3cml0YWJsZS9yZWFkYWJsZSkgY2hhbmdlZCBpbiBvcmRlcgp0 byBkZWNpZGUgd2hldGhlciBhIGZsdXNoIHNob3VsZCBiZSBleGVjdXRlZC4K CkZpeCB0aGlzIGJ5IHRha2luZyB0aGUgd3JpdGFibGUvcmVhZGFibGUvbmV4 dC1sZXZlbCBmaWVsZHMgaW50byBhY2NvdW50LAp0b2dldGhlciB3aXRoIHRo ZSBwcmVzZW50IGJpdC4KCkFsb25nIHRoZXNlIGxpbmVzIHRoZSBmbHVzaGlu ZyBpbiBhbWRfaW9tbXVfbWFwX3BhZ2UoKSBtdXN0IG5vdCBiZQpvbWl0dGVk IGZvciBQViBkb21haW5zLiBUaGUgY29tbWVudCB0aGVyZSB3YXMgc2ltcGx5 IHdyb25nOiBNYXBwaW5ncyBtYXkKdmVyeSB3ZWxsIGNoYW5nZSwgYm90aCB0 aGVpciBhZGRyZXNzZXMgYW5kIHRoZWlyIHBlcm1pc3Npb25zLiBVbHRpbWF0 ZWx5CnRoaXMgc2hvdWxkIGhvbm9yIGlvbW11X2RvbnRfZmx1c2hfaW90bGIs IGJ1dCB0byBhY2hpZXZlIHRoaXMKYW1kX2lvbW11X29wcyBmaXJzdCBuZWVk cyB0byBnYWluIGFuIC5pb3RsYl9mbHVzaCBob29rLgoKQWxzbyBtYWtlIGNs ZWFyX2lvbW11X3B0ZV9wcmVzZW50KCkgc3RhdGljLCB0byBkZW1vbnN0cmF0 ZSB0aGVyZSdzIG5vCmNhbGxlciBvbWl0dGluZyB0aGUgKHN1YnNlcXVlbnQp IGZsdXNoLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzUuCgpSZXBvcnRlZC1i eTogUGF1bCBEdXJyYW50IDxwYXVsLmR1cnJhbnRAY2l0cml4LmNvbT4KU2ln bmVkLW9mZi1ieTogUm9nZXIgUGF1IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJp eC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBz dXNlLmNvbT4KCi0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9p b21tdV9tYXAuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQv aW9tbXVfbWFwLmMKQEAgLTM1LDcgKzM1LDcgQEAgc3RhdGljIHVuc2lnbmVk IGludCBwZm5fdG9fcGRlX2lkeCh1bnNpZwogICAgIHJldHVybiBpZHg7CiB9 CiAKLXZvaWQgY2xlYXJfaW9tbXVfcHRlX3ByZXNlbnQodW5zaWduZWQgbG9u ZyBsMV9tZm4sIHVuc2lnbmVkIGxvbmcgZ2ZuKQorc3RhdGljIHZvaWQgY2xl YXJfaW9tbXVfcHRlX3ByZXNlbnQodW5zaWduZWQgbG9uZyBsMV9tZm4sIHVu c2lnbmVkIGxvbmcgZ2ZuKQogewogICAgIHU2NCAqdGFibGUsICpwdGU7CiAK QEAgLTQ5LDIzICs0OSw0MiBAQCBzdGF0aWMgYm9vbF90IHNldF9pb21tdV9w ZGVfcHJlc2VudCh1MzIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHVuc2lnbmVkIGludCBuZXh0X2xldmVsLAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgYm9vbF90IGl3LCBib29sX3QgaXIp CiB7Ci0gICAgdTY0IGFkZHJfbG8sIGFkZHJfaGksIG1hZGRyX29sZCwgbWFk ZHJfbmV4dDsKKyAgICB1aW50NjRfdCBhZGRyX2xvLCBhZGRyX2hpLCBtYWRk cl9uZXh0OwogICAgIHUzMiBlbnRyeTsKLSAgICBib29sX3QgbmVlZF9mbHVz aCA9IDA7CisgICAgYm9vbCBuZWVkX2ZsdXNoID0gZmFsc2UsIG9sZF9wcmVz ZW50OwogCiAgICAgbWFkZHJfbmV4dCA9ICh1NjQpbmV4dF9tZm4gPDwgUEFH RV9TSElGVDsKIAotICAgIGFkZHJfaGkgPSBnZXRfZmllbGRfZnJvbV9yZWdf dTMyKHBkZVsxXSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBJT01NVV9QVEVfQUREUl9ISUdIX01BU0ssCi0gICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0FERFJfSElHSF9T SElGVCk7Ci0gICAgYWRkcl9sbyA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIo cGRlWzBdLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IElPTU1VX1BURV9BRERSX0xPV19NQVNLLAotICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIElPTU1VX1BURV9BRERSX0xPV19TSElGVCk7 Ci0KLSAgICBtYWRkcl9vbGQgPSAoYWRkcl9oaSA8PCAzMikgfCAoYWRkcl9s byA8PCBQQUdFX1NISUZUKTsKLQotICAgIGlmICggbWFkZHJfb2xkICE9IG1h ZGRyX25leHQgKQotICAgICAgICBuZWVkX2ZsdXNoID0gMTsKKyAgICBvbGRf cHJlc2VudCA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRlWzBdLCBJT01N VV9QVEVfUFJFU0VOVF9NQVNLLAorICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBJT01NVV9QVEVfUFJFU0VOVF9TSElGVCk7Cisg ICAgaWYgKCBvbGRfcHJlc2VudCApCisgICAgeworICAgICAgICBib29sIG9s ZF9yLCBvbGRfdzsKKyAgICAgICAgdW5zaWduZWQgaW50IG9sZF9sZXZlbDsK KyAgICAgICAgdWludDY0X3QgbWFkZHJfb2xkOworCisgICAgICAgIGFkZHJf aGkgPSBnZXRfZmllbGRfZnJvbV9yZWdfdTMyKHBkZVsxXSwKKyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0FE RFJfSElHSF9NQVNLLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBJT01NVV9QVEVfQUREUl9ISUdIX1NISUZUKTsKKyAgICAg ICAgYWRkcl9sbyA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRlWzBdLAor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJT01N VV9QVEVfQUREUl9MT1dfTUFTSywKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0FERFJfTE9XX1NISUZUKTsK KyAgICAgICAgb2xkX2xldmVsID0gZ2V0X2ZpZWxkX2Zyb21fcmVnX3UzMihw ZGVbMF0sCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgSU9NTVVfUERFX05FWFRfTEVWRUxfTUFTSywKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJT01NVV9QREVfTkVY VF9MRVZFTF9TSElGVCk7CisgICAgICAgIG9sZF93ID0gZ2V0X2ZpZWxkX2Zy b21fcmVnX3UzMihwZGVbMV0sCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBJT01NVV9QVEVfSU9fV1JJVEVfUEVSTUlTU0lPTl9N QVNLLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg SU9NTVVfUFRFX0lPX1dSSVRFX1BFUk1JU1NJT05fU0hJRlQpOworICAgICAg ICBvbGRfciA9IGdldF9maWVsZF9mcm9tX3JlZ191MzIocGRlWzFdLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRF X0lPX1JFQURfUEVSTUlTU0lPTl9NQVNLLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgSU9NTVVfUFRFX0lPX1JFQURfUEVSTUlT U0lPTl9TSElGVCk7CisKKyAgICAgICAgbWFkZHJfb2xkID0gKGFkZHJfaGkg PDwgMzIpIHwgKGFkZHJfbG8gPDwgUEFHRV9TSElGVCk7CisKKyAgICAgICAg aWYgKCBtYWRkcl9vbGQgIT0gbWFkZHJfbmV4dCB8fCBpdyAhPSBvbGRfdyB8 fCBpciAhPSBvbGRfciB8fAorICAgICAgICAgICAgIG9sZF9sZXZlbCAhPSBu ZXh0X2xldmVsICkKKyAgICAgICAgICAgIG5lZWRfZmx1c2ggPSB0cnVlOwor ICAgIH0KIAogICAgIGFkZHJfbG8gPSBtYWRkcl9uZXh0ICYgRE1BXzMyQklU X01BU0s7CiAgICAgYWRkcl9oaSA9IG1hZGRyX25leHQgPj4gMzI7CkBAIC02 ODcsMTAgKzcwNiw3IEBAIGludCBhbWRfaW9tbXVfbWFwX3BhZ2Uoc3RydWN0 IGRvbWFpbiAqZCwKICAgICBpZiAoICFuZWVkX2ZsdXNoICkKICAgICAgICAg Z290byBvdXQ7CiAKLSAgICAvKiA0SyBtYXBwaW5nIGZvciBQViBndWVzdHMg bmV2ZXIgY2hhbmdlcywgCi0gICAgICogbm8gbmVlZCB0byBmbHVzaCBpZiB3 ZSB0cnVzdCBub24tcHJlc2VudCBiaXRzICovCi0gICAgaWYgKCBpc19odm1f ZG9tYWluKGQpICkKLSAgICAgICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQs IGdmbiwgMCk7CisgICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQsIGdmbiwg MCk7CiAKICAgICBmb3IgKCBtZXJnZV9sZXZlbCA9IElPTU1VX1BBR0lOR19N T0RFX0xFVkVMXzI7CiAgICAgICAgICAgbWVyZ2VfbGV2ZWwgPD0gaGQtPmFy Y2gucGFnaW5nX21vZGU7IG1lcmdlX2xldmVsKysgKQo= --=separator Content-Type: application/octet-stream; name="xsa275-4.11-2.patch" Content-Disposition: attachment; filename="xsa275-4.11-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBBTUQvSU9NTVU6IHN1cHByZXNzIFBURSBtZXJnaW5nIGFmdGVyIGluaXRp YWwgdGFibGUgY3JlYXRpb24KClRoZSBsb2dpYyBpcyBub3QgZml0IGZvciB0 aGlzIHB1cnBvc2UsIHNvIHNpbXBseSBkaXNhYmxlIGl0cyB1c2UgdW50aWwK aXQgY2FuIGJlIGZpeGVkIC8gcmVwbGFjZWQuIE5vdGUgdGhhdCB0aGlzIHJl LWVuYWJsZXMgbWVyZ2luZyBmb3IgdGhlCnRhYmxlIGNyZWF0aW9uIGNhc2Us IHdoaWNoIHdhcyBkaXNhYmxlZCBhcyBhIChwZXJoYXBzIHVuaW50ZW5kZWQp IHNpZGUKZWZmZWN0IG9mIHRoZSBlYXJsaWVyICJhbWQvaW9tbXU6IGZpeCBm bHVzaCBjaGVja3MiLiBJdCByZWxpZXMgb24gbm8KcGFnZSBnZXR0aW5nIG1h cHBlZCBtb3JlIHRoYW4gb25jZSAod2l0aCBkaWZmZXJlbnQgcHJvcGVydGll cykgaW4gdGhpcwpwcm9jZXNzLCBhcyB0aGF0IHdvdWxkIHN0aWxsIGJlIGJl eW9uZCB3aGF0IHRoZSBtZXJnaW5nIGxvZ2ljIGNhbiBjb3BlCndpdGguIEJ1 dCBhcmNoX2lvbW11X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBndWFyYW50ZWVz IHRoaXMgYWZhaWN0LgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzUuCgpSZXBv cnRlZC1ieTogUGF1bCBEdXJyYW50IDxwYXVsLmR1cnJhbnRAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2Uu Y29tPgoKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL2lvbW11 X21hcC5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21t dV9tYXAuYwpAQCAtNzAyLDExICs3MDIsMjQgQEAgaW50IGFtZF9pb21tdV9t YXBfcGFnZShzdHJ1Y3QgZG9tYWluICpkLAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgISEoZmxhZ3MgJiBJT01NVUZfd3JpdGFi bGUpLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ISEoZmxhZ3MgJiBJT01NVUZfcmVhZGFibGUpKTsKIAotICAgIC8qIERvIG5v dCBpbmNyZWFzZSBwZGUgY291bnQgaWYgaW8gbWFwcGluZyBoYXMgbm90IGJl ZW4gY2hhbmdlZCAqLwotICAgIGlmICggIW5lZWRfZmx1c2ggKQotICAgICAg ICBnb3RvIG91dDsKKyAgICBpZiAoIG5lZWRfZmx1c2ggKQorICAgIHsKKyAg ICAgICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQsIGdmbiwgMCk7CisgICAg ICAgIC8qIE5vIGZ1cnRoZXIgbWVyZ2luZywgYXMgdGhlIGxvZ2ljIGRvZXNu J3QgY29wZS4gKi8KKyAgICAgICAgaGQtPmFyY2gubm9fbWVyZ2UgPSB0cnVl OworICAgIH0KIAotICAgIGFtZF9pb21tdV9mbHVzaF9wYWdlcyhkLCBnZm4s IDApOworICAgIC8qCisgICAgICogU3VwcHJlc3MgbWVyZ2luZyBvZiBub24t Ui9XIG1hcHBpbmdzIG9yIGFmdGVyIGluaXRpYWwgdGFibGUgY3JlYXRpb24s CisgICAgICogYXMgdGhlIG1lcmdlIGxvZ2ljIGRvZXMgbm90IGNvcGUgd2l0 aCB0aGlzLgorICAgICAqLworICAgIGlmICggaGQtPmFyY2gubm9fbWVyZ2Ug fHwgZmxhZ3MgIT0gKElPTU1VRl93cml0YWJsZSB8IElPTU1VRl9yZWFkYWJs ZSkgKQorICAgICAgICBnb3RvIG91dDsKKyAgICBpZiAoIGQtPmNyZWF0aW9u X2ZpbmlzaGVkICkKKyAgICB7CisgICAgICAgIGhkLT5hcmNoLm5vX21lcmdl ID0gdHJ1ZTsKKyAgICAgICAgZ290byBvdXQ7CisgICAgfQogCiAgICAgZm9y ICggbWVyZ2VfbGV2ZWwgPSBJT01NVV9QQUdJTkdfTU9ERV9MRVZFTF8yOwog ICAgICAgICAgIG1lcmdlX2xldmVsIDw9IGhkLT5hcmNoLnBhZ2luZ19tb2Rl OyBtZXJnZV9sZXZlbCsrICkKQEAgLTc4MCw2ICs3OTMsMTAgQEAgaW50IGFt ZF9pb21tdV91bm1hcF9wYWdlKHN0cnVjdCBkb21haW4gKgogCiAgICAgLyog bWFyayBQVEUgYXMgJ3BhZ2Ugbm90IHByZXNlbnQnICovCiAgICAgY2xlYXJf aW9tbXVfcHRlX3ByZXNlbnQocHRfbWZuWzFdLCBnZm4pOworCisgICAgLyog Tm8gZnVydGhlciBtZXJnaW5nIGluIGFtZF9pb21tdV9tYXBfcGFnZSgpLCBh cyB0aGUgbG9naWMgZG9lc24ndCBjb3BlLiAqLworICAgIGhkLT5hcmNoLm5v X21lcmdlID0gdHJ1ZTsKKwogICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJjaC5t YXBwaW5nX2xvY2spOwogCiAgICAgYW1kX2lvbW11X2ZsdXNoX3BhZ2VzKGQs IGdmbiwgMCk7Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS14ODYvaW9tbXUuaAor KysgYi94ZW4vaW5jbHVkZS9hc20teDg2L2lvbW11LmgKQEAgLTQwLDYgKzQw LDcgQEAgc3RydWN0IGFyY2hfaW9tbXUKIAogICAgIC8qIGFtZCBpb21tdSBz dXBwb3J0ICovCiAgICAgaW50IHBhZ2luZ19tb2RlOworICAgIGJvb2wgbm9f bWVyZ2U7CiAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcm9vdF90YWJsZTsKICAg ICBzdHJ1Y3QgZ3Vlc3RfaW9tbXUgKmdfaW9tbXU7CiB9Owo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Nov 20 13:27:29 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Nov 2018 13:27:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP635-00041v-MV; Tue, 20 Nov 2018 13:26:39 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP633-00040I-IK for xen-announce@lists.xen.org; Tue, 20 Nov 2018 13:26:37 +0000 X-Inumbo-ID: e77f340c-ecc7-11e8-bce3-12d6303a7972 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id e77f340c-ecc7-11e8-bce3-12d6303a7972; Tue, 20 Nov 2018 13:26:36 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP62u-0006nm-3L; Tue, 20 Nov 2018 13:26:28 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gP62u-0000f9-0t; Tue, 20 Nov 2018 13:26:28 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 20 Nov 2018 13:26:28 +0000 Subject: [Xen-announce] Xen Security Advisory 279 v2 - x86: DoS from attempting to use INVPCID with a non-canonical addresses X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-279 version 2 x86: DoS from attempting to use INVPCID with a non-canonical addresses UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The INVPCID instruction raises #GP[0] if an attempt is made to invalidate a non-canonical address. Older flushing mechanisms such as INVLPG tolerate this without error, and perform no action. There is one guest accessible path in Xen where a non-canonical address was passed into the TLB flushing code. This previously had no ill effect, but became vulnerable with the introduction of PCID to reduce the performance hit from the Meltdown mitigations. IMPACT ====== A buggy or malicious PV guest can crash the host. VULNERABLE SYSTEMS ================== Only hardware which supports the INVPCID instruction is vulnerable. This is available on Intel Haswell processors and later. AMD x86 processors are not known to support this instruction, and ARM processors are entirely unaffected. Only versions of Xen with PCID support are vulnerable. Support first appeared in Xen 4.11 but was backported to the stable trees as part of the Meltdown (XSA-254 / CVE-2017-5754) fixes. Xen 4.10.2, 4.9.3, 4.8.4 as well as the stable-4.7 and 4.6 branches are vulnerable. The vulnerability is only exposed to 64-bit PV guests. 32-bit PV guests, as well as HVM/PVH guests cannot exploit the vulnerability. MITIGATION ========== Booting Xen with `pcid=0` or `invpcid=0` on the command line will work around the issue. Alternatively, running untrusted 64bit PV guests inside xen-shim will work around the issue. CREDITS ======= This issue was discovered by Matthew Daley. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa279.patch xen-unstable, Xen 4.11.x, Xen 4.10.x xsa279-4.9.patch Xen 4.9.x ... 4.7.x $ sha256sum xsa279* 40319fcf33348176eb14d7fc7c68c255cc7291013242ea444de6d00602024a11 xsa279.meta 0c1d50effe6645051a15dd83af57088dd4a055e26a23b1fa9e6c3722a7973f5d xsa279.patch fd34f29bc7e53359585135408cbbd12e12a003f59b135e81cc44186c5cddd40d xsa279-4.9.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlv0C2oMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZKtwH/iNT0SP+by+n+HfWJfl4hZgJ4ZU3ZJDXyxuMchHv ZXYxW9FEab34qjOtRKToIYaPybjULbCNf2EeSmdwuHS55BP+GlnGT27gCU0FSECJ bfCkXFAJh04SjjzInOQxyfMUPmCztnwQvzADPJkxp1+nc++9P66Y44AwzUrRHsT1 A/dryLbZP/WiFyfYBnBPeh8Ib2eaAA1cxWLVbHwYlrrzgwf8pLHtKObW1TiSS/gr inPqwvcU3dwj3OnsB2KuWodgP7cN/YyE/pdCiSiR7xZqcWN5/bdodwARhGTc2XY3 2OLodVSz962xjmCku7YN0ntiuU1C/c7w2dT5KsF9H/mPwl4= =f39b -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa279.meta" Content-Disposition: attachment; filename="xsa279.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNzksCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMSIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwK ICAgICI0LjgiLAogICAgIjQuNyIKICBdLAogICJUcmVlcyI6IFsKICAgICJ4 ZW4iCiAgXSwKICAiUmVjaXBlcyI6IHsKICAgICI0LjEwIjogewogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICJlOTA3NDYwZmQ2MWMzNTA0ODdmZmVlNWQ4YWEzNzViZWY1NmJj ODFjIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNzUK ICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAg ICAgInhzYTI3OS5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAg IH0KICAgIH0sCiAgICAiNC4xMSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZGVhOWZj MGUwMmQ5MmY1ZTZkNDY2ODBhYTBhNTJmYTc1OGVjYTljNCIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjc1LAogICAgICAgICAgICAy NzYsCiAgICAgICAgICAgIDI3NwogICAgICAgICAgXSwKICAgICAgICAgICJQ YXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjc5LnBhdGNoIgogICAgICAg ICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjciOiB7CiAg ICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAi U3RhYmxlUmVmIjogIjljODI3NTk0NDgyOWM1NWFmM2RjNzA4NzEyY2E1YzEy MGIxYmIzMjgiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAg IDI3NQogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAg ICAgICAgICAieHNhMjc5LTQuOS5wYXRjaCIKICAgICAgICAgIF0KICAgICAg ICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC44IjogewogICAgICAiUmVjaXBl cyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6 ICJkNjc5OGNlMzU3MDdhNDg1ZDljMTMyMzE5ZDcwZGQ2NTQ2MjBlNWU1IiwK ICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNzUKICAgICAg ICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhz YTI3OS00LjkucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9 CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAg ICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZjEzOTgzZGIx MjBmNWU1NmRmZWZiZWU1ZDU2Njc4ZDJkNDNlMjkxNCIsCiAgICAgICAgICAi UHJlcmVxcyI6IFsKICAgICAgICAgICAgMjc1CiAgICAgICAgICBdLAogICAg ICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNzktNC45LnBh dGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAg ICJtYXN0ZXIiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4i OiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjFkZTM0NTllMDk2MWZmMzIz MzM5MmNmMjFhNjljYWZlOTAwNmRlNTkiLAogICAgICAgICAgIlByZXJlcXMi OiBbCiAgICAgICAgICAgIDI3NSwKICAgICAgICAgICAgMjc2LAogICAgICAg ICAgICAyNzcKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsK ICAgICAgICAgICAgInhzYTI3OS5wYXRjaCIKICAgICAgICAgIF0KICAgICAg ICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa279.patch" Content-Disposition: attachment; filename="xsa279.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L21tOiBEb24ndCBwZXJmb3JtIGZsdXNoIGFmdGVy IGZhaWxpbmcgdG8gdXBkYXRlIGEgZ3Vlc3RzIEwxZQoKSWYgdGhlIEwxZSB1 cGRhdGUgaGFzbid0IG9jY3VyZWQsIHRoZSBmbHVzaCBjYW5ub3QgZG8gYW55 dGhpbmcgdXNlZnVsLiAgVGhpcwpza2lwcyB0aGUgcG90ZW50aWFsbHkgZXhw ZW5zaXZlIHZjcHVtYXNrX3RvX3BjcHVtYXNrKCkgY29udmVyc2lvbiwgYW5k CmJyb2FkY2FzdCBUTEIgc2hvb3Rkb3duLgoKTW9yZSBpbXBvcnRhbnRseSBo b3dldmVyLCB3ZSBtaWdodCBiZSBpbiB0aGUgZXJyb3IgcGF0aCBkdWUgdG8g YSBiYWQgdmEKcGFyYW1ldGVyIGZyb20gdGhlIGd1ZXN0LCBhbmQgdGhpcyBz aG91bGQgbm90IHByb3BhZ2F0ZSBpbnRvIHRoZSBUTEIgZmx1c2hpbmcKbG9n aWMuICBUaGUgSU5WUENJRCBpbnN0cnVjdGlvbiBmb3IgZXhhbXBsZSByYWlz ZXMgI0dQIGZvciBhIG5vbi1jYW5vbmljYWwKYWRkcmVzcy4KClRoaXMgaXMg WFNBLTI3OS4KClJlcG9ydGVkLWJ5OiBNYXR0aGV3IERhbGV5IDxtYXR0ZEBi dWdmdXp6LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5k cmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJj aC94ODYvbW0uYyBiL3hlbi9hcmNoL3g4Ni9tbS5jCmluZGV4IDcwM2YzMzAu Ljc1NjYzYzYgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9tbS5jCisrKyBi L3hlbi9hcmNoL3g4Ni9tbS5jCkBAIC00MTU1LDYgKzQxNTUsMTQgQEAgc3Rh dGljIGludCBfX2RvX3VwZGF0ZV92YV9tYXBwaW5nKAogICAgIGlmICggcGwx ZSApCiAgICAgICAgIHVubWFwX2RvbWFpbl9wYWdlKHBsMWUpOwogCisgICAg LyoKKyAgICAgKiBBbnkgZXJyb3IgYXQgdGhpcyBwb2ludCBtZWFucyB0aGF0 IHdlIGhhdmVuJ3QgY2hhbmdlIHRoZSBMMWUuICBTa2lwIHRoZQorICAgICAq IGZsdXNoLCBhcyBpdCB3b24ndCBkbyBhbnl0aGluZyB1c2VmdWwuICBGdXJ0 aGVybW9yZSwgdmEgaXMgZ3Vlc3QKKyAgICAgKiBjb250cm9sbGVkIGFuZCBu b3QgbmVjZXNzZXJpbHkgYXVkaXRlZCBieSB0aGlzIHBvaW50LgorICAgICAq LworICAgIGlmICggcmMgKQorICAgICAgICByZXR1cm4gcmM7CisKICAgICBz d2l0Y2ggKCBmbGFncyAmIFVWTUZfRkxVU0hUWVBFX01BU0sgKQogICAgIHsK ICAgICBjYXNlIFVWTUZfVExCX0ZMVVNIOgo= --=separator Content-Type: application/octet-stream; name="xsa279-4.9.patch" Content-Disposition: attachment; filename="xsa279-4.9.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L21tOiBEb24ndCBwZXJmb3JtIGZsdXNoIGFmdGVy IGZhaWxpbmcgdG8gdXBkYXRlIGEgZ3Vlc3RzIEwxZQoKSWYgdGhlIEwxZSB1 cGRhdGUgaGFzbid0IG9jY3VyZWQsIHRoZSBmbHVzaCBjYW5ub3QgZG8gYW55 dGhpbmcgdXNlZnVsLiAgVGhpcwpza2lwcyB0aGUgcG90ZW50aWFsbHkgZXhw ZW5zaXZlIHZjcHVtYXNrX3RvX3BjcHVtYXNrKCkgY29udmVyc2lvbiwgYW5k CmJyb2FkY2FzdCBUTEIgc2hvb3Rkb3duLgoKTW9yZSBpbXBvcnRhbnRseSBo b3dldmVyLCB3ZSBtaWdodCBiZSBpbiB0aGUgZXJyb3IgcGF0aCBkdWUgdG8g YSBiYWQgdmEKcGFyYW1ldGVyIGZyb20gdGhlIGd1ZXN0LCBhbmQgdGhpcyBz aG91bGQgbm90IHByb3BhZ2F0ZSBpbnRvIHRoZSBUTEIgZmx1c2hpbmcKbG9n aWMuICBUaGUgSU5WUENJRCBpbnN0cnVjdGlvbiBmb3IgZXhhbXBsZSByYWlz ZXMgI0dQIGZvciBhIG5vbi1jYW5vbmljYWwKYWRkcmVzcy4KClRoaXMgaXMg WFNBLTI3OS4KClJlcG9ydGVkLWJ5OiBNYXR0aGV3IERhbGV5IDxtYXR0ZEBi dWdmdXp6LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5k cmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL3hlbi9hcmNoL3g4Ni9t bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS5jCkBAIC00ODk0LDYgKzQ4OTQs MTQgQEAgc3RhdGljIGludCBfX2RvX3VwZGF0ZV92YV9tYXBwaW5nKAogICAg IGlmICggcGwxZSApCiAgICAgICAgIGd1ZXN0X3VubWFwX2wxZShwbDFlKTsK IAorICAgIC8qCisgICAgICogQW55IGVycm9yIGF0IHRoaXMgcG9pbnQgbWVh bnMgdGhhdCB3ZSBoYXZlbid0IGNoYW5nZSB0aGUgbDFlLiAgU2tpcCB0aGUK KyAgICAgKiBmbHVzaCwgYXMgaXQgd29uJ3QgZG8gYW55dGhpbmcgdXNlZnVs LiAgRnVydGhlcm1vcmUsIHZhIGlzIGd1ZXN0CisgICAgICogY29udHJvbGxl ZCBhbmQgbm90IG5lY2Vzc2VyaWx5IGF1ZGl0ZWQgYnkgdGhpcyBwb2ludC4K KyAgICAgKi8KKyAgICBpZiAoIHJjICkKKyAgICAgICAgcmV0dXJuIHJjOwor CiAgICAgc3dpdGNoICggZmxhZ3MgJiBVVk1GX0ZMVVNIVFlQRV9NQVNLICkK ICAgICB7CiAgICAgY2FzZSBVVk1GX1RMQl9GTFVTSDoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Nov 20 13:27:29 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Nov 2018 13:27:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP636-00042O-E9; Tue, 20 Nov 2018 13:26:40 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP634-00040u-LA for xen-announce@lists.xen.org; Tue, 20 Nov 2018 13:26:38 +0000 X-Inumbo-ID: e7dc972d-ecc7-11e8-9a16-bc764e045a96 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id e7dc972d-ecc7-11e8-9a16-bc764e045a96; Tue, 20 Nov 2018 13:26:37 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP62s-0006nV-IJ; Tue, 20 Nov 2018 13:26:26 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gP62s-0000dz-Ff; Tue, 20 Nov 2018 13:26:26 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 20 Nov 2018 13:26:26 +0000 Subject: [Xen-announce] Xen Security Advisory 277 v2 - x86: incorrect error handling for guest p2m page removals X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-277 version 2 x86: incorrect error handling for guest p2m page removals UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The internal function querying a domain's p2m table grabs the p2m lock by default, so that the answer to the query remains true until the caller can act on that information; it is up to the caller then to release the lock. Unfortunately, certain failure paths don't release the lock. IMPACT ====== A malicious or buggy guest may cause a deadlock, resulting in a DoS (Denial of Service) affecting the entire host. VULNERABLE SYSTEMS ================== Xen 4.11 and onward are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only systems running untrusted HVM or PVH guests are vulnerable. Systems running only PV guests are not vulnerable. MITIGATION ========== Running only PV guests will avoid this vulnerability. CREDITS ======= This issue was discovered by Paul Durrant of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa277.patch xen-unstable, Xen 4.11.x $ sha256sum xsa277* 576cdc05975e43698624b88f7290119dd702b3db8f30f3219754d992d7fef0c6 xsa277.meta c9025e1daaec4081a61f1ed7b96e69cfe8e35bdd5b4fcc0fadc98f71c2e243e2 xsa277.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlv0C2kMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ3W4H/0lfQ3hxNjmYa9soWCkXCFWrRHEt5G11dtL3GE1B E4GbiAWdownHQjhA3okO9yQKDzwY68+hvVZ7YOUNSQ00tZ8j/RWldDZLhbp9JrjI QMriPefk8X6ZVnF6velUZI2dpOIX6NFBZHxPXUKV8A+e9/+OS7e9CEWrSaprHcbt MTHv5evulxl8sPXyVa8e2m2YSdEFU6ylfVyH3m5u3cKBpvbSLFKyQN+MNX8rTmAn +ga3Vj9zehIlDl22nTXCcQHbj75JK0RsDCcH1Glicqm3LZlZ2GXYNe/OiPdLTmwP 8UN8HJhDB2d6w8x4/TV2ad8UGqCJghkxJkqs2RJJdtz8VSo= =CFtL -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa277.meta" Content-Disposition: attachment; filename="xsa277.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNzcsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMSIKICBdLAogICJUcmVlcyI6IFsKICAgICJ4 ZW4iCiAgXSwKICAiUmVjaXBlcyI6IHsKICAgICI0LjExIjogewogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICI4YWQ0NjJhMzRmMDY1NGMyNTZjMTk3NDA2NTg3Njg2ZmU0MjI4 NTQ2IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNzUs CiAgICAgICAgICAgIDI3NgogICAgICAgICAgXSwKICAgICAgICAgICJQYXRj aGVzIjogWwogICAgICAgICAgICAieHNhMjc3LnBhdGNoIgogICAgICAgICAg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAg ICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAi U3RhYmxlUmVmIjogImNlMmY0MjYwNTg4OGYxOGY2M2ZmOWZlMGQ0NWRkNjlh ZTgzMDQ1YmIiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAg IDI3NSwKICAgICAgICAgICAgMjc2CiAgICAgICAgICBdLAogICAgICAgICAg IlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNzcucGF0Y2giCiAgICAg ICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa277.patch" Content-Disposition: attachment; filename="xsa277.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L21tOiBQdXQgdGhlIGdmbiBvbiBhbGwgcGF0aHMg YWZ0ZXIgZ2V0X2dmbl9xdWVyeSgpCgpjL3MgNzg2NzE4MWIyICJ4ODYvUG9E OiBjb3JyZWN0bHkgaGFuZGxlIG5vbi1vcmRlci0wIGRlY3JlYXNlLXJlc2Vy dmF0aW9uCnJlcXVlc3RzIiBpbnRyb2R1Y2VkIGFuIGVhcmx5IGV4aXQgaW4g Z3Vlc3RfcmVtb3ZlX3BhZ2UoKSBmb3IgdW5leHBlY3RlZCBwMm0KdHlwZXMu ICBIb3dldmVyLCBnZXRfZ2ZuX3F1ZXJ5KCkgaW50ZXJuYWxseSB0YWtlcyB0 aGUgcDJtIGxvY2ssIGFuZCBtdXN0IGJlCm1hdGNoZWQgd2l0aCBhIHB1dF9n Zm4oKSBjYWxsIGxhdGVyLgoKRml4IHRoZSBlcnJvbmVvdXMgY29tbWVudCBi ZXNpZGUgdGhlIGRlY2xhcmF0aW9uIG9mIGdldF9nZm5fcXVlcnkoKS4KClRo aXMgaXMgWFNBLTI3Ny4KClJlcG9ydGVkLWJ5OiBQYXVsIER1cnJhbnQgPHBh dWwuZHVycmFudEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcg Q29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgoKZGlmZiAtLWdp dCBhL3hlbi9jb21tb24vbWVtb3J5LmMgYi94ZW4vY29tbW9uL21lbW9yeS5j CmluZGV4IDk4NzM5NWYuLjI2YjcxMjMgMTAwNjQ0Ci0tLSBhL3hlbi9jb21t b24vbWVtb3J5LmMKKysrIGIveGVuL2NvbW1vbi9tZW1vcnkuYwpAQCAtMzA1 LDcgKzMwNSwxMSBAQCBpbnQgZ3Vlc3RfcmVtb3ZlX3BhZ2Uoc3RydWN0IGRv bWFpbiAqZCwgdW5zaWduZWQgbG9uZyBnbWZuKQogI2lmZGVmIENPTkZJR19Y ODYKICAgICBtZm4gPSBnZXRfZ2ZuX3F1ZXJ5KGQsIGdtZm4sICZwMm10KTsK ICAgICBpZiAoIHVubGlrZWx5KHAybXQgPT0gcDJtX2ludmFsaWQpIHx8IHVu bGlrZWx5KHAybXQgPT0gcDJtX21taW9fZG0pICkKKyAgICB7CisgICAgICAg IHB1dF9nZm4oZCwgZ21mbik7CisKICAgICAgICAgcmV0dXJuIC1FTk9FTlQ7 CisgICAgfQogCiAgICAgaWYgKCB1bmxpa2VseShwMm1faXNfcGFnaW5nKHAy bXQpKSApCiAgICAgewpkaWZmIC0tZ2l0IGEveGVuL2luY2x1ZGUvYXNtLXg4 Ni9wMm0uaCBiL3hlbi9pbmNsdWRlL2FzbS14ODYvcDJtLmgKaW5kZXggYWMz M2Y1MC4uNmQ4NDlhNSAxMDA2NDQKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4 Ni9wMm0uaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L3AybS5oCkBAIC00 NDgsMTAgKzQ0OCw3IEBAIHN0YXRpYyBpbmxpbmUgbWZuX3QgX19ub25udWxs KDMpIGdldF9nZm5fdHlwZSgKICAgICByZXR1cm4gZ2V0X2dmbl90eXBlX2Fj Y2VzcyhwMm1fZ2V0X2hvc3RwMm0oZCksIGdmbiwgdCwgJmEsIHEsIE5VTEwp OwogfQogCi0vKiBTeW50YWN0aWMgc3VnYXI6IG1vc3QgY2FsbGVycyB3aWxs IHVzZSBvbmUgb2YgdGhlc2UuIAotICogTi5CLiBnZXRfZ2ZuX3F1ZXJ5KCkg aXMgdGhlIF9vbmx5XyBvbmUgZ3VhcmFudGVlZCBub3QgdG8gdGFrZSB0aGUK LSAqIHAybSBsb2NrOyBub25lIG9mIHRoZSBvdGhlcnMgY2FuIGJlIGNhbGxl ZCB3aXRoIHRoZSBwMm0gb3IgcGFnaW5nCi0gKiBsb2NrIGhlbGQuICovCisv KiBTeW50YWN0aWMgc3VnYXI6IG1vc3QgY2FsbGVycyB3aWxsIHVzZSBvbmUg b2YgdGhlc2UuICovCiAjZGVmaW5lIGdldF9nZm4oZCwgZywgdCkgICAgICAg ICBnZXRfZ2ZuX3R5cGUoKGQpLCAoZyksICh0KSwgUDJNX0FMTE9DKQogI2Rl ZmluZSBnZXRfZ2ZuX3F1ZXJ5KGQsIGcsIHQpICAgZ2V0X2dmbl90eXBlKChk KSwgKGcpLCAodCksIDApCiAjZGVmaW5lIGdldF9nZm5fdW5zaGFyZShkLCBn LCB0KSBnZXRfZ2ZuX3R5cGUoKGQpLCAoZyksICh0KSwgXAo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Nov 20 13:27:29 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Nov 2018 13:27:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP637-00042g-Ap; Tue, 20 Nov 2018 13:26:41 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP634-000415-P5 for xen-announce@lists.xen.org; Tue, 20 Nov 2018 13:26:38 +0000 X-Inumbo-ID: e7e98190-ecc7-11e8-a5d6-12d6303a7972 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id e7e98190-ecc7-11e8-a5d6-12d6303a7972; Tue, 20 Nov 2018 13:26:37 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP62r-0006nP-0d; Tue, 20 Nov 2018 13:26:25 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gP62q-0000ct-UJ; Tue, 20 Nov 2018 13:26:24 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 20 Nov 2018 13:26:24 +0000 Subject: [Xen-announce] Xen Security Advisory 276 v2 - resource accounting issues in x86 IOREQ server handling X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-276 version 2 resource accounting issues in x86 IOREQ server handling UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Allocation of pages used to communicate with external emulators did not follow certain principles that are required for proper life cycle management of guest exposed pages. IMPACT ====== A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. VULNERABLE SYSTEMS ================== Only Xen 4.11 is affected by this vulnerability. Xen 4.10 and older are not affected by this vulnerability. Only systems running HVM guests with their devicemodels in a stubdomain are considered vulnerable. Note that attackers also need to exploit the devicemodel in order to have access to this vulnerability. Arm guests cannot leverage this vulnerability. MITIGATION ========== Running only PV guests will avoid this vulnerability. (The security of a Xen system using stub domains is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm.) CREDITS ======= This issue was discovered by Julien Grall of ARM. RESOLUTION ========== Applying the appropriate set of attached patches resolves this issue. xsa276/*.patch xen-unstable xsa276-4.11/*.patch Xen 4.11.x $ sha256sum xsa276* xsa276*/* efe9f031c5646b111cbfbe35141a7d99eb31ead07c1c6051145abbd9a3def5b9 xsa276.meta 7f77225e3de780a2507714caab5870664634bf9f76215547bebd31a6399a86ef xsa276-4.11/0001-x86-hvm-ioreq-fix-page-referencing.patch c93c66090009833cd11fabe72b523cbdb3467fa104cc97d1855d365881aa7f8e xsa276-4.11/0002-x86-hvm-ioreq-use-ref-counted-target-assigned-shared.patch ef8b89375866821f4a612f600d10834bf65d811b1784a4ee0fde4a3a409501e0 xsa276/0001-x86-hvm-ioreq-fix-page-referencing.patch 75398ec343b9aaebf0c7dc0c5ef5ed7a3f3be0959f1519db5c7f32c44e7a54d3 xsa276/0002-x86-hvm-ioreq-use-ref-counted-target-assigned-shared.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlv0C2kMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZpssH/1YDoUGry3iCsHZnymWqfWFiuddW2U03UPmq/BH+ tZ+HxnOeibVkvsB8g9POxCkSqS77MiFksgUTc0l6qV9zZ+A7glFRzMbKSSnmobul ETP/7AM3UO8H4uSji8P3lfN0l1B/BXetitv6FzogOUTP4iCX1TYfS4eu+UUOTWoj kg3DglZKeLY/eztTnJSOP5VzT09+Ra44IFvCfzz4gMV6Njgj0dZZ1jyBvKNxY3Rs bKiuycHDAzTGWHR6hymGVR73EowTgaboLEjpXTWVYbBvKv8HUp/v5UBzCf3TuPy6 GmtUaS/mtDPRYcgAjYPddGa7euVL6ESV+FNsSrMneJCBgk4= =/tEm -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa276.meta" Content-Disposition: attachment; filename="xsa276.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNzYsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMSIKICBdLAogICJUcmVlcyI6IFsKICAgICJ4 ZW4iCiAgXSwKICAiUmVjaXBlcyI6IHsKICAgICI0LjExIjogewogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICIxOGI1OTQ3NjQ4YWM0NDU3Y2FiNTVhMzRkMzcwZDlhZGFjMGI1 NWRiIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI3Ni00LjExLyoucGF0Y2giCiAg ICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIm1hc3Rl ciI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiOGU3NTFhYzU5Y2ZkMTE0M2QwOTVjNDU5 MjdiYTFiZWMwZDQ0MWVlNCIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtdLAog ICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNzYvKi5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9 Cn0= --=separator Content-Type: application/octet-stream; name="xsa276-4.11/0001-x86-hvm-ioreq-fix-page-referencing.patch" Content-Disposition: attachment; filename="xsa276-4.11/0001-x86-hvm-ioreq-fix-page-referencing.patch" Content-Transfer-Encoding: base64 RnJvbSBiY2MxMTViYTM5ZDI5ODVkY2YzNTZiYThhOWFjMjkxZTMxNGYxZjBm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gQmV1bGljaCA8 SkJldWxpY2hAc3VzZS5jb20+CkRhdGU6IFRodSwgMTEgT2N0IDIwMTggMDQ6 MDA6MjYgLTA2MDAKU3ViamVjdDogW1BBVENIIDEvMl0geDg2L2h2bS9pb3Jl cTogZml4IHBhZ2UgcmVmZXJlbmNpbmcKClRoZSBjb2RlIGRvZXMgbm90IHRh a2UgYSBwYWdlIHJlZmVyZW5jZSBpbiBodm1fYWxsb2NfaW9yZXFfbWZuKCks IG9ubHkgYQp0eXBlIHJlZmVyZW5jZS4gVGhpcyBjYW4gbGVhZCB0byBhIHNp dHVhdGlvbiB3aGVyZSBhIG1hbGljaW91cyBkb21haW4gd2l0aApYU01fRE1f UFJJViBjYW4gZW5naW5lZXIgYSBzZXF1ZW5jZSBhcyBmb2xsb3dzOgoKLSBj cmVhdGUgSU9SRVEgc2VydmVyOiBubyBwYWdlcyBhcyB5ZXQuCi0gYWNxdWly ZSByZXNvdXJjZTogcGFnZSBhbGxvY2F0ZWQsIHRvdGFsIDAuCi0gZGVjcmVh c2UgcmVzZXJ2YXRpb246IC0xIHJlZiwgdG90YWwgLTEuCgpUaGlzIHdpbGwg Y2F1c2UgWGVuIHRvIGhpdCBhIEJVR19PTigpIGluIGZyZWVfZG9taGVhcF9w YWdlcygpLgoKVGhpcyBwYXRjaCBmaXhlcyB0aGUgaXNzdWUgYnkgY2hhbmdp bmcgdGhlIGNhbGwgdG8gZ2V0X3BhZ2VfdHlwZSgpIGluCmh2bV9hbGxvY19p b3JlcV9tZm4oKSB0byBhIGNhbGwgdG8gZ2V0X3BhZ2VfYW5kX3R5cGUoKS4g VGhpcyBjaGFuZ2UKaW4gdHVybiByZXF1aXJlcyBhbiBleHRyYSBwdXRfcGFn ZSgpIGluIGh2bV9mcmVlX2lvcmVxX21mbigpIGluIHRoZSBjYXNlCnRoYXQg X1BHQ19hbGxvY2F0ZWQgaXMgc3RpbGwgc2V0IChpLmUuIGEgZGVjcmVhc2Ug cmVzZXJ2YXRpb24gaGFzIG5vdApvY2N1cnJlZCkgdG8gYXZvaWQgdGhlIHBh Z2UgYmVpbmcgbGVha2VkLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzYuCgpS ZXBvcnRlZC1ieTogSnVsaWVuIEdyYWxsIDxqdWxpZW4uZ3JhbGxAYXJtLmNv bT4KUmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGFy bS5jb20+ClNpZ25lZC1vZmYtYnk6IFBhdWwgRHVycmFudCA8cGF1bC5kdXJy YW50QGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KLS0tCiB4ZW4vYXJjaC94ODYvaHZtL2lvcmVx LmMgfCA0NiArKysrKysrKysrKysrKysrKysrKysrKysrKystLS0tLS0tLS0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMzEgaW5zZXJ0aW9ucygrKSwgMTUgZGVs ZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L2h2bS9pb3Jl cS5jIGIveGVuL2FyY2gveDg2L2h2bS9pb3JlcS5jCmluZGV4IGYzOWYzOTE5 MjkuLmJkYzI2ODcwMTQgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0v aW9yZXEuYworKysgYi94ZW4vYXJjaC94ODYvaHZtL2lvcmVxLmMKQEAgLTMy Nyw2ICszMjcsNyBAQCBzdGF0aWMgaW50IGh2bV9tYXBfaW9yZXFfZ2ZuKHN0 cnVjdCBodm1faW9yZXFfc2VydmVyICpzLCBib29sIGJ1ZikKIHN0YXRpYyBp bnQgaHZtX2FsbG9jX2lvcmVxX21mbihzdHJ1Y3QgaHZtX2lvcmVxX3NlcnZl ciAqcywgYm9vbCBidWYpCiB7CiAgICAgc3RydWN0IGh2bV9pb3JlcV9wYWdl ICppb3JwID0gYnVmID8gJnMtPmJ1ZmlvcmVxIDogJnMtPmlvcmVxOworICAg IHN0cnVjdCBwYWdlX2luZm8gKnBhZ2U7CiAKICAgICBpZiAoIGlvcnAtPnBh Z2UgKQogICAgIHsKQEAgLTM0OSwyNyArMzUwLDMzIEBAIHN0YXRpYyBpbnQg aHZtX2FsbG9jX2lvcmVxX21mbihzdHJ1Y3QgaHZtX2lvcmVxX3NlcnZlciAq cywgYm9vbCBidWYpCiAgICAgICogY291bGQgZmFpbCBpZiB0aGUgZW11bGF0 aW5nIGRvbWFpbiBoYXMgYWxyZWFkeSByZWFjaGVkIGl0cwogICAgICAqIG1h eGltdW0gYWxsb2NhdGlvbi4KICAgICAgKi8KLSAgICBpb3JwLT5wYWdlID0g YWxsb2NfZG9taGVhcF9wYWdlKHMtPmVtdWxhdG9yLCBNRU1GX25vX3JlZmNv dW50KTsKKyAgICBwYWdlID0gYWxsb2NfZG9taGVhcF9wYWdlKHMtPmVtdWxh dG9yLCBNRU1GX25vX3JlZmNvdW50KTsKIAotICAgIGlmICggIWlvcnAtPnBh Z2UgKQorICAgIGlmICggIXBhZ2UgKQogICAgICAgICByZXR1cm4gLUVOT01F TTsKIAotICAgIGlmICggIWdldF9wYWdlX3R5cGUoaW9ycC0+cGFnZSwgUEdU X3dyaXRhYmxlX3BhZ2UpICkKLSAgICAgICAgZ290byBmYWlsMTsKKyAgICBp ZiAoICFnZXRfcGFnZV9hbmRfdHlwZShwYWdlLCBzLT5lbXVsYXRvciwgUEdU X3dyaXRhYmxlX3BhZ2UpICkKKyAgICB7CisgICAgICAgIC8qCisgICAgICAg ICAqIFRoZSBkb21haW4gY2FuJ3QgcG9zc2libHkga25vdyBhYm91dCB0aGlz IHBhZ2UgeWV0LCBzbyBmYWlsdXJlCisgICAgICAgICAqIGhlcmUgaXMgYSBj bGVhciBpbmRpY2F0aW9uIG9mIHNvbWV0aGluZyBmaXNoeSBnb2luZyBvbi4K KyAgICAgICAgICovCisgICAgICAgIGRvbWFpbl9jcmFzaChzLT5lbXVsYXRv cik7CisgICAgICAgIHJldHVybiAtRU5PREFUQTsKKyAgICB9CiAKLSAgICBp b3JwLT52YSA9IF9fbWFwX2RvbWFpbl9wYWdlX2dsb2JhbChpb3JwLT5wYWdl KTsKKyAgICBpb3JwLT52YSA9IF9fbWFwX2RvbWFpbl9wYWdlX2dsb2JhbChw YWdlKTsKICAgICBpZiAoICFpb3JwLT52YSApCi0gICAgICAgIGdvdG8gZmFp bDI7CisgICAgICAgIGdvdG8gZmFpbDsKIAorICAgIGlvcnAtPnBhZ2UgPSBw YWdlOwogICAgIGNsZWFyX3BhZ2UoaW9ycC0+dmEpOwogICAgIHJldHVybiAw OwogCi0gZmFpbDI6Ci0gICAgcHV0X3BhZ2VfdHlwZShpb3JwLT5wYWdlKTsK LQotIGZhaWwxOgotICAgIHB1dF9wYWdlKGlvcnAtPnBhZ2UpOwotICAgIGlv cnAtPnBhZ2UgPSBOVUxMOworIGZhaWw6CisgICAgaWYgKCB0ZXN0X2FuZF9j bGVhcl9iaXQoX1BHQ19hbGxvY2F0ZWQsICZwYWdlLT5jb3VudF9pbmZvKSAp CisgICAgICAgIHB1dF9wYWdlKHBhZ2UpOworICAgIHB1dF9wYWdlX2FuZF90 eXBlKHBhZ2UpOwogCiAgICAgcmV0dXJuIC1FTk9NRU07CiB9CkBAIC0zNzcs MTUgKzM4NCwyNCBAQCBzdGF0aWMgaW50IGh2bV9hbGxvY19pb3JlcV9tZm4o c3RydWN0IGh2bV9pb3JlcV9zZXJ2ZXIgKnMsIGJvb2wgYnVmKQogc3RhdGlj IHZvaWQgaHZtX2ZyZWVfaW9yZXFfbWZuKHN0cnVjdCBodm1faW9yZXFfc2Vy dmVyICpzLCBib29sIGJ1ZikKIHsKICAgICBzdHJ1Y3QgaHZtX2lvcmVxX3Bh Z2UgKmlvcnAgPSBidWYgPyAmcy0+YnVmaW9yZXEgOiAmcy0+aW9yZXE7Cisg ICAgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZSA9IGlvcnAtPnBhZ2U7CiAKLSAg ICBpZiAoICFpb3JwLT5wYWdlICkKKyAgICBpZiAoICFwYWdlICkKICAgICAg ICAgcmV0dXJuOwogCisgICAgaW9ycC0+cGFnZSA9IE5VTEw7CisKICAgICB1 bm1hcF9kb21haW5fcGFnZV9nbG9iYWwoaW9ycC0+dmEpOwogICAgIGlvcnAt PnZhID0gTlVMTDsKIAotICAgIHB1dF9wYWdlX2FuZF90eXBlKGlvcnAtPnBh Z2UpOwotICAgIGlvcnAtPnBhZ2UgPSBOVUxMOworICAgIC8qCisgICAgICog Q2hlY2sgd2hldGhlciB3ZSBuZWVkIHRvIGNsZWFyIHRoZSBhbGxvY2F0aW9u IHJlZmVyZW5jZSBiZWZvcmUKKyAgICAgKiBkcm9wcGluZyB0aGUgZXhwbGlj aXQgcmVmZXJlbmNlcyB0YWtlbiBieSBnZXRfcGFnZV9hbmRfdHlwZSgpLgor ICAgICAqLworICAgIGlmICggdGVzdF9hbmRfY2xlYXJfYml0KF9QR0NfYWxs b2NhdGVkLCAmcGFnZS0+Y291bnRfaW5mbykgKQorICAgICAgICBwdXRfcGFn ZShwYWdlKTsKKworICAgIHB1dF9wYWdlX2FuZF90eXBlKHBhZ2UpOwogfQog CiBib29sIGlzX2lvcmVxX3NlcnZlcl9wYWdlKHN0cnVjdCBkb21haW4gKmQs IGNvbnN0IHN0cnVjdCBwYWdlX2luZm8gKnBhZ2UpCi0tIAoyLjE5LjEKCg== --=separator Content-Type: application/octet-stream; name="xsa276-4.11/0002-x86-hvm-ioreq-use-ref-counted-target-assigned-shared.patch" Content-Disposition: attachment; filename="xsa276-4.11/0002-x86-hvm-ioreq-use-ref-counted-target-assigned-shared.patch" Content-Transfer-Encoding: base64 RnJvbSAwYmIyOTY5NjMwZmJjOTJhMDUxMGJmMTIwNTc4YjU4ZWZiNzRjZGFi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIER1cnJhbnQg PFBhdWwuRHVycmFudEBjaXRyaXguY29tPgpEYXRlOiBUaHUsIDEgTm92IDIw MTggMTc6MzA6MjAgKzAwMDAKU3ViamVjdDogW1BBVENIIDIvMl0geDg2L2h2 bS9pb3JlcTogdXNlIHJlZi1jb3VudGVkIHRhcmdldC1hc3NpZ25lZCBzaGFy ZWQKIHBhZ2VzCgpQYXNzaW5nIE1FTUZfbm9fcmVmY291bnQgdG8gYWxsb2Nf ZG9taGVhcF9wYWdlcygpIHdpbGwgYWxsb2NhdGUsIGFzCmV4cGVjdGVkLCBh IHBhZ2UgdGhhdCBpcyBhc3NpZ25lZCB0byB0aGUgc3BlY2lmaWVkIGRvbWFp biBidXQgaXMgbm90CmFjY291bnRlZCBmb3IgaW4gdG90X3BhZ2VzLiBVbmZv cnR1bmF0ZWx5IHRoZXJlIGlzIG5vIGxvZ2ljIGZvciB0cmFja2luZwpzdWNo IGFsbG9jYXRpb25zIGFuZCBhdm9pZGluZyBhbnkgYWRqdXN0bWVudCB0byB0 b3RfcGFnZXMgd2hlbiB0aGUgcGFnZQppcyBmcmVlZC4KClRoZSBvbmx5IGNh bGxlciBvZiBhbGxvY19kb21oZWFwX3BhZ2VzKCkgdGhhdCBwYXNzZXMgTUVN Rl9ub19yZWZjb3VudCBpcwpodm1fYWxsb2NfaW9yZXFfbWZuKCkgc28gdGhp cyBwYXRjaCByZW1vdmVzIHVzZSBvZiB0aGUgZmxhZyBmcm9tIHRoYXQKY2Fs bC1zaXRlIHRvIGF2b2lkIHRoZSBwb3NzaWJpbGl0eSBvZiBhIGRvbWFpbiB1 c2luZyBhbiBpb3JlcSBzZXJ2ZXIgYXMKYSBtZWFucyB0byBhZGp1c3QgaXRz IHRvdF9wYWdlcyBhbmQgaGVuY2UgYWxsb2NhdGUgbW9yZSBtZW1vcnkgdGhh biBpdApzaG91bGQgYmUgYWJsZSB0by4KCkhvd2V2ZXIsIHRoZSByZWFzb24g Zm9yIHVzaW5nIHRoZSBmbGFnIGluIHRoZSBmaXJzdCBwbGFjZSB3YXMgdG8g YXZvaWQKdGhlIGFsbG9jYXRpb24gZmFpbGluZyBpZiB0aGUgZW11bGF0b3Ig ZG9tYWluIGlzIGFscmVhZHkgYXQgaXRzIG1heGltdW0KbWVtb3J5IGxpbWl0 LiBIZW5jZSB0aGlzIHBhdGNoIHN3aXRjaGVzIHRvIGFsbG9jYXRpbmcgbWVt b3J5IGZyb20gdGhlCnRhcmdldCBkb21haW4gaW5zdGVhZCBvZiB0aGUgZW11 bGF0b3IgZG9tYWluLiBUaGVyZSBpcyBhbHJlYWR5IGFuIGV4dHJhCm1lbW9y eSBhbGxvd2FuY2Ugb2YgMk1CIChMSUJYTF9IVk1fRVhUUkFfTUVNT1JZKSBh cHBsaWVkIHRvIEhWTSBndWVzdHMsCndoaWNoIGlzIHN1ZmZpY2llbnQgdG8g Y292ZXIgdGhlIHBhZ2VzIHJlcXVpcmVkIGJ5IHRoZSBzdXBwb3J0ZWQKY29u ZmlndXJhdGlvbiBvZiBhIHNpbmdsZSBJT1JFUSBzZXJ2ZXIgZm9yIFFFTVUu IChTdHViLWRvbWFpbnMgZG8gbm90LApzbyBmYXIsIHVzZSByZXNvdXJjZSBt YXBwaW5nKS4gSXQgYWxzbyBhbHNvIHRoZSBjYXNlIHRoZSBRRU1VIHdpbGwg aGF2ZQptYXBwZWQgdGhlIElPUkVRIHNlcnZlciBwYWdlcyBiZWZvcmUgdGhl IGd1ZXN0IGJvb3RzLCBoZW5jZSBpdCBpcyBub3QKcG9zc2libGUgZm9yIHRo ZSBndWVzdCB0byBpbmZsYXRlIGl0cyBiYWxsb29uIHRvIGNvbnN1bWUgdGhl c2UgcGFnZXMuCgpSZXBvcnRlZC1ieTogSnVsaWVuIEdyYWxsIDxqdWxpZW4u Z3JhbGxAYXJtLmNvbT4KU2lnbmVkLW9mZi1ieTogUGF1bCBEdXJyYW50IDxw YXVsLmR1cnJhbnRAY2l0cml4LmNvbT4KLS0tCiB4ZW4vYXJjaC94ODYvaHZt L2lvcmVxLmMgfCAxMiArKy0tLS0tLS0tLS0KIHhlbi9hcmNoL3g4Ni9tbS5j ICAgICAgICB8ICA2IC0tLS0tLQogMiBmaWxlcyBjaGFuZ2VkLCAyIGluc2Vy dGlvbnMoKyksIDE2IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3hlbi9h cmNoL3g4Ni9odm0vaW9yZXEuYyBiL3hlbi9hcmNoL3g4Ni9odm0vaW9yZXEu YwppbmRleCBiZGMyNjg3MDE0Li5mZDEwZWU2MTQ2IDEwMDY0NAotLS0gYS94 ZW4vYXJjaC94ODYvaHZtL2lvcmVxLmMKKysrIGIveGVuL2FyY2gveDg2L2h2 bS9pb3JlcS5jCkBAIC0zNDIsMjAgKzM0MiwxMiBAQCBzdGF0aWMgaW50IGh2 bV9hbGxvY19pb3JlcV9tZm4oc3RydWN0IGh2bV9pb3JlcV9zZXJ2ZXIgKnMs IGJvb2wgYnVmKQogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAKLSAgICAv KgotICAgICAqIEFsbG9jYXRlZCBJT1JFUSBzZXJ2ZXIgcGFnZXMgYXJlIGFz c2lnbmVkIHRvIHRoZSBlbXVsYXRpbmcKLSAgICAgKiBkb21haW4sIG5vdCB0 aGUgdGFyZ2V0IGRvbWFpbi4gVGhpcyBpcyBzYWZlIGJlY2F1c2UgdGhlIGVt dWxhdGluZwotICAgICAqIGRvbWFpbiBjYW5ub3QgYmUgZGVzdHJveWVkIHVu dGlsIHRoZSBpb3JlcSBzZXJ2ZXIgaXMgZGVzdHJveWVkLgotICAgICAqIEFs c28gd2UgbXVzdCB1c2UgTUVNRl9ub19yZWZjb3VudCBvdGhlcndpc2UgcGFn ZSBhbGxvY2F0aW9uCi0gICAgICogY291bGQgZmFpbCBpZiB0aGUgZW11bGF0 aW5nIGRvbWFpbiBoYXMgYWxyZWFkeSByZWFjaGVkIGl0cwotICAgICAqIG1h eGltdW0gYWxsb2NhdGlvbi4KLSAgICAgKi8KLSAgICBwYWdlID0gYWxsb2Nf ZG9taGVhcF9wYWdlKHMtPmVtdWxhdG9yLCBNRU1GX25vX3JlZmNvdW50KTsK KyAgICBwYWdlID0gYWxsb2NfZG9taGVhcF9wYWdlKHMtPnRhcmdldCwgMCk7 CiAKICAgICBpZiAoICFwYWdlICkKICAgICAgICAgcmV0dXJuIC1FTk9NRU07 CiAKLSAgICBpZiAoICFnZXRfcGFnZV9hbmRfdHlwZShwYWdlLCBzLT5lbXVs YXRvciwgUEdUX3dyaXRhYmxlX3BhZ2UpICkKKyAgICBpZiAoICFnZXRfcGFn ZV9hbmRfdHlwZShwYWdlLCBzLT50YXJnZXQsIFBHVF93cml0YWJsZV9wYWdl KSApCiAgICAgewogICAgICAgICAvKgogICAgICAgICAgKiBUaGUgZG9tYWlu IGNhbid0IHBvc3NpYmx5IGtub3cgYWJvdXQgdGhpcyBwYWdlIHlldCwgc28g ZmFpbHVyZQpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L21tLmMgYi94ZW4v YXJjaC94ODYvbW0uYwppbmRleCA3ZDQ4NzFiNzkxLi4yNGIyMTVkNzg1IDEw MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJjaC94 ODYvbW0uYwpAQCAtNDM5NiwxMiArNDM5Niw2IEBAIGludCBhcmNoX2FjcXVp cmVfcmVzb3VyY2Uoc3RydWN0IGRvbWFpbiAqZCwgdW5zaWduZWQgaW50IHR5 cGUsCiAKICAgICAgICAgICAgIG1mbl9saXN0W2ldID0gbWZuX3gobWZuKTsK ICAgICAgICAgfQotCi0gICAgICAgIC8qCi0gICAgICAgICAqIFRoZSBmcmFt ZXMgd2lsbCBoYXZlIGJlZW4gYXNzaWduZWQgdG8gdGhlIGRvbWFpbiB0aGF0 IGNyZWF0ZWQKLSAgICAgICAgICogdGhlIGlvcmVxIHNlcnZlci4KLSAgICAg ICAgICovCi0gICAgICAgICpmbGFncyB8PSBYRU5NRU1fcnNyY19hY3FfY2Fs bGVyX293bmVkOwogICAgICAgICBicmVhazsKICAgICB9CiAKLS0gCjIuMTku MQoK --=separator Content-Type: application/octet-stream; name="xsa276/0001-x86-hvm-ioreq-fix-page-referencing.patch" Content-Disposition: attachment; filename="xsa276/0001-x86-hvm-ioreq-fix-page-referencing.patch" Content-Transfer-Encoding: base64 RnJvbSA1MWVmZjAzZWNlYjE4ZGIxMGYxOWE4OGY5MmZjMzY3YjM0ZDJhMTNl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gQmV1bGljaCA8 SkJldWxpY2hAc3VzZS5jb20+CkRhdGU6IFRodSwgMTEgT2N0IDIwMTggMDQ6 MDA6MjYgLTA2MDAKU3ViamVjdDogW1BBVENIIDEvMl0geDg2L2h2bS9pb3Jl cTogZml4IHBhZ2UgcmVmZXJlbmNpbmcKClRoZSBjb2RlIGRvZXMgbm90IHRh a2UgYSBwYWdlIHJlZmVyZW5jZSBpbiBodm1fYWxsb2NfaW9yZXFfbWZuKCks IG9ubHkgYQp0eXBlIHJlZmVyZW5jZS4gVGhpcyBjYW4gbGVhZCB0byBhIHNp dHVhdGlvbiB3aGVyZSBhIG1hbGljaW91cyBkb21haW4gd2l0aApYU01fRE1f UFJJViBjYW4gZW5naW5lZXIgYSBzZXF1ZW5jZSBhcyBmb2xsb3dzOgoKLSBj cmVhdGUgSU9SRVEgc2VydmVyOiBubyBwYWdlcyBhcyB5ZXQuCi0gYWNxdWly ZSByZXNvdXJjZTogcGFnZSBhbGxvY2F0ZWQsIHRvdGFsIDAuCi0gZGVjcmVh c2UgcmVzZXJ2YXRpb246IC0xIHJlZiwgdG90YWwgLTEuCgpUaGlzIHdpbGwg Y2F1c2UgWGVuIHRvIGhpdCBhIEJVR19PTigpIGluIGZyZWVfZG9taGVhcF9w YWdlcygpLgoKVGhpcyBwYXRjaCBmaXhlcyB0aGUgaXNzdWUgYnkgY2hhbmdp bmcgdGhlIGNhbGwgdG8gZ2V0X3BhZ2VfdHlwZSgpIGluCmh2bV9hbGxvY19p b3JlcV9tZm4oKSB0byBhIGNhbGwgdG8gZ2V0X3BhZ2VfYW5kX3R5cGUoKS4g VGhpcyBjaGFuZ2UKaW4gdHVybiByZXF1aXJlcyBhbiBleHRyYSBwdXRfcGFn ZSgpIGluIGh2bV9mcmVlX2lvcmVxX21mbigpIGluIHRoZSBjYXNlCnRoYXQg X1BHQ19hbGxvY2F0ZWQgaXMgc3RpbGwgc2V0IChpLmUuIGEgZGVjcmVhc2Ug cmVzZXJ2YXRpb24gaGFzIG5vdApvY2N1cnJlZCkgdG8gYXZvaWQgdGhlIHBh Z2UgYmVpbmcgbGVha2VkLgoKVGhpcyBpcyBwYXJ0IG9mIFhTQS0yNzYuCgpS ZXBvcnRlZC1ieTogSnVsaWVuIEdyYWxsIDxqdWxpZW4uZ3JhbGxAYXJtLmNv bT4KUmVwb3J0ZWQtYnk6IEp1bGllbiBHcmFsbCA8anVsaWVuLmdyYWxsQGFy bS5jb20+ClNpZ25lZC1vZmYtYnk6IFBhdWwgRHVycmFudCA8cGF1bC5kdXJy YW50QGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KLS0tCiB4ZW4vYXJjaC94ODYvaHZtL2lvcmVx LmMgfCA0NiArKysrKysrKysrKysrKysrKysrKysrKysrKystLS0tLS0tLS0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMzEgaW5zZXJ0aW9ucygrKSwgMTUgZGVs ZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L2h2bS9pb3Jl cS5jIGIveGVuL2FyY2gveDg2L2h2bS9pb3JlcS5jCmluZGV4IGUyZTc1NWE4 YTEuLmRhMzZlZjcyN2UgMTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0v aW9yZXEuYworKysgYi94ZW4vYXJjaC94ODYvaHZtL2lvcmVxLmMKQEAgLTM1 Niw2ICszNTYsNyBAQCBzdGF0aWMgaW50IGh2bV9tYXBfaW9yZXFfZ2ZuKHN0 cnVjdCBodm1faW9yZXFfc2VydmVyICpzLCBib29sIGJ1ZikKIHN0YXRpYyBp bnQgaHZtX2FsbG9jX2lvcmVxX21mbihzdHJ1Y3QgaHZtX2lvcmVxX3NlcnZl ciAqcywgYm9vbCBidWYpCiB7CiAgICAgc3RydWN0IGh2bV9pb3JlcV9wYWdl ICppb3JwID0gYnVmID8gJnMtPmJ1ZmlvcmVxIDogJnMtPmlvcmVxOworICAg IHN0cnVjdCBwYWdlX2luZm8gKnBhZ2U7CiAKICAgICBpZiAoIGlvcnAtPnBh Z2UgKQogICAgIHsKQEAgLTM3OCwyNyArMzc5LDMzIEBAIHN0YXRpYyBpbnQg aHZtX2FsbG9jX2lvcmVxX21mbihzdHJ1Y3QgaHZtX2lvcmVxX3NlcnZlciAq cywgYm9vbCBidWYpCiAgICAgICogY291bGQgZmFpbCBpZiB0aGUgZW11bGF0 aW5nIGRvbWFpbiBoYXMgYWxyZWFkeSByZWFjaGVkIGl0cwogICAgICAqIG1h eGltdW0gYWxsb2NhdGlvbi4KICAgICAgKi8KLSAgICBpb3JwLT5wYWdlID0g YWxsb2NfZG9taGVhcF9wYWdlKHMtPmVtdWxhdG9yLCBNRU1GX25vX3JlZmNv dW50KTsKKyAgICBwYWdlID0gYWxsb2NfZG9taGVhcF9wYWdlKHMtPmVtdWxh dG9yLCBNRU1GX25vX3JlZmNvdW50KTsKIAotICAgIGlmICggIWlvcnAtPnBh Z2UgKQorICAgIGlmICggIXBhZ2UgKQogICAgICAgICByZXR1cm4gLUVOT01F TTsKIAotICAgIGlmICggIWdldF9wYWdlX3R5cGUoaW9ycC0+cGFnZSwgUEdU X3dyaXRhYmxlX3BhZ2UpICkKLSAgICAgICAgZ290byBmYWlsMTsKKyAgICBp ZiAoICFnZXRfcGFnZV9hbmRfdHlwZShwYWdlLCBzLT5lbXVsYXRvciwgUEdU X3dyaXRhYmxlX3BhZ2UpICkKKyAgICB7CisgICAgICAgIC8qCisgICAgICAg ICAqIFRoZSBkb21haW4gY2FuJ3QgcG9zc2libHkga25vdyBhYm91dCB0aGlz IHBhZ2UgeWV0LCBzbyBmYWlsdXJlCisgICAgICAgICAqIGhlcmUgaXMgYSBj bGVhciBpbmRpY2F0aW9uIG9mIHNvbWV0aGluZyBmaXNoeSBnb2luZyBvbi4K KyAgICAgICAgICovCisgICAgICAgIGRvbWFpbl9jcmFzaChzLT5lbXVsYXRv cik7CisgICAgICAgIHJldHVybiAtRU5PREFUQTsKKyAgICB9CiAKLSAgICBp b3JwLT52YSA9IF9fbWFwX2RvbWFpbl9wYWdlX2dsb2JhbChpb3JwLT5wYWdl KTsKKyAgICBpb3JwLT52YSA9IF9fbWFwX2RvbWFpbl9wYWdlX2dsb2JhbChw YWdlKTsKICAgICBpZiAoICFpb3JwLT52YSApCi0gICAgICAgIGdvdG8gZmFp bDI7CisgICAgICAgIGdvdG8gZmFpbDsKIAorICAgIGlvcnAtPnBhZ2UgPSBw YWdlOwogICAgIGNsZWFyX3BhZ2UoaW9ycC0+dmEpOwogICAgIHJldHVybiAw OwogCi0gZmFpbDI6Ci0gICAgcHV0X3BhZ2VfdHlwZShpb3JwLT5wYWdlKTsK LQotIGZhaWwxOgotICAgIHB1dF9wYWdlKGlvcnAtPnBhZ2UpOwotICAgIGlv cnAtPnBhZ2UgPSBOVUxMOworIGZhaWw6CisgICAgaWYgKCB0ZXN0X2FuZF9j bGVhcl9iaXQoX1BHQ19hbGxvY2F0ZWQsICZwYWdlLT5jb3VudF9pbmZvKSAp CisgICAgICAgIHB1dF9wYWdlKHBhZ2UpOworICAgIHB1dF9wYWdlX2FuZF90 eXBlKHBhZ2UpOwogCiAgICAgcmV0dXJuIC1FTk9NRU07CiB9CkBAIC00MDYs MTUgKzQxMywyNCBAQCBzdGF0aWMgaW50IGh2bV9hbGxvY19pb3JlcV9tZm4o c3RydWN0IGh2bV9pb3JlcV9zZXJ2ZXIgKnMsIGJvb2wgYnVmKQogc3RhdGlj IHZvaWQgaHZtX2ZyZWVfaW9yZXFfbWZuKHN0cnVjdCBodm1faW9yZXFfc2Vy dmVyICpzLCBib29sIGJ1ZikKIHsKICAgICBzdHJ1Y3QgaHZtX2lvcmVxX3Bh Z2UgKmlvcnAgPSBidWYgPyAmcy0+YnVmaW9yZXEgOiAmcy0+aW9yZXE7Cisg ICAgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZSA9IGlvcnAtPnBhZ2U7CiAKLSAg ICBpZiAoICFpb3JwLT5wYWdlICkKKyAgICBpZiAoICFwYWdlICkKICAgICAg ICAgcmV0dXJuOwogCisgICAgaW9ycC0+cGFnZSA9IE5VTEw7CisKICAgICB1 bm1hcF9kb21haW5fcGFnZV9nbG9iYWwoaW9ycC0+dmEpOwogICAgIGlvcnAt PnZhID0gTlVMTDsKIAotICAgIHB1dF9wYWdlX2FuZF90eXBlKGlvcnAtPnBh Z2UpOwotICAgIGlvcnAtPnBhZ2UgPSBOVUxMOworICAgIC8qCisgICAgICog Q2hlY2sgd2hldGhlciB3ZSBuZWVkIHRvIGNsZWFyIHRoZSBhbGxvY2F0aW9u IHJlZmVyZW5jZSBiZWZvcmUKKyAgICAgKiBkcm9wcGluZyB0aGUgZXhwbGlj aXQgcmVmZXJlbmNlcyB0YWtlbiBieSBnZXRfcGFnZV9hbmRfdHlwZSgpLgor ICAgICAqLworICAgIGlmICggdGVzdF9hbmRfY2xlYXJfYml0KF9QR0NfYWxs b2NhdGVkLCAmcGFnZS0+Y291bnRfaW5mbykgKQorICAgICAgICBwdXRfcGFn ZShwYWdlKTsKKworICAgIHB1dF9wYWdlX2FuZF90eXBlKHBhZ2UpOwogfQog CiBib29sIGlzX2lvcmVxX3NlcnZlcl9wYWdlKHN0cnVjdCBkb21haW4gKmQs IGNvbnN0IHN0cnVjdCBwYWdlX2luZm8gKnBhZ2UpCi0tIAoyLjE5LjEKCg== --=separator Content-Type: application/octet-stream; name="xsa276/0002-x86-hvm-ioreq-use-ref-counted-target-assigned-shared.patch" Content-Disposition: attachment; filename="xsa276/0002-x86-hvm-ioreq-use-ref-counted-target-assigned-shared.patch" Content-Transfer-Encoding: base64 RnJvbSBmMjc1YTFmOGM4NDljOTI2ZGUzOWNkNjZjYThjOTcxYjlmNDM2Y2Zm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIER1cnJhbnQg PFBhdWwuRHVycmFudEBjaXRyaXguY29tPgpEYXRlOiBUaHUsIDEgTm92IDIw MTggMTc6MzA6MjAgKzAwMDAKU3ViamVjdDogW1BBVENIIDIvMl0geDg2L2h2 bS9pb3JlcTogdXNlIHJlZi1jb3VudGVkIHRhcmdldC1hc3NpZ25lZCBzaGFy ZWQKIHBhZ2VzCgpQYXNzaW5nIE1FTUZfbm9fcmVmY291bnQgdG8gYWxsb2Nf ZG9taGVhcF9wYWdlcygpIHdpbGwgYWxsb2NhdGUsIGFzCmV4cGVjdGVkLCBh IHBhZ2UgdGhhdCBpcyBhc3NpZ25lZCB0byB0aGUgc3BlY2lmaWVkIGRvbWFp biBidXQgaXMgbm90CmFjY291bnRlZCBmb3IgaW4gdG90X3BhZ2VzLiBVbmZv cnR1bmF0ZWx5IHRoZXJlIGlzIG5vIGxvZ2ljIGZvciB0cmFja2luZwpzdWNo IGFsbG9jYXRpb25zIGFuZCBhdm9pZGluZyBhbnkgYWRqdXN0bWVudCB0byB0 b3RfcGFnZXMgd2hlbiB0aGUgcGFnZQppcyBmcmVlZC4KClRoZSBvbmx5IGNh bGxlciBvZiBhbGxvY19kb21oZWFwX3BhZ2VzKCkgdGhhdCBwYXNzZXMgTUVN Rl9ub19yZWZjb3VudCBpcwpodm1fYWxsb2NfaW9yZXFfbWZuKCkgc28gdGhp cyBwYXRjaCByZW1vdmVzIHVzZSBvZiB0aGUgZmxhZyBmcm9tIHRoYXQKY2Fs bC1zaXRlIHRvIGF2b2lkIHRoZSBwb3NzaWJpbGl0eSBvZiBhIGRvbWFpbiB1 c2luZyBhbiBpb3JlcSBzZXJ2ZXIgYXMKYSBtZWFucyB0byBhZGp1c3QgaXRz IHRvdF9wYWdlcyBhbmQgaGVuY2UgYWxsb2NhdGUgbW9yZSBtZW1vcnkgdGhh biBpdApzaG91bGQgYmUgYWJsZSB0by4KCkhvd2V2ZXIsIHRoZSByZWFzb24g Zm9yIHVzaW5nIHRoZSBmbGFnIGluIHRoZSBmaXJzdCBwbGFjZSB3YXMgdG8g YXZvaWQKdGhlIGFsbG9jYXRpb24gZmFpbGluZyBpZiB0aGUgZW11bGF0b3Ig ZG9tYWluIGlzIGFscmVhZHkgYXQgaXRzIG1heGltdW0KbWVtb3J5IGxpbWl0 LiBIZW5jZSB0aGlzIHBhdGNoIHN3aXRjaGVzIHRvIGFsbG9jYXRpbmcgbWVt b3J5IGZyb20gdGhlCnRhcmdldCBkb21haW4gaW5zdGVhZCBvZiB0aGUgZW11 bGF0b3IgZG9tYWluLiBUaGVyZSBpcyBhbHJlYWR5IGFuIGV4dHJhCm1lbW9y eSBhbGxvd2FuY2Ugb2YgMk1CIChMSUJYTF9IVk1fRVhUUkFfTUVNT1JZKSBh cHBsaWVkIHRvIEhWTSBndWVzdHMsCndoaWNoIGlzIHN1ZmZpY2llbnQgdG8g Y292ZXIgdGhlIHBhZ2VzIHJlcXVpcmVkIGJ5IHRoZSBzdXBwb3J0ZWQKY29u ZmlndXJhdGlvbiBvZiBhIHNpbmdsZSBJT1JFUSBzZXJ2ZXIgZm9yIFFFTVUu IChTdHViLWRvbWFpbnMgZG8gbm90LApzbyBmYXIsIHVzZSByZXNvdXJjZSBt YXBwaW5nKS4gSXQgYWxzbyBhbHNvIHRoZSBjYXNlIHRoZSBRRU1VIHdpbGwg aGF2ZQptYXBwZWQgdGhlIElPUkVRIHNlcnZlciBwYWdlcyBiZWZvcmUgdGhl IGd1ZXN0IGJvb3RzLCBoZW5jZSBpdCBpcyBub3QKcG9zc2libGUgZm9yIHRo ZSBndWVzdCB0byBpbmZsYXRlIGl0cyBiYWxsb29uIHRvIGNvbnN1bWUgdGhl c2UgcGFnZXMuCgpSZXBvcnRlZC1ieTogSnVsaWVuIEdyYWxsIDxqdWxpZW4u Z3JhbGxAYXJtLmNvbT4KU2lnbmVkLW9mZi1ieTogUGF1bCBEdXJyYW50IDxw YXVsLmR1cnJhbnRAY2l0cml4LmNvbT4KLS0tCiB4ZW4vYXJjaC94ODYvaHZt L2lvcmVxLmMgfCAxMiArKy0tLS0tLS0tLS0KIHhlbi9hcmNoL3g4Ni9tbS5j ICAgICAgICB8ICA2IC0tLS0tLQogMiBmaWxlcyBjaGFuZ2VkLCAyIGluc2Vy dGlvbnMoKyksIDE2IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3hlbi9h cmNoL3g4Ni9odm0vaW9yZXEuYyBiL3hlbi9hcmNoL3g4Ni9odm0vaW9yZXEu YwppbmRleCBkYTM2ZWY3MjdlLi5hNTZkNjM0ZjMxIDEwMDY0NAotLS0gYS94 ZW4vYXJjaC94ODYvaHZtL2lvcmVxLmMKKysrIGIveGVuL2FyY2gveDg2L2h2 bS9pb3JlcS5jCkBAIC0zNzEsMjAgKzM3MSwxMiBAQCBzdGF0aWMgaW50IGh2 bV9hbGxvY19pb3JlcV9tZm4oc3RydWN0IGh2bV9pb3JlcV9zZXJ2ZXIgKnMs IGJvb2wgYnVmKQogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAKLSAgICAv KgotICAgICAqIEFsbG9jYXRlZCBJT1JFUSBzZXJ2ZXIgcGFnZXMgYXJlIGFz c2lnbmVkIHRvIHRoZSBlbXVsYXRpbmcKLSAgICAgKiBkb21haW4sIG5vdCB0 aGUgdGFyZ2V0IGRvbWFpbi4gVGhpcyBpcyBzYWZlIGJlY2F1c2UgdGhlIGVt dWxhdGluZwotICAgICAqIGRvbWFpbiBjYW5ub3QgYmUgZGVzdHJveWVkIHVu dGlsIHRoZSBpb3JlcSBzZXJ2ZXIgaXMgZGVzdHJveWVkLgotICAgICAqIEFs c28gd2UgbXVzdCB1c2UgTUVNRl9ub19yZWZjb3VudCBvdGhlcndpc2UgcGFn ZSBhbGxvY2F0aW9uCi0gICAgICogY291bGQgZmFpbCBpZiB0aGUgZW11bGF0 aW5nIGRvbWFpbiBoYXMgYWxyZWFkeSByZWFjaGVkIGl0cwotICAgICAqIG1h eGltdW0gYWxsb2NhdGlvbi4KLSAgICAgKi8KLSAgICBwYWdlID0gYWxsb2Nf ZG9taGVhcF9wYWdlKHMtPmVtdWxhdG9yLCBNRU1GX25vX3JlZmNvdW50KTsK KyAgICBwYWdlID0gYWxsb2NfZG9taGVhcF9wYWdlKHMtPnRhcmdldCwgMCk7 CiAKICAgICBpZiAoICFwYWdlICkKICAgICAgICAgcmV0dXJuIC1FTk9NRU07 CiAKLSAgICBpZiAoICFnZXRfcGFnZV9hbmRfdHlwZShwYWdlLCBzLT5lbXVs YXRvciwgUEdUX3dyaXRhYmxlX3BhZ2UpICkKKyAgICBpZiAoICFnZXRfcGFn ZV9hbmRfdHlwZShwYWdlLCBzLT50YXJnZXQsIFBHVF93cml0YWJsZV9wYWdl KSApCiAgICAgewogICAgICAgICAvKgogICAgICAgICAgKiBUaGUgZG9tYWlu IGNhbid0IHBvc3NpYmx5IGtub3cgYWJvdXQgdGhpcyBwYWdlIHlldCwgc28g ZmFpbHVyZQpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L21tLmMgYi94ZW4v YXJjaC94ODYvbW0uYwppbmRleCA3MDNmMzMwMWE1Li42NTgwMzc0NTU0IDEw MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvbW0uYworKysgYi94ZW4vYXJjaC94 ODYvbW0uYwpAQCAtNDQ2NywxMiArNDQ2Nyw2IEBAIGludCBhcmNoX2FjcXVp cmVfcmVzb3VyY2Uoc3RydWN0IGRvbWFpbiAqZCwgdW5zaWduZWQgaW50IHR5 cGUsCiAKICAgICAgICAgICAgIG1mbl9saXN0W2ldID0gbWZuX3gobWZuKTsK ICAgICAgICAgfQotCi0gICAgICAgIC8qCi0gICAgICAgICAqIFRoZSBmcmFt ZXMgd2lsbCBoYXZlIGJlZW4gYXNzaWduZWQgdG8gdGhlIGRvbWFpbiB0aGF0 IGNyZWF0ZWQKLSAgICAgICAgICogdGhlIGlvcmVxIHNlcnZlci4KLSAgICAg ICAgICovCi0gICAgICAgICpmbGFncyB8PSBYRU5NRU1fcnNyY19hY3FfY2Fs bGVyX293bmVkOwogICAgICAgICBicmVhazsKICAgICB9CiAjZW5kaWYKLS0g CjIuMTkuMQoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Nov 20 13:31:56 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 20 Nov 2018 13:31:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP67J-0006Bk-Qs; Tue, 20 Nov 2018 13:31:01 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP67I-0006BE-Ki for xen-announce@lists.xen.org; Tue, 20 Nov 2018 13:31:00 +0000 X-Inumbo-ID: 83c5dd8e-ecc8-11e8-b8c0-12d6303a7972 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 83c5dd8e-ecc8-11e8-b8c0-12d6303a7972; Tue, 20 Nov 2018 13:30:58 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gP677-0006vZ-AN; Tue, 20 Nov 2018 13:30:49 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1gP677-00025q-7n; Tue, 20 Nov 2018 13:30:49 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 20 Nov 2018 13:30:49 +0000 Subject: [Xen-announce] Xen Security Advisory 280 v2 - Fix for XSA-240 conflicts with shadow paging X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-280 version 2 Fix for XSA-240 conflicts with shadow paging UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The fix for XSA-240 introduced a new field into the control structure associated with each page of RAM. This field was added to a union, another member of which is used when Xen uses shadow paging for the guest. During migration, or with the L1TF (XSA-273) mitigation for PV guests in effect, the two uses conflict. IMPACT ====== A malicious or buggy x86 PV guest may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. VULNERABLE SYSTEMS ================== All Xen versions from at least 3.2 onwards are vulnerable. Earlier versions have not been checked. Only x86 systems are affected. ARM systems are not affected. Only Xen versions with the XSA-240 fixes applied are vulnerable. Only Xen versions which permit linear page table use by PV guests are vulnerable. Only x86 PV guests can leverage this vulnerability. x86 HVM guests cannot leverage this vulnerability. MITIGATION ========== Not permitting linear page table use by PV guests avoids the vulnerability. This can be done both at build time, by turning off the PV_LINEAR_PT configure option, or at runtime, by passing specifying "pv-linear-pt=0" on the hypervisor command line. On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which have themselves been hardened against L1TF _and_ avoiding live migrating or snapshotting PV guests will generally prevent this issue being triggered. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. Running only HVM guests will avoid this vulnerability. CREDITS ======= This issue was discovered by the security team of Prgmr.com. RESOLUTION ========== Applying the appropriate pair of attached patches resolves this issue. xsa280-?.patch xen-unstable xsa280-1.patch + xsa280-4.11-2.patch Xen 4.11.x xsa280-1.patch + xsa280-4.10-2.patch Xen 4.10.x xsa280-4.9-1.patch + xsa280-4.10-2.patch Xen 4.9.x, Xen 4.8.x xsa280-4.9-1.patch + xsa280-4.7-2.patch Xen 4.7.x $ sha256sum xsa280* ff0b376b9e2ec16f7c15b144d4d38375d6f6b4019aa9c17f6b80f9dfe40319ef xsa280.meta 41b2b91dbabbf2048c790c5934ab696ef53932ff98d1069eb7c7ae52e61cd44b xsa280-1.patch d46e46a6e706e0d3416d40ed12227223f7e8f825dfc63ed203c1df115976e8a1 xsa280-2.patch 163eaf2e16d5cc314a81fa1254eb2809674001b2329c41556a078b7f94e72ced xsa280-4.7-2.patch 22e9d29f316356341db40c743ca59f9bb9d783a58fb6429d5badf57a77b5f34a xsa280-4.9-1.patch ff0a839dbd9347ec88aaeb7ef1145d0cd9029a19c6a478088c63c0959ba0e740 xsa280-4.10-2.patch 87940f3b84d0adfd89e1b2bc1a872ae2948e1621e4994e7879b77e327b0136b5 xsa280-4.11-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) EXCEPT the linear page table disabling one is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the linear page table disabling mitigation is NOT PERMITTED (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because altering the set of features usable in a guest in connection with a security issue would be a user-visible change which could lead to the rediscovery of the vulnerability. Also: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlv0DEsMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZnkQH/iyCga79/YRwqCHB5nrTlQhY0g6E5zA2debKtfxS MPosJQZy7/PzkvbBPnHBYEve8UyvQuVQXs+WOhCL7625HbadgrUOD3LJzbhmduI0 AT5lbLTmM5ac9iBeLQeqkERDJOi8RSx4AtH5NhVvnSWFD/KXQvB1zow1bOIS5drz 5YMr4nA1xX0mmzx//bWRHiUbi72dvrWAeFEPj5wcxNlsGnTqTSyTvMehlJevMfC2 Rthft7e7WZQWy5z5TdbErJbDNuS9beiEvTkuO6oC3QVo5CIXDsuwCk20Q5T5Z9gg SkoyXO1OO+MIeBpBzrIRvJrrtFpfR7s8weKcrKM8GukyMsM= =drCg -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa280.meta" Content-Disposition: attachment; filename="xsa280.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyODAsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMSIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwK ICAgICI0LjgiLAogICAgIjQuNyIKICBdLAogICJUcmVlcyI6IFsKICAgICJ4 ZW4iCiAgXSwKICAiUmVjaXBlcyI6IHsKICAgICI0LjEwIjogewogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICJlOTA3NDYwZmQ2MWMzNTA0ODdmZmVlNWQ4YWEzNzViZWY1NmJj ODFjIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNzUs CiAgICAgICAgICAgIDI3OQogICAgICAgICAgXSwKICAgICAgICAgICJQYXRj aGVzIjogWwogICAgICAgICAgICAieHNhMjgwLTEucGF0Y2giLAogICAgICAg ICAgICAieHNhMjgwLTQuMTAtMi5wYXRjaCIKICAgICAgICAgIF0KICAgICAg ICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC4xMSI6IHsKICAgICAgIlJlY2lw ZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYi OiAiZGVhOWZjMGUwMmQ5MmY1ZTZkNDY2ODBhYTBhNTJmYTc1OGVjYTljNCIs CiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjc1LAogICAg ICAgICAgICAyNzYsCiAgICAgICAgICAgIDI3NywKICAgICAgICAgICAgMjc5 CiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAg ICAgICJ4c2EyODAtMS5wYXRjaCIsCiAgICAgICAgICAgICJ4c2EyODAtNC4x MS0yLnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAg fSwKICAgICI0LjciOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4 ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjljODI3NTk0NDgyOWM1 NWFmM2RjNzA4NzEyY2E1YzEyMGIxYmIzMjgiLAogICAgICAgICAgIlByZXJl cXMiOiBbCiAgICAgICAgICAgIDI3NSwKICAgICAgICAgICAgMjc5CiAgICAg ICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4 c2EyODAtNC45LTEucGF0Y2giLAogICAgICAgICAgICAieHNhMjgwLTQuNy0y LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwK ICAgICI0LjgiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4i OiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImQ2Nzk4Y2UzNTcwN2E0ODVk OWMxMzIzMTlkNzBkZDY1NDYyMGU1ZTUiLAogICAgICAgICAgIlByZXJlcXMi OiBbCiAgICAgICAgICAgIDI3NSwKICAgICAgICAgICAgMjc5CiAgICAgICAg ICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2Ey ODAtNC45LTEucGF0Y2giLAogICAgICAgICAgICAieHNhMjgwLTQuMTAtMi5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC45IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjog ewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJmMTM5ODNkYjEyMGY1ZTU2ZGZl ZmJlZTVkNTY2NzhkMmQ0M2UyOTE0IiwKICAgICAgICAgICJQcmVyZXFzIjog WwogICAgICAgICAgICAyNzUsCiAgICAgICAgICAgIDI3OQogICAgICAgICAg XSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjgw LTQuOS0xLnBhdGNoIiwKICAgICAgICAgICAgInhzYTI4MC00LjEwLTIucGF0 Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAg Im1hc3RlciI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6 IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiMWRlMzQ1OWUwOTYxZmYzMjMz MzkyY2YyMWE2OWNhZmU5MDA2ZGU1OSIsCiAgICAgICAgICAiUHJlcmVxcyI6 IFsKICAgICAgICAgICAgMjc1LAogICAgICAgICAgICAyNzYsCiAgICAgICAg ICAgIDI3NywKICAgICAgICAgICAgMjc5CiAgICAgICAgICBdLAogICAgICAg ICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyODAtPy5wYXRjaCIK ICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa280-1.patch" Content-Disposition: attachment; filename="xsa280-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvc2hhZG93OiBtb3ZlIE9PUyBmbGFnIGJpdCBwb3NpdGlvbnMKCklu IHByZXBhcmF0aW9uIG9mIHJlZHVjaW5nIHN0cnVjdCBwYWdlX2luZm8ncyBz aGFkb3dfZmxhZ3MgZmllbGQgdG8gMTYKYml0cywgbG93ZXIgdGhlIGJpdCBw b3NpdGlvbnMgdXNlZCBmb3IgU0hGX291dF9vZl9zeW5jIGFuZApTSEZfb29z X21heV93cml0ZS4KCkluc3RlYWQgb2YgYWxzbyBhZGp1c3RpbmcgdGhlIG9w ZW4gY29kZWQgdXNlIGluIF9nZXRfcGFnZV90eXBlKCksCmludHJvZHVjZSBz aGFkb3dfcHJlcGFyZV9wYWdlX3R5cGVfY2hhbmdlKCkgdG8gY29udGFpbiBr bm93bGVkZ2Ugb2YgdGhlCmJpdCBwb3NpdGlvbnMgdG8gc2hhZG93IGNvZGUu CgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI4MC4KClNpZ25lZC1vZmYtYnk6IEph biBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IFRp bSBEZWVnYW4gPHRpbUB4ZW4ub3JnPgotLS0KdjI6IFJlbmFtZSBmdW5jdGlv biBhbmQgcGFzcyBmdWxsIHR5cGUuCgotLS0gYS94ZW4vYXJjaC94ODYvbW0u YworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtMjcxMiwxNyArMjcxMiw4 IEBAIHN0YXRpYyBpbnQgX2dldF9wYWdlX3R5cGUoc3RydWN0IHBhZ2VfaW4K ICAgICAgICAgewogICAgICAgICAgICAgc3RydWN0IGRvbWFpbiAqZCA9IHBh Z2VfZ2V0X293bmVyKHBhZ2UpOwogCi0gICAgICAgICAgICAvKgotICAgICAg ICAgICAgICogTm9ybWFsbHkgd2Ugc2hvdWxkIG5ldmVyIGxldCBhIHBhZ2Ug Z28gZnJvbSB0eXBlIGNvdW50IDAKLSAgICAgICAgICAgICAqIHRvIHR5cGUg Y291bnQgMSB3aGVuIGl0IGlzIHNoYWRvd2VkLiBPbmUgZXhjZXB0aW9uOgot ICAgICAgICAgICAgICogb3V0LW9mLXN5bmMgc2hhZG93ZWQgcGFnZXMgYXJl IGFsbG93ZWQgdG8gYmVjb21lCi0gICAgICAgICAgICAgKiB3cml0ZWFibGUu Ci0gICAgICAgICAgICAgKi8KLSAgICAgICAgICAgIGlmICggZCAmJiBzaGFk b3dfbW9kZV9lbmFibGVkKGQpCi0gICAgICAgICAgICAgICAgICYmIChwYWdl LT5jb3VudF9pbmZvICYgUEdDX3BhZ2VfdGFibGUpCi0gICAgICAgICAgICAg ICAgICYmICEoKHBhZ2UtPnNoYWRvd19mbGFncyAmICgxdTw8MjkpKQotICAg ICAgICAgICAgICAgICAgICAgICYmIHR5cGUgPT0gUEdUX3dyaXRhYmxlX3Bh Z2UpICkKLSAgICAgICAgICAgICAgIHNoYWRvd19yZW1vdmVfYWxsX3NoYWRv d3MoZCwgcGFnZV90b19tZm4ocGFnZSkpOworICAgICAgICAgICAgaWYgKCBk ICYmIHNoYWRvd19tb2RlX2VuYWJsZWQoZCkgKQorICAgICAgICAgICAgICAg c2hhZG93X3ByZXBhcmVfcGFnZV90eXBlX2NoYW5nZShkLCBwYWdlLCB0eXBl KTsKIAogICAgICAgICAgICAgQVNTRVJUKCEoeCAmIFBHVF9wYWVfeGVuX2wy KSk7CiAgICAgICAgICAgICBpZiAoICh4ICYgUEdUX3R5cGVfbWFzaykgIT0g dHlwZSApCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMK KysrIGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9jb21tb24uYwpAQCAtNzQ5 LDYgKzc0OSw5IEBAIGludCBzaF91bnN5bmMoc3RydWN0IHZjcHUgKnYsIG1m bl90IGdtZm4KICAgICAgICAgIHx8ICF2LT5kb21haW4tPmFyY2gucGFnaW5n LnNoYWRvdy5vb3NfYWN0aXZlICkKICAgICAgICAgcmV0dXJuIDA7CiAKKyAg ICBCVUlMRF9CVUdfT04oISh0eXBlb2YocGctPnNoYWRvd19mbGFncykpU0hG X291dF9vZl9zeW5jKTsKKyAgICBCVUlMRF9CVUdfT04oISh0eXBlb2YocGct PnNoYWRvd19mbGFncykpU0hGX29vc19tYXlfd3JpdGUpOworCiAgICAgcGct PnNoYWRvd19mbGFncyB8PSBTSEZfb3V0X29mX3N5bmN8U0hGX29vc19tYXlf d3JpdGU7CiAgICAgb29zX2hhc2hfYWRkKHYsIGdtZm4pOwogICAgIHBlcmZj X2luY3Ioc2hhZG93X3Vuc3luYyk7CkBAIC0yNDEzLDYgKzI0MTYsMjYgQEAg dm9pZCBzaF9yZW1vdmVfc2hhZG93cyhzdHJ1Y3QgZG9tYWluICpkLAogICAg IHBhZ2luZ191bmxvY2soZCk7CiB9CiAKK3ZvaWQgc2hhZG93X3ByZXBhcmVf cGFnZV90eXBlX2NoYW5nZShzdHJ1Y3QgZG9tYWluICpkLCBzdHJ1Y3QgcGFn ZV9pbmZvICpwYWdlLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHVuc2lnbmVkIGxvbmcgbmV3X3R5cGUpCit7CisgICAgaWYgKCAh KHBhZ2UtPmNvdW50X2luZm8gJiBQR0NfcGFnZV90YWJsZSkgKQorICAgICAg ICByZXR1cm47CisKKyNpZiAoU0hBRE9XX09QVElNSVpBVElPTlMgJiBTSE9Q VF9PVVRfT0ZfU1lOQykKKyAgICAvKgorICAgICAqIE5vcm1hbGx5IHdlIHNo b3VsZCBuZXZlciBsZXQgYSBwYWdlIGdvIGZyb20gdHlwZSBjb3VudCAwIHRv IHR5cGUKKyAgICAgKiBjb3VudCAxIHdoZW4gaXQgaXMgc2hhZG93ZWQuIE9u ZSBleGNlcHRpb246IG91dC1vZi1zeW5jIHNoYWRvd2VkCisgICAgICogcGFn ZXMgYXJlIGFsbG93ZWQgdG8gYmVjb21lIHdyaXRlYWJsZS4KKyAgICAgKi8K KyAgICBpZiAoIChwYWdlLT5zaGFkb3dfZmxhZ3MgJiBTSEZfb29zX21heV93 cml0ZSkgJiYKKyAgICAgICAgIG5ld190eXBlID09IFBHVF93cml0YWJsZV9w YWdlICkKKyAgICAgICAgcmV0dXJuOworI2VuZGlmCisKKyAgICBzaGFkb3df cmVtb3ZlX2FsbF9zaGFkb3dzKGQsIHBhZ2VfdG9fbWZuKHBhZ2UpKTsKK30K Kwogc3RhdGljIHZvaWQKIHNoX3JlbW92ZV9hbGxfc2hhZG93c19hbmRfcGFy ZW50cyhzdHJ1Y3QgZG9tYWluICpkLCBtZm5fdCBnbWZuKQogLyogRXZlbiBo YXJzaGVyOiB0aGlzIGlzIGEgSFZNIHBhZ2UgdGhhdCB3ZSB0aGluZyBpcyBu byBsb25nZXIgYSBwYWdldGFibGUuCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9z aGFkb3cvcHJpdmF0ZS5oCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cv cHJpdmF0ZS5oCkBAIC0yODUsOCArMjg1LDggQEAgc3RhdGljIGlubGluZSB2 b2lkIHNoX3Rlcm1pbmF0ZV9saXN0KHN0cgogICogY29kZXBhdGggaXMgY2Fs bGVkIGR1cmluZyB0aGF0IHRpbWUgYW5kIGlzIHNlbnNpdGl2ZSB0byBvb3Mg aXNzdWVzLCBpdCBtYXkKICAqIG5lZWQgdG8gdXNlIHRoZSBzZWNvbmQgZmxh Zy4KICAqLwotI2RlZmluZSBTSEZfb3V0X29mX3N5bmMgKDF1PDwzMCkKLSNk ZWZpbmUgU0hGX29vc19tYXlfd3JpdGUgKDF1PDwyOSkKKyNkZWZpbmUgU0hG X291dF9vZl9zeW5jICgxdSA8PCAoU0hfdHlwZV9tYXhfc2hhZG93ICsgMSkp CisjZGVmaW5lIFNIRl9vb3NfbWF5X3dyaXRlICgxdSA8PCAoU0hfdHlwZV9t YXhfc2hhZG93ICsgMikpCiAKICNlbmRpZiAvKiAoU0hBRE9XX09QVElNSVpB VElPTlMgJiBTSE9QVF9PVVRfT0ZfU1lOQykgKi8KIAotLS0gYS94ZW4vaW5j bHVkZS9hc20teDg2L3NoYWRvdy5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14 ODYvc2hhZG93LmgKQEAgLTgxLDYgKzgxLDEwIEBAIHZvaWQgc2hhZG93X2Zp bmFsX3RlYXJkb3duKHN0cnVjdCBkb21haW4KIAogdm9pZCBzaF9yZW1vdmVf c2hhZG93cyhzdHJ1Y3QgZG9tYWluICpkLCBtZm5fdCBnbWZuLCBpbnQgZmFz dCwgaW50IGFsbCk7CiAKKy8qIEFkanVzdCBzaGFkb3dzIHJlYWR5IGZvciBh IGd1ZXN0IHBhZ2UgdG8gY2hhbmdlIGl0cyB0eXBlLiAqLwordm9pZCBzaGFk b3dfcHJlcGFyZV9wYWdlX3R5cGVfY2hhbmdlKHN0cnVjdCBkb21haW4gKmQs IHN0cnVjdCBwYWdlX2luZm8gKnBhZ2UsCisgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdW5zaWduZWQgbG9uZyBuZXdfdHlwZSk7CisK IC8qIERpc2NhcmQgX2FsbF8gbWFwcGluZ3MgZnJvbSB0aGUgZG9tYWluJ3Mg c2hhZG93cy4gKi8KIHZvaWQgc2hhZG93X2Jsb3dfdGFibGVzX3Blcl9kb21h aW4oc3RydWN0IGRvbWFpbiAqZCk7CiAKQEAgLTEwNSw2ICsxMDksMTAgQEAg aW50IHNoYWRvd19zZXRfYWxsb2NhdGlvbihzdHJ1Y3QgZG9tYWluCiBzdGF0 aWMgaW5saW5lIHZvaWQgc2hfcmVtb3ZlX3NoYWRvd3Moc3RydWN0IGRvbWFp biAqZCwgbWZuX3QgZ21mbiwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBpbnQgZmFzdCwgaW50IGFsbCkge30KIAorc3RhdGljIGlu bGluZSB2b2lkIHNoYWRvd19wcmVwYXJlX3BhZ2VfdHlwZV9jaGFuZ2Uoc3Ry dWN0IGRvbWFpbiAqZCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2Us CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB1bnNpZ25lZCBsb25nIG5ld190eXBlKSB7fQorCiBzdGF0aWMg aW5saW5lIHZvaWQgc2hhZG93X2Jsb3dfdGFibGVzX3Blcl9kb21haW4oc3Ry dWN0IGRvbWFpbiAqZCkge30KIAogc3RhdGljIGlubGluZSBpbnQgc2hhZG93 X2RvbWN0bChzdHJ1Y3QgZG9tYWluICpkLAo= --=separator Content-Type: application/octet-stream; name="xsa280-2.patch" Content-Disposition: attachment; filename="xsa280-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvc2hhZG93OiBzaHJpbmsgc3RydWN0IHBhZ2VfaW5mbydzIHNoYWRv d19mbGFncyB0byAxNiBiaXRzCgpUaGlzIGlzIHRvIGF2b2lkIGl0IG92ZXJs YXBwaW5nIHRoZSBsaW5lYXJfcHRfY291bnQgZmllbGQgbmVlZGVkIGZvciBQ Vgpkb21haW5zLiBJbnRyb2R1Y2UgYSBzZXBhcmF0ZSwgSFZNLW9ubHkgcGFn ZXRhYmxlX2R5aW5nIGZpZWxkIHRvIHJlcGxhY2UKdGhlIHNvbGUgb25lIGxl ZnQgaW4gdGhlIHVwcGVyIDE2IGJpdHMuCgpOb3RlIHRoYXQgdGhlIGFjY2Vz c2VzIHRvIC0+c2hhZG93X2ZsYWdzIGluIHNoYWRvd197cHJvLGRlfW1vdGUo KSBnZXQKc3dpdGNoZWQgdG8gbm9uLWF0b21pYywgbm9uLWJpdG9wcyBvcGVy YXRpb25zLCBhcyB7dGVzdCxzZXQsY2xlYXJ9X2JpdCgpCmFyZSBub3QgYWxs b3dlZCBvbiB1aW50MTZfdCBmaWVsZHMgYW5kIGhlbmNlIHRoZWlyIHVzZSB3 b3VsZCBoYXZlCnJlcXVpcmVkIHVnbHkgY2FzdHMuIFRoaXMgaXMgZmluZSBi ZWNhdXNlIGFsbCB1cGRhdGVzIG9mIHRoZSBmaWVsZCBvdWdodAp0byBvY2N1 ciB3aXRoIHRoZSBwYWdpbmcgbG9jayBoZWxkLCBhbmQgb3RoZXIgdXBkYXRl cyBvZiBpdCB1c2UgfD0gYW5kCiY9IGFzIHdlbGwgKGkuZS4gdXNpbmcgYXRv bWljIG9wZXJhdGlvbnMgaGVyZSBkaWRuJ3QgcmVhbGx5IGd1YXJkCmFnYWlu c3QgcG90ZW50aWFsbHkgcmFjaW5nIHVwZGF0ZXMgZWxzZXdoZXJlKS4KClRo aXMgaXMgcGFydCBvZiBYU0EtMjgwLgoKUmVwb3J0ZWQtYnk6IFByZ21yLmNv bSBTZWN1cml0eSA8c2VjdXJpdHlAcHJnbXIuY29tPgpTaWduZWQtb2ZmLWJ5 OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5 OiBUaW0gRGVlZ2FuIDx0aW1AeGVuLm9yZz4KLS0tCnYyOiBVc2Ugbm9uLWF0 b21pYywgbm9uLWJpdG9wcyBhY2Nlc3NlcyB0byAtPnNoYWRvd19mbGFncyBp bgogICAgc2hhZG93X3twcm8sZGV9bW90ZSgpLgoKLS0tIGEveGVuL2FyY2gv eDg2L21tL3NoYWRvdy9jb21tb24uYworKysgYi94ZW4vYXJjaC94ODYvbW0v c2hhZG93L2NvbW1vbi5jCkBAIC03ODcsMTAgKzc4NywxNCBAQCB2b2lkIHNo YWRvd19wcm9tb3RlKHN0cnVjdCBkb21haW4gKmQsIG1mCiAKICAgICAvKiBJ cyB0aGUgcGFnZSBhbHJlYWR5IHNoYWRvd2VkPyAqLwogICAgIGlmICggIXRl c3RfYW5kX3NldF9iaXQoX1BHQ19wYWdlX3RhYmxlLCAmcGFnZS0+Y291bnRf aW5mbykgKQorICAgIHsKICAgICAgICAgcGFnZS0+c2hhZG93X2ZsYWdzID0g MDsKKyAgICAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpICkKKyAgICAgICAg ICAgIHBhZ2UtPnBhZ2V0YWJsZV9keWluZyA9IGZhbHNlOworICAgIH0KIAot ICAgIEFTU0VSVCghdGVzdF9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19mbGFn cykpOwotICAgIHNldF9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19mbGFncyk7 CisgICAgQVNTRVJUKCEocGFnZS0+c2hhZG93X2ZsYWdzICYgKDF1IDw8IHR5 cGUpKSk7CisgICAgcGFnZS0+c2hhZG93X2ZsYWdzIHw9IDF1IDw8IHR5cGU7 CiAgICAgVFJBQ0VfU0hBRE9XX1BBVEhfRkxBRyhUUkNFX1NGTEFHX1BST01P VEUpOwogfQogCkBAIC03OTksOSArODAzLDkgQEAgdm9pZCBzaGFkb3dfZGVt b3RlKHN0cnVjdCBkb21haW4gKmQsIG1mbgogICAgIHN0cnVjdCBwYWdlX2lu Zm8gKnBhZ2UgPSBtZm5fdG9fcGFnZShnbWZuKTsKIAogICAgIEFTU0VSVCh0 ZXN0X2JpdChfUEdDX3BhZ2VfdGFibGUsICZwYWdlLT5jb3VudF9pbmZvKSk7 Ci0gICAgQVNTRVJUKHRlc3RfYml0KHR5cGUsICZwYWdlLT5zaGFkb3dfZmxh Z3MpKTsKKyAgICBBU1NFUlQocGFnZS0+c2hhZG93X2ZsYWdzICYgKDF1IDw8 IHR5cGUpKTsKIAotICAgIGNsZWFyX2JpdCh0eXBlLCAmcGFnZS0+c2hhZG93 X2ZsYWdzKTsKKyAgICBwYWdlLT5zaGFkb3dfZmxhZ3MgJj0gfigxdSA8PCB0 eXBlKTsKIAogICAgIGlmICggKHBhZ2UtPnNoYWRvd19mbGFncyAmIFNIRl9w YWdlX3R5cGVfbWFzaykgPT0gMCApCiAgICAgewpAQCAtMjQwNSw3ICsyNDA5 LDcgQEAgdm9pZCBzaF9yZW1vdmVfc2hhZG93cyhzdHJ1Y3QgZG9tYWluICpk LAogICAgIGlmICggIWZhc3QgJiYgYWxsICYmIChwZy0+Y291bnRfaW5mbyAm IFBHQ19wYWdlX3RhYmxlKSApCiAgICAgewogICAgICAgICBwcmludGsoWEVO TE9HX0dfRVJSICJjYW4ndCBmaW5kIGFsbCBzaGFkb3dzIG9mIG1mbiAlIlBS SV9tZm4KLSAgICAgICAgICAgICAgICIgKHNoYWRvd19mbGFncz0lMDh4KVxu IiwgbWZuX3goZ21mbiksIHBnLT5zaGFkb3dfZmxhZ3MpOworICAgICAgICAg ICAgICAgIiAoc2hhZG93X2ZsYWdzPSUwNHgpXG4iLCBtZm5feChnbWZuKSwg cGctPnNoYWRvd19mbGFncyk7CiAgICAgICAgIGRvbWFpbl9jcmFzaChkKTsK ICAgICB9CiAKLS0tIGEveGVuL2FyY2gveDg2L21tL3NoYWRvdy9tdWx0aS5j CisrKyBiL3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwpAQCAtMzI5 OCw4ICszMjk4LDggQEAgc3RhdGljIGludCBzaF9wYWdlX2ZhdWx0KHN0cnVj dCB2Y3B1ICp2LAogCiAgICAgLyogVW5zaGFkb3cgaWYgd2UgYXJlIHdyaXRp bmcgdG8gYSB0b3BsZXZlbCBwYWdldGFibGUgdGhhdCBpcwogICAgICAqIGZs YWdnZWQgYXMgYSBkeWluZyBwcm9jZXNzLCBhbmQgdGhhdCBpcyBub3QgY3Vy cmVudGx5IHVzZWQuICovCi0gICAgaWYgKCBzaF9tZm5faXNfYV9wYWdlX3Rh YmxlKGdtZm4pCi0gICAgICAgICAmJiAobWZuX3RvX3BhZ2UoZ21mbiktPnNo YWRvd19mbGFncyAmIFNIRl9wYWdldGFibGVfZHlpbmcpICkKKyAgICBpZiAo IHNoX21mbl9pc19hX3BhZ2VfdGFibGUoZ21mbikgJiYgaXNfaHZtX2RvbWFp bihkKSAmJgorICAgICAgICAgbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJs ZV9keWluZyApCiAgICAgewogICAgICAgICBpbnQgdXNlZCA9IDA7CiAgICAg ICAgIHN0cnVjdCB2Y3B1ICp0bXA7CkBAIC00MjYxLDkgKzQyNjEsOSBAQCBp bnQgc2hfcm1fd3JpdGVfYWNjZXNzX2Zyb21fc2wxcChzdHJ1Y3QKICAgICBB U1NFUlQobWZuX3ZhbGlkKHNtZm4pKTsKIAogICAgIC8qIFJlbWVtYmVyIGlm IHdlJ3ZlIGJlZW4gdG9sZCB0aGF0IHRoaXMgcHJvY2VzcyBpcyBiZWluZyB0 b3JuIGRvd24gKi8KLSAgICBpZiAoIGN1cnItPmRvbWFpbiA9PSBkICkKKyAg ICBpZiAoIGN1cnItPmRvbWFpbiA9PSBkICYmIGlzX2h2bV9kb21haW4oZCkg KQogICAgICAgICBjdXJyLT5hcmNoLnBhZ2luZy5zaGFkb3cucGFnZXRhYmxl X2R5aW5nCi0gICAgICAgICAgICA9ICEhKG1mbl90b19wYWdlKGdtZm4pLT5z aGFkb3dfZmxhZ3MgJiBTSEZfcGFnZXRhYmxlX2R5aW5nKTsKKyAgICAgICAg ICAgID0gbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9keWluZzsKIAog ICAgIHNwID0gbWZuX3RvX3BhZ2Uoc21mbik7CiAKQEAgLTQ1ODAsMTAgKzQ1 ODAsMTAgQEAgc3RhdGljIHZvaWQgc2hfcGFnZXRhYmxlX2R5aW5nKHBhZGRy X3QgZwogICAgICAgICAgICAgICAgICAgIDogc2hhZG93X2hhc2hfbG9va3Vw KGQsIG1mbl94KGdtZm4pLCBTSF90eXBlX2wyX3BhZV9zaGFkb3cpOwogICAg ICAgICB9CiAKLSAgICAgICAgaWYgKCBtZm5fdmFsaWQoc21mbikgKQorICAg ICAgICBpZiAoIG1mbl92YWxpZChzbWZuKSAmJiBpc19odm1fZG9tYWluKGQp ICkKICAgICAgICAgewogICAgICAgICAgICAgZ21mbiA9IF9tZm4obWZuX3Rv X3BhZ2Uoc21mbiktPnYuc2guYmFjayk7Ci0gICAgICAgICAgICBtZm5fdG9f cGFnZShnbWZuKS0+c2hhZG93X2ZsYWdzIHw9IFNIRl9wYWdldGFibGVfZHlp bmc7CisgICAgICAgICAgICBtZm5fdG9fcGFnZShnbWZuKS0+cGFnZXRhYmxl X2R5aW5nID0gdHJ1ZTsKICAgICAgICAgICAgIHNoYWRvd191bmhvb2tfbWFw cGluZ3MoZCwgc21mbiwgMS8qIHVzZXIgcGFnZXMgb25seSAqLyk7CiAgICAg ICAgICAgICBmbHVzaCA9IDE7CiAgICAgICAgIH0KQEAgLTQ2MjEsOSArNDYy MSw5IEBAIHN0YXRpYyB2b2lkIHNoX3BhZ2V0YWJsZV9keWluZyhwYWRkcl90 IGcKICAgICBzbWZuID0gc2hhZG93X2hhc2hfbG9va3VwKGQsIG1mbl94KGdt Zm4pLCBTSF90eXBlX2w0XzY0X3NoYWRvdyk7CiAjZW5kaWYKIAotICAgIGlm ICggbWZuX3ZhbGlkKHNtZm4pICkKKyAgICBpZiAoIG1mbl92YWxpZChzbWZu KSAmJiBpc19odm1fZG9tYWluKGQpICkKICAgICB7Ci0gICAgICAgIG1mbl90 b19wYWdlKGdtZm4pLT5zaGFkb3dfZmxhZ3MgfD0gU0hGX3BhZ2V0YWJsZV9k eWluZzsKKyAgICAgICAgbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9k eWluZyA9IHRydWU7CiAgICAgICAgIHNoYWRvd191bmhvb2tfbWFwcGluZ3Mo ZCwgc21mbiwgMS8qIHVzZXIgcGFnZXMgb25seSAqLyk7CiAgICAgICAgIC8q IE5vdyBmbHVzaCB0aGUgVExCOiB3ZSByZW1vdmVkIHRvcGxldmVsIG1hcHBp bmdzLiAqLwogICAgICAgICBmbHVzaF90bGJfbWFzayhkLT5kaXJ0eV9jcHVt YXNrKTsKLS0tIGEveGVuL2FyY2gveDg2L21tL3NoYWRvdy9wcml2YXRlLmgK KysrIGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9wcml2YXRlLmgKQEAgLTI5 MCw4ICsyOTAsNiBAQCBzdGF0aWMgaW5saW5lIHZvaWQgc2hfdGVybWluYXRl X2xpc3Qoc3RyCiAKICNlbmRpZiAvKiAoU0hBRE9XX09QVElNSVpBVElPTlMg JiBTSE9QVF9PVVRfT0ZfU1lOQykgKi8KIAotI2RlZmluZSBTSEZfcGFnZXRh YmxlX2R5aW5nICgxdTw8MzEpCi0KIHN0YXRpYyBpbmxpbmUgaW50IHNoX3Bh Z2VfaGFzX211bHRpcGxlX3NoYWRvd3Moc3RydWN0IHBhZ2VfaW5mbyAqcGcp CiB7CiAgICAgdTMyIHNoYWRvd3M7Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS14 ODYvbW0uaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L21tLmgKQEAgLTI1 OSw4ICsyNTksMTUgQEAgc3RydWN0IHBhZ2VfaW5mbwogICAgICAgICAgKiBH dWVzdCBwYWdlcyB3aXRoIGEgc2hhZG93LiAgVGhpcyBkb2VzIG5vdCBjb25m bGljdCB3aXRoCiAgICAgICAgICAqIHRsYmZsdXNoX3RpbWVzdGFtcCBzaW5j ZSBwYWdlIHRhYmxlIHBhZ2VzIGFyZSBleHBsaWNpdGx5IG5vdAogICAgICAg ICAgKiB0cmFja2VkIGZvciBUTEItZmx1c2ggYXZvaWRhbmNlIHdoZW4gYSBn dWVzdCBydW5zIGluIHNoYWRvdyBtb2RlLgorICAgICAgICAgKgorICAgICAg ICAgKiBwYWdldGFibGVfZHlpbmcgaXMgdXNlZCBmb3IgSFZNIGRvbWFpbnMg b25seS4gVGhlIGxheW91dCBoZXJlIGhhcworICAgICAgICAgKiB0byBhdm9p ZCByZS11c2Ugb2YgdGhlIHNwYWNlIHVzZWQgYnkgbGluZWFyX3B0X2NvdW50 LCB3aGljaCAob25seSkKKyAgICAgICAgICogUFYgZ3Vlc3RzIHVzZS4KICAg ICAgICAgICovCi0gICAgICAgIHUzMiBzaGFkb3dfZmxhZ3M7CisgICAgICAg IHN0cnVjdCB7CisgICAgICAgICAgICB1aW50MTZfdCBzaGFkb3dfZmxhZ3M7 CisgICAgICAgICAgICBib29sIHBhZ2V0YWJsZV9keWluZzsKKyAgICAgICAg fTsKIAogICAgICAgICAvKiBXaGVuIGluIHVzZSBhcyBhIHNoYWRvdywgbmV4 dCBzaGFkb3cgaW4gdGhpcyBoYXNoIGNoYWluLiAqLwogICAgICAgICBfX3Bk eF90IG5leHRfc2hhZG93Owo= --=separator Content-Type: application/octet-stream; name="xsa280-4.7-2.patch" Content-Disposition: attachment; filename="xsa280-4.7-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvc2hhZG93OiBzaHJpbmsgc3RydWN0IHBhZ2VfaW5mbydzIHNoYWRv d19mbGFncyB0byAxNiBiaXRzCgpUaGlzIGlzIHRvIGF2b2lkIGl0IG92ZXJs YXBwaW5nIHRoZSBsaW5lYXJfcHRfY291bnQgZmllbGQgbmVlZGVkIGZvciBQ Vgpkb21haW5zLiBJbnRyb2R1Y2UgYSBzZXBhcmF0ZSwgSFZNLW9ubHkgcGFn ZXRhYmxlX2R5aW5nIGZpZWxkIHRvIHJlcGxhY2UKdGhlIHNvbGUgb25lIGxl ZnQgaW4gdGhlIHVwcGVyIDE2IGJpdHMuCgpOb3RlIHRoYXQgdGhlIGFjY2Vz c2VzIHRvIC0+c2hhZG93X2ZsYWdzIGluIHNoYWRvd197cHJvLGRlfW1vdGUo KSBnZXQKc3dpdGNoZWQgdG8gbm9uLWF0b21pYywgbm9uLWJpdG9wcyBvcGVy YXRpb25zLCBhcyB7dGVzdCxzZXQsY2xlYXJ9X2JpdCgpCmFyZSBub3QgYWxs b3dlZCBvbiB1aW50MTZfdCBmaWVsZHMgYW5kIGhlbmNlIHRoZWlyIHVzZSB3 b3VsZCBoYXZlCnJlcXVpcmVkIHVnbHkgY2FzdHMuIFRoaXMgaXMgZmluZSBi ZWNhdXNlIGFsbCB1cGRhdGVzIG9mIHRoZSBmaWVsZCBvdWdodAp0byBvY2N1 ciB3aXRoIHRoZSBwYWdpbmcgbG9jayBoZWxkLCBhbmQgb3RoZXIgdXBkYXRl cyBvZiBpdCB1c2UgfD0gYW5kCiY9IGFzIHdlbGwgKGkuZS4gdXNpbmcgYXRv bWljIG9wZXJhdGlvbnMgaGVyZSBkaWRuJ3QgcmVhbGx5IGd1YXJkCmFnYWlu c3QgcG90ZW50aWFsbHkgcmFjaW5nIHVwZGF0ZXMgZWxzZXdoZXJlKS4KClRo aXMgaXMgcGFydCBvZiBYU0EtMjgwLgoKUmVwb3J0ZWQtYnk6IFByZ21yLmNv bSBTZWN1cml0eSA8c2VjdXJpdHlAcHJnbXIuY29tPgpTaWduZWQtb2ZmLWJ5 OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5 OiBUaW0gRGVlZ2FuIDx0aW1AeGVuLm9yZz4KCi0tLSBhL3hlbi9hcmNoL3g4 Ni9tbS9zaGFkb3cvY29tbW9uLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9jb21tb24uYwpAQCAtMTAyNywxMCArMTAyNywxNCBAQCB2b2lkIHNo YWRvd19wcm9tb3RlKHN0cnVjdCBkb21haW4gKmQsIG1mCiAKICAgICAvKiBJ cyB0aGUgcGFnZSBhbHJlYWR5IHNoYWRvd2VkPyAqLwogICAgIGlmICggIXRl c3RfYW5kX3NldF9iaXQoX1BHQ19wYWdlX3RhYmxlLCAmcGFnZS0+Y291bnRf aW5mbykgKQorICAgIHsKICAgICAgICAgcGFnZS0+c2hhZG93X2ZsYWdzID0g MDsKKyAgICAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpICkKKyAgICAgICAg ICAgIHBhZ2UtPnBhZ2V0YWJsZV9keWluZyA9IDA7CisgICAgfQogCi0gICAg QVNTRVJUKCF0ZXN0X2JpdCh0eXBlLCAmcGFnZS0+c2hhZG93X2ZsYWdzKSk7 Ci0gICAgc2V0X2JpdCh0eXBlLCAmcGFnZS0+c2hhZG93X2ZsYWdzKTsKKyAg ICBBU1NFUlQoIShwYWdlLT5zaGFkb3dfZmxhZ3MgJiAoMXUgPDwgdHlwZSkp KTsKKyAgICBwYWdlLT5zaGFkb3dfZmxhZ3MgfD0gMXUgPDwgdHlwZTsKICAg ICBUUkFDRV9TSEFET1dfUEFUSF9GTEFHKFRSQ0VfU0ZMQUdfUFJPTU9URSk7 CiB9CiAKQEAgLTEwMzksOSArMTA0Myw5IEBAIHZvaWQgc2hhZG93X2RlbW90 ZShzdHJ1Y3QgZG9tYWluICpkLCBtZm4KICAgICBzdHJ1Y3QgcGFnZV9pbmZv ICpwYWdlID0gbWZuX3RvX3BhZ2UoZ21mbik7CiAKICAgICBBU1NFUlQodGVz dF9iaXQoX1BHQ19wYWdlX3RhYmxlLCAmcGFnZS0+Y291bnRfaW5mbykpOwot ICAgIEFTU0VSVCh0ZXN0X2JpdCh0eXBlLCAmcGFnZS0+c2hhZG93X2ZsYWdz KSk7CisgICAgQVNTRVJUKHBhZ2UtPnNoYWRvd19mbGFncyAmICgxdSA8PCB0 eXBlKSk7CiAKLSAgICBjbGVhcl9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19m bGFncyk7CisgICAgcGFnZS0+c2hhZG93X2ZsYWdzICY9IH4oMXUgPDwgdHlw ZSk7CiAKICAgICBpZiAoIChwYWdlLT5zaGFkb3dfZmxhZ3MgJiBTSEZfcGFn ZV90eXBlX21hc2spID09IDAgKQogICAgIHsKQEAgLTI4NzksNyArMjg4Myw3 IEBAIHZvaWQgc2hfcmVtb3ZlX3NoYWRvd3Moc3RydWN0IGRvbWFpbiAqZCwK ICAgICBpZiAoICFmYXN0ICYmIGFsbCAmJiAocGctPmNvdW50X2luZm8gJiBQ R0NfcGFnZV90YWJsZSkgKQogICAgIHsKICAgICAgICAgU0hBRE9XX0VSUk9S KCJjYW4ndCBmaW5kIGFsbCBzaGFkb3dzIG9mIG1mbiAlMDVseCAiCi0gICAg ICAgICAgICAgICAgICAgICAiKHNoYWRvd19mbGFncz0lMDh4KVxuIiwKKyAg ICAgICAgICAgICAgICAgICAgICIoc2hhZG93X2ZsYWdzPSUwNHgpXG4iLAog ICAgICAgICAgICAgICAgICAgICAgIG1mbl94KGdtZm4pLCBwZy0+c2hhZG93 X2ZsYWdzKTsKICAgICAgICAgZG9tYWluX2NyYXNoKGQpOwogICAgIH0KLS0t IGEveGVuL2FyY2gveDg2L21tL3NoYWRvdy9tdWx0aS5jCisrKyBiL3hlbi9h cmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwpAQCAtMzMxNCw4ICszMzE0LDgg QEAgc3RhdGljIGludCBzaF9wYWdlX2ZhdWx0KHN0cnVjdCB2Y3B1ICp2LAog CiAgICAgLyogVW5zaGFkb3cgaWYgd2UgYXJlIHdyaXRpbmcgdG8gYSB0b3Bs ZXZlbCBwYWdldGFibGUgdGhhdCBpcwogICAgICAqIGZsYWdnZWQgYXMgYSBk eWluZyBwcm9jZXNzLCBhbmQgdGhhdCBpcyBub3QgY3VycmVudGx5IHVzZWQu ICovCi0gICAgaWYgKCBzaF9tZm5faXNfYV9wYWdlX3RhYmxlKGdtZm4pCi0g ICAgICAgICAmJiAobWZuX3RvX3BhZ2UoZ21mbiktPnNoYWRvd19mbGFncyAm IFNIRl9wYWdldGFibGVfZHlpbmcpICkKKyAgICBpZiAoIHNoX21mbl9pc19h X3BhZ2VfdGFibGUoZ21mbikgJiYgaXNfaHZtX2RvbWFpbihkKSAmJgorICAg ICAgICAgbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9keWluZyApCiAg ICAgewogICAgICAgICBpbnQgdXNlZCA9IDA7CiAgICAgICAgIHN0cnVjdCB2 Y3B1ICp0bXA7CkBAIC00MjU2LDkgKzQyNTYsOSBAQCBpbnQgc2hfcm1fd3Jp dGVfYWNjZXNzX2Zyb21fc2wxcChzdHJ1Y3QKICAgICBBU1NFUlQobWZuX3Zh bGlkKHNtZm4pKTsKIAogICAgIC8qIFJlbWVtYmVyIGlmIHdlJ3ZlIGJlZW4g dG9sZCB0aGF0IHRoaXMgcHJvY2VzcyBpcyBiZWluZyB0b3JuIGRvd24gKi8K LSAgICBpZiAoIGN1cnItPmRvbWFpbiA9PSBkICkKKyAgICBpZiAoIGN1cnIt PmRvbWFpbiA9PSBkICYmIGlzX2h2bV9kb21haW4oZCkgKQogICAgICAgICBj dXJyLT5hcmNoLnBhZ2luZy5zaGFkb3cucGFnZXRhYmxlX2R5aW5nCi0gICAg ICAgICAgICA9ICEhKG1mbl90b19wYWdlKGdtZm4pLT5zaGFkb3dfZmxhZ3Mg JiBTSEZfcGFnZXRhYmxlX2R5aW5nKTsKKyAgICAgICAgICAgID0gbWZuX3Rv X3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9keWluZzsKIAogICAgIHNwID0gbWZu X3RvX3BhZ2Uoc21mbik7CiAKQEAgLTQ1NzUsMTAgKzQ1NzUsMTAgQEAgc3Rh dGljIHZvaWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2YwogICAgICAg ICAgICAgc21mbiA9IHNoYWRvd19oYXNoX2xvb2t1cChkLCBtZm5feChnbWZu KSwgU0hfdHlwZV9sMl9wYWVfc2hhZG93KTsKICAgICAgICAgfQogCi0gICAg ICAgIGlmICggbWZuX3ZhbGlkKHNtZm4pICkKKyAgICAgICAgaWYgKCBtZm5f dmFsaWQoc21mbikgJiYgaXNfaHZtX2RvbWFpbihkKSApCiAgICAgICAgIHsK ICAgICAgICAgICAgIGdtZm4gPSBfbWZuKG1mbl90b19wYWdlKHNtZm4pLT52 LnNoLmJhY2spOwotICAgICAgICAgICAgbWZuX3RvX3BhZ2UoZ21mbiktPnNo YWRvd19mbGFncyB8PSBTSEZfcGFnZXRhYmxlX2R5aW5nOworICAgICAgICAg ICAgbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9keWluZyA9IDE7CiAg ICAgICAgICAgICBzaGFkb3dfdW5ob29rX21hcHBpbmdzKGQsIHNtZm4sIDEv KiB1c2VyIHBhZ2VzIG9ubHkgKi8pOwogICAgICAgICAgICAgZmx1c2ggPSAx OwogICAgICAgICB9CkBAIC00NjE1LDkgKzQ2MTUsOSBAQCBzdGF0aWMgdm9p ZCBzaF9wYWdldGFibGVfZHlpbmcoc3RydWN0IHZjCiAgICAgc21mbiA9IHNo YWRvd19oYXNoX2xvb2t1cChkLCBtZm5feChnbWZuKSwgU0hfdHlwZV9sNF82 NF9zaGFkb3cpOwogI2VuZGlmCiAKLSAgICBpZiAoIG1mbl92YWxpZChzbWZu KSApCisgICAgaWYgKCBtZm5fdmFsaWQoc21mbikgJiYgaXNfaHZtX2RvbWFp bihkKSApCiAgICAgewotICAgICAgICBtZm5fdG9fcGFnZShnbWZuKS0+c2hh ZG93X2ZsYWdzIHw9IFNIRl9wYWdldGFibGVfZHlpbmc7CisgICAgICAgIG1m bl90b19wYWdlKGdtZm4pLT5wYWdldGFibGVfZHlpbmcgPSAxOwogICAgICAg ICBzaGFkb3dfdW5ob29rX21hcHBpbmdzKGQsIHNtZm4sIDEvKiB1c2VyIHBh Z2VzIG9ubHkgKi8pOwogICAgICAgICAvKiBOb3cgZmx1c2ggdGhlIFRMQjog d2UgcmVtb3ZlZCB0b3BsZXZlbCBtYXBwaW5ncy4gKi8KICAgICAgICAgZmx1 c2hfdGxiX21hc2soZC0+ZG9tYWluX2RpcnR5X2NwdW1hc2spOwotLS0gYS94 ZW4vYXJjaC94ODYvbW0vc2hhZG93L3ByaXZhdGUuaAorKysgYi94ZW4vYXJj aC94ODYvbW0vc2hhZG93L3ByaXZhdGUuaApAQCAtMjkyLDggKzI5Miw2IEBA IHN0YXRpYyBpbmxpbmUgdm9pZCBzaF90ZXJtaW5hdGVfbGlzdChzdHIKIAog I2VuZGlmIC8qIChTSEFET1dfT1BUSU1JWkFUSU9OUyAmIFNIT1BUX09VVF9P Rl9TWU5DKSAqLwogCi0jZGVmaW5lIFNIRl9wYWdldGFibGVfZHlpbmcgKDF1 PDwzMSkKLQogc3RhdGljIGlubGluZSBpbnQgc2hfcGFnZV9oYXNfbXVsdGlw bGVfc2hhZG93cyhzdHJ1Y3QgcGFnZV9pbmZvICpwZykKIHsKICAgICB1MzIg c2hhZG93czsKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9tbS5oCisrKyBi L3hlbi9pbmNsdWRlL2FzbS14ODYvbW0uaApAQCAtMTcyLDggKzE3MiwxNSBA QCBzdHJ1Y3QgcGFnZV9pbmZvCiAgICAgICAgICAqIEd1ZXN0IHBhZ2VzIHdp dGggYSBzaGFkb3cuICBUaGlzIGRvZXMgbm90IGNvbmZsaWN0IHdpdGgKICAg ICAgICAgICogdGxiZmx1c2hfdGltZXN0YW1wIHNpbmNlIHBhZ2UgdGFibGUg cGFnZXMgYXJlIGV4cGxpY2l0bHkgbm90CiAgICAgICAgICAqIHRyYWNrZWQg Zm9yIFRMQi1mbHVzaCBhdm9pZGFuY2Ugd2hlbiBhIGd1ZXN0IHJ1bnMgaW4g c2hhZG93IG1vZGUuCisgICAgICAgICAqCisgICAgICAgICAqIHBhZ2V0YWJs ZV9keWluZyBpcyB1c2VkIGZvciBIVk0gZG9tYWlucyBvbmx5LiBUaGUgbGF5 b3V0IGhlcmUgaGFzCisgICAgICAgICAqIHRvIGF2b2lkIHJlLXVzZSBvZiB0 aGUgc3BhY2UgdXNlZCBieSBsaW5lYXJfcHRfY291bnQsIHdoaWNoIChvbmx5 KQorICAgICAgICAgKiBQViBndWVzdHMgdXNlLgogICAgICAgICAgKi8KLSAg ICAgICAgdTMyIHNoYWRvd19mbGFnczsKKyAgICAgICAgc3RydWN0IHsKKyAg ICAgICAgICAgIHVpbnQxNl90IHNoYWRvd19mbGFnczsKKyAgICAgICAgICAg IGJvb2xfdCBwYWdldGFibGVfZHlpbmc7CisgICAgICAgIH07CiAKICAgICAg ICAgLyogV2hlbiBpbiB1c2UgYXMgYSBzaGFkb3csIG5leHQgc2hhZG93IGlu IHRoaXMgaGFzaCBjaGFpbi4gKi8KICAgICAgICAgX19wZHhfdCBuZXh0X3No YWRvdzsK --=separator Content-Type: application/octet-stream; name="xsa280-4.9-1.patch" Content-Disposition: attachment; filename="xsa280-4.9-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvc2hhZG93OiBtb3ZlIE9PUyBmbGFnIGJpdCBwb3NpdGlvbnMKCklu IHByZXBhcmF0aW9uIG9mIHJlZHVjaW5nIHN0cnVjdCBwYWdlX2luZm8ncyBz aGFkb3dfZmxhZ3MgZmllbGQgdG8gMTYKYml0cywgbG93ZXIgdGhlIGJpdCBw b3NpdGlvbnMgdXNlZCBmb3IgU0hGX291dF9vZl9zeW5jIGFuZApTSEZfb29z X21heV93cml0ZS4KCkluc3RlYWQgb2YgYWxzbyBhZGp1c3RpbmcgdGhlIG9w ZW4gY29kZWQgdXNlIGluIF9nZXRfcGFnZV90eXBlKCksCmludHJvZHVjZSBz aGFkb3dfcHJlcGFyZV9wYWdlX3R5cGVfY2hhbmdlKCkgdG8gY29udGFpbiBr bm93bGVkZ2Ugb2YgdGhlCmJpdCBwb3NpdGlvbnMgdG8gc2hhZG93IGNvZGUu CgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI4MC4KClNpZ25lZC1vZmYtYnk6IEph biBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IFRp bSBEZWVnYW4gPHRpbUB4ZW4ub3JnPgoKLS0tIGEveGVuL2FyY2gveDg2L21t LmMKKysrIGIveGVuL2FyY2gveDg2L21tLmMKQEAgLTI3OTksMTUgKzI3OTks OCBAQCBzdGF0aWMgaW50IF9fZ2V0X3BhZ2VfdHlwZShzdHJ1Y3QgcGFnZV9p CiAgICAgICAgIHsKICAgICAgICAgICAgIHN0cnVjdCBkb21haW4gKmQgPSBw YWdlX2dldF9vd25lcihwYWdlKTsKIAotICAgICAgICAgICAgLyogTm9ybWFs bHkgd2Ugc2hvdWxkIG5ldmVyIGxldCBhIHBhZ2UgZ28gZnJvbSB0eXBlIGNv dW50IDAKLSAgICAgICAgICAgICAqIHRvIHR5cGUgY291bnQgMSB3aGVuIGl0 IGlzIHNoYWRvd2VkLiBPbmUgZXhjZXB0aW9uOgotICAgICAgICAgICAgICog b3V0LW9mLXN5bmMgc2hhZG93ZWQgcGFnZXMgYXJlIGFsbG93ZWQgdG8gYmVj b21lCi0gICAgICAgICAgICAgKiB3cml0ZWFibGUuICovCi0gICAgICAgICAg ICBpZiAoIGQgJiYgc2hhZG93X21vZGVfZW5hYmxlZChkKQotICAgICAgICAg ICAgICAgICAmJiAocGFnZS0+Y291bnRfaW5mbyAmIFBHQ19wYWdlX3RhYmxl KQotICAgICAgICAgICAgICAgICAmJiAhKChwYWdlLT5zaGFkb3dfZmxhZ3Mg JiAoMXU8PDI5KSkKLSAgICAgICAgICAgICAgICAgICAgICAmJiB0eXBlID09 IFBHVF93cml0YWJsZV9wYWdlKSApCi0gICAgICAgICAgICAgICBzaGFkb3df cmVtb3ZlX2FsbF9zaGFkb3dzKGQsIF9tZm4ocGFnZV90b19tZm4ocGFnZSkp KTsKKyAgICAgICAgICAgIGlmICggZCAmJiBzaGFkb3dfbW9kZV9lbmFibGVk KGQpICkKKyAgICAgICAgICAgICAgIHNoYWRvd19wcmVwYXJlX3BhZ2VfdHlw ZV9jaGFuZ2UoZCwgcGFnZSwgdHlwZSk7CiAKICAgICAgICAgICAgIEFTU0VS VCghKHggJiBQR1RfcGFlX3hlbl9sMikpOwogICAgICAgICAgICAgaWYgKCAo eCAmIFBHVF90eXBlX21hc2spICE9IHR5cGUgKQotLS0gYS94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L2NvbW1vbi5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS9z aGFkb3cvY29tbW9uLmMKQEAgLTkxOSw2ICs5MTksOSBAQCBpbnQgc2hfdW5z eW5jKHN0cnVjdCB2Y3B1ICp2LCBtZm5fdCBnbWZuCiAgICAgICAgICB8fCAh di0+ZG9tYWluLT5hcmNoLnBhZ2luZy5zaGFkb3cub29zX2FjdGl2ZSApCiAg ICAgICAgIHJldHVybiAwOwogCisgICAgQlVJTERfQlVHX09OKCEodHlwZW9m KHBnLT5zaGFkb3dfZmxhZ3MpKVNIRl9vdXRfb2Zfc3luYyk7CisgICAgQlVJ TERfQlVHX09OKCEodHlwZW9mKHBnLT5zaGFkb3dfZmxhZ3MpKVNIRl9vb3Nf bWF5X3dyaXRlKTsKKwogICAgIHBnLT5zaGFkb3dfZmxhZ3MgfD0gU0hGX291 dF9vZl9zeW5jfFNIRl9vb3NfbWF5X3dyaXRlOwogICAgIG9vc19oYXNoX2Fk ZCh2LCBnbWZuKTsKICAgICBwZXJmY19pbmNyKHNoYWRvd191bnN5bmMpOwpA QCAtMjgxMCw2ICsyODEzLDI2IEBAIHZvaWQgc2hfcmVtb3ZlX3NoYWRvd3Mo c3RydWN0IGRvbWFpbiAqZCwKICAgICBwYWdpbmdfdW5sb2NrKGQpOwogfQog Cit2b2lkIHNoYWRvd19wcmVwYXJlX3BhZ2VfdHlwZV9jaGFuZ2Uoc3RydWN0 IGRvbWFpbiAqZCwgc3RydWN0IHBhZ2VfaW5mbyAqcGFnZSwKKyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1bnNpZ25lZCBsb25nIG5l d190eXBlKQoreworICAgIGlmICggIShwYWdlLT5jb3VudF9pbmZvICYgUEdD X3BhZ2VfdGFibGUpICkKKyAgICAgICAgcmV0dXJuOworCisjaWYgKFNIQURP V19PUFRJTUlaQVRJT05TICYgU0hPUFRfT1VUX09GX1NZTkMpCisgICAgLyoK KyAgICAgKiBOb3JtYWxseSB3ZSBzaG91bGQgbmV2ZXIgbGV0IGEgcGFnZSBn byBmcm9tIHR5cGUgY291bnQgMCB0byB0eXBlCisgICAgICogY291bnQgMSB3 aGVuIGl0IGlzIHNoYWRvd2VkLiBPbmUgZXhjZXB0aW9uOiBvdXQtb2Ytc3lu YyBzaGFkb3dlZAorICAgICAqIHBhZ2VzIGFyZSBhbGxvd2VkIHRvIGJlY29t ZSB3cml0ZWFibGUuCisgICAgICovCisgICAgaWYgKCAocGFnZS0+c2hhZG93 X2ZsYWdzICYgU0hGX29vc19tYXlfd3JpdGUpICYmCisgICAgICAgICBuZXdf dHlwZSA9PSBQR1Rfd3JpdGFibGVfcGFnZSApCisgICAgICAgIHJldHVybjsK KyNlbmRpZgorCisgICAgc2hhZG93X3JlbW92ZV9hbGxfc2hhZG93cyhkLCBw YWdlX3RvX21mbihwYWdlKSk7Cit9CisKIHN0YXRpYyB2b2lkCiBzaF9yZW1v dmVfYWxsX3NoYWRvd3NfYW5kX3BhcmVudHMoc3RydWN0IGRvbWFpbiAqZCwg bWZuX3QgZ21mbikKIC8qIEV2ZW4gaGFyc2hlcjogdGhpcyBpcyBhIEhWTSBw YWdlIHRoYXQgd2UgdGhpbmcgaXMgbm8gbG9uZ2VyIGEgcGFnZXRhYmxlLgot LS0gYS94ZW4vYXJjaC94ODYvbW0vc2hhZG93L3ByaXZhdGUuaAorKysgYi94 ZW4vYXJjaC94ODYvbW0vc2hhZG93L3ByaXZhdGUuaApAQCAtMjg3LDggKzI4 Nyw4IEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBzaF90ZXJtaW5hdGVfbGlzdChz dHIKICAqIGNvZGVwYXRoIGlzIGNhbGxlZCBkdXJpbmcgdGhhdCB0aW1lIGFu ZCBpcyBzZW5zaXRpdmUgdG8gb29zIGlzc3VlcywgaXQgbWF5CiAgKiBuZWVk IHRvIHVzZSB0aGUgc2Vjb25kIGZsYWcuCiAgKi8KLSNkZWZpbmUgU0hGX291 dF9vZl9zeW5jICgxdTw8MzApCi0jZGVmaW5lIFNIRl9vb3NfbWF5X3dyaXRl ICgxdTw8MjkpCisjZGVmaW5lIFNIRl9vdXRfb2Zfc3luYyAoMXUgPDwgKFNI X3R5cGVfbWF4X3NoYWRvdyArIDEpKQorI2RlZmluZSBTSEZfb29zX21heV93 cml0ZSAoMXUgPDwgKFNIX3R5cGVfbWF4X3NoYWRvdyArIDIpKQogCiAjZW5k aWYgLyogKFNIQURPV19PUFRJTUlaQVRJT05TICYgU0hPUFRfT1VUX09GX1NZ TkMpICovCiAKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9zaGFkb3cuaAor KysgYi94ZW4vaW5jbHVkZS9hc20teDg2L3NoYWRvdy5oCkBAIC04MSw2ICs4 MSwxMCBAQCB2b2lkIHNoYWRvd19maW5hbF90ZWFyZG93bihzdHJ1Y3QgZG9t YWluCiAKIHZvaWQgc2hfcmVtb3ZlX3NoYWRvd3Moc3RydWN0IGRvbWFpbiAq ZCwgbWZuX3QgZ21mbiwgaW50IGZhc3QsIGludCBhbGwpOwogCisvKiBBZGp1 c3Qgc2hhZG93cyByZWFkeSBmb3IgYSBndWVzdCBwYWdlIHRvIGNoYW5nZSBp dHMgdHlwZS4gKi8KK3ZvaWQgc2hhZG93X3ByZXBhcmVfcGFnZV90eXBlX2No YW5nZShzdHJ1Y3QgZG9tYWluICpkLCBzdHJ1Y3QgcGFnZV9pbmZvICpwYWdl LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVuc2ln bmVkIGxvbmcgbmV3X3R5cGUpOworCiAvKiBEaXNjYXJkIF9hbGxfIG1hcHBp bmdzIGZyb20gdGhlIGRvbWFpbidzIHNoYWRvd3MuICovCiB2b2lkIHNoYWRv d19ibG93X3RhYmxlc19wZXJfZG9tYWluKHN0cnVjdCBkb21haW4gKmQpOwog CkBAIC0xMDUsNiArMTA5LDEwIEBAIGludCBzaGFkb3dfc2V0X2FsbG9jYXRp b24oc3RydWN0IGRvbWFpbgogc3RhdGljIGlubGluZSB2b2lkIHNoX3JlbW92 ZV9zaGFkb3dzKHN0cnVjdCBkb21haW4gKmQsIG1mbl90IGdtZm4sCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm9vbF90IGZhc3Qs IGJvb2xfdCBhbGwpIHt9CiAKK3N0YXRpYyBpbmxpbmUgdm9pZCBzaGFkb3df cHJlcGFyZV9wYWdlX3R5cGVfY2hhbmdlKHN0cnVjdCBkb21haW4gKmQsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBzdHJ1Y3QgcGFnZV9pbmZvICpwYWdlLAorICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdW5zaWduZWQg bG9uZyBuZXdfdHlwZSkge30KKwogc3RhdGljIGlubGluZSB2b2lkIHNoYWRv d19ibG93X3RhYmxlc19wZXJfZG9tYWluKHN0cnVjdCBkb21haW4gKmQpIHt9 CiAKIHN0YXRpYyBpbmxpbmUgaW50IHNoYWRvd19kb21jdGwoc3RydWN0IGRv bWFpbiAqZCwgeGVuX2RvbWN0bF9zaGFkb3dfb3BfdCAqc2MsCg== --=separator Content-Type: application/octet-stream; name="xsa280-4.10-2.patch" Content-Disposition: attachment; filename="xsa280-4.10-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvc2hhZG93OiBzaHJpbmsgc3RydWN0IHBhZ2VfaW5mbydzIHNoYWRv d19mbGFncyB0byAxNiBiaXRzCgpUaGlzIGlzIHRvIGF2b2lkIGl0IG92ZXJs YXBwaW5nIHRoZSBsaW5lYXJfcHRfY291bnQgZmllbGQgbmVlZGVkIGZvciBQ Vgpkb21haW5zLiBJbnRyb2R1Y2UgYSBzZXBhcmF0ZSwgSFZNLW9ubHkgcGFn ZXRhYmxlX2R5aW5nIGZpZWxkIHRvIHJlcGxhY2UKdGhlIHNvbGUgb25lIGxl ZnQgaW4gdGhlIHVwcGVyIDE2IGJpdHMuCgpOb3RlIHRoYXQgdGhlIGFjY2Vz c2VzIHRvIC0+c2hhZG93X2ZsYWdzIGluIHNoYWRvd197cHJvLGRlfW1vdGUo KSBnZXQKc3dpdGNoZWQgdG8gbm9uLWF0b21pYywgbm9uLWJpdG9wcyBvcGVy YXRpb25zLCBhcyB7dGVzdCxzZXQsY2xlYXJ9X2JpdCgpCmFyZSBub3QgYWxs b3dlZCBvbiB1aW50MTZfdCBmaWVsZHMgYW5kIGhlbmNlIHRoZWlyIHVzZSB3 b3VsZCBoYXZlCnJlcXVpcmVkIHVnbHkgY2FzdHMuIFRoaXMgaXMgZmluZSBi ZWNhdXNlIGFsbCB1cGRhdGVzIG9mIHRoZSBmaWVsZCBvdWdodAp0byBvY2N1 ciB3aXRoIHRoZSBwYWdpbmcgbG9jayBoZWxkLCBhbmQgb3RoZXIgdXBkYXRl cyBvZiBpdCB1c2UgfD0gYW5kCiY9IGFzIHdlbGwgKGkuZS4gdXNpbmcgYXRv bWljIG9wZXJhdGlvbnMgaGVyZSBkaWRuJ3QgcmVhbGx5IGd1YXJkCmFnYWlu c3QgcG90ZW50aWFsbHkgcmFjaW5nIHVwZGF0ZXMgZWxzZXdoZXJlKS4KClRo aXMgaXMgcGFydCBvZiBYU0EtMjgwLgoKUmVwb3J0ZWQtYnk6IFByZ21yLmNv bSBTZWN1cml0eSA8c2VjdXJpdHlAcHJnbXIuY29tPgpTaWduZWQtb2ZmLWJ5 OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5 OiBUaW0gRGVlZ2FuIDx0aW1AeGVuLm9yZz4KCi0tLSBhL3hlbi9hcmNoL3g4 Ni9tbS9zaGFkb3cvY29tbW9uLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9jb21tb24uYwpAQCAtOTU3LDEwICs5NTcsMTQgQEAgdm9pZCBzaGFk b3dfcHJvbW90ZShzdHJ1Y3QgZG9tYWluICpkLCBtZgogCiAgICAgLyogSXMg dGhlIHBhZ2UgYWxyZWFkeSBzaGFkb3dlZD8gKi8KICAgICBpZiAoICF0ZXN0 X2FuZF9zZXRfYml0KF9QR0NfcGFnZV90YWJsZSwgJnBhZ2UtPmNvdW50X2lu Zm8pICkKKyAgICB7CiAgICAgICAgIHBhZ2UtPnNoYWRvd19mbGFncyA9IDA7 CisgICAgICAgIGlmICggaXNfaHZtX2RvbWFpbihkKSApCisgICAgICAgICAg ICBwYWdlLT5wYWdldGFibGVfZHlpbmcgPSBmYWxzZTsKKyAgICB9CiAKLSAg ICBBU1NFUlQoIXRlc3RfYml0KHR5cGUsICZwYWdlLT5zaGFkb3dfZmxhZ3Mp KTsKLSAgICBzZXRfYml0KHR5cGUsICZwYWdlLT5zaGFkb3dfZmxhZ3MpOwor ICAgIEFTU0VSVCghKHBhZ2UtPnNoYWRvd19mbGFncyAmICgxdSA8PCB0eXBl KSkpOworICAgIHBhZ2UtPnNoYWRvd19mbGFncyB8PSAxdSA8PCB0eXBlOwog ICAgIFRSQUNFX1NIQURPV19QQVRIX0ZMQUcoVFJDRV9TRkxBR19QUk9NT1RF KTsKIH0KIApAQCAtOTY5LDkgKzk3Myw5IEBAIHZvaWQgc2hhZG93X2RlbW90 ZShzdHJ1Y3QgZG9tYWluICpkLCBtZm4KICAgICBzdHJ1Y3QgcGFnZV9pbmZv ICpwYWdlID0gbWZuX3RvX3BhZ2UoZ21mbik7CiAKICAgICBBU1NFUlQodGVz dF9iaXQoX1BHQ19wYWdlX3RhYmxlLCAmcGFnZS0+Y291bnRfaW5mbykpOwot ICAgIEFTU0VSVCh0ZXN0X2JpdCh0eXBlLCAmcGFnZS0+c2hhZG93X2ZsYWdz KSk7CisgICAgQVNTRVJUKHBhZ2UtPnNoYWRvd19mbGFncyAmICgxdSA8PCB0 eXBlKSk7CiAKLSAgICBjbGVhcl9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19m bGFncyk7CisgICAgcGFnZS0+c2hhZG93X2ZsYWdzICY9IH4oMXUgPDwgdHlw ZSk7CiAKICAgICBpZiAoIChwYWdlLT5zaGFkb3dfZmxhZ3MgJiBTSEZfcGFn ZV90eXBlX21hc2spID09IDAgKQogICAgIHsKQEAgLTI4MDEsNyArMjgwNSw3 IEBAIHZvaWQgc2hfcmVtb3ZlX3NoYWRvd3Moc3RydWN0IGRvbWFpbiAqZCwK ICAgICBpZiAoICFmYXN0ICYmIGFsbCAmJiAocGctPmNvdW50X2luZm8gJiBQ R0NfcGFnZV90YWJsZSkgKQogICAgIHsKICAgICAgICAgU0hBRE9XX0VSUk9S KCJjYW4ndCBmaW5kIGFsbCBzaGFkb3dzIG9mIG1mbiAlIlBSSV9tZm4iICIK LSAgICAgICAgICAgICAgICAgICAgICIoc2hhZG93X2ZsYWdzPSUwOHgpXG4i LAorICAgICAgICAgICAgICAgICAgICAgIihzaGFkb3dfZmxhZ3M9JTA0eClc biIsCiAgICAgICAgICAgICAgICAgICAgICAgbWZuX3goZ21mbiksIHBnLT5z aGFkb3dfZmxhZ3MpOwogICAgICAgICBkb21haW5fY3Jhc2goZCk7CiAgICAg fQotLS0gYS94ZW4vYXJjaC94ODYvbW0vc2hhZG93L211bHRpLmMKKysrIGIv eGVuL2FyY2gveDg2L21tL3NoYWRvdy9tdWx0aS5jCkBAIC0zMzI4LDggKzMz MjgsOCBAQCBzdGF0aWMgaW50IHNoX3BhZ2VfZmF1bHQoc3RydWN0IHZjcHUg KnYsCiAKICAgICAvKiBVbnNoYWRvdyBpZiB3ZSBhcmUgd3JpdGluZyB0byBh IHRvcGxldmVsIHBhZ2V0YWJsZSB0aGF0IGlzCiAgICAgICogZmxhZ2dlZCBh cyBhIGR5aW5nIHByb2Nlc3MsIGFuZCB0aGF0IGlzIG5vdCBjdXJyZW50bHkg dXNlZC4gKi8KLSAgICBpZiAoIHNoX21mbl9pc19hX3BhZ2VfdGFibGUoZ21m bikKLSAgICAgICAgICYmIChtZm5fdG9fcGFnZShnbWZuKS0+c2hhZG93X2Zs YWdzICYgU0hGX3BhZ2V0YWJsZV9keWluZykgKQorICAgIGlmICggc2hfbWZu X2lzX2FfcGFnZV90YWJsZShnbWZuKSAmJiBpc19odm1fZG9tYWluKGQpICYm CisgICAgICAgICBtZm5fdG9fcGFnZShnbWZuKS0+cGFnZXRhYmxlX2R5aW5n ICkKICAgICB7CiAgICAgICAgIGludCB1c2VkID0gMDsKICAgICAgICAgc3Ry dWN0IHZjcHUgKnRtcDsKQEAgLTQzMDEsOSArNDMwMSw5IEBAIGludCBzaF9y bV93cml0ZV9hY2Nlc3NfZnJvbV9zbDFwKHN0cnVjdAogICAgIEFTU0VSVCht Zm5fdmFsaWQoc21mbikpOwogCiAgICAgLyogUmVtZW1iZXIgaWYgd2UndmUg YmVlbiB0b2xkIHRoYXQgdGhpcyBwcm9jZXNzIGlzIGJlaW5nIHRvcm4gZG93 biAqLwotICAgIGlmICggY3Vyci0+ZG9tYWluID09IGQgKQorICAgIGlmICgg Y3Vyci0+ZG9tYWluID09IGQgJiYgaXNfaHZtX2RvbWFpbihkKSApCiAgICAg ICAgIGN1cnItPmFyY2gucGFnaW5nLnNoYWRvdy5wYWdldGFibGVfZHlpbmcK LSAgICAgICAgICAgID0gISEobWZuX3RvX3BhZ2UoZ21mbiktPnNoYWRvd19m bGFncyAmIFNIRl9wYWdldGFibGVfZHlpbmcpOworICAgICAgICAgICAgPSBt Zm5fdG9fcGFnZShnbWZuKS0+cGFnZXRhYmxlX2R5aW5nOwogCiAgICAgc3Ag PSBtZm5fdG9fcGFnZShzbWZuKTsKIApAQCAtNDYxOSwxMCArNDYxOSwxMCBA QCBzdGF0aWMgdm9pZCBzaF9wYWdldGFibGVfZHlpbmcoc3RydWN0IHZjCiAg ICAgICAgICAgICAgICAgICAgOiBzaGFkb3dfaGFzaF9sb29rdXAoZCwgbWZu X3goZ21mbiksIFNIX3R5cGVfbDJfcGFlX3NoYWRvdyk7CiAgICAgICAgIH0K IAotICAgICAgICBpZiAoIG1mbl92YWxpZChzbWZuKSApCisgICAgICAgIGlm ICggbWZuX3ZhbGlkKHNtZm4pICYmIGlzX2h2bV9kb21haW4oZCkgKQogICAg ICAgICB7CiAgICAgICAgICAgICBnbWZuID0gX21mbihtZm5fdG9fcGFnZShz bWZuKS0+di5zaC5iYWNrKTsKLSAgICAgICAgICAgIG1mbl90b19wYWdlKGdt Zm4pLT5zaGFkb3dfZmxhZ3MgfD0gU0hGX3BhZ2V0YWJsZV9keWluZzsKKyAg ICAgICAgICAgIG1mbl90b19wYWdlKGdtZm4pLT5wYWdldGFibGVfZHlpbmcg PSB0cnVlOwogICAgICAgICAgICAgc2hhZG93X3VuaG9va19tYXBwaW5ncyhk LCBzbWZuLCAxLyogdXNlciBwYWdlcyBvbmx5ICovKTsKICAgICAgICAgICAg IGZsdXNoID0gMTsKICAgICAgICAgfQpAQCAtNDY1OSw5ICs0NjU5LDkgQEAg c3RhdGljIHZvaWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2YwogICAg IHNtZm4gPSBzaGFkb3dfaGFzaF9sb29rdXAoZCwgbWZuX3goZ21mbiksIFNI X3R5cGVfbDRfNjRfc2hhZG93KTsKICNlbmRpZgogCi0gICAgaWYgKCBtZm5f dmFsaWQoc21mbikgKQorICAgIGlmICggbWZuX3ZhbGlkKHNtZm4pICYmIGlz X2h2bV9kb21haW4oZCkgKQogICAgIHsKLSAgICAgICAgbWZuX3RvX3BhZ2Uo Z21mbiktPnNoYWRvd19mbGFncyB8PSBTSEZfcGFnZXRhYmxlX2R5aW5nOwor ICAgICAgICBtZm5fdG9fcGFnZShnbWZuKS0+cGFnZXRhYmxlX2R5aW5nID0g dHJ1ZTsKICAgICAgICAgc2hhZG93X3VuaG9va19tYXBwaW5ncyhkLCBzbWZu LCAxLyogdXNlciBwYWdlcyBvbmx5ICovKTsKICAgICAgICAgLyogTm93IGZs dXNoIHRoZSBUTEI6IHdlIHJlbW92ZWQgdG9wbGV2ZWwgbWFwcGluZ3MuICov CiAgICAgICAgIGZsdXNoX3RsYl9tYXNrKGQtPmRvbWFpbl9kaXJ0eV9jcHVt YXNrKTsKLS0tIGEveGVuL2FyY2gveDg2L21tL3NoYWRvdy9wcml2YXRlLmgK KysrIGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9wcml2YXRlLmgKQEAgLTI5 Miw4ICsyOTIsNiBAQCBzdGF0aWMgaW5saW5lIHZvaWQgc2hfdGVybWluYXRl X2xpc3Qoc3RyCiAKICNlbmRpZiAvKiAoU0hBRE9XX09QVElNSVpBVElPTlMg JiBTSE9QVF9PVVRfT0ZfU1lOQykgKi8KIAotI2RlZmluZSBTSEZfcGFnZXRh YmxlX2R5aW5nICgxdTw8MzEpCi0KIHN0YXRpYyBpbmxpbmUgaW50IHNoX3Bh Z2VfaGFzX211bHRpcGxlX3NoYWRvd3Moc3RydWN0IHBhZ2VfaW5mbyAqcGcp CiB7CiAgICAgdTMyIHNoYWRvd3M7Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS14 ODYvbW0uaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L21tLmgKQEAgLTE4 OCw4ICsxODgsMTUgQEAgc3RydWN0IHBhZ2VfaW5mbwogICAgICAgICAgKiBH dWVzdCBwYWdlcyB3aXRoIGEgc2hhZG93LiAgVGhpcyBkb2VzIG5vdCBjb25m bGljdCB3aXRoCiAgICAgICAgICAqIHRsYmZsdXNoX3RpbWVzdGFtcCBzaW5j ZSBwYWdlIHRhYmxlIHBhZ2VzIGFyZSBleHBsaWNpdGx5IG5vdAogICAgICAg ICAgKiB0cmFja2VkIGZvciBUTEItZmx1c2ggYXZvaWRhbmNlIHdoZW4gYSBn dWVzdCBydW5zIGluIHNoYWRvdyBtb2RlLgorICAgICAgICAgKgorICAgICAg ICAgKiBwYWdldGFibGVfZHlpbmcgaXMgdXNlZCBmb3IgSFZNIGRvbWFpbnMg b25seS4gVGhlIGxheW91dCBoZXJlIGhhcworICAgICAgICAgKiB0byBhdm9p ZCByZS11c2Ugb2YgdGhlIHNwYWNlIHVzZWQgYnkgbGluZWFyX3B0X2NvdW50 LCB3aGljaCAob25seSkKKyAgICAgICAgICogUFYgZ3Vlc3RzIHVzZS4KICAg ICAgICAgICovCi0gICAgICAgIHUzMiBzaGFkb3dfZmxhZ3M7CisgICAgICAg IHN0cnVjdCB7CisgICAgICAgICAgICB1aW50MTZfdCBzaGFkb3dfZmxhZ3M7 CisgICAgICAgICAgICBib29sIHBhZ2V0YWJsZV9keWluZzsKKyAgICAgICAg fTsKIAogICAgICAgICAvKiBXaGVuIGluIHVzZSBhcyBhIHNoYWRvdywgbmV4 dCBzaGFkb3cgaW4gdGhpcyBoYXNoIGNoYWluLiAqLwogICAgICAgICBfX3Bk eF90IG5leHRfc2hhZG93Owo= --=separator Content-Type: application/octet-stream; name="xsa280-4.11-2.patch" Content-Disposition: attachment; filename="xsa280-4.11-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYvc2hhZG93OiBzaHJpbmsgc3RydWN0IHBhZ2VfaW5mbydzIHNoYWRv d19mbGFncyB0byAxNiBiaXRzCgpUaGlzIGlzIHRvIGF2b2lkIGl0IG92ZXJs YXBwaW5nIHRoZSBsaW5lYXJfcHRfY291bnQgZmllbGQgbmVlZGVkIGZvciBQ Vgpkb21haW5zLiBJbnRyb2R1Y2UgYSBzZXBhcmF0ZSwgSFZNLW9ubHkgcGFn ZXRhYmxlX2R5aW5nIGZpZWxkIHRvIHJlcGxhY2UKdGhlIHNvbGUgb25lIGxl ZnQgaW4gdGhlIHVwcGVyIDE2IGJpdHMuCgpOb3RlIHRoYXQgdGhlIGFjY2Vz c2VzIHRvIC0+c2hhZG93X2ZsYWdzIGluIHNoYWRvd197cHJvLGRlfW1vdGUo KSBnZXQKc3dpdGNoZWQgdG8gbm9uLWF0b21pYywgbm9uLWJpdG9wcyBvcGVy YXRpb25zLCBhcyB7dGVzdCxzZXQsY2xlYXJ9X2JpdCgpCmFyZSBub3QgYWxs b3dlZCBvbiB1aW50MTZfdCBmaWVsZHMgYW5kIGhlbmNlIHRoZWlyIHVzZSB3 b3VsZCBoYXZlCnJlcXVpcmVkIHVnbHkgY2FzdHMuIFRoaXMgaXMgZmluZSBi ZWNhdXNlIGFsbCB1cGRhdGVzIG9mIHRoZSBmaWVsZCBvdWdodAp0byBvY2N1 ciB3aXRoIHRoZSBwYWdpbmcgbG9jayBoZWxkLCBhbmQgb3RoZXIgdXBkYXRl cyBvZiBpdCB1c2UgfD0gYW5kCiY9IGFzIHdlbGwgKGkuZS4gdXNpbmcgYXRv bWljIG9wZXJhdGlvbnMgaGVyZSBkaWRuJ3QgcmVhbGx5IGd1YXJkCmFnYWlu c3QgcG90ZW50aWFsbHkgcmFjaW5nIHVwZGF0ZXMgZWxzZXdoZXJlKS4KClRo aXMgaXMgcGFydCBvZiBYU0EtMjgwLgoKUmVwb3J0ZWQtYnk6IFByZ21yLmNv bSBTZWN1cml0eSA8c2VjdXJpdHlAcHJnbXIuY29tPgpTaWduZWQtb2ZmLWJ5 OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5 OiBUaW0gRGVlZ2FuIDx0aW1AeGVuLm9yZz4KCi0tLSBhL3hlbi9hcmNoL3g4 Ni9tbS9zaGFkb3cvY29tbW9uLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9jb21tb24uYwpAQCAtMTAyOCwxMCArMTAyOCwxNCBAQCB2b2lkIHNo YWRvd19wcm9tb3RlKHN0cnVjdCBkb21haW4gKmQsIG1mCiAKICAgICAvKiBJ cyB0aGUgcGFnZSBhbHJlYWR5IHNoYWRvd2VkPyAqLwogICAgIGlmICggIXRl c3RfYW5kX3NldF9iaXQoX1BHQ19wYWdlX3RhYmxlLCAmcGFnZS0+Y291bnRf aW5mbykgKQorICAgIHsKICAgICAgICAgcGFnZS0+c2hhZG93X2ZsYWdzID0g MDsKKyAgICAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpICkKKyAgICAgICAg ICAgIHBhZ2UtPnBhZ2V0YWJsZV9keWluZyA9IGZhbHNlOworICAgIH0KIAot ICAgIEFTU0VSVCghdGVzdF9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19mbGFn cykpOwotICAgIHNldF9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19mbGFncyk7 CisgICAgQVNTRVJUKCEocGFnZS0+c2hhZG93X2ZsYWdzICYgKDF1IDw8IHR5 cGUpKSk7CisgICAgcGFnZS0+c2hhZG93X2ZsYWdzIHw9IDF1IDw8IHR5cGU7 CiAgICAgVFJBQ0VfU0hBRE9XX1BBVEhfRkxBRyhUUkNFX1NGTEFHX1BST01P VEUpOwogfQogCkBAIC0xMDQwLDkgKzEwNDQsOSBAQCB2b2lkIHNoYWRvd19k ZW1vdGUoc3RydWN0IGRvbWFpbiAqZCwgbWZuCiAgICAgc3RydWN0IHBhZ2Vf aW5mbyAqcGFnZSA9IG1mbl90b19wYWdlKGdtZm4pOwogCiAgICAgQVNTRVJU KHRlc3RfYml0KF9QR0NfcGFnZV90YWJsZSwgJnBhZ2UtPmNvdW50X2luZm8p KTsKLSAgICBBU1NFUlQodGVzdF9iaXQodHlwZSwgJnBhZ2UtPnNoYWRvd19m bGFncykpOworICAgIEFTU0VSVChwYWdlLT5zaGFkb3dfZmxhZ3MgJiAoMXUg PDwgdHlwZSkpOwogCi0gICAgY2xlYXJfYml0KHR5cGUsICZwYWdlLT5zaGFk b3dfZmxhZ3MpOworICAgIHBhZ2UtPnNoYWRvd19mbGFncyAmPSB+KDF1IDw8 IHR5cGUpOwogCiAgICAgaWYgKCAocGFnZS0+c2hhZG93X2ZsYWdzICYgU0hG X3BhZ2VfdHlwZV9tYXNrKSA9PSAwICkKICAgICB7CkBAIC0yOTIxLDcgKzI5 MjUsNyBAQCB2b2lkIHNoX3JlbW92ZV9zaGFkb3dzKHN0cnVjdCBkb21haW4g KmQsCiAgICAgaWYgKCAhZmFzdCAmJiBhbGwgJiYgKHBnLT5jb3VudF9pbmZv ICYgUEdDX3BhZ2VfdGFibGUpICkKICAgICB7CiAgICAgICAgIFNIQURPV19F UlJPUigiY2FuJ3QgZmluZCBhbGwgc2hhZG93cyBvZiBtZm4gJSJQUklfbWZu IiAiCi0gICAgICAgICAgICAgICAgICAgICAiKHNoYWRvd19mbGFncz0lMDh4 KVxuIiwKKyAgICAgICAgICAgICAgICAgICAgICIoc2hhZG93X2ZsYWdzPSUw NHgpXG4iLAogICAgICAgICAgICAgICAgICAgICAgIG1mbl94KGdtZm4pLCBw Zy0+c2hhZG93X2ZsYWdzKTsKICAgICAgICAgZG9tYWluX2NyYXNoKGQpOwog ICAgIH0KLS0tIGEveGVuL2FyY2gveDg2L21tL3NoYWRvdy9tdWx0aS5jCisr KyBiL3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwpAQCAtMzI5OSw4 ICszMjk5LDggQEAgc3RhdGljIGludCBzaF9wYWdlX2ZhdWx0KHN0cnVjdCB2 Y3B1ICp2LAogCiAgICAgLyogVW5zaGFkb3cgaWYgd2UgYXJlIHdyaXRpbmcg dG8gYSB0b3BsZXZlbCBwYWdldGFibGUgdGhhdCBpcwogICAgICAqIGZsYWdn ZWQgYXMgYSBkeWluZyBwcm9jZXNzLCBhbmQgdGhhdCBpcyBub3QgY3VycmVu dGx5IHVzZWQuICovCi0gICAgaWYgKCBzaF9tZm5faXNfYV9wYWdlX3RhYmxl KGdtZm4pCi0gICAgICAgICAmJiAobWZuX3RvX3BhZ2UoZ21mbiktPnNoYWRv d19mbGFncyAmIFNIRl9wYWdldGFibGVfZHlpbmcpICkKKyAgICBpZiAoIHNo X21mbl9pc19hX3BhZ2VfdGFibGUoZ21mbikgJiYgaXNfaHZtX2RvbWFpbihk KSAmJgorICAgICAgICAgbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9k eWluZyApCiAgICAgewogICAgICAgICBpbnQgdXNlZCA9IDA7CiAgICAgICAg IHN0cnVjdCB2Y3B1ICp0bXA7CkBAIC00MjU0LDkgKzQyNTQsOSBAQCBpbnQg c2hfcm1fd3JpdGVfYWNjZXNzX2Zyb21fc2wxcChzdHJ1Y3QKICAgICBBU1NF UlQobWZuX3ZhbGlkKHNtZm4pKTsKIAogICAgIC8qIFJlbWVtYmVyIGlmIHdl J3ZlIGJlZW4gdG9sZCB0aGF0IHRoaXMgcHJvY2VzcyBpcyBiZWluZyB0b3Ju IGRvd24gKi8KLSAgICBpZiAoIGN1cnItPmRvbWFpbiA9PSBkICkKKyAgICBp ZiAoIGN1cnItPmRvbWFpbiA9PSBkICYmIGlzX2h2bV9kb21haW4oZCkgKQog ICAgICAgICBjdXJyLT5hcmNoLnBhZ2luZy5zaGFkb3cucGFnZXRhYmxlX2R5 aW5nCi0gICAgICAgICAgICA9ICEhKG1mbl90b19wYWdlKGdtZm4pLT5zaGFk b3dfZmxhZ3MgJiBTSEZfcGFnZXRhYmxlX2R5aW5nKTsKKyAgICAgICAgICAg ID0gbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9keWluZzsKIAogICAg IHNwID0gbWZuX3RvX3BhZ2Uoc21mbik7CiAKQEAgLTQ1NzIsMTAgKzQ1NzIs MTAgQEAgc3RhdGljIHZvaWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2 YwogICAgICAgICAgICAgICAgICAgIDogc2hhZG93X2hhc2hfbG9va3VwKGQs IG1mbl94KGdtZm4pLCBTSF90eXBlX2wyX3BhZV9zaGFkb3cpOwogICAgICAg ICB9CiAKLSAgICAgICAgaWYgKCBtZm5fdmFsaWQoc21mbikgKQorICAgICAg ICBpZiAoIG1mbl92YWxpZChzbWZuKSAmJiBpc19odm1fZG9tYWluKGQpICkK ICAgICAgICAgewogICAgICAgICAgICAgZ21mbiA9IF9tZm4obWZuX3RvX3Bh Z2Uoc21mbiktPnYuc2guYmFjayk7Ci0gICAgICAgICAgICBtZm5fdG9fcGFn ZShnbWZuKS0+c2hhZG93X2ZsYWdzIHw9IFNIRl9wYWdldGFibGVfZHlpbmc7 CisgICAgICAgICAgICBtZm5fdG9fcGFnZShnbWZuKS0+cGFnZXRhYmxlX2R5 aW5nID0gdHJ1ZTsKICAgICAgICAgICAgIHNoYWRvd191bmhvb2tfbWFwcGlu Z3MoZCwgc21mbiwgMS8qIHVzZXIgcGFnZXMgb25seSAqLyk7CiAgICAgICAg ICAgICBmbHVzaCA9IDE7CiAgICAgICAgIH0KQEAgLTQ2MTIsOSArNDYxMiw5 IEBAIHN0YXRpYyB2b2lkIHNoX3BhZ2V0YWJsZV9keWluZyhzdHJ1Y3QgdmMK ICAgICBzbWZuID0gc2hhZG93X2hhc2hfbG9va3VwKGQsIG1mbl94KGdtZm4p LCBTSF90eXBlX2w0XzY0X3NoYWRvdyk7CiAjZW5kaWYKIAotICAgIGlmICgg bWZuX3ZhbGlkKHNtZm4pICkKKyAgICBpZiAoIG1mbl92YWxpZChzbWZuKSAm JiBpc19odm1fZG9tYWluKGQpICkKICAgICB7Ci0gICAgICAgIG1mbl90b19w YWdlKGdtZm4pLT5zaGFkb3dfZmxhZ3MgfD0gU0hGX3BhZ2V0YWJsZV9keWlu ZzsKKyAgICAgICAgbWZuX3RvX3BhZ2UoZ21mbiktPnBhZ2V0YWJsZV9keWlu ZyA9IHRydWU7CiAgICAgICAgIHNoYWRvd191bmhvb2tfbWFwcGluZ3MoZCwg c21mbiwgMS8qIHVzZXIgcGFnZXMgb25seSAqLyk7CiAgICAgICAgIC8qIE5v dyBmbHVzaCB0aGUgVExCOiB3ZSByZW1vdmVkIHRvcGxldmVsIG1hcHBpbmdz LiAqLwogICAgICAgICBmbHVzaF90bGJfbWFzayhkLT5kaXJ0eV9jcHVtYXNr KTsKLS0tIGEveGVuL2FyY2gveDg2L21tL3NoYWRvdy9wcml2YXRlLmgKKysr IGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9wcml2YXRlLmgKQEAgLTI5Miw4 ICsyOTIsNiBAQCBzdGF0aWMgaW5saW5lIHZvaWQgc2hfdGVybWluYXRlX2xp c3Qoc3RyCiAKICNlbmRpZiAvKiAoU0hBRE9XX09QVElNSVpBVElPTlMgJiBT SE9QVF9PVVRfT0ZfU1lOQykgKi8KIAotI2RlZmluZSBTSEZfcGFnZXRhYmxl X2R5aW5nICgxdTw8MzEpCi0KIHN0YXRpYyBpbmxpbmUgaW50IHNoX3BhZ2Vf aGFzX211bHRpcGxlX3NoYWRvd3Moc3RydWN0IHBhZ2VfaW5mbyAqcGcpCiB7 CiAgICAgdTMyIHNoYWRvd3M7Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS14ODYv bW0uaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L21tLmgKQEAgLTI1OSw4 ICsyNTksMTUgQEAgc3RydWN0IHBhZ2VfaW5mbwogICAgICAgICAgKiBHdWVz dCBwYWdlcyB3aXRoIGEgc2hhZG93LiAgVGhpcyBkb2VzIG5vdCBjb25mbGlj dCB3aXRoCiAgICAgICAgICAqIHRsYmZsdXNoX3RpbWVzdGFtcCBzaW5jZSBw YWdlIHRhYmxlIHBhZ2VzIGFyZSBleHBsaWNpdGx5IG5vdAogICAgICAgICAg KiB0cmFja2VkIGZvciBUTEItZmx1c2ggYXZvaWRhbmNlIHdoZW4gYSBndWVz dCBydW5zIGluIHNoYWRvdyBtb2RlLgorICAgICAgICAgKgorICAgICAgICAg KiBwYWdldGFibGVfZHlpbmcgaXMgdXNlZCBmb3IgSFZNIGRvbWFpbnMgb25s eS4gVGhlIGxheW91dCBoZXJlIGhhcworICAgICAgICAgKiB0byBhdm9pZCBy ZS11c2Ugb2YgdGhlIHNwYWNlIHVzZWQgYnkgbGluZWFyX3B0X2NvdW50LCB3 aGljaCAob25seSkKKyAgICAgICAgICogUFYgZ3Vlc3RzIHVzZS4KICAgICAg ICAgICovCi0gICAgICAgIHUzMiBzaGFkb3dfZmxhZ3M7CisgICAgICAgIHN0 cnVjdCB7CisgICAgICAgICAgICB1aW50MTZfdCBzaGFkb3dfZmxhZ3M7Cisg ICAgICAgICAgICBib29sIHBhZ2V0YWJsZV9keWluZzsKKyAgICAgICAgfTsK IAogICAgICAgICAvKiBXaGVuIGluIHVzZSBhcyBhIHNoYWRvdywgbmV4dCBz aGFkb3cgaW4gdGhpcyBoYXNoIGNoYWluLiAqLwogICAgICAgICBfX3BkeF90 IG5leHRfc2hhZG93Owo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator--