From xen-announce-bounces@lists.xenproject.org Thu Dec 05 14:45:21 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 05 Dec 2019 14:45:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1icsMo-0002Ya-22; Thu, 05 Dec 2019 14:44:30 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1icsMm-0002YL-JY for xen-announce@lists.xen.org; Thu, 05 Dec 2019 14:44:28 +0000 X-Inumbo-ID: b4ad1716-176d-11ea-822b-12813bfff9fa Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id b4ad1716-176d-11ea-822b-12813bfff9fa; Thu, 05 Dec 2019 14:44:14 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ics0D-0000eI-01; Thu, 05 Dec 2019 14:21:09 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1ics0C-00085q-U9; Thu, 05 Dec 2019 14:21:08 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 05 Dec 2019 14:21:08 +0000 Subject: [Xen-announce] Xen Security Advisory 306 v3 (CVE-2019-19579) - Device quarantine for alternate pci assignment methods X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19579 / XSA-306 version 3 Device quarantine for alternate pci assignment methods UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. IMPACT ====== An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. VULNERABLE SYSTEMS ================== Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only systems which use "alternate" methods to assign devices to pciback before assignment are vulnerable. These methods include: - Assigning devices on the Linux command-line using `xen-pciback.hide` - Assigning devices via xen-pciback module parameters - Assigning devices manually via sysfs - Assigning devices using libvirt Systems which use `xl pci-assignable-add` or libxl_device_pci_assignable_add, or have the assignable state handled automatically via setting the `seize` parameter, are not affected. MITIGATION ========== For xl and libvirt, before assigning a device to a guest, manually run `xl pci-assignable-add`. This will quarantine the device even if the device has already been assigned to pciback by one of the alternate methods. This may also work for other libxl-based toolstacks, depending on the particular implementation. CREDITS ======= This issue was discovered by Marek Marczykowski-Górecki of Invisible Things Lab. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that this patch will quarantine the device after the domain is destroyed by default. It must be un-quarantined before it can be used by domain 0 again. This can be done by executing `xl pci-assignable-remove`. This will be effective even if the device was assigned to pciback with one of the alternate methods. xsa306.patch xen-unstable xsa306-4.12.patch Xen 4.12.x xsa306-4.11.patch Xen 4.11.x, Xen 4.10.x xsa306-4.9.patch Xen 4.9.x, Xen 4.8.x $ sha256sum xsa306* 07468dcdfbe34b794fd0618bce7d6d1edb6b10b234dccf1e5dd1f1120a0affe7 xsa306.meta 3534ec46f03bb8dac3011e0e3739fc75400559078e4361bbe5385d97b7892650 xsa306.patch 426e32bfa7d7787fe6778685e623966f8762857f7920443a0ca73347df9d6624 xsa306-4.9.patch b00e58c9f96b0ff654dfd4904c675a54356148af718eb9b2adca0253b900dfc1 xsa306-4.11.patch 69857d08969903452fbf009905a145e06a5aef9966e969de9fbb22e62c557ffd xsa306-4.12.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3pEgkMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZawYIAJ1rXxormDa8TB3hgabjaFGEBtEptWEf0eI/zqxJ AC0l9TIdXSkcv2ZBFjxx3YDHetC8MjloBZOP84blVWH+Y9voOvDQPf2Q2AHEoHm7 KwEBFox8eyy0H1mKuhda+QqxO7XEuGUn0a0kxHiO1HMg7xY4FmxYv51E3B17ytAD TyDOsJq3MevQg+GNPwranDPS7UtpYKFBqEEf63KsA9bU5OS+BaAijRQ379qwh//8 bpWoEFBPRWK6Pf46iSlhifnTUDZiAVOSAxolH3b1UZKOWFaVIrLOpY49QLFg5zfC yhvCgVumONdyIX+x35kGuIDvYFbrEswFPmrn0pmXtdKyBEI= =8lme -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa306.meta" Content-Disposition: attachment; filename="xsa306.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMDYsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIsCiAgICAiNC4xMCIs CiAgICAiNC45IiwKICAgICI0LjgiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAi eGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4xMCI6IHsKICAgICAg IlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFi bGVSZWYiOiAiMWRhM2RhYjg2Y2YyMTljMTc5YTIzYTA1MTgwMjFhYjYwMWQw ODY2MSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBh dGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMDYtNC4xMS5wYXRjaCIKICAg ICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC4xMSI6 IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAg ICAgICJTdGFibGVSZWYiOiAiMDA2YjIwNDEyNDIxMjk4OTZmYmQzMDEzNWIz ZGM2ZjU3NTg5NGEwNyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtdLAogICAg ICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMDYtNC4xMS5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC4xMiI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6 IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiMjc4ZTQ2YWU4Zjk5NDg1OTE1 YWU2NjJlNzkwNWM4MzMzYTU1MDQ4YSIsCiAgICAgICAgICAiUHJlcmVxcyI6 IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2Ez MDYtNC4xMi5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0K ICAgIH0sCiAgICAiNC44IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAg ICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI4MGU2N2U0MzVm YzFmNzMwYzEyM2ViNDc1ZjlhN2RlOTIxMGI1NGMzIiwKICAgICAgICAgICJQ cmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAg ICAgInhzYTMwNi00LjkucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQog ICAgICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMiOiB7 CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiOGM1 MmVlMjY3OWYyNGU2MjgxZGU5M2FkNjg2ODNlZGNhZDdlZjNjZSIsCiAgICAg ICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAg ICAgICAgICAgICJ4c2EzMDYtNC45LnBhdGNoIgogICAgICAgICAgXQogICAg ICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAgICJS ZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxl UmVmIjogIjM2ODMyOTBmYzBiMGQ2NTAwMzkyZGI3MzM4MTFjYzc4YmNiMzVl YWIiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRj aGVzIjogWwogICAgICAgICAgICAieHNhMzA2LnBhdGNoIgogICAgICAgICAg XQogICAgICAgIH0KICAgICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa306.patch" Content-Disposition: attachment; filename="xsa306.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBJT01NVTogZGVmYXVsdCB0byBhbHdheXMgcXVhcmFudGluaW5nIFBDSSBk ZXZpY2VzCgpYU0EtMzAyIHJlbGllcyBvbiB0aGUgdXNlIG9mIGxpYnhsJ3Mg ImFzc2lnbmFibGUtYWRkIiBmZWF0dXJlIHRvIHByZXBhcmUKZGV2aWNlcyB0 byBiZSBhc3NpZ25lZCB0byB1bnRydXN0ZWQgZ3Vlc3RzLgoKVW5mb3J0dW5h dGVseSwgdGhpcyBpcyBub3QgY29uc2lkZXJlZCBhIHN0cmljdGx5IHJlcXVp cmVkIHN0ZXAgZm9yCmRldmljZSBhc3NpZ25tZW50LiBUaGUgUENJIHBhc3N0 aHJvdWdoIGRvY3VtZW50YXRpb24gb24gdGhlIHdpa2kKZGVzY3JpYmVzIGFs dGVybmF0ZSB3YXlzIG9mIHByZXBhcmluZyBkZXZpY2VzIGZvciBhc3NpZ25t ZW50LCBhbmQKbGlidmlydCB1c2VzIGl0cyBvd24gd2F5cyBhcyB3ZWxsLiBI b3N0cyB3aGVyZSB0aGVzZSBhbHRlcm5hdGUgbWV0aG9kcwphcmUgdXNlZCB3 aWxsIHN0aWxsIGxlYXZlIHRoZSBzeXN0ZW0gaW4gYSB2dWxuZXJhYmxlIHN0 YXRlIGFmdGVyIHRoZQpkZXZpY2UgY29tZXMgYmFjayBmcm9tIGEgZ3Vlc3Qu CgpEZWZhdWx0IHRvIGFsd2F5cyBxdWFyYW50aW5pbmcgUENJIGRldmljZXMs IGJ1dCBwcm92aWRlIGEgY29tbWFuZCBsaW5lCm9wdGlvbiB0byByZXZlcnQg YmFjayB0byBwcmlvciBiZWhhdmlvciAoc3VjaCB0aGF0IHBlb3BsZSB3aG8g Ym90aApzdWZmaWNpZW50bHkgdHJ1c3QgdGhlaXIgZ3Vlc3RzIGFuZCB3YW50 IHRvIGJlIGFibGUgdG8gdXNlIGRldmljZXMgaW4KRG9tMCBhZ2FpbiBhZnRl ciB0aGV5IGhhZCBiZWVuIGluIHVzZSBieSBhIGd1ZXN0IHdvdWxkbid0IG5l ZWQgdG8KIm1hbnVhbGx5IiBtb3ZlIHN1Y2ggZGV2aWNlcyBiYWNrIGZyb20g RG9tSU8gdG8gRG9tMCkuCgpUaGlzIGlzIFhTQS0zMDYuCgpSZXBvcnRlZC1i eTogTWFyZWsgTWFyY3p5a293c2tpLUfDs3JlY2tpIDxtYXJtYXJla0BpbnZp c2libGV0aGluZ3NsYWIuY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBXZWkgTGl1IDx3 bEB4ZW4ub3JnPgotLS0KdjM6IEFkanVzdCBjb21tYW5kIGxpbmUgZG9jLgp2 MjogQWRqdXN0IGRlc2NyaXB0aW9uLgoKLS0tIGEvZG9jcy9taXNjL3hlbi1j b21tYW5kLWxpbmUucGFuZG9jCisrKyBiL2RvY3MvbWlzYy94ZW4tY29tbWFu ZC1saW5lLnBhbmRvYwpAQCAtMTE5NCw3ICsxMTk0LDcgQEAgZGV0ZWN0aW9u IG9mIHN5c3RlbXMga25vd24gdG8gbWlzYmVoYXZlCiA+IERlZmF1bHQ6IGBu ZXdgIHVubGVzcyBkaXJlY3RlZC1FT0kgaXMgc3VwcG9ydGVkCiAKICMjIyBp b21tdQotICAgID0gTGlzdCBvZiBbIDxib29sPiwgdmVyYm9zZSwgZGVidWcs IGZvcmNlLCByZXF1aXJlZCwKKyAgICA9IExpc3Qgb2YgWyA8Ym9vbD4sIHZl cmJvc2UsIGRlYnVnLCBmb3JjZSwgcmVxdWlyZWQsIHF1YXJhbnRpbmUsCiAg ICAgICAgICAgICAgICAgc2hhcmVwdCwgaW50cmVtYXAsIGludHBvc3QsIGNy YXNoLWRpc2FibGUsCiAgICAgICAgICAgICAgICAgc25vb3AsIHFpbnZhbCwg aWdmeCwgYW1kLWlvbW11LXBlcmRldi1pbnRyZW1hcCwKICAgICAgICAgICAg ICAgICBkb20wLXtwYXNzdGhyb3VnaCxzdHJpY3R9IF0KQEAgLTEyMzIsNiAr MTIzMiwxMiBAQCBib29sZWFuIChlLmcuIGBpb21tdT1ub2ApIGNhbiBvdmVy cmlkZSB0CiAgICAgd2lsbCBwcmV2ZW50IFhlbiBmcm9tIGJvb3RpbmcgaWYg SU9NTVVzIGFyZW4ndCBkaXNjb3ZlcmVkIGFuZCBlbmFibGVkCiAgICAgc3Vj Y2Vzc2Z1bGx5LgogCisqICAgVGhlIGBxdWFyYW50aW5lYCBib29sZWFuIGNh biBiZSB1c2VkIHRvIGNvbnRyb2wgWGVuJ3MgYmVoYXZpb3Igd2hlbgorICAg IGRlLWFzc2lnbmluZyBkZXZpY2VzIGZyb20gZ3Vlc3RzLiAgSWYgZW5hYmxl ZCAodGhlIGRlZmF1bHQpLCBYZW4gYWx3YXlzCisgICAgcXVhcmFudGluZXMg c3VjaCBkZXZpY2VzOyB0aGV5IG11c3QgYmUgZXhwbGljaXRseSBhc3NpZ25l ZCBiYWNrIHRvIERvbTAKKyAgICBiZWZvcmUgdGhleSBjYW4gYmUgdXNlZCB0 aGVyZSBhZ2Fpbi4gIElmIGRpc2FibGVkLCBYZW4gd2lsbCBvbmx5CisgICAg cXVhcmFudGluZSBkZXZpY2VzIHRoZSB0b29sc3RhY2sgaGFzcyBhcnJhbmdl ZCBmb3IgZ2V0dGluZyBxdWFyYW50aW5lZC4KKwogKiAgIFRoZSBgc2hhcmVw dGAgYm9vbGVhbiBjb250cm9scyB3aGV0aGVyIHRoZSBJT01NVSBwYWdldGFi bGVzIGFyZSBzaGFyZWQKICAgICB3aXRoIHRoZSBDUFUtc2lkZSBIQVAgcGFn ZXRhYmxlcywgb3IgYWxsb2NhdGVkIHNlcGFyYXRlbHkuICBTaGFyaW5nCiAg ICAgcmVkdWNlcyB0aGUgbWVtb3J5IG92ZXJoZWFkLCBidXQgZG9lc24ndCB3 b3JrIGluIGNvbWJpbmF0aW9uIHdpdGggQ1BVLXNpZGUKLS0tIGEveGVuL2Ry aXZlcnMvcGFzc3Rocm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9pb21tdS5jCkBAIC0zMCw2ICszMCw3IEBAIGJvb2xfdCBf X2luaXRkYXRhIGlvbW11X2VuYWJsZSA9IDE7CiBib29sX3QgX19yZWFkX21v c3RseSBpb21tdV9lbmFibGVkOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgZm9y Y2VfaW9tbXU7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV92ZXJib3Nl OworYm9vbCBfX3JlYWRfbW9zdGx5IGlvbW11X3F1YXJhbnRpbmUgPSB0cnVl OwogYm9vbF90IF9fcmVhZF9tb3N0bHkgaW9tbXVfaWdmeCA9IDE7CiBib29s X3QgX19yZWFkX21vc3RseSBpb21tdV9zbm9vcCA9IDE7CiBib29sX3QgX19y ZWFkX21vc3RseSBpb21tdV9xaW52YWwgPSAxOwpAQCAtNzgsNiArNzksOCBA QCBzdGF0aWMgaW50IF9faW5pdCBwYXJzZV9pb21tdV9wYXJhbShjb25zCiAg ICAgICAgIGVsc2UgaWYgKCAodmFsID0gcGFyc2VfYm9vbGVhbigiZm9yY2Ui LCBzLCBzcykpID49IDAgfHwKICAgICAgICAgICAgICAgICAgICh2YWwgPSBw YXJzZV9ib29sZWFuKCJyZXF1aXJlZCIsIHMsIHNzKSkgPj0gMCApCiAgICAg ICAgICAgICBmb3JjZV9pb21tdSA9IHZhbDsKKyAgICAgICAgZWxzZSBpZiAo ICh2YWwgPSBwYXJzZV9ib29sZWFuKCJxdWFyYW50aW5lIiwgcywgc3MpKSA+ PSAwICkKKyAgICAgICAgICAgIGlvbW11X3F1YXJhbnRpbmUgPSB2YWw7CiAg ICAgICAgIGVsc2UgaWYgKCAodmFsID0gcGFyc2VfYm9vbGVhbigiaWdmeCIs IHMsIHNzKSkgPj0gMCApCiAgICAgICAgICAgICBpb21tdV9pZ2Z4ID0gdmFs OwogICAgICAgICBlbHNlIGlmICggKHZhbCA9IHBhcnNlX2Jvb2xlYW4oInZl cmJvc2UiLCBzLCBzcykpID49IDAgKQotLS0gYS94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9wY2kuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9w Y2kuYwpAQCAtOTIyLDcgKzkyMiw4IEBAIHN0YXRpYyBpbnQgZGVhc3NpZ25f ZGV2aWNlKHN0cnVjdCBkb21haW4KICAgICAgICAgcmV0dXJuIC1FTk9ERVY7 CiAKICAgICAvKiBEZS1hc3NpZ25tZW50IGZyb20gZG9tX2lvIHNob3VsZCBk ZS1xdWFyYW50aW5lIHRoZSBkZXZpY2UgKi8KLSAgICB0YXJnZXQgPSAocGRl di0+cXVhcmFudGluZSAmJiBwZGV2LT5kb21haW4gIT0gZG9tX2lvKSA/Cisg ICAgdGFyZ2V0ID0gKChwZGV2LT5xdWFyYW50aW5lIHx8IGlvbW11X3F1YXJh bnRpbmUpICYmCisgICAgICAgICAgICAgIHBkZXYtPmRvbWFpbiAhPSBkb21f aW8pID8KICAgICAgICAgZG9tX2lvIDogaGFyZHdhcmVfZG9tYWluOwogCiAg ICAgd2hpbGUgKCBwZGV2LT5waGFudG9tX3N0cmlkZSApCi0tLSBhL3hlbi9p bmNsdWRlL3hlbi9pb21tdS5oCisrKyBiL3hlbi9pbmNsdWRlL3hlbi9pb21t dS5oCkBAIC01Myw3ICs1Myw3IEBAIHN0YXRpYyBpbmxpbmUgYm9vbF90IGRm bl9lcShkZm5fdCB4LCBkZm4KIH0KIAogZXh0ZXJuIGJvb2xfdCBpb21tdV9l bmFibGUsIGlvbW11X2VuYWJsZWQ7Ci1leHRlcm4gYm9vbF90IGZvcmNlX2lv bW11LCBpb21tdV92ZXJib3NlLCBpb21tdV9pZ2Z4OworZXh0ZXJuIGJvb2wg Zm9yY2VfaW9tbXUsIGlvbW11X3F1YXJhbnRpbmUsIGlvbW11X3ZlcmJvc2Us IGlvbW11X2lnZng7CiBleHRlcm4gYm9vbF90IGlvbW11X3Nub29wLCBpb21t dV9xaW52YWwsIGlvbW11X2ludHJlbWFwLCBpb21tdV9pbnRwb3N0OwogCiAj aWYgZGVmaW5lZChDT05GSUdfSU9NTVVfRk9SQ0VfUFRfU0hBUkUpCg== --=separator Content-Type: application/octet-stream; name="xsa306-4.9.patch" Content-Disposition: attachment; filename="xsa306-4.9.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBJT01NVTogZGVmYXVsdCB0byBhbHdheXMgcXVhcmFudGluaW5nIFBDSSBk ZXZpY2VzCgpYU0EtMzAyIHJlbGllcyBvbiB0aGUgdXNlIG9mIGxpYnhsJ3Mg ImFzc2lnbmFibGUtYWRkIiBmZWF0dXJlIHRvIHByZXBhcmUKZGV2aWNlcyB0 byBiZSBhc3NpZ25lZCB0byB1bnRydXN0ZWQgZ3Vlc3RzLgoKVW5mb3J0dW5h dGVseSwgdGhpcyBpcyBub3QgY29uc2lkZXJlZCBhIHN0cmljdGx5IHJlcXVp cmVkIHN0ZXAgZm9yCmRldmljZSBhc3NpZ25tZW50LiBUaGUgUENJIHBhc3N0 aHJvdWdoIGRvY3VtZW50YXRpb24gb24gdGhlIHdpa2kKZGVzY3JpYmVzIGFs dGVybmF0ZSB3YXlzIG9mIHByZXBhcmluZyBkZXZpY2VzIGZvciBhc3NpZ25t ZW50LCBhbmQKbGlidmlydCB1c2VzIGl0cyBvd24gd2F5cyBhcyB3ZWxsLiBI b3N0cyB3aGVyZSB0aGVzZSBhbHRlcm5hdGUgbWV0aG9kcwphcmUgdXNlZCB3 aWxsIHN0aWxsIGxlYXZlIHRoZSBzeXN0ZW0gaW4gYSB2dWxuZXJhYmxlIHN0 YXRlIGFmdGVyIHRoZQpkZXZpY2UgY29tZXMgYmFjayBmcm9tIGEgZ3Vlc3Qu CgpEZWZhdWx0IHRvIGFsd2F5cyBxdWFyYW50aW5pbmcgUENJIGRldmljZXMs IGJ1dCBwcm92aWRlIGEgY29tbWFuZCBsaW5lCm9wdGlvbiB0byByZXZlcnQg YmFjayB0byBwcmlvciBiZWhhdmlvciAoc3VjaCB0aGF0IHBlb3BsZSB3aG8g Ym90aApzdWZmaWNpZW50bHkgdHJ1c3QgdGhlaXIgZ3Vlc3RzIGFuZCB3YW50 IHRvIGJlIGFibGUgdG8gdXNlIGRldmljZXMgaW4KRG9tMCBhZ2FpbiBhZnRl ciB0aGV5IGhhZCBiZWVuIGluIHVzZSBieSBhIGd1ZXN0IHdvdWxkbid0IG5l ZWQgdG8KIm1hbnVhbGx5IiBtb3ZlIHN1Y2ggZGV2aWNlcyBiYWNrIGZyb20g RG9tSU8gdG8gRG9tMCkuCgpUaGlzIGlzIFhTQS0zMDYuCgpSZXBvcnRlZC1i eTogTWFyZWsgTWFyY3p5a293c2tpLUfDs3JlY2tpIDxtYXJtYXJla0BpbnZp c2libGV0aGluZ3NsYWIuY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBXZWkgTGl1IDx3 bEB4ZW4ub3JnPgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21tYW5kLWxpbmUu bWFya2Rvd24KKysrIGIvZG9jcy9taXNjL3hlbi1jb21tYW5kLWxpbmUubWFy a2Rvd24KQEAgLTEwNDMsNyArMTA0Myw3IEBAIGRlYnVnIGh5cGVydmlzb3Ig b25seSkuCiA+IERlZmF1bHQ6IGBuZXdgIHVubGVzcyBkaXJlY3RlZC1FT0kg aXMgc3VwcG9ydGVkCiAKICMjIyBpb21tdQotPiBgPSBMaXN0IG9mIFsgPGJv b2xlYW4+IHwgZm9yY2UgfCByZXF1aXJlZCB8IGludHJlbWFwIHwgaW50cG9z dCB8IHFpbnZhbCB8IHNub29wIHwgc2hhcmVwdCB8IGRvbTAtcGFzc3Rocm91 Z2ggfCBkb20wLXN0cmljdCB8IGFtZC1pb21tdS1wZXJkZXYtaW50cmVtYXAg fCB3b3JrYXJvdW5kX2Jpb3NfYnVnIHwgaWdmeCB8IHZlcmJvc2UgfCBkZWJ1 ZyBdYAorPiBgPSBMaXN0IG9mIFsgPGJvb2xlYW4+IHwgZm9yY2UgfCByZXF1 aXJlZCB8IHF1YXJhbnRpbmUgfCBpbnRyZW1hcCB8IGludHBvc3QgfCBxaW52 YWwgfCBzbm9vcCB8IHNoYXJlcHQgfCBkb20wLXBhc3N0aHJvdWdoIHwgZG9t MC1zdHJpY3QgfCBhbWQtaW9tbXUtcGVyZGV2LWludHJlbWFwIHwgd29ya2Fy b3VuZF9iaW9zX2J1ZyB8IGlnZnggfCB2ZXJib3NlIHwgZGVidWcgXWAKIAog PiBTdWItb3B0aW9uczoKIApAQCAtMTA2Myw2ICsxMDYzLDE1IEBAIGRlYnVn IGh5cGVydmlzb3Igb25seSkuCiA+PiBEb24ndCBjb250aW51ZSBib290aW5n IHVubGVzcyBJT01NVSBzdXBwb3J0IGlzIGZvdW5kIGFuZCBjYW4gYmUgaW5p dGlhbGl6ZWQKID4+IHN1Y2Nlc3NmdWxseS4KIAorPiBgcXVhcmFudGluZWAK KworPiBEZWZhdWx0OiBgdHJ1ZWAKKworPj4gQ29udHJvbCBYZW4ncyBiZWhh dmlvciB3aGVuIGRlLWFzc2lnbmluZyBkZXZpY2VzIGZyb20gZ3Vlc3RzLiAg SWYgZW5hYmxlZCwKKz4+IFhlbiBhbHdheXMgcXVhcmFudGluZXMgc3VjaCBk ZXZpY2VzOyB0aGV5IG11c3QgYmUgZXhwbGljaXRseSBhc3NpZ25lZCBiYWNr Cis+PiB0byBEb20wIGJlZm9yZSB0aGV5IGNhbiBiZSB1c2VkIHRoZXJlIGFn YWluLiAgSWYgZGlzYWJsZWQsIFhlbiB3aWxsIG9ubHkKKz4+IHF1YXJhbnRp bmUgZGV2aWNlcyB0aGUgdG9vbHN0YWNrIGhhc3MgYXJyYW5nZWQgZm9yIGdl dHRpbmcgcXVhcmFudGluZWQuCisKID4gYGludHJlbWFwYAogCiA+IERlZmF1 bHQ6IGB0cnVlYAotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9pb21t dS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2lvbW11LmMKQEAg LTUyLDYgKzUyLDcgQEAgY3VzdG9tX3BhcmFtKCJpb21tdSIsIHBhcnNlX2lv bW11X3BhcmFtKQogYm9vbF90IF9faW5pdGRhdGEgaW9tbXVfZW5hYmxlID0g MTsKIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlvbW11X2VuYWJsZWQ7CiBib29s X3QgX19yZWFkX21vc3RseSBmb3JjZV9pb21tdTsKK2Jvb2wgX19yZWFkX21v c3RseSBpb21tdV9xdWFyYW50aW5lID0gdHJ1ZTsKIGJvb2xfdCBfX2h3ZG9t X2luaXRkYXRhIGlvbW11X2RvbTBfc3RyaWN0OwogYm9vbF90IF9fcmVhZF9t b3N0bHkgaW9tbXVfdmVyYm9zZTsKIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlv bW11X3dvcmthcm91bmRfYmlvc19idWc7CkBAIC05Niw2ICs5Nyw4IEBAIHN0 YXRpYyB2b2lkIF9faW5pdCBwYXJzZV9pb21tdV9wYXJhbShjaGEKICAgICAg ICAgICAgIGlvbW11X2VuYWJsZSA9IDA7CiAgICAgICAgIGVsc2UgaWYgKCAh c3RyY21wKHMsICJmb3JjZSIpIHx8ICFzdHJjbXAocywgInJlcXVpcmVkIikg KQogICAgICAgICAgICAgZm9yY2VfaW9tbXUgPSB2YWw7CisgICAgICAgIGVs c2UgaWYgKCAhc3RyY21wKHMsICJxdWFyYW50aW5lIikgKQorICAgICAgICAg ICAgaW9tbXVfcXVhcmFudGluZSA9IHZhbDsKICAgICAgICAgZWxzZSBpZiAo ICFzdHJjbXAocywgIndvcmthcm91bmRfYmlvc19idWciKSApCiAgICAgICAg ICAgICBpb21tdV93b3JrYXJvdW5kX2Jpb3NfYnVnID0gdmFsOwogICAgICAg ICBlbHNlIGlmICggIXN0cmNtcChzLCAiaWdmeCIpICkKLS0tIGEveGVuL2Ry aXZlcnMvcGFzc3Rocm91Z2gvcGNpLmMKKysrIGIveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvcGNpLmMKQEAgLTE0NjAsNyArMTQ2MCw4IEBAIGludCBkZWFz c2lnbl9kZXZpY2Uoc3RydWN0IGRvbWFpbiAqZCwgdTEKICAgICAgICAgcmV0 dXJuIC1FTk9ERVY7CiAKICAgICAvKiBEZS1hc3NpZ25tZW50IGZyb20gZG9t X2lvIHNob3VsZCBkZS1xdWFyYW50aW5lIHRoZSBkZXZpY2UgKi8KLSAgICB0 YXJnZXQgPSAocGRldi0+cXVhcmFudGluZSAmJiBwZGV2LT5kb21haW4gIT0g ZG9tX2lvKSA/CisgICAgdGFyZ2V0ID0gKChwZGV2LT5xdWFyYW50aW5lIHx8 IGlvbW11X3F1YXJhbnRpbmUpICYmCisgICAgICAgICAgICAgIHBkZXYtPmRv bWFpbiAhPSBkb21faW8pID8KICAgICAgICAgZG9tX2lvIDogaGFyZHdhcmVf ZG9tYWluOwogCiAgICAgd2hpbGUgKCBwZGV2LT5waGFudG9tX3N0cmlkZSAp Ci0tLSBhL3hlbi9pbmNsdWRlL3hlbi9pb21tdS5oCisrKyBiL3hlbi9pbmNs dWRlL3hlbi9pb21tdS5oCkBAIC0yOCw3ICsyOCw3IEBACiAjaW5jbHVkZSA8 YXNtL2lvbW11Lmg+CiAKIGV4dGVybiBib29sX3QgaW9tbXVfZW5hYmxlLCBp b21tdV9lbmFibGVkOwotZXh0ZXJuIGJvb2xfdCBmb3JjZV9pb21tdSwgaW9t bXVfdmVyYm9zZTsKK2V4dGVybiBib29sIGZvcmNlX2lvbW11LCBpb21tdV9x dWFyYW50aW5lLCBpb21tdV92ZXJib3NlOwogZXh0ZXJuIGJvb2xfdCBpb21t dV93b3JrYXJvdW5kX2Jpb3NfYnVnLCBpb21tdV9pZ2Z4LCBpb21tdV9wYXNz dGhyb3VnaDsKIGV4dGVybiBib29sX3QgaW9tbXVfc25vb3AsIGlvbW11X3Fp bnZhbCwgaW9tbXVfaW50cmVtYXAsIGlvbW11X2ludHBvc3Q7CiBleHRlcm4g Ym9vbF90IGlvbW11X2hhcF9wdF9zaGFyZTsK --=separator Content-Type: application/octet-stream; name="xsa306-4.11.patch" Content-Disposition: attachment; filename="xsa306-4.11.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBJT01NVTogZGVmYXVsdCB0byBhbHdheXMgcXVhcmFudGluaW5nIFBDSSBk ZXZpY2VzCgpYU0EtMzAyIHJlbGllcyBvbiB0aGUgdXNlIG9mIGxpYnhsJ3Mg ImFzc2lnbmFibGUtYWRkIiBmZWF0dXJlIHRvIHByZXBhcmUKZGV2aWNlcyB0 byBiZSBhc3NpZ25lZCB0byB1bnRydXN0ZWQgZ3Vlc3RzLgoKVW5mb3J0dW5h dGVseSwgdGhpcyBpcyBub3QgY29uc2lkZXJlZCBhIHN0cmljdGx5IHJlcXVp cmVkIHN0ZXAgZm9yCmRldmljZSBhc3NpZ25tZW50LiBUaGUgUENJIHBhc3N0 aHJvdWdoIGRvY3VtZW50YXRpb24gb24gdGhlIHdpa2kKZGVzY3JpYmVzIGFs dGVybmF0ZSB3YXlzIG9mIHByZXBhcmluZyBkZXZpY2VzIGZvciBhc3NpZ25t ZW50LCBhbmQKbGlidmlydCB1c2VzIGl0cyBvd24gd2F5cyBhcyB3ZWxsLiBI b3N0cyB3aGVyZSB0aGVzZSBhbHRlcm5hdGUgbWV0aG9kcwphcmUgdXNlZCB3 aWxsIHN0aWxsIGxlYXZlIHRoZSBzeXN0ZW0gaW4gYSB2dWxuZXJhYmxlIHN0 YXRlIGFmdGVyIHRoZQpkZXZpY2UgY29tZXMgYmFjayBmcm9tIGEgZ3Vlc3Qu CgpEZWZhdWx0IHRvIGFsd2F5cyBxdWFyYW50aW5pbmcgUENJIGRldmljZXMs IGJ1dCBwcm92aWRlIGEgY29tbWFuZCBsaW5lCm9wdGlvbiB0byByZXZlcnQg YmFjayB0byBwcmlvciBiZWhhdmlvciAoc3VjaCB0aGF0IHBlb3BsZSB3aG8g Ym90aApzdWZmaWNpZW50bHkgdHJ1c3QgdGhlaXIgZ3Vlc3RzIGFuZCB3YW50 IHRvIGJlIGFibGUgdG8gdXNlIGRldmljZXMgaW4KRG9tMCBhZ2FpbiBhZnRl ciB0aGV5IGhhZCBiZWVuIGluIHVzZSBieSBhIGd1ZXN0IHdvdWxkbid0IG5l ZWQgdG8KIm1hbnVhbGx5IiBtb3ZlIHN1Y2ggZGV2aWNlcyBiYWNrIGZyb20g RG9tSU8gdG8gRG9tMCkuCgpUaGlzIGlzIFhTQS0zMDYuCgpSZXBvcnRlZC1i eTogTWFyZWsgTWFyY3p5a293c2tpLUfDs3JlY2tpIDxtYXJtYXJla0BpbnZp c2libGV0aGluZ3NsYWIuY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBXZWkgTGl1IDx3 bEB4ZW4ub3JnPgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21tYW5kLWxpbmUu bWFya2Rvd24KKysrIGIvZG9jcy9taXNjL3hlbi1jb21tYW5kLWxpbmUubWFy a2Rvd24KQEAgLTExMTIsNyArMTExMiw3IEBAIGRldGVjdGlvbiBvZiBzeXN0 ZW1zIGtub3duIHRvIG1pc2JlaGF2ZQogPiBEZWZhdWx0OiBgbmV3YCB1bmxl c3MgZGlyZWN0ZWQtRU9JIGlzIHN1cHBvcnRlZAogCiAjIyMgaW9tbXUKLT4g YD0gTGlzdCBvZiBbIDxib29sZWFuPiB8IGZvcmNlIHwgcmVxdWlyZWQgfCBp bnRyZW1hcCB8IGludHBvc3QgfCBxaW52YWwgfCBzbm9vcCB8IHNoYXJlcHQg fCBkb20wLXBhc3N0aHJvdWdoIHwgZG9tMC1zdHJpY3QgfCBhbWQtaW9tbXUt cGVyZGV2LWludHJlbWFwIHwgd29ya2Fyb3VuZF9iaW9zX2J1ZyB8IGlnZngg fCBjcmFzaC1kaXNhYmxlIHwgdmVyYm9zZSB8IGRlYnVnIF1gCis+IGA9IExp c3Qgb2YgWyA8Ym9vbGVhbj4gfCBmb3JjZSB8IHJlcXVpcmVkIHwgcXVhcmFu dGluZSB8IGludHJlbWFwIHwgaW50cG9zdCB8IHFpbnZhbCB8IHNub29wIHwg c2hhcmVwdCB8IGRvbTAtcGFzc3Rocm91Z2ggfCBkb20wLXN0cmljdCB8IGFt ZC1pb21tdS1wZXJkZXYtaW50cmVtYXAgfCB3b3JrYXJvdW5kX2Jpb3NfYnVn IHwgaWdmeCB8IGNyYXNoLWRpc2FibGUgfCB2ZXJib3NlIHwgZGVidWcgXWAK IAogPiBTdWItb3B0aW9uczoKIApAQCAtMTEzMiw2ICsxMTMyLDE1IEBAIGRl dGVjdGlvbiBvZiBzeXN0ZW1zIGtub3duIHRvIG1pc2JlaGF2ZQogPj4gRG9u J3QgY29udGludWUgYm9vdGluZyB1bmxlc3MgSU9NTVUgc3VwcG9ydCBpcyBm b3VuZCBhbmQgY2FuIGJlIGluaXRpYWxpemVkCiA+PiBzdWNjZXNzZnVsbHku CiAKKz4gYHF1YXJhbnRpbmVgCisKKz4gRGVmYXVsdDogYHRydWVgCisKKz4+ IENvbnRyb2wgWGVuJ3MgYmVoYXZpb3Igd2hlbiBkZS1hc3NpZ25pbmcgZGV2 aWNlcyBmcm9tIGd1ZXN0cy4gIElmIGVuYWJsZWQsCis+PiBYZW4gYWx3YXlz IHF1YXJhbnRpbmVzIHN1Y2ggZGV2aWNlczsgdGhleSBtdXN0IGJlIGV4cGxp Y2l0bHkgYXNzaWduZWQgYmFjaworPj4gdG8gRG9tMCBiZWZvcmUgdGhleSBj YW4gYmUgdXNlZCB0aGVyZSBhZ2Fpbi4gIElmIGRpc2FibGVkLCBYZW4gd2ls bCBvbmx5Cis+PiBxdWFyYW50aW5lIGRldmljZXMgdGhlIHRvb2xzdGFjayBo YXNzIGFycmFuZ2VkIGZvciBnZXR0aW5nIHF1YXJhbnRpbmVkLgorCiA+IGBp bnRyZW1hcGAKIAogPiBEZWZhdWx0OiBgdHJ1ZWAKLS0tIGEveGVuL2RyaXZl cnMvcGFzc3Rocm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNz dGhyb3VnaC9pb21tdS5jCkBAIC01Miw2ICs1Miw3IEBAIGN1c3RvbV9wYXJh bSgiaW9tbXUiLCBwYXJzZV9pb21tdV9wYXJhbSkKIGJvb2xfdCBfX2luaXRk YXRhIGlvbW11X2VuYWJsZSA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBp b21tdV9lbmFibGVkOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgZm9yY2VfaW9t bXU7Citib29sIF9fcmVhZF9tb3N0bHkgaW9tbXVfcXVhcmFudGluZSA9IHRy dWU7CiBib29sX3QgX19od2RvbV9pbml0ZGF0YSBpb21tdV9kb20wX3N0cmlj dDsKIGJvb2xfdCBfX3JlYWRfbW9zdGx5IGlvbW11X3ZlcmJvc2U7CiBib29s X3QgX19yZWFkX21vc3RseSBpb21tdV93b3JrYXJvdW5kX2Jpb3NfYnVnOwpA QCAtOTksNiArMTAwLDggQEAgc3RhdGljIGludCBfX2luaXQgcGFyc2VfaW9t bXVfcGFyYW0oY29ucwogICAgICAgICBlbHNlIGlmICggIWNtZGxpbmVfc3Ry Y21wKHMsICJmb3JjZSIpIHx8CiAgICAgICAgICAgICAgICAgICAhY21kbGlu ZV9zdHJjbXAocywgInJlcXVpcmVkIikgKQogICAgICAgICAgICAgZm9yY2Vf aW9tbXUgPSB2YWw7CisgICAgICAgIGVsc2UgaWYgKCAhY21kbGluZV9zdHJj bXAocywgInF1YXJhbnRpbmUiKSApCisgICAgICAgICAgICBpb21tdV9xdWFy YW50aW5lID0gdmFsOwogICAgICAgICBlbHNlIGlmICggIWNtZGxpbmVfc3Ry Y21wKHMsICJ3b3JrYXJvdW5kX2Jpb3NfYnVnIikgKQogICAgICAgICAgICAg aW9tbXVfd29ya2Fyb3VuZF9iaW9zX2J1ZyA9IHZhbDsKICAgICAgICAgZWxz ZSBpZiAoICFjbWRsaW5lX3N0cmNtcChzLCAiaWdmeCIpICkKLS0tIGEveGVu L2RyaXZlcnMvcGFzc3Rocm91Z2gvcGNpLmMKKysrIGIveGVuL2RyaXZlcnMv cGFzc3Rocm91Z2gvcGNpLmMKQEAgLTE1MTEsNyArMTUxMSw4IEBAIGludCBk ZWFzc2lnbl9kZXZpY2Uoc3RydWN0IGRvbWFpbiAqZCwgdTEKICAgICAgICAg cmV0dXJuIC1FTk9ERVY7CiAKICAgICAvKiBEZS1hc3NpZ25tZW50IGZyb20g ZG9tX2lvIHNob3VsZCBkZS1xdWFyYW50aW5lIHRoZSBkZXZpY2UgKi8KLSAg ICB0YXJnZXQgPSAocGRldi0+cXVhcmFudGluZSAmJiBwZGV2LT5kb21haW4g IT0gZG9tX2lvKSA/CisgICAgdGFyZ2V0ID0gKChwZGV2LT5xdWFyYW50aW5l IHx8IGlvbW11X3F1YXJhbnRpbmUpICYmCisgICAgICAgICAgICAgIHBkZXYt PmRvbWFpbiAhPSBkb21faW8pID8KICAgICAgICAgZG9tX2lvIDogaGFyZHdh cmVfZG9tYWluOwogCiAgICAgd2hpbGUgKCBwZGV2LT5waGFudG9tX3N0cmlk ZSApCi0tLSBhL3hlbi9pbmNsdWRlL3hlbi9pb21tdS5oCisrKyBiL3hlbi9p bmNsdWRlL3hlbi9pb21tdS5oCkBAIC0yOSw3ICsyOSw3IEBACiAjaW5jbHVk ZSA8YXNtL2lvbW11Lmg+CiAKIGV4dGVybiBib29sX3QgaW9tbXVfZW5hYmxl LCBpb21tdV9lbmFibGVkOwotZXh0ZXJuIGJvb2xfdCBmb3JjZV9pb21tdSwg aW9tbXVfdmVyYm9zZTsKK2V4dGVybiBib29sIGZvcmNlX2lvbW11LCBpb21t dV9xdWFyYW50aW5lLCBpb21tdV92ZXJib3NlOwogZXh0ZXJuIGJvb2xfdCBp b21tdV93b3JrYXJvdW5kX2Jpb3NfYnVnLCBpb21tdV9pZ2Z4LCBpb21tdV9w YXNzdGhyb3VnaDsKIGV4dGVybiBib29sX3QgaW9tbXVfc25vb3AsIGlvbW11 X3FpbnZhbCwgaW9tbXVfaW50cmVtYXAsIGlvbW11X2ludHBvc3Q7CiBleHRl cm4gYm9vbF90IGlvbW11X2hhcF9wdF9zaGFyZTsK --=separator Content-Type: application/octet-stream; name="xsa306-4.12.patch" Content-Disposition: attachment; filename="xsa306-4.12.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBJT01NVTogZGVmYXVsdCB0byBhbHdheXMgcXVhcmFudGluaW5nIFBDSSBk ZXZpY2VzCgpYU0EtMzAyIHJlbGllcyBvbiB0aGUgdXNlIG9mIGxpYnhsJ3Mg ImFzc2lnbmFibGUtYWRkIiBmZWF0dXJlIHRvIHByZXBhcmUKZGV2aWNlcyB0 byBiZSBhc3NpZ25lZCB0byB1bnRydXN0ZWQgZ3Vlc3RzLgoKVW5mb3J0dW5h dGVseSwgdGhpcyBpcyBub3QgY29uc2lkZXJlZCBhIHN0cmljdGx5IHJlcXVp cmVkIHN0ZXAgZm9yCmRldmljZSBhc3NpZ25tZW50LiBUaGUgUENJIHBhc3N0 aHJvdWdoIGRvY3VtZW50YXRpb24gb24gdGhlIHdpa2kKZGVzY3JpYmVzIGFs dGVybmF0ZSB3YXlzIG9mIHByZXBhcmluZyBkZXZpY2VzIGZvciBhc3NpZ25t ZW50LCBhbmQKbGlidmlydCB1c2VzIGl0cyBvd24gd2F5cyBhcyB3ZWxsLiBI b3N0cyB3aGVyZSB0aGVzZSBhbHRlcm5hdGUgbWV0aG9kcwphcmUgdXNlZCB3 aWxsIHN0aWxsIGxlYXZlIHRoZSBzeXN0ZW0gaW4gYSB2dWxuZXJhYmxlIHN0 YXRlIGFmdGVyIHRoZQpkZXZpY2UgY29tZXMgYmFjayBmcm9tIGEgZ3Vlc3Qu CgpEZWZhdWx0IHRvIGFsd2F5cyBxdWFyYW50aW5pbmcgUENJIGRldmljZXMs IGJ1dCBwcm92aWRlIGEgY29tbWFuZCBsaW5lCm9wdGlvbiB0byByZXZlcnQg YmFjayB0byBwcmlvciBiZWhhdmlvciAoc3VjaCB0aGF0IHBlb3BsZSB3aG8g Ym90aApzdWZmaWNpZW50bHkgdHJ1c3QgdGhlaXIgZ3Vlc3RzIGFuZCB3YW50 IHRvIGJlIGFibGUgdG8gdXNlIGRldmljZXMgaW4KRG9tMCBhZ2FpbiBhZnRl ciB0aGV5IGhhZCBiZWVuIGluIHVzZSBieSBhIGd1ZXN0IHdvdWxkbid0IG5l ZWQgdG8KIm1hbnVhbGx5IiBtb3ZlIHN1Y2ggZGV2aWNlcyBiYWNrIGZyb20g RG9tSU8gdG8gRG9tMCkuCgpUaGlzIGlzIFhTQS0zMDYuCgpSZXBvcnRlZC1i eTogTWFyZWsgTWFyY3p5a293c2tpLUfDs3JlY2tpIDxtYXJtYXJla0BpbnZp c2libGV0aGluZ3NsYWIuY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBXZWkgTGl1IDx3 bEB4ZW4ub3JnPgoKLS0tIGEvZG9jcy9taXNjL3hlbi1jb21tYW5kLWxpbmUu cGFuZG9jCisrKyBiL2RvY3MvbWlzYy94ZW4tY29tbWFuZC1saW5lLnBhbmRv YwpAQCAtMTE3MSw3ICsxMTcxLDcgQEAgZGV0ZWN0aW9uIG9mIHN5c3RlbXMg a25vd24gdG8gbWlzYmVoYXZlCiA+IERlZmF1bHQ6IGBuZXdgIHVubGVzcyBk aXJlY3RlZC1FT0kgaXMgc3VwcG9ydGVkCiAKICMjIyBpb21tdQotICAgID0g TGlzdCBvZiBbIDxib29sPiwgdmVyYm9zZSwgZGVidWcsIGZvcmNlLCByZXF1 aXJlZCwKKyAgICA9IExpc3Qgb2YgWyA8Ym9vbD4sIHZlcmJvc2UsIGRlYnVn LCBmb3JjZSwgcmVxdWlyZWQsIHF1YXJhbnRpbmUsCiAgICAgICAgICAgICAg ICAgc2hhcmVwdCwgaW50cmVtYXAsIGludHBvc3QsIGNyYXNoLWRpc2FibGUs CiAgICAgICAgICAgICAgICAgc25vb3AsIHFpbnZhbCwgaWdmeCwgYW1kLWlv bW11LXBlcmRldi1pbnRyZW1hcCwKICAgICAgICAgICAgICAgICBkb20wLXtw YXNzdGhyb3VnaCxzdHJpY3R9IF0KQEAgLTEyMDksNiArMTIwOSwxMiBAQCBi b29sZWFuIChlLmcuIGBpb21tdT1ub2ApIGNhbiBvdmVycmlkZSB0CiAgICAg d2lsbCBwcmV2ZW50IFhlbiBmcm9tIGJvb3RpbmcgaWYgSU9NTVVzIGFyZW4n dCBkaXNjb3ZlcmVkIGFuZCBlbmFibGVkCiAgICAgc3VjY2Vzc2Z1bGx5Lgog CisqICAgVGhlIGBxdWFyYW50aW5lYCBib29sZWFuIGNhbiBiZSB1c2VkIHRv IGNvbnRyb2wgWGVuJ3MgYmVoYXZpb3Igd2hlbgorICAgIGRlLWFzc2lnbmlu ZyBkZXZpY2VzIGZyb20gZ3Vlc3RzLiAgSWYgZW5hYmxlZCAodGhlIGRlZmF1 bHQpLCBYZW4gYWx3YXlzCisgICAgcXVhcmFudGluZXMgc3VjaCBkZXZpY2Vz OyB0aGV5IG11c3QgYmUgZXhwbGljaXRseSBhc3NpZ25lZCBiYWNrIHRvIERv bTAKKyAgICBiZWZvcmUgdGhleSBjYW4gYmUgdXNlZCB0aGVyZSBhZ2Fpbi4g IElmIGRpc2FibGVkLCBYZW4gd2lsbCBvbmx5CisgICAgcXVhcmFudGluZSBk ZXZpY2VzIHRoZSB0b29sc3RhY2sgaGFzcyBhcnJhbmdlZCBmb3IgZ2V0dGlu ZyBxdWFyYW50aW5lZC4KKwogKiAgIFRoZSBgc2hhcmVwdGAgYm9vbGVhbiBj b250cm9scyB3aGV0aGVyIHRoZSBJT01NVSBwYWdldGFibGVzIGFyZSBzaGFy ZWQKICAgICB3aXRoIHRoZSBDUFUtc2lkZSBIQVAgcGFnZXRhYmxlcywgb3Ig YWxsb2NhdGVkIHNlcGFyYXRlbHkuICBTaGFyaW5nCiAgICAgcmVkdWNlcyB0 aGUgbWVtb3J5IG92ZXJoZWFkLCBidXQgZG9lc24ndCB3b3JrIGluIGNvbWJp bmF0aW9uIHdpdGggQ1BVLXNpZGUKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Ro cm91Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9p b21tdS5jCkBAIC0zMCw2ICszMCw3IEBAIGJvb2xfdCBfX2luaXRkYXRhIGlv bW11X2VuYWJsZSA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBpb21tdV9l bmFibGVkOwogYm9vbF90IF9fcmVhZF9tb3N0bHkgZm9yY2VfaW9tbXU7CiBi b29sX3QgX19yZWFkX21vc3RseSBpb21tdV92ZXJib3NlOworYm9vbCBfX3Jl YWRfbW9zdGx5IGlvbW11X3F1YXJhbnRpbmUgPSB0cnVlOwogYm9vbF90IF9f cmVhZF9tb3N0bHkgaW9tbXVfaWdmeCA9IDE7CiBib29sX3QgX19yZWFkX21v c3RseSBpb21tdV9zbm9vcCA9IDE7CiBib29sX3QgX19yZWFkX21vc3RseSBp b21tdV9xaW52YWwgPSAxOwpAQCAtNzQsNiArNzUsOCBAQCBzdGF0aWMgaW50 IF9faW5pdCBwYXJzZV9pb21tdV9wYXJhbShjb25zCiAgICAgICAgIGVsc2Ug aWYgKCAodmFsID0gcGFyc2VfYm9vbGVhbigiZm9yY2UiLCBzLCBzcykpID49 IDAgfHwKICAgICAgICAgICAgICAgICAgICh2YWwgPSBwYXJzZV9ib29sZWFu KCJyZXF1aXJlZCIsIHMsIHNzKSkgPj0gMCApCiAgICAgICAgICAgICBmb3Jj ZV9pb21tdSA9IHZhbDsKKyAgICAgICAgZWxzZSBpZiAoICh2YWwgPSBwYXJz ZV9ib29sZWFuKCJxdWFyYW50aW5lIiwgcywgc3MpKSA+PSAwICkKKyAgICAg ICAgICAgIGlvbW11X3F1YXJhbnRpbmUgPSB2YWw7CiAgICAgICAgIGVsc2Ug aWYgKCAodmFsID0gcGFyc2VfYm9vbGVhbigiaWdmeCIsIHMsIHNzKSkgPj0g MCApCiAgICAgICAgICAgICBpb21tdV9pZ2Z4ID0gdmFsOwogICAgICAgICBl bHNlIGlmICggKHZhbCA9IHBhcnNlX2Jvb2xlYW4oInZlcmJvc2UiLCBzLCBz cykpID49IDAgKQotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9wY2ku YworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9wY2kuYwpAQCAtMTU0 OCw3ICsxNTQ4LDggQEAgaW50IGRlYXNzaWduX2RldmljZShzdHJ1Y3QgZG9t YWluICpkLCB1MQogICAgICAgICByZXR1cm4gLUVOT0RFVjsKIAogICAgIC8q IERlLWFzc2lnbm1lbnQgZnJvbSBkb21faW8gc2hvdWxkIGRlLXF1YXJhbnRp bmUgdGhlIGRldmljZSAqLwotICAgIHRhcmdldCA9IChwZGV2LT5xdWFyYW50 aW5lICYmIHBkZXYtPmRvbWFpbiAhPSBkb21faW8pID8KKyAgICB0YXJnZXQg PSAoKHBkZXYtPnF1YXJhbnRpbmUgfHwgaW9tbXVfcXVhcmFudGluZSkgJiYK KyAgICAgICAgICAgICAgcGRldi0+ZG9tYWluICE9IGRvbV9pbykgPwogICAg ICAgICBkb21faW8gOiBoYXJkd2FyZV9kb21haW47CiAKICAgICB3aGlsZSAo IHBkZXYtPnBoYW50b21fc3RyaWRlICkKLS0tIGEveGVuL2luY2x1ZGUveGVu L2lvbW11LmgKKysrIGIveGVuL2luY2x1ZGUveGVuL2lvbW11LmgKQEAgLTUz LDcgKzUzLDcgQEAgc3RhdGljIGlubGluZSBib29sX3QgZGZuX2VxKGRmbl90 IHgsIGRmbgogfQogCiBleHRlcm4gYm9vbF90IGlvbW11X2VuYWJsZSwgaW9t bXVfZW5hYmxlZDsKLWV4dGVybiBib29sX3QgZm9yY2VfaW9tbXUsIGlvbW11 X3ZlcmJvc2UsIGlvbW11X2lnZng7CitleHRlcm4gYm9vbCBmb3JjZV9pb21t dSwgaW9tbXVfcXVhcmFudGluZSwgaW9tbXVfdmVyYm9zZSwgaW9tbXVfaWdm eDsKIGV4dGVybiBib29sX3QgaW9tbXVfc25vb3AsIGlvbW11X3FpbnZhbCwg aW9tbXVfaW50cmVtYXAsIGlvbW11X2ludHBvc3Q7CiBleHRlcm4gYm9vbF90 IGlvbW11X2hhcF9wdF9zaGFyZTsKIGV4dGVybiBib29sX3QgaW9tbXVfZGVi dWc7Cg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Dec 11 12:06:46 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 11 Dec 2019 12:06:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0kl-00054D-76; Wed, 11 Dec 2019 12:06:03 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0kk-000543-Nl for xen-announce@lists.xen.org; Wed, 11 Dec 2019 12:06:02 +0000 X-Inumbo-ID: 92eba66a-1c0e-11ea-88e7-bc764e2007e4 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 92eba66a-1c0e-11ea-88e7-bc764e2007e4; Wed, 11 Dec 2019 12:05:51 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0kQ-0008LX-Qu; Wed, 11 Dec 2019 12:05:42 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1if0kQ-0008H0-ON; Wed, 11 Dec 2019 12:05:42 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 11 Dec 2019 12:05:42 +0000 Subject: [Xen-announce] Xen Security Advisory 307 v3 (CVE-2019-19581, CVE-2019-19582) - find_next_bit() issues X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19581,CVE-2019-19582 / XSA-307 version 3 find_next_bit() issues UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: - - On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. (CVE-2019-19581) - - On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. (CVE-2019-19582) IMPACT ====== A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. x86 systems with 64 or more nodes are vulnerable. We are unaware of any such systems that Xen would run on. 64-bit Arm systems as well as x86 systems with less than 64 nodes are not vulnerable. MITIGATION ========== There is no known mitigation for 32-bit Arm systems. For x86 systems the issue can be avoided by suppressing the use of NUMA information provided by firmware, via the "numa=off" command line option. RESOLUTION ========== Applying the attached patch resolves this issue. xsa307.patch xen-unstable, Xen 4.13.x ... 4.8.x $ sha256sum xsa307* e589e96a0b3ec66f1d2d6393b82fab13ed18fd9fb112044a12263336b8499c68 xsa307.meta 7df052768cc05329bc44bf724897227885da8bb2cde9ff01d0ba2a34611bde97 xsa307.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w24gMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZxokH/2bGTmGUZP0tyc+oDHjlrr3+FarhoJnRTl4EoqJS hzsa5OkcqzcEgrQ+7VL7dLW3AboT2zcx2RQ9HyxCz61BfDY1XF8EDDr6chJiNofN J7OGirNzSBHFFQJOc2KFG8al+1F8WzzKP3UMbqNBrqB07/tQc5lttdbA/t5Tnp9c xreCAkkBscDk1LFR8HiUA3YeykiHQtF09O+VnxXO2AD/Dpo8e+K6AmJkCZ4+ysNP JKMc13vQ3UKjMmYzgbuNCIswNu1Wy3EnNZMf2zvGIhuw6iN6vSJJgoz0OSPUb4yY kXEe1dlgseSbMxXEqj4IyZ69pEw6Ijj+H6PybQo/IOie7q0= =7XWU -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa307.meta" Content-Disposition: attachment; filename="xsa307.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMDcsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiCiAgXSwKICAiVHJl ZXMiOiBbCiAgICAieGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4x MCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiZTQ4OTk1NTBmZjc4MzRlMWVhNWRmYmJm YjFjNjE4ZjY0ZTI0Nzc2MSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtdLAog ICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMDcucGF0 Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAg IjQuMTEiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7 CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjIzOWQzN2U1MTRjOTNlMjlkNTBk NzFmNzM0YjFkYzQ1M2IyMjM2YTYiLAogICAgICAgICAgIlByZXJlcXMiOiBb XSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzA3 LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwK ICAgICI0LjEyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVu IjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIyMTJiODUwMGNiMzk0YjNh NjY0NjU1Zjc5Y2EwYmRjYjMxMjQ2ZmY3IiwKICAgICAgICAgICJQcmVyZXFz IjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhz YTMwNy5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAg IH0sCiAgICAiNC4xMyI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAg InhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZmQ5YmZhYmY2OWVh NTlmMjI4MGMxNzAzNTAwNzkzZmExNWU4MTk1NiIsCiAgICAgICAgICAiUHJl cmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAg ICJ4c2EzMDcucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9 CiAgICB9LAogICAgIjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAg ICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiYTI2MGU5M2Ri Nzk0ZjU2MDUwMmU4OTg1OWFhZjExMWQxNzhlODBlNCIsCiAgICAgICAgICAi UHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAg ICAgICJ4c2EzMDcucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAg ICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiOGQxZWU5 ZjJjNDczZmVjNTRiNTAxOGMwMWFkNTU2ZDdhZmQ2MmMxNyIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAg ICAgICAgICJ4c2EzMDcucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQog ICAgICB9CiAgICB9LAogICAgIm1hc3RlciI6IHsKICAgICAgIlJlY2lwZXMi OiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAi YjczYWFkNGM4YjZhNzY3Y2UxNWNjOGNiNjVmOWVlYWI3YmZjY2RhZSIsCiAg ICAgICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBb CiAgICAgICAgICAgICJ4c2EzMDcucGF0Y2giCiAgICAgICAgICBdCiAgICAg ICAgfQogICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa307.patch" Content-Disposition: attachment; filename="xsa307.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODYrQXJtMzI6IG1ha2UgZmluZF9uZXh0X3ssemVyb199Yml0KCkgaGF2 ZSB3ZWxsIGRlZmluZWQgYmVoYXZpb3IKClRoZXNlIGZ1bmN0aW9ucyBnZXR0 aW5nIHVzZWQgd2l0aCB0aGUgMm5kIGFuZCAzcmQgYXJndW1lbnRzIGJlaW5n IGVxdWFsCndhc24ndCB3ZWxsIGRlZmluZWQ6IEFybTY0IHJlbGlhYmx5IHJl dHVybnMgdGhlIHZhbHVlIG9mIHRoZSAybmQKYXJndW1lbnQgaW4gdGhpcyBj YXNlLCB3aGlsZSBvbiB4ODYgZm9yIGJpdG1hcHMgdXAgdG8gNjQgYml0cyB3 aWRlIHRoZQpyZXR1cm4gdmFsdWUgd2FzIHVuZGVmaW5lZCAoZHVlIHRvIHRo ZSB1bmRlZmluZWQgYmVoYXZpb3Igb2YgYSBzaGlmdCBvZgphIHZhbHVlIGJ5 IHRoZSBudW1iZXIgb2YgYml0cyBpdCdzIHdpZGUpIHdoZW4gdGhlIGluY29t aW5nIHZhbHVlIHdhcyA2NC4KT24gQXJtMzIgYW4gYWN0dWFsIG91dCBvZiBi b3VuZHMgYWNjZXNzIHdvdWxkIGhhcHBlbiB3aGVuIHRoZQpzaXplL29mZnNl dCB2YWx1ZSBpcyBhIG11bHRpcGxlIG9mIDMyOyBpZiB0aGlzIGFjY2VzcyBk b2Vzbid0IGZhdWx0LCB0aGUKcmV0dXJuIHZhbHVlIHdvdWxkIGhhdmUgYmVl biBzdWZmaWNpZW50bHkgY29ycmVjdCBhZmFpY3QuCgpNYWtlIHRoZSBmdW5j dGlvbnMgY29uc2lzdGVudGx5IHRvbGVyYXRlIHRoZSBsYXN0IHR3byBhcmd1 bWVudHMgYmVpbmcKZXF1YWwgKGFuZCBpbiBmYWN0IHRoZSAzcmQgYXJndW1l bnQgYmVpbmcgZ3JlYXRlciBvciBlcXVhbCB0byB0aGUgMm5kKSwKaW4gZmF2 b3Igb2YgZmluZGluZyBhbmQgZml4aW5nIGFsbCB0aGUgdXNlIHNpdGVzIHRo YXQgdmlvbGF0ZSB0aGUKb3JpZ2luYWwgbW9yZSBzdHJpY3QgYXNzdW1wdGlv bi4KClRoaXMgaXMgWFNBLTMwNy4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IEp1bGllbiBHcmFs bCA8anVsaWVuQHhlbi5vcmc+Ci0tLQpUaGUgbW9zdCBvYnZpb3VzIChhbGJl aXQgc3RpbGwgaW5kaXJlY3QpIGV4cG9zdXJlIHRvIGd1ZXN0cyBpcwpldnRj aG5fY2hlY2tfcG9sbGVycygpLCB3aGljaCBpbW8gbWFrZXMgdGhpcyBhIHNl Y3VyaXR5IGlzc3VlIGF0IGxlYXN0CmZvciBBcm0zMi4KClRoaXMgd2FzIG9y aWdpbmFsbHkgYWxyZWFkeSBkaXNjdXNzZWQgYmV0d2VlbiAoYXQgbGVhc3Qp IEFuZHJldyBhbmQgbWUsCmFuZCBJIGRvbid0IHJlYWxseSByZWNhbGwgd2hv IGJyb3VnaHQgdXAgdGhlIGlzc3VlIGZpcnN0LgoKTm90ZSB0aGF0IEFybSdz IExpbnV4IG9yaWdpbiBvZiB0aGUgY29kZSBtYXkgY2FsbCBmb3Igc3luY2lu ZwpwdWJsaWNhdGlvbiB3aXRoIHRoZW0uIFRoZW4gYWdhaW4gSSBkb24ndCB3 YW50IHRvIHRlbGwgdGhlbSBqdXN0IHRvIHNlZQp0aGVtIGdvIHB1YmxpYyBh aGVhZCBvZiB1cy4KCi0tLSBhL3hlbi9hcmNoL2FybS9hcm0zMi9saWIvZmlu ZGJpdC5TCisrKyBiL3hlbi9hcmNoL2FybS9hcm0zMi9saWIvZmluZGJpdC5T CkBAIC00Miw4ICs0Miw4IEBAIEVORFBST0MoX2ZpbmRfZmlyc3RfemVyb19i aXRfbGUpCiAgKiBQcm90b3R5cGU6IGludCBmaW5kX25leHRfemVyb19iaXQo dm9pZCAqYWRkciwgdW5zaWduZWQgaW50IG1heGJpdCwgaW50IG9mZnNldCkK ICAqLwogRU5UUlkoX2ZpbmRfbmV4dF96ZXJvX2JpdF9sZSkKLQkJdGVxCXIx LCAjMAotCQliZXEJM2IKKwkJY21wCXIxLCByMgorCQlibHMJM2IKIAkJYW5k cwlpcCwgcjIsICM3CiAJCWJlcQkxYgkJCUAgSWYgbmV3IGJ5dGUsIGdvdG8g b2xkIHJvdXRpbmUKICBBUk0oCQlsZHJiCXIzLCBbcjAsIHIyLCBsc3IgIzNd CSkKQEAgLTgzLDggKzgzLDggQEAgRU5EUFJPQyhfZmluZF9maXJzdF9iaXRf bGUpCiAgKiBQcm90b3R5cGU6IGludCBmaW5kX25leHRfemVyb19iaXQodm9p ZCAqYWRkciwgdW5zaWduZWQgaW50IG1heGJpdCwgaW50IG9mZnNldCkKICAq LwogRU5UUlkoX2ZpbmRfbmV4dF9iaXRfbGUpCi0JCXRlcQlyMSwgIzAKLQkJ YmVxCTNiCisJCWNtcAlyMSwgcjIKKwkJYmxzCTNiCiAJCWFuZHMJaXAsIHIy LCAjNwogCQliZXEJMWIJCQlAIElmIG5ldyBieXRlLCBnb3RvIG9sZCByb3V0 aW5lCiAgQVJNKAkJbGRyYglyMywgW3IwLCByMiwgbHNyICMzXQkpCkBAIC0x MTcsOCArMTE3LDggQEAgRU5UUlkoX2ZpbmRfZmlyc3RfemVyb19iaXRfYmUp CiBFTkRQUk9DKF9maW5kX2ZpcnN0X3plcm9fYml0X2JlKQogCiBFTlRSWShf ZmluZF9uZXh0X3plcm9fYml0X2JlKQotCQl0ZXEJcjEsICMwCi0JCWJlcQkz YgorCQljbXAJcjEsIHIyCisJCWJscwkzYgogCQlhbmRzCWlwLCByMiwgIzcK IAkJYmVxCTFiCQkJQCBJZiBuZXcgYnl0ZSwgZ290byBvbGQgcm91dGluZQog CQllb3IJcjMsIHIyLCAjMHgxOAkJQCBiaWcgZW5kaWFuIGJ5dGUgb3JkZXJp bmcKQEAgLTE1MSw4ICsxNTEsOCBAQCBFTlRSWShfZmluZF9maXJzdF9iaXRf YmUpCiBFTkRQUk9DKF9maW5kX2ZpcnN0X2JpdF9iZSkKIAogRU5UUlkoX2Zp bmRfbmV4dF9iaXRfYmUpCi0JCXRlcQlyMSwgIzAKLQkJYmVxCTNiCisJCWNt cAlyMSwgcjIKKwkJYmxzCTNiCiAJCWFuZHMJaXAsIHIyLCAjNwogCQliZXEJ MWIJCQlAIElmIG5ldyBieXRlLCBnb3RvIG9sZCByb3V0aW5lCiAJCWVvcgly MywgcjIsICMweDE4CQlAIGJpZyBlbmRpYW4gYnl0ZSBvcmRlcmluZwotLS0g YS94ZW4vaW5jbHVkZS9hc20teDg2L2JpdG9wcy5oCisrKyBiL3hlbi9pbmNs dWRlL2FzbS14ODYvYml0b3BzLmgKQEAgLTM1OCw3ICszNTgsNyBAQCBzdGF0 aWMgYWx3YXlzX2lubGluZSB1bnNpZ25lZCBpbnQgX19zY2FuCiAgICAgY29u c3QgdW5zaWduZWQgbG9uZyAqYV9fID0gKGFkZHIpOyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgIHVuc2lnbmVkIGludCBz X18gPSAoc2l6ZSk7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIFwKICAgICB1bnNpZ25lZCBpbnQgb19fID0gKG9mZik7 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBcCi0gICAgaWYgKCBfX2J1aWx0aW5fY29uc3RhbnRfcChzaXplKSAmJiAh c19fICkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAorICAgIGlm ICggb19fID49IHNfXyApICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICAgcl9fID0gc19f OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcCiAgICAgZWxzZSBpZiAoIF9fYnVpbHRpbl9jb25z dGFudF9wKHNpemUpICYmIHNfXyA8PSBCSVRTX1BFUl9MT05HICkgICAgICAg ICAgXAogICAgICAgICByX18gPSBvX18gKyBfX3NjYW5iaXQoKihjb25zdCB1 bnNpZ25lZCBsb25nICopKGFfXykgPj4gb19fLCBzX18pOyAgIFwKQEAgLTM5 MCw3ICszOTAsNyBAQCBzdGF0aWMgYWx3YXlzX2lubGluZSB1bnNpZ25lZCBp bnQgX19zY2FuCiAgICAgY29uc3QgdW5zaWduZWQgbG9uZyAqYV9fID0gKGFk ZHIpOyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAog ICAgIHVuc2lnbmVkIGludCBzX18gPSAoc2l6ZSk7ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICB1bnNpZ25l ZCBpbnQgb19fID0gKG9mZik7ICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBcCi0gICAgaWYgKCBfX2J1aWx0aW5fY29u c3RhbnRfcChzaXplKSAmJiAhc19fICkgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgXAorICAgIGlmICggb19fID49IHNfXyApICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwK ICAgICAgICAgcl9fID0gc19fOyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICAgZWxzZSBp ZiAoIF9fYnVpbHRpbl9jb25zdGFudF9wKHNpemUpICYmIHNfXyA8PSBCSVRT X1BFUl9MT05HICkgICAgICAgICAgXAogICAgICAgICByX18gPSBvX18gKyBf X3NjYW5iaXQofiooY29uc3QgdW5zaWduZWQgbG9uZyAqKShhX18pID4+IG9f Xywgc19fKTsgIFwK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Dec 11 12:10:07 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 11 Dec 2019 12:10:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0oU-0005cd-Kt; Wed, 11 Dec 2019 12:09:54 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0oT-0005bg-7j for xen-announce@lists.xen.org; Wed, 11 Dec 2019 12:09:53 +0000 X-Inumbo-ID: 1a1b4bd6-1c0f-11ea-8b1b-12813bfff9fa Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 1a1b4bd6-1c0f-11ea-8b1b-12813bfff9fa; Wed, 11 Dec 2019 12:09:37 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0o9-0008S0-Ac; Wed, 11 Dec 2019 12:09:33 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1if0o9-0001dU-9U; Wed, 11 Dec 2019 12:09:33 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 11 Dec 2019 12:09:33 +0000 Subject: [Xen-announce] Xen Security Advisory 308 v3 (CVE-2019-19583) - VMX: VMentry failure with debug exceptions and blocked states X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19583 / XSA-308 version 3 VMX: VMentry failure with debug exceptions and blocked states UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= Please see XSA-260 for background on the MovSS shadow: http://xenbits.xen.org/xsa/advisory-260.html Please see XSA-156 for background on the need for #DB interception: http://xenbits.xen.org/xsa/advisory-156.html The VMX VMEntry checks does not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. IMPACT ====== HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. VULNERABLE SYSTEMS ================== All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. MITIGATION ========== Running only PV guests will avoid this vulnerability. Running HVM guests on only AMD hardware will also avoid this vulnerability. CREDITS ======= This issue was discovered by Håkon Alstadheim and diagnosed as a security issue by Andrew Cooper of Citrix. RESOLUTION ========== Applying the attached patch resolves this issue. xsa308.patch xen-unstable, Xen 4.13.x .. Xen 4.8.x $ sha256sum xsa308* 4aa06d21478d9debb12388ff14d8abc31982e18895db40d0cec78fcc9fe68ef2 xsa308.meta 7e782b09b16f7534c8db52042f7bb3bd730d108571c8b10af184ae0b02fdae9d xsa308.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3FsMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZWHwIAIfuiZE/IyxMwTAkZL3EugBnlxxHodoBuj6imn+n c9DvMk3TCi3vSgvZQtVpP0eNuuLN5285hVyI95lRE0LTmtRLc7jATktStRTgGkua znW8U1sqkVRWJcVuN4uAM2zIY60pMZnFjZxdJW12+wpcA13LInE1cDWnlRv+cdD9 7DtVkGUWXjfbcm3KXGZw8YpKvTgVp983VpywR/1lzXZ+MexWzKuEco8fZFayw0ne 3nT/23Y1ofjCflNFjc7HoeJZl+zy493J/rqHS8yYI3d4vTdIfjue3rZ/X6305el9 zjCG5zXygrWVAoKGWVnPZweX1jw8rd6BlsPTqQb53UH94zc= =yTxW -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa308.meta" Content-Disposition: attachment; filename="xsa308.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMDgsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiCiAgXSwKICAiVHJl ZXMiOiBbCiAgICAieGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4x MCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiZTQ4OTk1NTBmZjc4MzRlMWVhNWRmYmJm YjFjNjE4ZjY0ZTI0Nzc2MSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMzA3CiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMi OiBbCiAgICAgICAgICAgICJ4c2EzMDgucGF0Y2giCiAgICAgICAgICBdCiAg ICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuMTEiOiB7CiAgICAgICJS ZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxl UmVmIjogIjIzOWQzN2U1MTRjOTNlMjlkNTBkNzFmNzM0YjFkYzQ1M2IyMjM2 YTYiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDMwNwog ICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAg ICAieHNhMzA4LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAg fQogICAgfSwKICAgICI0LjEyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAg ICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIyMTJiODUw MGNiMzk0YjNhNjY0NjU1Zjc5Y2EwYmRjYjMxMjQ2ZmY3IiwKICAgICAgICAg ICJQcmVyZXFzIjogWwogICAgICAgICAgICAzMDcKICAgICAgICAgIF0sCiAg ICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMwOC5wYXRj aCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAi NC4xMyI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsK ICAgICAgICAgICJTdGFibGVSZWYiOiAiZmQ5YmZhYmY2OWVhNTlmMjI4MGMx NzAzNTAwNzkzZmExNWU4MTk1NiIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtd LAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMDgu cGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAog ICAgIjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6 IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiYTI2MGU5M2RiNzk0ZjU2MDUw MmU4OTg1OWFhZjExMWQxNzhlODBlNCIsCiAgICAgICAgICAiUHJlcmVxcyI6 IFsKICAgICAgICAgICAgMzA3CiAgICAgICAgICBdLAogICAgICAgICAgIlBh dGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMDgucGF0Y2giCiAgICAgICAg ICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAg ICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJT dGFibGVSZWYiOiAiOGQxZWU5ZjJjNDczZmVjNTRiNTAxOGMwMWFkNTU2ZDdh ZmQ2MmMxNyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAg MzA3CiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAg ICAgICAgICJ4c2EzMDgucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQog ICAgICB9CiAgICB9LAogICAgIm1hc3RlciI6IHsKICAgICAgIlJlY2lwZXMi OiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAi YjczYWFkNGM4YjZhNzY3Y2UxNWNjOGNiNjVmOWVlYWI3YmZjY2RhZSIsCiAg ICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMzA3CiAgICAgICAg ICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2Ez MDgucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9 CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa308.patch" Content-Disposition: attachment; filename="xsa308.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L3Z0eDogV29yayBhcm91bmQgU2luZ2xlU3RlcCAr IFNUSS9Nb3ZTUyBWTUVudHJ5IGZhaWx1cmVzCgpTZWUgcGF0Y2ggY29tbWVu dCBmb3IgdGVjaG5pY2FsIGRldGFpbHMuCgpDb25jZXJuaW5nIHRoZSB0aW1l bGluZSwgdGhpcyB3YXMgZmlyc3QgZGlzY292ZXJlZCBpbiB0aGUgYWZ0ZXJt YXRoIG9mClhTQS0xNTYgd2hpY2ggY2F1c2VkICNEQiB0byBiZSBpbnRlcmNl cHRlZCB1bmNvbmRpdGlvbmFsbHksIGJ1dCBvbmx5IGluCml0cyBTaW5nbGVT dGVwICsgU1RJIGZvcm0gd2hpY2ggaXMgcmVzdHJpY3RlZCB0byBwcml2aWxl Z2VkIHNvZnR3YXJlLgoKQWZ0ZXIgd29ya2luZyB3aXRoIEludGVsIGFuZCBp ZGVudGlmeWluZyB0aGUgcHJvYmxlbWF0aWMgdm1lbnRyeSBjaGVjaywKdGhp cyB3b3JrYXJvdW5kIHdhcyBzdWdnZXN0ZWQsIGFuZCB0aGUgcGF0Y2ggd2Fz IHBvc3RlZCBpbiBhbiBSRkMKc2VyaWVzLiAgT3V0c3RhbmRpbmcgd29yayBm b3IgdGhhdCBzZXJpZXMgKG5vdCBicmVha2luZyBJbnRyb3NwZWN0aW9uKQpp cyBzdGlsbCBwZW5kaW5nLCBhbmQgdGhpcyBmaXggZnJvbSBpdCAod2hpY2gg d291bGRuJ3QgaGF2ZSBiZWVuIGdvb2QKZW5vdWdoIGluIGl0cyBvcmlnaW5h bCBmb3JtKSB3YXNuJ3QgY29tbWl0dGVkLgoKQSB2bWVudHJ5IGZhaWx1cmUg d2FzIHJlcG9ydGVkIHRvIHhlbi1kZXZlbCwgYW5kIGRlYnVnZ2luZyBpZGVu dGlmaWVkCnRoaXMgYnVnIGluIGl0cyBTaW5nbGVTdGVwICsgTW92U1MgZm9y bSBieSB3YXkgb2YgSU5UMSwgd2hpY2ggZG9lcyBub3QKaW52b2x2ZSB0aGUg dXNlIG9mIGFueSBwcml2aWxlZ2VkIGluc3RydWN0aW9ucywgYW5kIHByb3Zp bmcgdGhpcyB0byBiZSBhCnNlY3VyaXR5IGlzc3VlLgoKVGhpcyBpcyBYU0Et MzA4CgpSZXBvcnRlZC1ieTogSMOla29uIEFsc3RhZGhlaW0gPGhha29uQGFs c3RhZGhlaW0ucHJpdi5ubz4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEph biBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IEtldmlu IFRpYW4gPGtldmluLnRpYW5AaW50ZWwuY29tPgoKZGlmZiAtLWdpdCBhL3hl bi9hcmNoL3g4Ni9odm0vdm14L3ZteC5jIGIveGVuL2FyY2gveDg2L2h2bS92 bXgvdm14LmMKaW5kZXggNmE1ZWViNWMxMy4uNTliODM2ZjQzZiAxMDA2NDQK LS0tIGEveGVuL2FyY2gveDg2L2h2bS92bXgvdm14LmMKKysrIGIveGVuL2Fy Y2gveDg2L2h2bS92bXgvdm14LmMKQEAgLTM4MTYsNiArMzgxNiw0MiBAQCB2 b2lkIHZteF92bWV4aXRfaGFuZGxlcihzdHJ1Y3QgY3B1X3VzZXJfcmVncyAq cmVncykKICAgICAgICAgICAgIEhWTVRSQUNFXzFEKFRSQVBfREVCVUcsIGV4 aXRfcXVhbGlmaWNhdGlvbik7CiAgICAgICAgICAgICBfX3Jlc3RvcmVfZGVi dWdfcmVnaXN0ZXJzKHYpOwogICAgICAgICAgICAgd3JpdGVfZGVidWdyZWco NiwgZXhpdF9xdWFsaWZpY2F0aW9uIHwgRFJfU1RBVFVTX1JFU0VSVkVEX09O RSk7CisKKyAgICAgICAgICAgIC8qCisgICAgICAgICAgICAgKiBXb3JrIGFy b3VuZCBTaW5nbGVTdGVwICsgU1RJL01vdlNTIFZNRW50cnkgZmFpbHVyZXMu CisgICAgICAgICAgICAgKgorICAgICAgICAgICAgICogV2UgaW50ZXJjZXB0 ICNEQiB1bmNvbmRpdGlvbmFsbHkgdG8gd29yayBhcm91bmQgQ1ZFLTIwMTUt ODEwNCAvCisgICAgICAgICAgICAgKiBYU0EtMTU2IChndWVzdC1rZXJuZWwg aW5kdWNlZCBob3N0IERvUykuCisgICAgICAgICAgICAgKgorICAgICAgICAg ICAgICogU1RJL01vdlNTIHNoYWRvd3MgYmxvY2svZGVmZXIgaW50ZXJydXB0 cy9leGNlcHRpb25zIChleGFjdAorICAgICAgICAgICAgICogZGV0YWlscyBh cmUgY29tcGxpY2F0ZWQgYW5kIHBvb3JseSBkb2N1bWVudGVkKS4gIERlYnVn CisgICAgICAgICAgICAgKiBleGNlcHRpb25zIGRlbGF5ZWQgZm9yIGFueSBy ZWFzb24gYXJlIHN0b3JlZCBpbiB0aGUKKyAgICAgICAgICAgICAqIFBFTkRJ TkdfREJHX0VYQ0VQVElPTlMgZmllbGQuCisgICAgICAgICAgICAgKgorICAg ICAgICAgICAgICogVGhlIGZhbGxpbmcgZWRnZSBvZiBQRU5ESU5HX0RCRyBj YXVzZXMgI0RCIHRvIGJlIGRlbGl2ZXJlZCwKKyAgICAgICAgICAgICAqIHJl c3VsdGluZyBpbiBhIFZNRXhpdCwgYXMgI0RCIGlzIGludGVyY2VwdGVkLiAg VGhlIFZNQ1Mgc3RpbGwKKyAgICAgICAgICAgICAqIHJlcG9ydHMgYmxvY2tl ZC1ieS1TVEkvTW92U1MuCisgICAgICAgICAgICAgKgorICAgICAgICAgICAg ICogVGhlIFZNRW50cnkgY2hlY2tzIHdoZW4gRUZMQUdTLlRGIGlzIHNldCBk b24ndCBsaWtlIGEgVk1DUyBpbgorICAgICAgICAgICAgICogdGhpcyBzdGF0 ZS4gIERlc3BpdGUgYSAjREIgcXVldWVkIGluIFZNRU5UUllfSU5UUl9JTkZP LCB0aGUKKyAgICAgICAgICAgICAqIHN0YXRlIGlzIHJlamVjdGVkIGFzIERS Ni5CUyBpc24ndCBwZW5kaW5nLiAgRml4IHRoaXMgdXAuCisgICAgICAgICAg ICAgKi8KKyAgICAgICAgICAgIGlmICggdW5saWtlbHkocmVncy0+ZWZsYWdz ICYgWDg2X0VGTEFHU19URikgKQorICAgICAgICAgICAgeworICAgICAgICAg ICAgICAgIHVuc2lnbmVkIGxvbmcgaW50X2luZm87CisKKyAgICAgICAgICAg ICAgICBfX3ZtcmVhZChHVUVTVF9JTlRFUlJVUFRJQklMSVRZX0lORk8sICZp bnRfaW5mbyk7CisKKyAgICAgICAgICAgICAgICBpZiAoIGludF9pbmZvICYg KFZNWF9JTlRSX1NIQURPV19TVEkgfCBWTVhfSU5UUl9TSEFET1dfTU9WX1NT KSApCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAgICAgICB1 bnNpZ25lZCBsb25nIHBlbmRpbmdfZGJnOworCisgICAgICAgICAgICAgICAg ICAgIF9fdm1yZWFkKEdVRVNUX1BFTkRJTkdfREJHX0VYQ0VQVElPTlMsICZw ZW5kaW5nX2RiZyk7CisgICAgICAgICAgICAgICAgICAgIF9fdm13cml0ZShH VUVTVF9QRU5ESU5HX0RCR19FWENFUFRJT05TLAorICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgcGVuZGluZ19kYmcgfCBEUl9TVEVQKTsKKyAgICAg ICAgICAgICAgICB9CisgICAgICAgICAgICB9CisKICAgICAgICAgICAgIGlm ICggIXYtPmRvbWFpbi0+ZGVidWdnZXJfYXR0YWNoZWQgKQogICAgICAgICAg ICAgewogICAgICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcgaW5zbl9sZW4g PSAwOwo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Dec 11 12:10:07 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 11 Dec 2019 12:10:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0oG-0005Tl-S5; Wed, 11 Dec 2019 12:09:40 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0oG-0005TY-Ac for xen-announce@lists.xen.org; Wed, 11 Dec 2019 12:09:40 +0000 X-Inumbo-ID: 138c4da6-1c0f-11ea-a1e1-bc764e2007e4 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 138c4da6-1c0f-11ea-a1e1-bc764e2007e4; Wed, 11 Dec 2019 12:09:26 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0nx-0008RC-Qi; Wed, 11 Dec 2019 12:09:21 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1if0nx-0001b8-PT; Wed, 11 Dec 2019 12:09:21 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 11 Dec 2019 12:09:21 +0000 Subject: [Xen-announce] Xen Security Advisory 310 v3 (CVE-2019-19580) - Further issues with restartable PV type change operations X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19580 / XSA-310 version 3 Further issues with restartable PV type change operations UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. IMPACT ====== A malicious PV guest administrator may be able to escalate their privilege to that of the host. VULNERABLE SYSTEMS ================== All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. MITIGATION ========== Running only HVM or PVH guests will avoid this vulnerability. Running PV guests in "shim" mode will also avoid this vulnerability. CREDITS ======= This issue was discovered by Sarah Newman at prgmr.com. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa310/*.patch xen-unstable, Xen 4.13 - 4.10 xsa310-4.9/*.patch Xen 4.9 - 4.8 $ sha256sum xsa310* xsa310*/* 2208e40c71aa521ae487782bd751963ce696be451d10a179fcecdff7a0065369 xsa310.meta 8e75f0fb5fe890a661c8d46ec622131bc650f1a95b170b99569b50dd2224616c xsa310-4.9/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch 3da404a0c088936ed92377ccef1fa6fdeb23900358ca9284e3488e8e1dcb5dd2 xsa310-4.9/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch cd1a77c2f767474dcfbd1e6282ad3219ce2abcac2021b040120d40b52fc76bc8 xsa310-4.9/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch 44c670a1b1b8164202766d52fb741e62c104118525eb7a3e56f4b232bcb8be3f xsa310/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch 173dc0ffb4c572c8493bd9d5f3309b113e51888bdc9e462c78933f5c85f69b7a xsa310/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch 1833fbfc2cdea9b37f161b09df947dffdd8db5e60a2f3512913de0e0c0d4b3ef xsa310/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3F0MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ1noH/i6Sb3F6ZiaSl460OvdCRKd9lZm3ONunOH4IHuc6 +Q/G0G4b48UYfK/8FSAAjldv8tPOA5+j3GAFr2JgVtTWjP7tZyzSs0tDvn37sZrZ D3l0AeOHxLCuSRxnoRDtpKiuJv71DrnYEfCDdc6R4DTZuciOWYpYq6PQTac5bLZX 8G5nR+33SvzdIpncvONa0Xqm1+Cgy8yOOQQJHeQvN7GJfVvs6AHepU5zuP2Ez42W ReNA6o13xwiI8LGKvf8cV7s74JklIxR9gzkv4bBtMKInUY2loSIbKpI8E9GsVa3n VOJ2kwKgGgszewBoVyJdGYY1ZlXeIdPjOj7+575bsRnDlGo= =f2/B -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa310.meta" Content-Disposition: attachment; filename="xsa310.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMTAsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiCiAgXSwKICAiVHJl ZXMiOiBbCiAgICAieGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4x MCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiZTQ4OTk1NTBmZjc4MzRlMWVhNWRmYmJm YjFjNjE4ZjY0ZTI0Nzc2MSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgsCiAgICAgICAgICAgIDMw OQogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAg ICAgICAieHNhMzEwLyoucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQog ICAgICB9CiAgICB9LAogICAgIjQuMTEiOiB7CiAgICAgICJSZWNpcGVzIjog ewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjIz OWQzN2U1MTRjOTNlMjlkNTBkNzFmNzM0YjFkYzQ1M2IyMjM2YTYiLAogICAg ICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDMwNywKICAgICAgICAg ICAgMzA4LAogICAgICAgICAgICAzMDkKICAgICAgICAgIF0sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMxMC8qLnBhdGNoIgog ICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjEy IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAg ICAgICAgIlN0YWJsZVJlZiI6ICIyMTJiODUwMGNiMzk0YjNhNjY0NjU1Zjc5 Y2EwYmRjYjMxMjQ2ZmY3IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAg ICAgICAgICAzMDcsCiAgICAgICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5 CiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAg ICAgICJ4c2EzMTAvKi5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAg ICAgIH0KICAgIH0sCiAgICAiNC4xMyI6IHsKICAgICAgIlJlY2lwZXMiOiB7 CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZmQ5 YmZhYmY2OWVhNTlmMjI4MGMxNzAzNTAwNzkzZmExNWU4MTk1NiIsCiAgICAg ICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAg ICAgICAgICAgICJ4c2EzMTAvKi5wYXRjaCIKICAgICAgICAgIF0KICAgICAg ICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC44IjogewogICAgICAiUmVjaXBl cyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6 ICJhMjYwZTkzZGI3OTRmNTYwNTAyZTg5ODU5YWFmMTExZDE3OGU4MGU0IiwK ICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAzMDcsCiAgICAg ICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5CiAgICAgICAgICBdLAogICAg ICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMTAtNC45Lyou cGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAog ICAgIjQuOSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6 IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiOGQxZWU5ZjJjNDczZmVjNTRi NTAxOGMwMWFkNTU2ZDdhZmQ2MmMxNyIsCiAgICAgICAgICAiUHJlcmVxcyI6 IFsKICAgICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgsCiAgICAgICAg ICAgIDMwOQogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwog ICAgICAgICAgICAieHNhMzEwLTQuOS8qLnBhdGNoIgogICAgICAgICAgXQog ICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAg ICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3Rh YmxlUmVmIjogImI3M2FhZDRjOGI2YTc2N2NlMTVjYzhjYjY1ZjllZWFiN2Jm Y2NkYWUiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDMw NywKICAgICAgICAgICAgMzA4LAogICAgICAgICAgICAzMDkKICAgICAgICAg IF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMx MC8qLnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAg fQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa310-4.9/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch" Content-Disposition: attachment; filename="xsa310-4.9/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch" Content-Transfer-Encoding: base64 RnJvbSBjNzY0ZDEwYzkzM2RmYmVkYzM1ZWU0NzA0NDFiOGQ0M2YyOWY2NjJh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IFR1ZSwgMTkgTm92 IDIwMTkgMTE6NDA6MzQgKzAwMDAKU3ViamVjdDogW1BBVENIIDEvM10geDg2 L21tOiBTZXQgb2xkX2d1ZXN0X3RhYmxlIHdoZW4gZGVzdHJveWluZyB2Y3B1 CiBwYWdldGFibGVzCgpDaGFuZ2VzZXQgNmM0ZWZjMWViYSAoIng4Ni9tbTog RG9uJ3QgZHJvcCBhIHR5cGUgcmVmIHVubGVzcyB5b3UgaGVsZCBhCnJlZiB0 byBiZWdpbiB3aXRoIiksIHBhcnQgb2YgWFNBLTI5OSwgY2hhbmdlZCB0aGUg Y2FsbGluZyBkaXNjaXBsaW5lCm9mIHB1dF9wYWdlX3R5cGUoKSBzdWNoIHRo YXQgaWYgcHV0X3BhZ2VfdHlwZSgpIHJldHVybmVkIC1FUkVTVEFSVAooaW5k aWNhdGluZyBhIHBhcnRpYWxseSBkZS12YWxpZGF0ZWQgcGFnZSksIHN1YnNl cXVlbnQgY2FsbHMgdG8KcHV0X3BhZ2VfdHlwZSgpIG11c3QgYmUgY2FsbGVk IHdpdGggUFRGX3BhcnRpYWxfc2V0LiAgSWYgY2FsbGVkIG9uIGEKcGFydGlh bGx5IGRlLXZhbGlkYXRlZCBwYWdlIGJ1dCB3aXRob3V0IFBURl9wYXJ0aWFs X3NldCwgWGVuIHdpbGwKQlVHKCksIGJlY2F1c2UgdG8gZG8gb3RoZXJ3aXNl IHdvdWxkIHJpc2sgb3BlbmluZyB1cCB0aGUga2luZCBvZgpwcml2aWxlZ2Ug ZXNjYWxhdGlvbiBidWcgZGVzY3JpYmVkIGluIFhTQS0yOTkuCgpPbmUgcGxh Y2UgdGhpcyB3YXMgbWlzc2VkIHdhcyBpbiB2Y3B1X2Rlc3Ryb3lfcGFnZXRh YmxlcygpLgpwdXRfcGFnZV9hbmRfdHlwZV9wcmVlbXB0aWJsZSgpIGlzIGNh bGxlZCwgYnV0IG9uIC1FUkVTVEFSVCwgdGhlCmVudGlyZSBvcGVyYXRpb24g aXMgc2ltcGx5IHJlc3RhcnRlZCwgY2F1c2luZyBwdXRfcGFnZV90eXBlKCkg dG8gYmUKY2FsbGVkIG9uIGEgcGFydGlhbGx5IGRlLXZhbGlkYXRlZCBwYWdl IHdpdGhvdXQgUFRGX3BhcnRpYWxfc2V0LiAgVGhlCnJlc3VsdCB3YXMgdGhh dCBpZiBzdWNoIGFuIG9wZXJhdGlvbiB3ZXJlIGludGVycnVwdGVkLCBYZW4g d291bGQgaGl0IGEKQlVHKCkuCgpGaXggdGhpcyBieSBoYXZpbmcgdmNwdV9k ZXN0cm95X3BhZ2V0YWJsZXMoKSBjb25zaXN0ZW50bHkgcGFzcyBvZmYKaW50 ZXJydXB0ZWQgZGUtdmFsaWRhdGlvbnMgdG8gcHV0X29sZF9wYWdlX3R5cGUo KToKLSBVbmNvbmRpdGlvbmFsbHkgY2xlYXIgcmVmZXJlbmNlcyB0byB0aGUg cGFnZSwgZXZlbiBpZgogIHB1dF9wYWdlX2FuZF90eXBlIGZhaWxlZAotIFNl dCBvbGRfZ3Vlc3RfdGFibGUgYW5kIG9sZF9ndWVzdF90YWJsZV9wYXJ0aWFs IGFwcHJvcHJpYXRlbHkKCldoaWxlIGhlcmUsIGRvIHNvbWUgcmVmYWN0b3Jp bmc6CgogLSBNb3ZlIGNsZWFyaW5nIG9mIGFyY2guY3IzIHRvIHRoZSB0b3Ag b2YgdGhlIGZ1bmN0aW9uCgogLSBOb3cgdGhhdCBjbGVhcmluZyBpcyB1bmNv bmRpdGlvbmFsLCBtb3ZlIHRoZSB1bm1hcCB0byB0aGUgc2FtZQogICBjb25k aXRpb25hbCBhcyB0aGUgbDR0YWIgbWFwcGluZy4gIFRoaXMgYWxzbyBhbGxv d3MgdXMgdG8gcmVkdWNlCiAgIHRoZSBzY29wZSBvZiB0aGUgbDR0YWIgdmFy aWFibGUuCgogLSBBdm9pZCBjb2RlIGR1cGxpY2F0aW9uIGJ5IGxvb3Bpbmcg dG8gZHJvcCByZWZlcmVuY2VzIG9uCiAgIGd1ZXN0X3RhYmxlX3VzZXIKClRo aXMgaXMgcGFydCBvZiBYU0EtMzEwLgoKUmVwb3J0ZWQtYnk6IFNhcmFoIE5l d21hbiA8c3JuQHByZ21yLmNvbT4KU2lnbmVkLW9mZi1ieTogR2VvcmdlIER1 bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpSZXZpZXdlZC1ieTog SmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgotLS0KQWRkZWQgaW4g djIuCgpDaGFuZ2VzIGluIHYzOgotIE1pbm9yIGNvbW1lbnQgLyB3aGl0ZXNw YWNlIGZpeGVzCi0tLQogeGVuL2FyY2gveDg2L21tLmMgfCA3NSArKysrKysr KysrKysrKysrKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLQogMSBm aWxlIGNoYW5nZWQsIDQ3IGluc2VydGlvbnMoKyksIDI4IGRlbGV0aW9ucygt KQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS5jIGIveGVuL2FyY2gv eDg2L21tLmMKaW5kZXggNTMxYmNhN2ExZC4uY2Q1ZjBlZjRmNyAxMDA2NDQK LS0tIGEveGVuL2FyY2gveDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2L21t LmMKQEAgLTM0NzAsNDAgKzM0NzAsMzYgQEAgaW50IHB1dF9vbGRfZ3Vlc3Rf dGFibGUoc3RydWN0IHZjcHUgKnYpCiBpbnQgdmNwdV9kZXN0cm95X3BhZ2V0 YWJsZXMoc3RydWN0IHZjcHUgKnYpCiB7CiAgICAgdW5zaWduZWQgbG9uZyBt Zm4gPSBwYWdldGFibGVfZ2V0X3Bmbih2LT5hcmNoLmd1ZXN0X3RhYmxlKTsK LSAgICBzdHJ1Y3QgcGFnZV9pbmZvICpwYWdlOwotICAgIGw0X3BnZW50cnlf dCAqbDR0YWIgPSBOVUxMOworICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2Ug PSBOVUxMOwogICAgIGludCByYyA9IHB1dF9vbGRfZ3Vlc3RfdGFibGUodik7 CisgICAgYm9vbCBwdXRfZ3Vlc3RfdGFibGVfdXNlciA9IGZhbHNlOwogCiAg ICAgaWYgKCByYyApCiAgICAgICAgIHJldHVybiByYzsKIAorICAgIHYtPmFy Y2guY3IzID0gMDsKKworICAgIC8qCisgICAgICogR2V0IHRoZSB0b3AtbGV2 ZWwgZ3Vlc3QgcGFnZTsgZWl0aGVyIHRoZSBndWVzdF90YWJsZSBpdHNlbGYs IGZvcgorICAgICAqIDY0LWJpdCwgb3IgdGhlIHRvcC1sZXZlbCBsNCBlbnRy eSBmb3IgMzItYml0LiAgRWl0aGVyIHdheSwgcmVtb3ZlCisgICAgICogdGhl IHJlZmVyZW5jZSB0byB0aGF0IHBhZ2UuCisgICAgICovCiAgICAgaWYgKCBp c19wdl8zMmJpdF92Y3B1KHYpICkKICAgICB7Ci0gICAgICAgIGw0dGFiID0g bWFwX2RvbWFpbl9wYWdlKF9tZm4obWZuKSk7Ci0gICAgICAgIG1mbiA9IGw0 ZV9nZXRfcGZuKCpsNHRhYik7Ci0gICAgfQorICAgICAgICBsNF9wZ2VudHJ5 X3QgKmw0dGFiID0gbWFwX2RvbWFpbl9wYWdlKF9tZm4obWZuKSk7CiAKLSAg ICBpZiAoIG1mbiApCi0gICAgewotICAgICAgICBwYWdlID0gbWZuX3RvX3Bh Z2UobWZuKTsKLSAgICAgICAgaWYgKCBwYWdpbmdfbW9kZV9yZWZjb3VudHMo di0+ZG9tYWluKSApCi0gICAgICAgICAgICBwdXRfcGFnZShwYWdlKTsKLSAg ICAgICAgZWxzZQotICAgICAgICAgICAgcmMgPSBwdXRfcGFnZV9hbmRfdHlw ZV9wcmVlbXB0aWJsZShwYWdlKTsKLSAgICB9Ci0KLSAgICBpZiAoIGw0dGFi ICkKLSAgICB7Ci0gICAgICAgIGlmICggIXJjICkKLSAgICAgICAgICAgIGw0 ZV93cml0ZShsNHRhYiwgbDRlX2VtcHR5KCkpOworICAgICAgICBtZm4gPSBs NGVfZ2V0X3BmbigqbDR0YWIpOworICAgICAgICBsNGVfd3JpdGUobDR0YWIs IGw0ZV9lbXB0eSgpKTsKICAgICAgICAgdW5tYXBfZG9tYWluX3BhZ2UobDR0 YWIpOwogICAgIH0KLSAgICBlbHNlIGlmICggIXJjICkKKyAgICBlbHNlCiAg ICAgewogICAgICAgICB2LT5hcmNoLmd1ZXN0X3RhYmxlID0gcGFnZXRhYmxl X251bGwoKTsKKyAgICAgICAgcHV0X2d1ZXN0X3RhYmxlX3VzZXIgPSB0cnVl OworICAgIH0KIAotICAgICAgICAvKiBEcm9wIHJlZiB0byBndWVzdF90YWJs ZV91c2VyIChmcm9tIE1NVUVYVF9ORVdfVVNFUl9CQVNFUFRSKSAqLwotICAg ICAgICBtZm4gPSBwYWdldGFibGVfZ2V0X3Bmbih2LT5hcmNoLmd1ZXN0X3Rh YmxlX3VzZXIpOworICAgIC8qIEZyZWUgdGhhdCBwYWdlIGlmIG5vbi16ZXJv ICovCisgICAgZG8gewogICAgICAgICBpZiAoIG1mbiApCiAgICAgICAgIHsK ICAgICAgICAgICAgIHBhZ2UgPSBtZm5fdG9fcGFnZShtZm4pOwpAQCAtMzUx MSwxOCArMzUwNyw0MSBAQCBpbnQgdmNwdV9kZXN0cm95X3BhZ2V0YWJsZXMo c3RydWN0IHZjcHUgKnYpCiAgICAgICAgICAgICAgICAgcHV0X3BhZ2UocGFn ZSk7CiAgICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICAgcmMgPSBw dXRfcGFnZV9hbmRfdHlwZV9wcmVlbXB0aWJsZShwYWdlKTsKKyAgICAgICAg ICAgIG1mbiA9IDA7CiAgICAgICAgIH0KLSAgICAgICAgaWYgKCAhcmMgKQot ICAgICAgICAgICAgdi0+YXJjaC5ndWVzdF90YWJsZV91c2VyID0gcGFnZXRh YmxlX251bGwoKTsKLSAgICB9CiAKLSAgICB2LT5hcmNoLmNyMyA9IDA7Cisg ICAgICAgIGlmICggIXJjICYmIHB1dF9ndWVzdF90YWJsZV91c2VyICkKKyAg ICAgICAgeworICAgICAgICAgICAgLyogRHJvcCByZWYgdG8gZ3Vlc3RfdGFi bGVfdXNlciAoZnJvbSBNTVVFWFRfTkVXX1VTRVJfQkFTRVBUUikgKi8KKyAg ICAgICAgICAgIG1mbiA9IHBhZ2V0YWJsZV9nZXRfcGZuKHYtPmFyY2guZ3Vl c3RfdGFibGVfdXNlcik7CisgICAgICAgICAgICB2LT5hcmNoLmd1ZXN0X3Rh YmxlX3VzZXIgPSBwYWdldGFibGVfbnVsbCgpOworICAgICAgICAgICAgcHV0 X2d1ZXN0X3RhYmxlX3VzZXIgPSBmYWxzZTsKKyAgICAgICAgfQorICAgIH0g d2hpbGUgKCBtZm4gKTsKIAogICAgIC8qCi0gICAgICogcHV0X3BhZ2VfYW5k X3R5cGVfcHJlZW1wdGlibGUoKSBpcyBsaWFibGUgdG8gcmV0dXJuIC1FSU5U Ui4gVGhlCi0gICAgICogY2FsbGVycyBvZiB1cyBleHBlY3QgLUVSRVNUQVJU IHNvIGNvbnZlcnQgaXQgb3Zlci4KKyAgICAgKiBJZiBhICJwdXQiIG9wZXJh dGlvbiB3YXMgaW50ZXJydXB0ZWQsIGZpbmlzaCB0aGluZ3Mgb2ZmIGluCisg ICAgICogcHV0X29sZF9ndWVzdF90YWJsZSgpIHdoZW4gdGhlIG9wZXJhdGlv biBpcyByZXN0YXJ0ZWQuCiAgICAgICovCi0gICAgcmV0dXJuIHJjICE9IC1F SU5UUiA/IHJjIDogLUVSRVNUQVJUOworICAgIHN3aXRjaCAoIHJjICkKKyAg ICB7CisgICAgY2FzZSAtRUlOVFI6CisgICAgY2FzZSAtRVJFU1RBUlQ6Cisg ICAgICAgIHYtPmFyY2gub2xkX2d1ZXN0X3B0cGcgPSBOVUxMOworICAgICAg ICB2LT5hcmNoLm9sZF9ndWVzdF90YWJsZSA9IHBhZ2U7CisgICAgICAgIHYt PmFyY2gub2xkX2d1ZXN0X3RhYmxlX3BhcnRpYWwgPSAocmMgPT0gLUVSRVNU QVJUKTsKKyAgICAgICAgcmMgPSAtRVJFU1RBUlQ7CisgICAgICAgIGJyZWFr OworICAgIGRlZmF1bHQ6CisgICAgICAgIC8qCisgICAgICAgICAqIEZhaWx1 cmUgdG8gJ3B1dCcgYSBwYWdlIG1heSBjYXVzZSBpdCB0byBsZWFrLCBidXQg dGhhdCdzCisgICAgICAgICAqIGxlc3MgYmFkIHRoYW4gYSBjcmFzaC4KKyAg ICAgICAgICovCisgICAgICAgIEFTU0VSVChyYyA9PSAwKTsKKyAgICAgICAg YnJlYWs7CisgICAgfQorCisgICAgcmV0dXJuIHJjOwogfQogCiBpbnQgbmV3 X2d1ZXN0X2NyMyh1bnNpZ25lZCBsb25nIG1mbikKLS0gCjIuMjQuMAoK --=separator Content-Type: application/octet-stream; name="xsa310-4.9/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch" Content-Disposition: attachment; filename="xsa310-4.9/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch" Content-Transfer-Encoding: base64 RnJvbSBkM2U1NWI2ZmU1ZmY4ZjBlYTE4YmI2NWMxZWFmNzdjN2YxYzhhNGVk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IFRodSwgMzEgT2N0 IDIwMTkgMTE6MTc6MzggKzAwMDAKU3ViamVjdDogW1BBVENIIDIvM10geDg2 L21tOiBhbGxvYy9mcmVlX2xOX3RhYmxlOiBSZXRhaW4gcGFydGlhbF9mbGFn cyBvbgogLUVJTlRSCgpXaGVuIHZhbGlkYXRpbmcgb3IgZGUtdmFsaWRhdGlu ZyBwYWdlcyAoaW4gYWxsb2NfbE5fdGFibGUgYW5kCmZyZWVfbE5fdGFibGUg cmVzcGVjdGl2ZWx5KSwgdGhlIGBwYXJ0aWFsX2ZsYWdzYCBsb2NhbCB2YXJp YWJsZSBpcwp1c2VkIHRvIGtlZXAgdHJhY2sgb2Ygd2hldGhlciB0aGUgImN1 cnJlbnQiIFBURSBzdGFydGVkIHRoZSBlbnRpcmUKb3BlcmF0aW9uIGluIGEg Im1heSBiZSBwYXJ0aWFsIiBzdGF0ZS4KCk9uZSBvZiB0aGUgcGF0Y2hlcyBp biBYU0EtMjk5IGFkZHJlc3NlZCB0aGUgZmFjdCB0aGF0IGl0IGlzIHBvc3Np YmxlCmZvciBhIHByZXZpb3VzbHktcGFydGlhbGx5LXZhbGlkYXRlZCBlbnRy eSB0byBzdWJzZXF1ZW50bHkgYmUgZm91bmQgdG8KaGF2ZSBpbnZhbGlkIGVu dHJpZXMgKGluZGljYXRlZCBieSByZXR1cm5pbmcgLUVJTlZBTCk7IGluIHdo aWNoIGNhc2UKcGFnZS0+cGFydGlhbF9mbGFncyBuZWVkcyB0byBiZSBzZXQg dG8gaW5kaWNhdGUgdGhhdCB0aGUgY3VycmVudCBQVEUKbWF5IGhhdmUgdGhl IHBhcnRpYWwgYml0IHNldCAoYW5kIHRodXMgX3B1dF9wYWdlX3R5cGUoKSBz aG91bGQgYmUKY2FsbGVkIHdpdGggUFRGX3BhcnRpYWxfc2V0KS4KClVuZm9y dHVuYXRlbHksIHRoZSBwYXRjaGVzIGluIFhTQS0yOTkgYXNzdW1lZCB0aGF0 IG9uY2UKcHV0X3BhZ2VfZnJvbV9sTmUoKSByZXR1cm5lZCAtRVJFU1RBUlQg b24gYSBwYWdlLCBpdCB3YXMgbm90IHBvc3NpYmxlCmZvciBpdCB0byByZXR1 cm4gLUVJTlRSLiAgVGhpcyB0dXJucyBvdXQgdG8gYmUgdHJ1ZSBmb3IKYWxs b2NfbE5fdGFibGUoKSBhbmQgZnJlZV9sTl90YWJsZSwgYnV0IG5vdCBmb3Ig X2dldF9wYWdlX3R5cGUoKSBhbmQKX3B1dF9wYWdlX3R5cGUoKTogYm90aCBj YW4gcmV0dXJuIC1FSU5UUiB3aGVuIGNhbGxlZCBvbiBwYWdlcyB3aXRoClBH VF9wYXJ0aWFsIHNldC4gIEluIHRoZXNlIGNhc2VzLCB0aGUgcGFnZXMgUEdU X3BhcnRpYWwgd2lsbCBzdGlsbCBiZQpzZXQ7IGZhaWxpbmcgdG8gc2V0IHBh cnRpYWxfZmxhZ3MgYXBwcm9wcmlhdGVseSBtYXkgYWxsb3cgYW4gYXR0YWNr ZXIKdG8gZG8gYSBwcml2aWxlZ2UgZXNjYWxhdGlvbiBzaW1pbGFyIHRvIHRo b3NlIGRlc2NyaWJlZCBpbiBYU0EtMjk5LgoKRml4IHRoaXMgYnkgYWx3YXlz IGNvcHlpbmcgdGhlIGxvY2FsIHBhcnRpYWxfZmxhZ3MgdmFyaWFibGUgaW50 bwpwYWdlLT5wYXJ0aWFsX2ZsYWdzIHdoZW4gZXhpdGluZyBlYXJseS4KCk5C IHRoYXQgb24gdGhlICJnZXQiIHNpZGUsIG5vIGFkanVzdG1lbnQgdG8gbnJf dmFsaWRhdGVkX2VudHJpZXMgaXMKbmVlZGVkOiB3aGV0aGVyIHB0ZVtpXSBp cyBwYXJ0aWFsbHkgdmFsaWRhdGVkIG9yIGVudGlyZWx5CnVuLXZhbGlkYXRl ZCwgd2Ugd2FudCBucl92YWxpZGF0ZWRfZW50cmllcyA9IGkuICBPbiB0aGUg InB1dCIgc2lkZSwKaG93ZXZlciwgd2UgbmVlZCB0byBhZGp1c3QgbnJfdmFs aWRhdGVkX2VudHJpZXMgYXBwcm9wcmlhdGVseTogaWYKcHRlW2ldIGlzIGVu dGlyZWx5IHZhbGlkYXRlZCwgd2Ugd2FudCBucl92YWxpZGF0ZWRfZW50cmll cyA9IGkgKyAxOyBpZgpwdGVbaV0gaXMgcGFydGlhbGx5IHZhbGlkYXRlZCwg d2Ugd2FudCBucl92YWxpZGF0ZWRfZW50cmllcyA9IGkuCgpUaGlzIGlzIHBh cnQgb2YgWFNBLTMxMC4KClJlcG9ydGVkLWJ5OiBTYXJhaCBOZXdtYW4gPHNy bkBwcmdtci5jb20+ClNpZ25lZC1vZmYtYnk6IEdlb3JnZSBEdW5sYXAgPGdl b3JnZS5kdW5sYXBAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCiB4ZW4vYXJjaC94ODYvbW0u YyB8IDE2ICsrKysrKysrLS0tLS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCA4IGlu c2VydGlvbnMoKyksIDggZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEveGVu L2FyY2gveDg2L21tLmMgYi94ZW4vYXJjaC94ODYvbW0uYwppbmRleCBjZDVm MGVmNGY3Li40NjY4NjExN2U2IDEwMDY0NAotLS0gYS94ZW4vYXJjaC94ODYv bW0uYworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtMTc1OCw3ICsxNzU4 LDcgQEAgc3RhdGljIGludCBhbGxvY19sMl90YWJsZShzdHJ1Y3QgcGFnZV9p bmZvICpwYWdlLCB1bnNpZ25lZCBsb25nIHR5cGUpCiAgICAgICAgIGlmICgg cmMgPT0gLUVJTlRSICYmIGkgKQogICAgICAgICB7CiAgICAgICAgICAgICBw YWdlLT5ucl92YWxpZGF0ZWRfcHRlcyA9IGk7Ci0gICAgICAgICAgICBwYWdl LT5wYXJ0aWFsX2ZsYWdzID0gMDsKKyAgICAgICAgICAgIHBhZ2UtPnBhcnRp YWxfZmxhZ3MgPSBwYXJ0aWFsX2ZsYWdzOzsKICAgICAgICAgICAgIHJjID0g LUVSRVNUQVJUOwogICAgICAgICB9CiAgICAgICAgIGVsc2UgaWYgKCByYyA8 IDAgJiYgcmMgIT0gLUVJTlRSICkKQEAgLTE4NjMsNyArMTg2Myw3IEBAIHN0 YXRpYyBpbnQgYWxsb2NfbDNfdGFibGUoc3RydWN0IHBhZ2VfaW5mbyAqcGFn ZSkKICAgICAgICAgZWxzZSBpZiAoIHJjID09IC1FSU5UUiAmJiBpICkKICAg ICAgICAgewogICAgICAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVkX3B0ZXMg PSBpOwotICAgICAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9IDA7Cisg ICAgICAgICAgICBwYWdlLT5wYXJ0aWFsX2ZsYWdzID0gcGFydGlhbF9mbGFn czsKICAgICAgICAgICAgIHJjID0gLUVSRVNUQVJUOwogICAgICAgICB9CiAg ICAgICAgIGlmICggcmMgPCAwICkKQEAgLTIxMTAsOCArMjExMCw4IEBAIHN0 YXRpYyBpbnQgZnJlZV9sMl90YWJsZShzdHJ1Y3QgcGFnZV9pbmZvICpwYWdl KQogICAgIH0KICAgICBlbHNlIGlmICggcmMgPT0gLUVJTlRSICYmIGkgPCBM Ml9QQUdFVEFCTEVfRU5UUklFUyAtIDEgKQogICAgIHsKLSAgICAgICAgcGFn ZS0+bnJfdmFsaWRhdGVkX3B0ZXMgPSBpICsgMTsKLSAgICAgICAgcGFnZS0+ cGFydGlhbF9mbGFncyA9IDA7CisgICAgICAgIHBhZ2UtPm5yX3ZhbGlkYXRl ZF9wdGVzID0gaSArICEocGFydGlhbF9mbGFncyAmIFBURl9wYXJ0aWFsX3Nl dCk7CisgICAgICAgIHBhZ2UtPnBhcnRpYWxfZmxhZ3MgPSBwYXJ0aWFsX2Zs YWdzOwogICAgICAgICByYyA9IC1FUkVTVEFSVDsKICAgICB9CiAKQEAgLTIx NjEsOCArMjE2MSw4IEBAIHN0YXRpYyBpbnQgZnJlZV9sM190YWJsZShzdHJ1 Y3QgcGFnZV9pbmZvICpwYWdlKQogICAgIH0KICAgICBlbHNlIGlmICggcmMg PT0gLUVJTlRSICYmIGkgPCBMM19QQUdFVEFCTEVfRU5UUklFUyAtIDEgKQog ICAgIHsKLSAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVkX3B0ZXMgPSBpICsg MTsKLSAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9IDA7CisgICAgICAg IHBhZ2UtPm5yX3ZhbGlkYXRlZF9wdGVzID0gaSArICEocGFydGlhbF9mbGFn cyAmIFBURl9wYXJ0aWFsX3NldCk7CisgICAgICAgIHBhZ2UtPnBhcnRpYWxf ZmxhZ3MgPSBwYXJ0aWFsX2ZsYWdzOwogICAgICAgICByYyA9IC1FUkVTVEFS VDsKICAgICB9CiAgICAgcmV0dXJuIHJjID4gMCA/IDAgOiByYzsKQEAgLTIx OTIsOCArMjE5Miw4IEBAIHN0YXRpYyBpbnQgZnJlZV9sNF90YWJsZShzdHJ1 Y3QgcGFnZV9pbmZvICpwYWdlKQogICAgIH0KICAgICBlbHNlIGlmICggcmMg PT0gLUVJTlRSICYmIGkgPCBMNF9QQUdFVEFCTEVfRU5UUklFUyAtIDEgKQog ICAgIHsKLSAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVkX3B0ZXMgPSBpICsg MTsKLSAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9IDA7CisgICAgICAg IHBhZ2UtPm5yX3ZhbGlkYXRlZF9wdGVzID0gaSArICEocGFydGlhbF9mbGFn cyAmIFBURl9wYXJ0aWFsX3NldCk7CisgICAgICAgIHBhZ2UtPnBhcnRpYWxf ZmxhZ3MgPSBwYXJ0aWFsX2ZsYWdzOwogICAgICAgICByYyA9IC1FUkVTVEFS VDsKICAgICB9CiAKLS0gCjIuMjQuMAoK --=separator Content-Type: application/octet-stream; name="xsa310-4.9/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch" Content-Disposition: attachment; filename="xsa310-4.9/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch" Content-Transfer-Encoding: base64 RnJvbSBiMzE4YTI3NjVmNzBmZWZlNTQxMzdlNmQxNjhhM2RlY2IyOTQ3Y2Mz IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IE1vbiwgMjggT2N0 IDIwMTkgMTQ6MzM6NTEgKzAwMDAKU3ViamVjdDogW1BBVENIIDMvM10geDg2 L21tOiByZWxpbnF1aXNoX21lbW9yeTogR3JhYiBhbiBleHRyYSB0eXBlIHJl ZiB3aGVuCiBzZXR0aW5nIFBHVF9wYXJ0aWFsCgpUaGUgUEdUX3BhcnRpYWwg Yml0IGluIHBhZ2UtPnR5cGVfaW5mbyBob2xkcyBib3RoIGEgdHlwZSBjb3Vu dCBhbmQgYQpnZW5lcmFsIHJlZiBjb3VudC4gIER1cmluZyBkb21haW4gdGVh ci1kb3duLCB3aGVuIGZyZWVfcGFnZV90eXBlKCkKcmV0dXJucyAtRVJFU1RB UlQsIHJlbGlucXVpc2hfbWVtb3J5KCkgY29ycmVjdGx5IGhhbmRsZXMgdGhl IGdlbmVyYWwKcmVmIGNvdW50LCBidXQgZmFpbHMgdG8gZ3JhYiBhbiBleHRy YSB0eXBlIGNvdW50IHdoZW4gc2V0dGluZwpQR1RfcGFydGlhbC4gIFdoZW4g dGhpcyBiaXQgaXMgZXZlbnR1YWxseSBjbGVhcmVkLCB0eXBlX2NvdW50IHVu ZGVyZmxvd3MKYW5kIHRyaWdnZXJzIHRoZSBmb2xsb3dpbmcgQlVHIGluIHBh Z2VfYWxsb2MuYzpmcmVlX2RvbWhlYXBfcGFnZXMoKToKCiAgICBCVUdfT04o KHBnW2ldLnUuaW51c2UudHlwZV9pbmZvICYgUEdUX2NvdW50X21hc2spICE9 IDApOwoKQXMgZmFyIGFzIHdlIGNhbiB0ZWxsLCB0aGlzIHBhZ2UgdW5kZXJm bG93IGNhbm5vdCBiZSBleHBsb2l0ZWQgYW55IGFueQpvdGhlciB3YXk6IFRo ZSBwYWdlIGNhbid0IGJlIHVzZWQgYXMgYSBwYWdldGFibGUgYnkgdGhlIGR5 aW5nIGRvbWFpbgpiZWNhdXNlIGl0J3MgZHlpbmc7IGl0IGNhbid0IGJlIHVz ZWQgYXMgYSBwYWdldGFibGUgYnkgYW55IG90aGVyCmRvbWFpbiBzaW5jZSBp dCBiZWxvbmdzIHRvIHRoZSBkeWluZyBkb21haW47IGFuZCBvd25lcnNoaXAg Y2FuJ3QKdHJhbnNmZXIgdG8gYW55IG90aGVyIGRvbWFpbiB3aXRob3V0IGhp dHRpbmcgdGhlIEJVR19PTigpIGluCmZyZWVfZG9taGVhcF9wYWdlcygpLgoK KHN0ZWFsX3BhZ2UoKSB3b24ndCB3b3JrIG9uIGEgcGFnZSBpbiB0aGlzIHN0 YXRlLCBzaW5jZSBpdCByZXF1aXJlcwpQR0NfYWxsb2NhdGVkIHRvIGJlIHNl dCwgYW5kIFBHQ19hbGxvY2F0ZWQgd2lsbCBhbHJlYWR5IGhhdmUgYmVlbgpj bGVhcmVkLikKCkZpeCB0aGlzIGJ5IGdyYWJiaW5nIGFuIGV4dHJhIHR5cGUg cmVmIGlmIHNldHRpbmcgUEdUX3BhcnRpYWwgaW4KcmVsaW5xdWlzaF9tZW1v cnkuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTMxMC4KClJlcG9ydGVkLWJ5OiBT YXJhaCBOZXdtYW4gPHNybkBwcmdtci5jb20+ClNpZ25lZC1vZmYtYnk6IEdl b3JnZSBEdW5sYXAgPGdlb3JnZS5kdW5sYXBAY2l0cml4LmNvbT4KQWNrZWQt Ynk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCnYyOgot IE1vdmUgZGlzY3Vzc2lvbiBvZiBwb3RlbnRpYWwgZXhwbG9pdHMgaW50byB0 aGUgY29tbWl0IG1lc3NhZ2UKLSBLZWVwIFBHVF9wYXJ0aWFsIGFuZCBwdXRf cGFnZSgpIG9yZGVyaW5nCi0tLQogeGVuL2FyY2gveDg2L2RvbWFpbi5jIHwg MTkgKysrKysrKysrKysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDE5IGlu c2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvZG9tYWlu LmMgYi94ZW4vYXJjaC94ODYvZG9tYWluLmMKaW5kZXggMmIwYTAxZDI0YS4u MDExNDM4MGI4ZSAxMDA2NDQKLS0tIGEveGVuL2FyY2gveDg2L2RvbWFpbi5j CisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtMjQ4NSw2ICsyNDg1 LDI1IEBAIHN0YXRpYyBpbnQgcmVsaW5xdWlzaF9tZW1vcnkoCiAgICAgICAg ICAgICAgICAgICAgIGdvdG8gb3V0OwogICAgICAgICAgICAgICAgIGNhc2Ug LUVSRVNUQVJUOgogICAgICAgICAgICAgICAgICAgICBwYWdlX2xpc3RfYWRk KHBhZ2UsIGxpc3QpOworICAgICAgICAgICAgICAgICAgICAvKgorICAgICAg ICAgICAgICAgICAgICAgKiBQR1RfcGFydGlhbCBob2xkcyBhIHR5cGUgcmVm IGFuZCBhIGdlbmVyYWwgcmVmLgorICAgICAgICAgICAgICAgICAgICAgKiBJ ZiB3ZSBjYW1lIGluIHdpdGggUEdUX3BhcnRpYWwgc2V0LCB0aGVuIHdlIDEp CisgICAgICAgICAgICAgICAgICAgICAqIGRvbid0IG5lZWQgdG8gZ3JhYiBh biBleHRyYSB0eXBlIGNvdW50LCBhbmQgMikKKyAgICAgICAgICAgICAgICAg ICAgICogZG8gbmVlZCB0byBkcm9wIHRoZSBleHRyYSBwYWdlIHJlZiB3ZSBn cmFiYmVkCisgICAgICAgICAgICAgICAgICAgICAqIGF0IHRoZSB0b3Agb2Yg dGhlIGxvb3AuICBJZiB3ZSBkaWRuJ3QgY29tZSBpbgorICAgICAgICAgICAg ICAgICAgICAgKiB3aXRoIFBHVF9wYXJ0aWFsIHNldCwgd2UgMSkgZG8gbmVl ZCB0byBkcmFiIGFuCisgICAgICAgICAgICAgICAgICAgICAqIGV4dHJhIHR5 cGUgY291bnQsIGJ1dCAyKSBjYW4gdHJhbnNmZXIgdGhlIHBhZ2UKKyAgICAg ICAgICAgICAgICAgICAgICogcmVmIHdlIGdyYWJiZWQgYWJvdmUgdG8gaXQu CisgICAgICAgICAgICAgICAgICAgICAqCisgICAgICAgICAgICAgICAgICAg ICAqIE5vdGUgdGhhdCB3ZSBtdXN0IGluY3JlbWVudCB0eXBlX2luZm8gYmVm b3JlCisgICAgICAgICAgICAgICAgICAgICAqIHNldHRpbmcgUEdUX3BhcnRp YWwuICBUaGVvcmV0aWNhbGx5IGl0IHNob3VsZAorICAgICAgICAgICAgICAg ICAgICAgKiBiZSBzYWZlIHRvIGRyb3AgdGhlIHBhZ2UgcmVmIGJlZm9yZSBz ZXR0aW5nCisgICAgICAgICAgICAgICAgICAgICAqIFBHVF9wYXJ0aWFsLCBi dXQgZG8gaXQgYWZ0ZXJ3YXJkcyBqdXN0IHRvIGJlCisgICAgICAgICAgICAg ICAgICAgICAqIGV4dHJhIHNhZmUuCisgICAgICAgICAgICAgICAgICAgICAq LworICAgICAgICAgICAgICAgICAgICBpZiAoICEoeCAmIFBHVF9wYXJ0aWFs KSApCisgICAgICAgICAgICAgICAgICAgICAgICBwYWdlLT51LmludXNlLnR5 cGVfaW5mbysrOworICAgICAgICAgICAgICAgICAgICBzbXBfd21iKCk7CiAg ICAgICAgICAgICAgICAgICAgIHBhZ2UtPnUuaW51c2UudHlwZV9pbmZvIHw9 IFBHVF9wYXJ0aWFsOwogICAgICAgICAgICAgICAgICAgICBpZiAoIHggJiBQ R1RfcGFydGlhbCApCiAgICAgICAgICAgICAgICAgICAgICAgICBwdXRfcGFn ZShwYWdlKTsKLS0gCjIuMjQuMAoK --=separator Content-Type: application/octet-stream; name="xsa310/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch" Content-Disposition: attachment; filename="xsa310/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch" Content-Transfer-Encoding: base64 RnJvbSA3YzUzN2RjOGQyOGEwMzA2NGExNDE3MWVkNWM2ZmMzMjk1MzE4MTZh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IFR1ZSwgMTkgTm92 IDIwMTkgMTE6NDA6MzQgKzAwMDAKU3ViamVjdDogW1BBVENIIDEvM10geDg2 L21tOiBTZXQgb2xkX2d1ZXN0X3RhYmxlIHdoZW4gZGVzdHJveWluZyB2Y3B1 CiBwYWdldGFibGVzCgpDaGFuZ2VzZXQgNmM0ZWZjMWViYSAoIng4Ni9tbTog RG9uJ3QgZHJvcCBhIHR5cGUgcmVmIHVubGVzcyB5b3UgaGVsZCBhCnJlZiB0 byBiZWdpbiB3aXRoIiksIHBhcnQgb2YgWFNBLTI5OSwgY2hhbmdlZCB0aGUg Y2FsbGluZyBkaXNjaXBsaW5lCm9mIHB1dF9wYWdlX3R5cGUoKSBzdWNoIHRo YXQgaWYgcHV0X3BhZ2VfdHlwZSgpIHJldHVybmVkIC1FUkVTVEFSVAooaW5k aWNhdGluZyBhIHBhcnRpYWxseSBkZS12YWxpZGF0ZWQgcGFnZSksIHN1YnNl cXVlbnQgY2FsbHMgdG8KcHV0X3BhZ2VfdHlwZSgpIG11c3QgYmUgY2FsbGVk IHdpdGggUFRGX3BhcnRpYWxfc2V0LiAgSWYgY2FsbGVkIG9uIGEKcGFydGlh bGx5IGRlLXZhbGlkYXRlZCBwYWdlIGJ1dCB3aXRob3V0IFBURl9wYXJ0aWFs X3NldCwgWGVuIHdpbGwKQlVHKCksIGJlY2F1c2UgdG8gZG8gb3RoZXJ3aXNl IHdvdWxkIHJpc2sgb3BlbmluZyB1cCB0aGUga2luZCBvZgpwcml2aWxlZ2Ug ZXNjYWxhdGlvbiBidWcgZGVzY3JpYmVkIGluIFhTQS0yOTkuCgpPbmUgcGxh Y2UgdGhpcyB3YXMgbWlzc2VkIHdhcyBpbiB2Y3B1X2Rlc3Ryb3lfcGFnZXRh YmxlcygpLgpwdXRfcGFnZV9hbmRfdHlwZV9wcmVlbXB0aWJsZSgpIGlzIGNh bGxlZCwgYnV0IG9uIC1FUkVTVEFSVCwgdGhlCmVudGlyZSBvcGVyYXRpb24g aXMgc2ltcGx5IHJlc3RhcnRlZCwgY2F1c2luZyBwdXRfcGFnZV90eXBlKCkg dG8gYmUKY2FsbGVkIG9uIGEgcGFydGlhbGx5IGRlLXZhbGlkYXRlZCBwYWdl IHdpdGhvdXQgUFRGX3BhcnRpYWxfc2V0LiAgVGhlCnJlc3VsdCB3YXMgdGhh dCBpZiBzdWNoIGFuIG9wZXJhdGlvbiB3ZXJlIGludGVycnVwdGVkLCBYZW4g d291bGQgaGl0IGEKQlVHKCkuCgpGaXggdGhpcyBieSBoYXZpbmcgdmNwdV9k ZXN0cm95X3BhZ2V0YWJsZXMoKSBjb25zaXN0ZW50bHkgcGFzcyBvZmYKaW50 ZXJydXB0ZWQgZGUtdmFsaWRhdGlvbnMgdG8gcHV0X29sZF9wYWdlX3R5cGUo KToKLSBVbmNvbmRpdGlvbmFsbHkgY2xlYXIgcmVmZXJlbmNlcyB0byB0aGUg cGFnZSwgZXZlbiBpZgogIHB1dF9wYWdlX2FuZF90eXBlIGZhaWxlZAotIFNl dCBvbGRfZ3Vlc3RfdGFibGUgYW5kIG9sZF9ndWVzdF90YWJsZV9wYXJ0aWFs IGFwcHJvcHJpYXRlbHkKCldoaWxlIGhlcmUsIGRvIHNvbWUgcmVmYWN0b3Jp bmc6CgogLSBNb3ZlIGNsZWFyaW5nIG9mIGFyY2guY3IzIHRvIHRoZSB0b3Ag b2YgdGhlIGZ1bmN0aW9uCgogLSBOb3cgdGhhdCBjbGVhcmluZyBpcyB1bmNv bmRpdGlvbmFsLCBtb3ZlIHRoZSB1bm1hcCB0byB0aGUgc2FtZQogICBjb25k aXRpb25hbCBhcyB0aGUgbDR0YWIgbWFwcGluZy4gIFRoaXMgYWxzbyBhbGxv d3MgdXMgdG8gcmVkdWNlCiAgIHRoZSBzY29wZSBvZiB0aGUgbDR0YWIgdmFy aWFibGUuCgogLSBBdm9pZCBjb2RlIGR1cGxpY2F0aW9uIGJ5IGxvb3Bpbmcg dG8gZHJvcCByZWZlcmVuY2VzIG9uCiAgIGd1ZXN0X3RhYmxlX3VzZXIKClRo aXMgaXMgcGFydCBvZiBYU0EtMzEwLgoKUmVwb3J0ZWQtYnk6IFNhcmFoIE5l d21hbiA8c3JuQHByZ21yLmNvbT4KU2lnbmVkLW9mZi1ieTogR2VvcmdlIER1 bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29tPgpSZXZpZXdlZC1ieTog SmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgotLS0KQWRkZWQgaW4g djIuCgpDaGFuZ2VzIGluIHYzOgotIE1pbm9yIGNvbW1lbnQgLyB3aGl0ZXNw YWNlIGZpeGVzCi0tLQogeGVuL2FyY2gveDg2L21tLmMgfCA3NSArKysrKysr KysrKysrKysrKysrKysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tLQogMSBm aWxlIGNoYW5nZWQsIDQ3IGluc2VydGlvbnMoKyksIDI4IGRlbGV0aW9ucygt KQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS5jIGIveGVuL2FyY2gv eDg2L21tLmMKaW5kZXggMDEzOTNmYjBkYS4uYTc1OWFmYzllMyAxMDA2NDQK LS0tIGEveGVuL2FyY2gveDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2L21t LmMKQEAgLTMxNDIsNDAgKzMxNDIsMzYgQEAgaW50IHB1dF9vbGRfZ3Vlc3Rf dGFibGUoc3RydWN0IHZjcHUgKnYpCiBpbnQgdmNwdV9kZXN0cm95X3BhZ2V0 YWJsZXMoc3RydWN0IHZjcHUgKnYpCiB7CiAgICAgdW5zaWduZWQgbG9uZyBt Zm4gPSBwYWdldGFibGVfZ2V0X3Bmbih2LT5hcmNoLmd1ZXN0X3RhYmxlKTsK LSAgICBzdHJ1Y3QgcGFnZV9pbmZvICpwYWdlOwotICAgIGw0X3BnZW50cnlf dCAqbDR0YWIgPSBOVUxMOworICAgIHN0cnVjdCBwYWdlX2luZm8gKnBhZ2Ug PSBOVUxMOwogICAgIGludCByYyA9IHB1dF9vbGRfZ3Vlc3RfdGFibGUodik7 CisgICAgYm9vbCBwdXRfZ3Vlc3RfdGFibGVfdXNlciA9IGZhbHNlOwogCiAg ICAgaWYgKCByYyApCiAgICAgICAgIHJldHVybiByYzsKIAorICAgIHYtPmFy Y2guY3IzID0gMDsKKworICAgIC8qCisgICAgICogR2V0IHRoZSB0b3AtbGV2 ZWwgZ3Vlc3QgcGFnZTsgZWl0aGVyIHRoZSBndWVzdF90YWJsZSBpdHNlbGYs IGZvcgorICAgICAqIDY0LWJpdCwgb3IgdGhlIHRvcC1sZXZlbCBsNCBlbnRy eSBmb3IgMzItYml0LiAgRWl0aGVyIHdheSwgcmVtb3ZlCisgICAgICogdGhl IHJlZmVyZW5jZSB0byB0aGF0IHBhZ2UuCisgICAgICovCiAgICAgaWYgKCBp c19wdl8zMmJpdF92Y3B1KHYpICkKICAgICB7Ci0gICAgICAgIGw0dGFiID0g bWFwX2RvbWFpbl9wYWdlKF9tZm4obWZuKSk7Ci0gICAgICAgIG1mbiA9IGw0 ZV9nZXRfcGZuKCpsNHRhYik7Ci0gICAgfQorICAgICAgICBsNF9wZ2VudHJ5 X3QgKmw0dGFiID0gbWFwX2RvbWFpbl9wYWdlKF9tZm4obWZuKSk7CiAKLSAg ICBpZiAoIG1mbiApCi0gICAgewotICAgICAgICBwYWdlID0gbWZuX3RvX3Bh Z2UoX21mbihtZm4pKTsKLSAgICAgICAgaWYgKCBwYWdpbmdfbW9kZV9yZWZj b3VudHModi0+ZG9tYWluKSApCi0gICAgICAgICAgICBwdXRfcGFnZShwYWdl KTsKLSAgICAgICAgZWxzZQotICAgICAgICAgICAgcmMgPSBwdXRfcGFnZV9h bmRfdHlwZV9wcmVlbXB0aWJsZShwYWdlKTsKLSAgICB9Ci0KLSAgICBpZiAo IGw0dGFiICkKLSAgICB7Ci0gICAgICAgIGlmICggIXJjICkKLSAgICAgICAg ICAgIGw0ZV93cml0ZShsNHRhYiwgbDRlX2VtcHR5KCkpOworICAgICAgICBt Zm4gPSBsNGVfZ2V0X3BmbigqbDR0YWIpOworICAgICAgICBsNGVfd3JpdGUo bDR0YWIsIGw0ZV9lbXB0eSgpKTsKICAgICAgICAgdW5tYXBfZG9tYWluX3Bh Z2UobDR0YWIpOwogICAgIH0KLSAgICBlbHNlIGlmICggIXJjICkKKyAgICBl bHNlCiAgICAgewogICAgICAgICB2LT5hcmNoLmd1ZXN0X3RhYmxlID0gcGFn ZXRhYmxlX251bGwoKTsKKyAgICAgICAgcHV0X2d1ZXN0X3RhYmxlX3VzZXIg PSB0cnVlOworICAgIH0KIAotICAgICAgICAvKiBEcm9wIHJlZiB0byBndWVz dF90YWJsZV91c2VyIChmcm9tIE1NVUVYVF9ORVdfVVNFUl9CQVNFUFRSKSAq LwotICAgICAgICBtZm4gPSBwYWdldGFibGVfZ2V0X3Bmbih2LT5hcmNoLmd1 ZXN0X3RhYmxlX3VzZXIpOworICAgIC8qIEZyZWUgdGhhdCBwYWdlIGlmIG5v bi16ZXJvICovCisgICAgZG8gewogICAgICAgICBpZiAoIG1mbiApCiAgICAg ICAgIHsKICAgICAgICAgICAgIHBhZ2UgPSBtZm5fdG9fcGFnZShfbWZuKG1m bikpOwpAQCAtMzE4MywxOCArMzE3OSw0MSBAQCBpbnQgdmNwdV9kZXN0cm95 X3BhZ2V0YWJsZXMoc3RydWN0IHZjcHUgKnYpCiAgICAgICAgICAgICAgICAg cHV0X3BhZ2UocGFnZSk7CiAgICAgICAgICAgICBlbHNlCiAgICAgICAgICAg ICAgICAgcmMgPSBwdXRfcGFnZV9hbmRfdHlwZV9wcmVlbXB0aWJsZShwYWdl KTsKKyAgICAgICAgICAgIG1mbiA9IDA7CiAgICAgICAgIH0KLSAgICAgICAg aWYgKCAhcmMgKQotICAgICAgICAgICAgdi0+YXJjaC5ndWVzdF90YWJsZV91 c2VyID0gcGFnZXRhYmxlX251bGwoKTsKLSAgICB9CiAKLSAgICB2LT5hcmNo LmNyMyA9IDA7CisgICAgICAgIGlmICggIXJjICYmIHB1dF9ndWVzdF90YWJs ZV91c2VyICkKKyAgICAgICAgeworICAgICAgICAgICAgLyogRHJvcCByZWYg dG8gZ3Vlc3RfdGFibGVfdXNlciAoZnJvbSBNTVVFWFRfTkVXX1VTRVJfQkFT RVBUUikgKi8KKyAgICAgICAgICAgIG1mbiA9IHBhZ2V0YWJsZV9nZXRfcGZu KHYtPmFyY2guZ3Vlc3RfdGFibGVfdXNlcik7CisgICAgICAgICAgICB2LT5h cmNoLmd1ZXN0X3RhYmxlX3VzZXIgPSBwYWdldGFibGVfbnVsbCgpOworICAg ICAgICAgICAgcHV0X2d1ZXN0X3RhYmxlX3VzZXIgPSBmYWxzZTsKKyAgICAg ICAgfQorICAgIH0gd2hpbGUgKCBtZm4gKTsKIAogICAgIC8qCi0gICAgICog cHV0X3BhZ2VfYW5kX3R5cGVfcHJlZW1wdGlibGUoKSBpcyBsaWFibGUgdG8g cmV0dXJuIC1FSU5UUi4gVGhlCi0gICAgICogY2FsbGVycyBvZiB1cyBleHBl Y3QgLUVSRVNUQVJUIHNvIGNvbnZlcnQgaXQgb3Zlci4KKyAgICAgKiBJZiBh ICJwdXQiIG9wZXJhdGlvbiB3YXMgaW50ZXJydXB0ZWQsIGZpbmlzaCB0aGlu Z3Mgb2ZmIGluCisgICAgICogcHV0X29sZF9ndWVzdF90YWJsZSgpIHdoZW4g dGhlIG9wZXJhdGlvbiBpcyByZXN0YXJ0ZWQuCiAgICAgICovCi0gICAgcmV0 dXJuIHJjICE9IC1FSU5UUiA/IHJjIDogLUVSRVNUQVJUOworICAgIHN3aXRj aCAoIHJjICkKKyAgICB7CisgICAgY2FzZSAtRUlOVFI6CisgICAgY2FzZSAt RVJFU1RBUlQ6CisgICAgICAgIHYtPmFyY2gub2xkX2d1ZXN0X3B0cGcgPSBO VUxMOworICAgICAgICB2LT5hcmNoLm9sZF9ndWVzdF90YWJsZSA9IHBhZ2U7 CisgICAgICAgIHYtPmFyY2gub2xkX2d1ZXN0X3RhYmxlX3BhcnRpYWwgPSAo cmMgPT0gLUVSRVNUQVJUKTsKKyAgICAgICAgcmMgPSAtRVJFU1RBUlQ7Cisg ICAgICAgIGJyZWFrOworICAgIGRlZmF1bHQ6CisgICAgICAgIC8qCisgICAg ICAgICAqIEZhaWx1cmUgdG8gJ3B1dCcgYSBwYWdlIG1heSBjYXVzZSBpdCB0 byBsZWFrLCBidXQgdGhhdCdzCisgICAgICAgICAqIGxlc3MgYmFkIHRoYW4g YSBjcmFzaC4KKyAgICAgICAgICovCisgICAgICAgIEFTU0VSVChyYyA9PSAw KTsKKyAgICAgICAgYnJlYWs7CisgICAgfQorCisgICAgcmV0dXJuIHJjOwog fQogCiBpbnQgbmV3X2d1ZXN0X2NyMyhtZm5fdCBtZm4pCi0tIAoyLjI0LjAK Cg== --=separator Content-Type: application/octet-stream; name="xsa310/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch" Content-Disposition: attachment; filename="xsa310/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch" Content-Transfer-Encoding: base64 RnJvbSAxMjhjYjEyNmFlZTliNGEyODU1YWI4OThmZGZiZmU3MDA5ZmJmMWY1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IFRodSwgMzEgT2N0 IDIwMTkgMTE6MTc6MzggKzAwMDAKU3ViamVjdDogW1BBVENIIDIvM10geDg2 L21tOiBhbGxvYy9mcmVlX2xOX3RhYmxlOiBSZXRhaW4gcGFydGlhbF9mbGFn cyBvbgogLUVJTlRSCgpXaGVuIHZhbGlkYXRpbmcgb3IgZGUtdmFsaWRhdGlu ZyBwYWdlcyAoaW4gYWxsb2NfbE5fdGFibGUgYW5kCmZyZWVfbE5fdGFibGUg cmVzcGVjdGl2ZWx5KSwgdGhlIGBwYXJ0aWFsX2ZsYWdzYCBsb2NhbCB2YXJp YWJsZSBpcwp1c2VkIHRvIGtlZXAgdHJhY2sgb2Ygd2hldGhlciB0aGUgImN1 cnJlbnQiIFBURSBzdGFydGVkIHRoZSBlbnRpcmUKb3BlcmF0aW9uIGluIGEg Im1heSBiZSBwYXJ0aWFsIiBzdGF0ZS4KCk9uZSBvZiB0aGUgcGF0Y2hlcyBp biBYU0EtMjk5IGFkZHJlc3NlZCB0aGUgZmFjdCB0aGF0IGl0IGlzIHBvc3Np YmxlCmZvciBhIHByZXZpb3VzbHktcGFydGlhbGx5LXZhbGlkYXRlZCBlbnRy eSB0byBzdWJzZXF1ZW50bHkgYmUgZm91bmQgdG8KaGF2ZSBpbnZhbGlkIGVu dHJpZXMgKGluZGljYXRlZCBieSByZXR1cm5pbmcgLUVJTlZBTCk7IGluIHdo aWNoIGNhc2UKcGFnZS0+cGFydGlhbF9mbGFncyBuZWVkcyB0byBiZSBzZXQg dG8gaW5kaWNhdGUgdGhhdCB0aGUgY3VycmVudCBQVEUKbWF5IGhhdmUgdGhl IHBhcnRpYWwgYml0IHNldCAoYW5kIHRodXMgX3B1dF9wYWdlX3R5cGUoKSBz aG91bGQgYmUKY2FsbGVkIHdpdGggUFRGX3BhcnRpYWxfc2V0KS4KClVuZm9y dHVuYXRlbHksIHRoZSBwYXRjaGVzIGluIFhTQS0yOTkgYXNzdW1lZCB0aGF0 IG9uY2UKcHV0X3BhZ2VfZnJvbV9sTmUoKSByZXR1cm5lZCAtRVJFU1RBUlQg b24gYSBwYWdlLCBpdCB3YXMgbm90IHBvc3NpYmxlCmZvciBpdCB0byByZXR1 cm4gLUVJTlRSLiAgVGhpcyB0dXJucyBvdXQgdG8gYmUgdHJ1ZSBmb3IKYWxs b2NfbE5fdGFibGUoKSBhbmQgZnJlZV9sTl90YWJsZSwgYnV0IG5vdCBmb3Ig X2dldF9wYWdlX3R5cGUoKSBhbmQKX3B1dF9wYWdlX3R5cGUoKTogYm90aCBj YW4gcmV0dXJuIC1FSU5UUiB3aGVuIGNhbGxlZCBvbiBwYWdlcyB3aXRoClBH VF9wYXJ0aWFsIHNldC4gIEluIHRoZXNlIGNhc2VzLCB0aGUgcGFnZXMgUEdU X3BhcnRpYWwgd2lsbCBzdGlsbCBiZQpzZXQ7IGZhaWxpbmcgdG8gc2V0IHBh cnRpYWxfZmxhZ3MgYXBwcm9wcmlhdGVseSBtYXkgYWxsb3cgYW4gYXR0YWNr ZXIKdG8gZG8gYSBwcml2aWxlZ2UgZXNjYWxhdGlvbiBzaW1pbGFyIHRvIHRo b3NlIGRlc2NyaWJlZCBpbiBYU0EtMjk5LgoKRml4IHRoaXMgYnkgYWx3YXlz IGNvcHlpbmcgdGhlIGxvY2FsIHBhcnRpYWxfZmxhZ3MgdmFyaWFibGUgaW50 bwpwYWdlLT5wYXJ0aWFsX2ZsYWdzIHdoZW4gZXhpdGluZyBlYXJseS4KCk5C IHRoYXQgb24gdGhlICJnZXQiIHNpZGUsIG5vIGFkanVzdG1lbnQgdG8gbnJf dmFsaWRhdGVkX2VudHJpZXMgaXMKbmVlZGVkOiB3aGV0aGVyIHB0ZVtpXSBp cyBwYXJ0aWFsbHkgdmFsaWRhdGVkIG9yIGVudGlyZWx5CnVuLXZhbGlkYXRl ZCwgd2Ugd2FudCBucl92YWxpZGF0ZWRfZW50cmllcyA9IGkuICBPbiB0aGUg InB1dCIgc2lkZSwKaG93ZXZlciwgd2UgbmVlZCB0byBhZGp1c3QgbnJfdmFs aWRhdGVkX2VudHJpZXMgYXBwcm9wcmlhdGVseTogaWYKcHRlW2ldIGlzIGVu dGlyZWx5IHZhbGlkYXRlZCwgd2Ugd2FudCBucl92YWxpZGF0ZWRfZW50cmll cyA9IGkgKyAxOyBpZgpwdGVbaV0gaXMgcGFydGlhbGx5IHZhbGlkYXRlZCwg d2Ugd2FudCBucl92YWxpZGF0ZWRfZW50cmllcyA9IGkuCgpUaGlzIGlzIHBh cnQgb2YgWFNBLTMxMC4KClJlcG9ydGVkLWJ5OiBTYXJhaCBOZXdtYW4gPHNy bkBwcmdtci5jb20+ClNpZ25lZC1vZmYtYnk6IEdlb3JnZSBEdW5sYXAgPGdl b3JnZS5kdW5sYXBAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCiB4ZW4vYXJjaC94ODYvbW0u YyB8IDE2ICsrKysrKysrLS0tLS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCA4IGlu c2VydGlvbnMoKyksIDggZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEveGVu L2FyY2gveDg2L21tLmMgYi94ZW4vYXJjaC94ODYvbW0uYwppbmRleCBhNzU5 YWZjOWUzLi45N2M4ZDczYjdiIDEwMDY0NAotLS0gYS94ZW4vYXJjaC94ODYv bW0uYworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtMTU1Nyw3ICsxNTU3 LDcgQEAgc3RhdGljIGludCBhbGxvY19sMl90YWJsZShzdHJ1Y3QgcGFnZV9p bmZvICpwYWdlLCB1bnNpZ25lZCBsb25nIHR5cGUpCiAgICAgICAgIGlmICgg cmMgPT0gLUVJTlRSICYmIGkgKQogICAgICAgICB7CiAgICAgICAgICAgICBw YWdlLT5ucl92YWxpZGF0ZWRfcHRlcyA9IGk7Ci0gICAgICAgICAgICBwYWdl LT5wYXJ0aWFsX2ZsYWdzID0gMDsKKyAgICAgICAgICAgIHBhZ2UtPnBhcnRp YWxfZmxhZ3MgPSBwYXJ0aWFsX2ZsYWdzOzsKICAgICAgICAgICAgIHJjID0g LUVSRVNUQVJUOwogICAgICAgICB9CiAgICAgICAgIGVsc2UgaWYgKCByYyA8 IDAgJiYgcmMgIT0gLUVJTlRSICkKQEAgLTE2NjAsNyArMTY2MCw3IEBAIHN0 YXRpYyBpbnQgYWxsb2NfbDNfdGFibGUoc3RydWN0IHBhZ2VfaW5mbyAqcGFn ZSkKICAgICAgICAgZWxzZSBpZiAoIHJjID09IC1FSU5UUiAmJiBpICkKICAg ICAgICAgewogICAgICAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVkX3B0ZXMg PSBpOwotICAgICAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9IDA7Cisg ICAgICAgICAgICBwYWdlLT5wYXJ0aWFsX2ZsYWdzID0gcGFydGlhbF9mbGFn czsKICAgICAgICAgICAgIHJjID0gLUVSRVNUQVJUOwogICAgICAgICB9CiAg ICAgICAgIGlmICggcmMgPCAwICkKQEAgLTE5ODIsOCArMTk4Miw4IEBAIHN0 YXRpYyBpbnQgZnJlZV9sMl90YWJsZShzdHJ1Y3QgcGFnZV9pbmZvICpwYWdl KQogICAgIH0KICAgICBlbHNlIGlmICggcmMgPT0gLUVJTlRSICYmIGkgPCBM Ml9QQUdFVEFCTEVfRU5UUklFUyAtIDEgKQogICAgIHsKLSAgICAgICAgcGFn ZS0+bnJfdmFsaWRhdGVkX3B0ZXMgPSBpICsgMTsKLSAgICAgICAgcGFnZS0+ cGFydGlhbF9mbGFncyA9IDA7CisgICAgICAgIHBhZ2UtPm5yX3ZhbGlkYXRl ZF9wdGVzID0gaSArICEocGFydGlhbF9mbGFncyAmIFBURl9wYXJ0aWFsX3Nl dCk7CisgICAgICAgIHBhZ2UtPnBhcnRpYWxfZmxhZ3MgPSBwYXJ0aWFsX2Zs YWdzOwogICAgICAgICByYyA9IC1FUkVTVEFSVDsKICAgICB9CiAKQEAgLTIw MzAsOCArMjAzMCw4IEBAIHN0YXRpYyBpbnQgZnJlZV9sM190YWJsZShzdHJ1 Y3QgcGFnZV9pbmZvICpwYWdlKQogICAgIH0KICAgICBlbHNlIGlmICggcmMg PT0gLUVJTlRSICYmIGkgPCBMM19QQUdFVEFCTEVfRU5UUklFUyAtIDEgKQog ICAgIHsKLSAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVkX3B0ZXMgPSBpICsg MTsKLSAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9IDA7CisgICAgICAg IHBhZ2UtPm5yX3ZhbGlkYXRlZF9wdGVzID0gaSArICEocGFydGlhbF9mbGFn cyAmIFBURl9wYXJ0aWFsX3NldCk7CisgICAgICAgIHBhZ2UtPnBhcnRpYWxf ZmxhZ3MgPSBwYXJ0aWFsX2ZsYWdzOwogICAgICAgICByYyA9IC1FUkVTVEFS VDsKICAgICB9CiAgICAgcmV0dXJuIHJjID4gMCA/IDAgOiByYzsKQEAgLTIw NjEsOCArMjA2MSw4IEBAIHN0YXRpYyBpbnQgZnJlZV9sNF90YWJsZShzdHJ1 Y3QgcGFnZV9pbmZvICpwYWdlKQogICAgIH0KICAgICBlbHNlIGlmICggcmMg PT0gLUVJTlRSICYmIGkgPCBMNF9QQUdFVEFCTEVfRU5UUklFUyAtIDEgKQog ICAgIHsKLSAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVkX3B0ZXMgPSBpICsg MTsKLSAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9IDA7CisgICAgICAg IHBhZ2UtPm5yX3ZhbGlkYXRlZF9wdGVzID0gaSArICEocGFydGlhbF9mbGFn cyAmIFBURl9wYXJ0aWFsX3NldCk7CisgICAgICAgIHBhZ2UtPnBhcnRpYWxf ZmxhZ3MgPSBwYXJ0aWFsX2ZsYWdzOwogICAgICAgICByYyA9IC1FUkVTVEFS VDsKICAgICB9CiAKLS0gCjIuMjQuMAoK --=separator Content-Type: application/octet-stream; name="xsa310/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch" Content-Disposition: attachment; filename="xsa310/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch" Content-Transfer-Encoding: base64 RnJvbSBlOWY4MzU5ODJhNzI2YWUxNjk5N2M1NjZiNWVhZmFiNzRmOGI0Y2I3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IE1vbiwgMjggT2N0 IDIwMTkgMTQ6MzM6NTEgKzAwMDAKU3ViamVjdDogW1BBVENIIDMvM10geDg2 L21tOiByZWxpbnF1aXNoX21lbW9yeTogR3JhYiBhbiBleHRyYSB0eXBlIHJl ZiB3aGVuCiBzZXR0aW5nIFBHVF9wYXJ0aWFsCgpUaGUgUEdUX3BhcnRpYWwg Yml0IGluIHBhZ2UtPnR5cGVfaW5mbyBob2xkcyBib3RoIGEgdHlwZSBjb3Vu dCBhbmQgYQpnZW5lcmFsIHJlZiBjb3VudC4gIER1cmluZyBkb21haW4gdGVh ci1kb3duLCB3aGVuIGZyZWVfcGFnZV90eXBlKCkKcmV0dXJucyAtRVJFU1RB UlQsIHJlbGlucXVpc2hfbWVtb3J5KCkgY29ycmVjdGx5IGhhbmRsZXMgdGhl IGdlbmVyYWwKcmVmIGNvdW50LCBidXQgZmFpbHMgdG8gZ3JhYiBhbiBleHRy YSB0eXBlIGNvdW50IHdoZW4gc2V0dGluZwpQR1RfcGFydGlhbC4gIFdoZW4g dGhpcyBiaXQgaXMgZXZlbnR1YWxseSBjbGVhcmVkLCB0eXBlX2NvdW50IHVu ZGVyZmxvd3MKYW5kIHRyaWdnZXJzIHRoZSBmb2xsb3dpbmcgQlVHIGluIHBh Z2VfYWxsb2MuYzpmcmVlX2RvbWhlYXBfcGFnZXMoKToKCiAgICBCVUdfT04o KHBnW2ldLnUuaW51c2UudHlwZV9pbmZvICYgUEdUX2NvdW50X21hc2spICE9 IDApOwoKQXMgZmFyIGFzIHdlIGNhbiB0ZWxsLCB0aGlzIHBhZ2UgdW5kZXJm bG93IGNhbm5vdCBiZSBleHBsb2l0ZWQgYW55IGFueQpvdGhlciB3YXk6IFRo ZSBwYWdlIGNhbid0IGJlIHVzZWQgYXMgYSBwYWdldGFibGUgYnkgdGhlIGR5 aW5nIGRvbWFpbgpiZWNhdXNlIGl0J3MgZHlpbmc7IGl0IGNhbid0IGJlIHVz ZWQgYXMgYSBwYWdldGFibGUgYnkgYW55IG90aGVyCmRvbWFpbiBzaW5jZSBp dCBiZWxvbmdzIHRvIHRoZSBkeWluZyBkb21haW47IGFuZCBvd25lcnNoaXAg Y2FuJ3QKdHJhbnNmZXIgdG8gYW55IG90aGVyIGRvbWFpbiB3aXRob3V0IGhp dHRpbmcgdGhlIEJVR19PTigpIGluCmZyZWVfZG9taGVhcF9wYWdlcygpLgoK KHN0ZWFsX3BhZ2UoKSB3b24ndCB3b3JrIG9uIGEgcGFnZSBpbiB0aGlzIHN0 YXRlLCBzaW5jZSBpdCByZXF1aXJlcwpQR0NfYWxsb2NhdGVkIHRvIGJlIHNl dCwgYW5kIFBHQ19hbGxvY2F0ZWQgd2lsbCBhbHJlYWR5IGhhdmUgYmVlbgpj bGVhcmVkLikKCkZpeCB0aGlzIGJ5IGdyYWJiaW5nIGFuIGV4dHJhIHR5cGUg cmVmIGlmIHNldHRpbmcgUEdUX3BhcnRpYWwgaW4KcmVsaW5xdWlzaF9tZW1v cnkuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTMxMC4KClJlcG9ydGVkLWJ5OiBT YXJhaCBOZXdtYW4gPHNybkBwcmdtci5jb20+ClNpZ25lZC1vZmYtYnk6IEdl b3JnZSBEdW5sYXAgPGdlb3JnZS5kdW5sYXBAY2l0cml4LmNvbT4KQWNrZWQt Ynk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCnYyOgot IE1vdmUgZGlzY3Vzc2lvbiBvZiBwb3RlbnRpYWwgZXhwbG9pdHMgaW50byB0 aGUgY29tbWl0IG1lc3NhZ2UKLSBLZWVwIFBHVF9wYXJ0aWFsIGFuZCBwdXRf cGFnZSgpIG9yZGVyaW5nCi0tLQogeGVuL2FyY2gveDg2L2RvbWFpbi5jIHwg MTkgKysrKysrKysrKysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDE5IGlu c2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvZG9tYWlu LmMgYi94ZW4vYXJjaC94ODYvZG9tYWluLmMKaW5kZXggZjFkZDg2ZTEyZS4u NTE4ODBmYzUwZCAxMDA2NDQKLS0tIGEveGVuL2FyY2gveDg2L2RvbWFpbi5j CisrKyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtMjA0OSw2ICsyMDQ5 LDI1IEBAIHN0YXRpYyBpbnQgcmVsaW5xdWlzaF9tZW1vcnkoCiAgICAgICAg ICAgICAgICAgICAgIGdvdG8gb3V0OwogICAgICAgICAgICAgICAgIGNhc2Ug LUVSRVNUQVJUOgogICAgICAgICAgICAgICAgICAgICBwYWdlX2xpc3RfYWRk KHBhZ2UsIGxpc3QpOworICAgICAgICAgICAgICAgICAgICAvKgorICAgICAg ICAgICAgICAgICAgICAgKiBQR1RfcGFydGlhbCBob2xkcyBhIHR5cGUgcmVm IGFuZCBhIGdlbmVyYWwgcmVmLgorICAgICAgICAgICAgICAgICAgICAgKiBJ ZiB3ZSBjYW1lIGluIHdpdGggUEdUX3BhcnRpYWwgc2V0LCB0aGVuIHdlIDEp CisgICAgICAgICAgICAgICAgICAgICAqIGRvbid0IG5lZWQgdG8gZ3JhYiBh biBleHRyYSB0eXBlIGNvdW50LCBhbmQgMikKKyAgICAgICAgICAgICAgICAg ICAgICogZG8gbmVlZCB0byBkcm9wIHRoZSBleHRyYSBwYWdlIHJlZiB3ZSBn cmFiYmVkCisgICAgICAgICAgICAgICAgICAgICAqIGF0IHRoZSB0b3Agb2Yg dGhlIGxvb3AuICBJZiB3ZSBkaWRuJ3QgY29tZSBpbgorICAgICAgICAgICAg ICAgICAgICAgKiB3aXRoIFBHVF9wYXJ0aWFsIHNldCwgd2UgMSkgZG8gbmVl ZCB0byBkcmFiIGFuCisgICAgICAgICAgICAgICAgICAgICAqIGV4dHJhIHR5 cGUgY291bnQsIGJ1dCAyKSBjYW4gdHJhbnNmZXIgdGhlIHBhZ2UKKyAgICAg ICAgICAgICAgICAgICAgICogcmVmIHdlIGdyYWJiZWQgYWJvdmUgdG8gaXQu CisgICAgICAgICAgICAgICAgICAgICAqCisgICAgICAgICAgICAgICAgICAg ICAqIE5vdGUgdGhhdCB3ZSBtdXN0IGluY3JlbWVudCB0eXBlX2luZm8gYmVm b3JlCisgICAgICAgICAgICAgICAgICAgICAqIHNldHRpbmcgUEdUX3BhcnRp YWwuICBUaGVvcmV0aWNhbGx5IGl0IHNob3VsZAorICAgICAgICAgICAgICAg ICAgICAgKiBiZSBzYWZlIHRvIGRyb3AgdGhlIHBhZ2UgcmVmIGJlZm9yZSBz ZXR0aW5nCisgICAgICAgICAgICAgICAgICAgICAqIFBHVF9wYXJ0aWFsLCBi dXQgZG8gaXQgYWZ0ZXJ3YXJkcyBqdXN0IHRvIGJlCisgICAgICAgICAgICAg ICAgICAgICAqIGV4dHJhIHNhZmUuCisgICAgICAgICAgICAgICAgICAgICAq LworICAgICAgICAgICAgICAgICAgICBpZiAoICEoeCAmIFBHVF9wYXJ0aWFs KSApCisgICAgICAgICAgICAgICAgICAgICAgICBwYWdlLT51LmludXNlLnR5 cGVfaW5mbysrOworICAgICAgICAgICAgICAgICAgICBzbXBfd21iKCk7CiAg ICAgICAgICAgICAgICAgICAgIHBhZ2UtPnUuaW51c2UudHlwZV9pbmZvIHw9 IFBHVF9wYXJ0aWFsOwogICAgICAgICAgICAgICAgICAgICBpZiAoIHggJiBQ R1RfcGFydGlhbCApCiAgICAgICAgICAgICAgICAgICAgICAgICBwdXRfcGFn ZShwYWdlKTsKLS0gCjIuMjQuMAoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Dec 11 12:10:07 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 11 Dec 2019 12:10:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0oF-0005Sv-7X; Wed, 11 Dec 2019 12:09:39 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0oE-0005Sb-7p for xen-announce@lists.xen.org; Wed, 11 Dec 2019 12:09:38 +0000 X-Inumbo-ID: 157e0a8c-1c0f-11ea-8b1b-12813bfff9fa Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 157e0a8c-1c0f-11ea-8b1b-12813bfff9fa; Wed, 11 Dec 2019 12:09:30 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0o0-0008RV-W3; Wed, 11 Dec 2019 12:09:24 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1if0o0-0001cS-Uo; Wed, 11 Dec 2019 12:09:24 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 11 Dec 2019 12:09:24 +0000 Subject: [Xen-announce] Xen Security Advisory 311 v4 (CVE-2019-19577) - Bugs in dynamic height handling for AMD IOMMU pagetables X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19577 / XSA-311 version 4 Bugs in dynamic height handling for AMD IOMMU pagetables UPDATES IN VERSION 4 ==================== Public release. Re-base 4.12 patch onto latest stable tree commits. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. IMPACT ====== A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. VULNERABLE SYSTEMS ================== Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. MITIGATION ========== In some configurations, use of passthrough can be replaced with a higher-level protocol such as Xen PV block or network devices. There is no other mitigation. CREDITS ======= This issue was discovered by Sander Eikelenboom, along with Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate (set of) attached patch(es) resolves this issue. xsa311.patch xen-unstable, Xen 4.13.x xsa311-4.12.patch Xen 4.12.x xsa311-4.11.patch Xen 4.11.x xsa311-4.10-*.patch Xen 4.10.x xsa311-4.9-*.patch Xen 4.9.x xsa311-4.8-*.patch Xen 4.8.x $ sha256sum xsa311* ea929752043b5d4659cb605314887441daa33ee6450e755d6f077e57fc7abf9e xsa311.meta 732975f33b6d893b984540c4c748eb5cdf1cf81bd565e41b57795458cae3ccad xsa311.patch 27e30da9360eec850f6e7d8f2ea465d2f00a5a5a45c43042e4c18786c6c9338f xsa311-4.8-1.patch 6e2372eb18f3ca25093445a93bcdf674ed2d7d3012e8611911ea2b9ca8d58bd4 xsa311-4.8-2.patch c73bee7aa8fac02d0982b4fb21de053918f80cc0158bd5bfca68e3dc994759be xsa311-4.9-1.patch e89f5c381bd6a8fa8c5f63a829b586fdbefefe311c0f1084d2baeea3e933da66 xsa311-4.9-2.patch c73bee7aa8fac02d0982b4fb21de053918f80cc0158bd5bfca68e3dc994759be xsa311-4.10-1.patch 189a51048ad88efd855e6e78a307fff68e0c139225ce528c253558d266fffe02 xsa311-4.10-2.patch 1aaf26d1c231c8b5dd00900c00c18bf884d23b9568c9746866d92f39daf1c02f xsa311-4.11.patch 5f43fa4628f6d1a8f6f903e662226a09524b8c354e06e1a6039837db656c0218 xsa311-4.12.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3F8MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZgF0IAIOtY9LMbRkBWgc16lOs+MTDOC7h4fYqofjQetFN wAJ2Q3w2QXN+Zt54L8dmc6+Zzvn9Do4AJeMvfCzFxuw2OaMBwcwI9DcEbZ+CvYsa hiXf9xKBBEfCu8PjisRnBqKuyqrLQdBSad9vXcGOVloXiFzJ1wbKnSMBNig9ZTi2 us3c9MeUTnf95W/KTQNe2Gu8KQiogzzBUUifdB6YU0MNNhL60OzfSwgautD9XHfA +NcRogDnf6KgAs6VKgHSDxyVWbvnaWvKWGF2M2QXwXHjqCH/ox87OIIgZ/HSodXB e07vCaweCG4GgWDGQN5K3+9Cu1B6+t0RYzPYmuhPDy/kWF0= =RJ0B -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa311.meta" Content-Disposition: attachment; filename="xsa311.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMTEsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiCiAgXSwKICAiVHJl ZXMiOiBbCiAgICAieGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4x MCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiZTQ4OTk1NTBmZjc4MzRlMWVhNWRmYmJm YjFjNjE4ZjY0ZTI0Nzc2MSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgsCiAgICAgICAgICAgIDMw OSwKICAgICAgICAgICAgMzEwCiAgICAgICAgICBdLAogICAgICAgICAgIlBh dGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EzMTEtNC4xMC0qLnBhdGNoIgog ICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjEx IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAg ICAgICAgIlN0YWJsZVJlZiI6ICIyMzlkMzdlNTE0YzkzZTI5ZDUwZDcxZjcz NGIxZGM0NTNiMjIzNmE2IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAg ICAgICAgICAzMDcsCiAgICAgICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5 LAogICAgICAgICAgICAzMTAKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMxMS00LjExLnBhdGNoIgogICAg ICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjEyIjog ewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAg ICAgIlN0YWJsZVJlZiI6ICIyMTJiODUwMGNiMzk0YjNhNjY0NjU1Zjc5Y2Ew YmRjYjMxMjQ2ZmY3IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAg ICAgICAzMDcsCiAgICAgICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5LAog ICAgICAgICAgICAzMTAKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hl cyI6IFsKICAgICAgICAgICAgInhzYTMxMS00LjEyLnBhdGNoIgogICAgICAg ICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjEzIjogewog ICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAg IlN0YWJsZVJlZiI6ICJmZDliZmFiZjY5ZWE1OWYyMjgwYzE3MDM1MDA3OTNm YTE1ZTgxOTU2IiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMxMS5wYXRjaCIKICAg ICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC44Ijog ewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAg ICAgIlN0YWJsZVJlZiI6ICJhMjYwZTkzZGI3OTRmNTYwNTAyZTg5ODU5YWFm MTExZDE3OGU4MGU0IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAg ICAgICAzMDcsCiAgICAgICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5LAog ICAgICAgICAgICAzMTAKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hl cyI6IFsKICAgICAgICAgICAgInhzYTMxMS00LjgtKi5wYXRjaCIKICAgICAg ICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC45Ijogewog ICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAg IlN0YWJsZVJlZiI6ICI4ZDFlZTlmMmM0NzNmZWM1NGI1MDE4YzAxYWQ1NTZk N2FmZDYyYzE3IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAg ICAzMDcsCiAgICAgICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5LAogICAg ICAgICAgICAzMTAKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6 IFsKICAgICAgICAgICAgInhzYTMxMS00LjktKi5wYXRjaCIKICAgICAgICAg IF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAibWFzdGVyIjogewog ICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAg IlN0YWJsZVJlZiI6ICJiNzNhYWQ0YzhiNmE3NjdjZTE1Y2M4Y2I2NWY5ZWVh YjdiZmNjZGFlIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAg ICAzMDcsCiAgICAgICAgICAgIDMwOCwKICAgICAgICAgICAgMzA5LAogICAg ICAgICAgICAzMTAKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6 IFsKICAgICAgICAgICAgInhzYTMxMS5wYXRjaCIKICAgICAgICAgIF0KICAg ICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa311.patch" Content-Disposition: attachment; filename="xsa311.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogQU1EL0lPTU1VOiBDZWFzZSB1c2luZyBhIGR5bmFtaWMg aGVpZ2h0IGZvciB0aGUgSU9NTVUgcGFnZXRhYmxlcwoKdXBkYXRlX3BhZ2lu Z19tb2RlKCkgaGFzIG11bHRpcGxlIGJ1Z3M6CgogMSkgQm9vdGluZyB3aXRo IGlvbW11PWRlYnVnIHdpbGwgY2F1c2UgaXQgdG8gaW5mb3JtIHlvdSB0aGF0 IHRoYXQgaXQgY2FsbGVkCiAgICB3aXRob3V0IHRoZSBwZGV2X2xpc3QgbG9j ayBoZWxkLgogMikgV2hlbiBncm93aW5nIGJ5IG1vcmUgdGhhbiBhIHNpbmds ZSBsZXZlbCwgaXQgbGVha3MgdGhlIG5ld2x5IGFsbG9jYXRlZAogICAgdGFi bGUocykgaW4gdGhlIGNhc2Ugb2YgYSBmdXJ0aGVyIGVycm9yLgoKRnVydGhl cm1vcmUsIHRoZSBjaG9pY2Ugb2YgZGVmYXVsdCBsZXZlbCBmb3IgYSBkb21h aW4gaGFzIGlzc3VlczoKCiAxKSBBbGwgSFZNIGd1ZXN0cyBncm93IGZyb20g MiB0byAzIGxldmVscyBkdXJpbmcgY29uc3RydWN0aW9uIGJlY2F1c2Ugb2Yg dGhlCiAgICBwb3NpdGlvbiBvZiB0aGUgVlJBTSBqdXN0IGJlbG93IHRoZSA0 RyBib3VuZGFyeSwgc28gZGVmYXVsdGluZyB0byAyIGlzIGEKICAgIHdhc3Rl IG9mIGVmZm9ydC4KIDIpIFRoZSBsaW1pdCBmb3IgUFYgZ3Vlc3RzIGRvZXNu J3QgdGFrZSBtZW1vcnkgaG90cGx1ZyBpbnRvIGFjY291bnQsIGFuZAogICAg aXNuJ3QgZHluYW1pYyBhdCBydW50aW1lIGxpa2UgSFZNIGd1ZXN0cy4gIFRo aXMgbWVhbnMgdGhhdCBhIFBWIGd1ZXN0IG1heQogICAgZ2V0IFJBTSB3aGlj aCBpdCBjYW4ndCBtYXAgaW4gdGhlIElPTU1VLgoKVGhlIGR5bmFtaWMgaGVp Z2h0IGlzIGEgcHJvcGVydHkgdW5pcXVlIHRvIEFNRCwgYW5kIGFkZHMgYSBz dWJzdGFudGlhbApxdWFudGl0eSBvZiBjb21wbGV4aXR5IGZvciB3aGF0IGlz IGEgbWFyZ2luYWwgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnQuICBSZW1vdmUK dGhlIGNvbXBsZXhpdHkgYnkgcmVtb3ZpbmcgdGhlIGR5bmFtaWMgaGVpZ2h0 LgoKUFYgZ3Vlc3RzIG5vdyBnZXQgMyBvciA0IGxldmVscyBiYXNlZCBvbiBh bnkgaG90cGx1ZyByZWdpb25zIGluIHRoZSBob3N0LgpUaGlzIG9ubHkgbWFr ZXMgYSBkaWZmZXJlbmNlIGZvciBoYXJkd2FyZSB3aGljaCBwcmV2aW91c2x5 IGhhZCBhbGwgUkFNIGJlbG93CnRoZSA1MTJHIGJvdW5kYXJ5LCBhbmQgYSBo b3RwbHVnIHJlZ2lvbiBhYm92ZS4KCkhWTSBndWVzdHMgbm93IGdldCA0IGxl dmVscyAod2hpY2ggd2lsbCBiZSBzdWZmaWNpZW50IHVudGlsIDI1NlRCIGd1 ZXN0cwpiZWNvbWUgYSB0aGluZyksIGJlY2F1c2Ugd2UgZG9uJ3QgY3VycmVu dGx5IGhhdmUgdGhlIGluZm9ybWF0aW9uIHRvIGtub3cgd2hlbgozIHdvdWxk IGJlIHNhZmUgdG8gdXNlLgoKVGhlIG92ZXJoZWFkIG9mIHRoaXMgZXh0cmEg bGV2ZWwgaXMgbm90IGV4cGVjdGVkIHRvIGJlIG5vdGljZWFibGUuICBJdCBj b3N0cwpvbmUgcGFnZSAoNGspIHBlciBkb21haW4sIGFuZCBvbmUgZXh0cmEg SU8tVExCIHBhZ2luZyBzdHJ1Y3R1cmUgY2FjaGUgZW50cnkKd2hpY2ggaXMg dmVyeSBob3QgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIGV2aWN0ZWQuCgpUaGlz IGlzIFhTQS0zMTEuCgpSZXBvcnRlZC1ieTogWFhYIFBFUlNPTiA8WFhYIEVN QUlMPjMKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNv b3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KQWNrZWQtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCmRpZmYgLS1naXQgYS94ZW4v ZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMgYi94ZW4vZHJp dmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKaW5kZXggNTRlMWQx MzJkOS4uNGUwNDFiOTYwZiAxMDA2NDQKLS0tIGEveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X21hcC5jCisrKyBiL3hlbi9kcml2ZXJzL3Bh c3N0aHJvdWdoL2FtZC9pb21tdV9tYXAuYwpAQCAtMjg1LDEwMCArMjg1LDYg QEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9kZm4oc3RydWN0IGRvbWFp biAqZCwgdW5zaWduZWQgbG9uZyBkZm4sCiAgICAgcmV0dXJuIDA7CiB9CiAK LXN0YXRpYyBpbnQgdXBkYXRlX3BhZ2luZ19tb2RlKHN0cnVjdCBkb21haW4g KmQsIHVuc2lnbmVkIGxvbmcgZGZuKQotewotICAgIHVpbnQxNl90IGJkZjsK LSAgICBzdHJ1Y3QgYW1kX2lvbW11X2R0ZSAqdGFibGUsICpkdGU7Ci0gICAg dW5zaWduZWQgaW50IHJlcV9pZCwgbGV2ZWwsIG9mZnNldDsKLSAgICB1bnNp Z25lZCBsb25nIGZsYWdzOwotICAgIHN0cnVjdCBwY2lfZGV2ICpwZGV2Owot ICAgIHN0cnVjdCBhbWRfaW9tbXUgKmlvbW11ID0gTlVMTDsKLSAgICBzdHJ1 Y3QgcGFnZV9pbmZvICpuZXdfcm9vdCA9IE5VTEw7Ci0gICAgc3RydWN0IHBh Z2VfaW5mbyAqb2xkX3Jvb3QgPSBOVUxMOwotICAgIHN0cnVjdCBhbWRfaW9t bXVfcHRlICpuZXdfcm9vdF92YWRkcjsKLSAgICB1bnNpZ25lZCBsb25nIG9s ZF9yb290X21mbjsKLSAgICBzdHJ1Y3QgZG9tYWluX2lvbW11ICpoZCA9IGRv bV9pb21tdShkKTsKLQotICAgIGlmICggZGZuID09IGRmbl94KElOVkFMSURf REZOKSApCi0gICAgICAgIHJldHVybiAtRUFERFJOT1RBVkFJTDsKLSAgICBB U1NFUlQoIShkZm4gPj4gREVGQVVMVF9ET01BSU5fQUREUkVTU19XSURUSCkp OwotCi0gICAgbGV2ZWwgPSBoZC0+YXJjaC5wYWdpbmdfbW9kZTsKLSAgICBv bGRfcm9vdCA9IGhkLT5hcmNoLnJvb3RfdGFibGU7Ci0gICAgb2Zmc2V0ID0g ZGZuID4+IChQVEVfUEVSX1RBQkxFX1NISUZUICogKGxldmVsIC0gMSkpOwot Ci0gICAgQVNTRVJUKHNwaW5faXNfbG9ja2VkKCZoZC0+YXJjaC5tYXBwaW5n X2xvY2spICYmIGlzX2h2bV9kb21haW4oZCkpOwotCi0gICAgd2hpbGUgKCBv ZmZzZXQgPj0gUFRFX1BFUl9UQUJMRV9TSVpFICkKLSAgICB7Ci0gICAgICAg IC8qIEFsbG9jYXRlIGFuZCBpbnN0YWxsIGEgbmV3IHJvb3QgdGFibGUuCi0g ICAgICAgICAqIE9ubHkgdXBwZXIgSS9PIHBhZ2UgdGFibGUgZ3Jvd3MsIG5v IG5lZWQgdG8gZml4IG5leHQgbGV2ZWwgYml0cyAqLwotICAgICAgICBuZXdf cm9vdCA9IGFsbG9jX2FtZF9pb21tdV9wZ3RhYmxlKCk7Ci0gICAgICAgIGlm ICggbmV3X3Jvb3QgPT0gTlVMTCApCi0gICAgICAgIHsKLSAgICAgICAgICAg IEFNRF9JT01NVV9ERUJVRygiJXMgQ2Fubm90IGFsbG9jYXRlIEkvTyBwYWdl IHRhYmxlXG4iLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgIF9fZnVu Y19fKTsKLSAgICAgICAgICAgIHJldHVybiAtRU5PTUVNOwotICAgICAgICB9 Ci0KLSAgICAgICAgbmV3X3Jvb3RfdmFkZHIgPSBfX21hcF9kb21haW5fcGFn ZShuZXdfcm9vdCk7Ci0gICAgICAgIG9sZF9yb290X21mbiA9IG1mbl94KHBh Z2VfdG9fbWZuKG9sZF9yb290KSk7Ci0gICAgICAgIHNldF9pb21tdV9wZGVf cHJlc2VudChuZXdfcm9vdF92YWRkciwgb2xkX3Jvb3RfbWZuLCBsZXZlbCwK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRydWUsIHRydWUpOwot ICAgICAgICBsZXZlbCsrOwotICAgICAgICBvbGRfcm9vdCA9IG5ld19yb290 OwotICAgICAgICBvZmZzZXQgPj49IFBURV9QRVJfVEFCTEVfU0hJRlQ7Ci0g ICAgICAgIHVubWFwX2RvbWFpbl9wYWdlKG5ld19yb290X3ZhZGRyKTsKLSAg ICB9Ci0KLSAgICBpZiAoIG5ld19yb290ICE9IE5VTEwgKQotICAgIHsKLSAg ICAgICAgaGQtPmFyY2gucGFnaW5nX21vZGUgPSBsZXZlbDsKLSAgICAgICAg aGQtPmFyY2gucm9vdF90YWJsZSA9IG5ld19yb290OwotCi0gICAgICAgIGlm ICggIXBjaWRldnNfbG9ja2VkKCkgKQotICAgICAgICAgICAgQU1EX0lPTU1V X0RFQlVHKCIlcyBUcnkgdG8gYWNjZXNzIHBkZXZfbGlzdCAiCi0gICAgICAg ICAgICAgICAgICAgICAgICAgICAgIndpdGhvdXQgYXF1aXJpbmcgcGNpZGV2 c19sb2NrLlxuIiwgX19mdW5jX18pOwotCi0gICAgICAgIC8qIFVwZGF0ZSBk ZXZpY2UgdGFibGUgZW50cmllcyB1c2luZyBuZXcgcm9vdCB0YWJsZSBhbmQg cGFnaW5nIG1vZGUgKi8KLSAgICAgICAgZm9yX2VhY2hfcGRldiggZCwgcGRl diApCi0gICAgICAgIHsKLSAgICAgICAgICAgIGlmICggcGRldi0+dHlwZSA9 PSBERVZfVFlQRV9QQ0lfSE9TVF9CUklER0UgKQotICAgICAgICAgICAgICAg IGNvbnRpbnVlOwotCi0gICAgICAgICAgICBiZGYgPSBQQ0lfQkRGMihwZGV2 LT5idXMsIHBkZXYtPmRldmZuKTsKLSAgICAgICAgICAgIGlvbW11ID0gZmlu ZF9pb21tdV9mb3JfZGV2aWNlKHBkZXYtPnNlZywgYmRmKTsKLSAgICAgICAg ICAgIGlmICggIWlvbW11ICkKLSAgICAgICAgICAgIHsKLSAgICAgICAgICAg ICAgICBBTURfSU9NTVVfREVCVUcoIiVzIEZhaWwgdG8gZmluZCBpb21tdS5c biIsIF9fZnVuY19fKTsKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVOT0RF VjsKLSAgICAgICAgICAgIH0KLQotICAgICAgICAgICAgc3Bpbl9sb2NrX2ly cXNhdmUoJmlvbW11LT5sb2NrLCBmbGFncyk7Ci0gICAgICAgICAgICBkbyB7 Ci0gICAgICAgICAgICAgICAgcmVxX2lkID0gZ2V0X2RtYV9yZXF1ZXN0b3Jf aWQocGRldi0+c2VnLCBiZGYpOwotICAgICAgICAgICAgICAgIHRhYmxlID0g aW9tbXUtPmRldl90YWJsZS5idWZmZXI7Ci0gICAgICAgICAgICAgICAgZHRl ID0gJnRhYmxlW3JlcV9pZF07Ci0KLSAgICAgICAgICAgICAgICAvKiB2YWxp ZCA9IDAgb25seSB3b3JrcyBmb3IgZG9tMCBwYXNzdGhyb3VnaCBtb2RlICov Ci0gICAgICAgICAgICAgICAgYW1kX2lvbW11X3NldF9yb290X3BhZ2VfdGFi bGUoZHRlLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHBhZ2VfdG9fbWFkZHIoaGQtPmFyY2gucm9vdF90YWJsZSks Ci0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgZC0+ZG9tYWluX2lkLAotICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGhkLT5hcmNoLnBhZ2luZ19tb2RlLCAxKTsK LQotICAgICAgICAgICAgICAgIGFtZF9pb21tdV9mbHVzaF9kZXZpY2UoaW9t bXUsIHJlcV9pZCk7Ci0gICAgICAgICAgICAgICAgYmRmICs9IHBkZXYtPnBo YW50b21fc3RyaWRlOwotICAgICAgICAgICAgfSB3aGlsZSAoIFBDSV9ERVZG TjIoYmRmKSAhPSBwZGV2LT5kZXZmbiAmJgotICAgICAgICAgICAgICAgICAg ICAgIFBDSV9TTE9UKGJkZikgPT0gUENJX1NMT1QocGRldi0+ZGV2Zm4pICk7 Ci0gICAgICAgICAgICBzcGluX3VubG9ja19pcnFyZXN0b3JlKCZpb21tdS0+ bG9jaywgZmxhZ3MpOwotICAgICAgICB9Ci0KLSAgICAgICAgLyogRm9yIHNh ZmV0eSwgaW52YWxpZGF0ZSBhbGwgZW50cmllcyAqLwotICAgICAgICBhbWRf aW9tbXVfZmx1c2hfYWxsX3BhZ2VzKGQpOwotICAgIH0KLSAgICByZXR1cm4g MDsKLX0KLQogaW50IGFtZF9pb21tdV9tYXBfcGFnZShzdHJ1Y3QgZG9tYWlu ICpkLCBkZm5fdCBkZm4sIG1mbl90IG1mbiwKICAgICAgICAgICAgICAgICAg ICAgICAgdW5zaWduZWQgaW50IGZsYWdzLCB1bnNpZ25lZCBpbnQgKmZsdXNo X2ZsYWdzKQogewpAQCAtNDAwLDIwICszMDYsNiBAQCBpbnQgYW1kX2lvbW11 X21hcF9wYWdlKHN0cnVjdCBkb21haW4gKmQsIGRmbl90IGRmbiwgbWZuX3Qg bWZuLAogICAgICAgICByZXR1cm4gcmM7CiAgICAgfQogCi0gICAgLyogU2lu Y2UgSFZNIGRvbWFpbiBpcyBpbml0aWFsaXplZCB3aXRoIDIgbGV2ZWwgSU8g cGFnZSB0YWJsZSwKLSAgICAgKiB3ZSBtaWdodCBuZWVkIGEgZGVlcGVyIHBh Z2UgdGFibGUgZm9yIHdpZGVyIGRmbiBub3cgKi8KLSAgICBpZiAoIGlzX2h2 bV9kb21haW4oZCkgKQotICAgIHsKLSAgICAgICAgaWYgKCB1cGRhdGVfcGFn aW5nX21vZGUoZCwgZGZuX3goZGZuKSkgKQotICAgICAgICB7Ci0gICAgICAg ICAgICBzcGluX3VubG9jaygmaGQtPmFyY2gubWFwcGluZ19sb2NrKTsKLSAg ICAgICAgICAgIEFNRF9JT01NVV9ERUJVRygiVXBkYXRlIHBhZ2UgbW9kZSBm YWlsZWQgZGZuID0gJSJQUklfZGZuIlxuIiwKLSAgICAgICAgICAgICAgICAg ICAgICAgICAgICBkZm5feChkZm4pKTsKLSAgICAgICAgICAgIGRvbWFpbl9j cmFzaChkKTsKLSAgICAgICAgICAgIHJldHVybiAtRUZBVUxUOwotICAgICAg ICB9Ci0gICAgfQotCiAgICAgaWYgKCBpb21tdV9wZGVfZnJvbV9kZm4oZCwg ZGZuX3goZGZuKSwgcHRfbWZuLCB0cnVlKSB8fCAocHRfbWZuWzFdID09IDAp ICkKICAgICB7CiAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJjaC5tYXBw aW5nX2xvY2spOwpkaWZmIC0tZ2l0IGEveGVuL2RyaXZlcnMvcGFzc3Rocm91 Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJv dWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKaW5kZXggNGRhNjUxODc3My4uZGQz NDAxZjBkYyAxMDA2NDQKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91Z2gv YW1kL3BjaV9hbWRfaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhy b3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jCkBAIC0yNTEsMTAgKzI1MSwxNyBA QCBzdGF0aWMgaW50IGFtZF9pb21tdV9kb21haW5faW5pdChzdHJ1Y3QgZG9t YWluICpkKQogewogICAgIHN0cnVjdCBkb21haW5faW9tbXUgKmhkID0gZG9t X2lvbW11KGQpOwogCi0gICAgLyogRm9yIHB2IGFuZCBkb20wLCBzdGljayB3 aXRoIGdldF9wYWdpbmdfbW9kZShtYXhfcGFnZSkKLSAgICAgKiBGb3IgSFZN IGRvbTAsIHVzZSAyIGxldmVsIHBhZ2UgdGFibGUgYXQgZmlyc3QgKi8KLSAg ICBoZC0+YXJjaC5wYWdpbmdfbW9kZSA9IGlzX2h2bV9kb21haW4oZCkgPwot ICAgICAgICAyIDogYW1kX2lvbW11X2dldF9wYWdpbmdfbW9kZShtYXhfcGFn ZSk7CisgICAgLyoKKyAgICAgKiBDaG9vc2UgdGhlIG51bWJlciBvZiBsZXZl bHMgZm9yIHRoZSBJT01NVSBwYWdlIHRhYmxlcy4KKyAgICAgKiAtIFBWIG5l ZWRzIDMgb3IgNCwgZGVwZW5kaW5nIG9uIHdoZXRoZXIgdGhlcmUgaXMgUkFN IChpbmNsdWRpbmcgaG90cGx1ZworICAgICAqICAgUkFNKSBhYm92ZSB0aGUg NTEyRyBib3VuZGFyeS4KKyAgICAgKiAtIEhWTSBjb3VsZCBpbiBwcmluY2lw bGUgdXNlIDMgb3IgNCBkZXBlbmRpbmcgb24gaG93IG11Y2ggZ3Vlc3QKKyAg ICAgKiAgIHBoeXNpY2FsIGFkZHJlc3Mgc3BhY2Ugd2UgZ2l2ZSBpdCwgYnV0 IHRoaXMgaXNuJ3Qga25vd24geWV0IHNvIHVzZSA0CisgICAgICogICB1bmls YXRlcmFsbHkuCisgICAgICovCisgICAgaGQtPmFyY2gucGFnaW5nX21vZGUg PSBpc19odm1fZG9tYWluKGQpCisgICAgICAgID8gNCA6IGFtZF9pb21tdV9n ZXRfcGFnaW5nX21vZGUoZ2V0X3VwcGVyX21mbl9ib3VuZCgpKTsKKwogICAg IHJldHVybiAwOwogfQogCg== --=separator Content-Type: application/octet-stream; name="xsa311-4.8-1.patch" Content-Disposition: attachment; filename="xsa311-4.8-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBBTUQvSU9NTVU6IGRvbid0IG5lZWRsZXNzbHkgdHJpZ2dlciBlcnJvcnMv Y3Jhc2hlcyB3aGVuIHVubWFwcGluZyBhIHBhZ2UKClVubWFwcGluZyBhIHBh Z2Ugd2hpY2ggaGFzIG5ldmVyIGJlZW4gbWFwcGVkIHNob3VsZCBiZSBhIG5v LW9wIChub3RlIGhvdwppdCBhbHJlYWR5IGlzIGluIGNhc2UgdGhlcmUgd2Fz IG5vIHJvb3QgcGFnZSB0YWJsZSBhbGxvY2F0ZWQpLiBUaGVyZSdzCmluIHBh cnRpY3VsYXIgbm8gbmVlZCB0byBncm93IHRoZSBudW1iZXIgb2YgcGFnZSB0 YWJsZSBsZXZlbHMgaW4gdXNlLAphbmQgdGhlcmUncyBhbHNvIG5vIG5lZWQg dG8gYWxsb2NhdGUgaW50ZXJtZWRpYXRlIHBhZ2UgdGFibGVzIGV4Y2VwdAp3 aGVuIG5lZWRpbmcgdG8gc3BsaXQgYSBsYXJnZSBwYWdlLgoKUmVwb3J0ZWQt Ynk6IFhYWCBQRVJTT04gPFhYWCBFTUFJTD4zClNpZ25lZC1vZmYtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IFBhdWwgRHVycmFudCA8cGF1bEB4ZW4ub3JnPgpBY2tlZC1i eTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4K Ci0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9tYXAu YworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFw LmMKQEAgLTQ1Nyw3ICs0NTcsNyBAQCBzdGF0aWMgaW50IGlvbW11X21lcmdl X3BhZ2VzKHN0cnVjdCBkb21hCiAgKiBwYWdlIHRhYmxlcy4KICAqLwogc3Rh dGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0IGRvbWFpbiAqZCwg dW5zaWduZWQgbG9uZyBwZm4sIAotICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdW5zaWduZWQgbG9uZyBwdF9tZm5bXSkKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcgcHRfbWZuW10sIGJvb2wg bWFwKQogewogICAgIHU2NCAqcGRlLCAqbmV4dF90YWJsZV92YWRkcjsKICAg ICB1bnNpZ25lZCBsb25nICBuZXh0X3RhYmxlX21mbjsKQEAgLTQ3MSw2ICs0 NzEsMTMgQEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0 IGRvbQogICAgIEJVR19PTiggdGFibGUgPT0gTlVMTCB8fCBsZXZlbCA8IElP TU1VX1BBR0lOR19NT0RFX0xFVkVMXzEgfHwgCiAgICAgICAgICAgICBsZXZl bCA+IElPTU1VX1BBR0lOR19NT0RFX0xFVkVMXzYgKTsKIAorICAgIC8qCisg ICAgICogQSBmcmFtZSBudW1iZXIgcGFzdCB3aGF0IHRoZSBjdXJyZW50IHBh Z2UgdGFibGVzIGNhbiByZXByZXNlbnQgY2FuJ3QKKyAgICAgKiBwb3NzaWJs eSBoYXZlIGEgbWFwcGluZy4KKyAgICAgKi8KKyAgICBpZiAoIHBmbiA+PiAo UFRFX1BFUl9UQUJMRV9TSElGVCAqIGxldmVsKSApCisgICAgICAgIHJldHVy biAwOworCiAgICAgbmV4dF90YWJsZV9tZm4gPSBwYWdlX3RvX21mbih0YWJs ZSk7CiAKICAgICBpZiAoIGxldmVsID09IElPTU1VX1BBR0lOR19NT0RFX0xF VkVMXzEgKQpAQCAtNTMxLDYgKzUzOCw5IEBAIHN0YXRpYyBpbnQgaW9tbXVf cGRlX2Zyb21fZ2ZuKHN0cnVjdCBkb20KICAgICAgICAgLyogSW5zdGFsbCBs b3dlciBsZXZlbCBwYWdlIHRhYmxlIGZvciBub24tcHJlc2VudCBlbnRyaWVz ICovCiAgICAgICAgIGVsc2UgaWYgKCAhaW9tbXVfaXNfcHRlX3ByZXNlbnQo KHUzMiopcGRlKSApCiAgICAgICAgIHsKKyAgICAgICAgICAgIGlmICggIW1h cCApCisgICAgICAgICAgICAgICAgcmV0dXJuIDA7CisKICAgICAgICAgICAg IGlmICggbmV4dF90YWJsZV9tZm4gPT0gMCApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgdGFibGUgPSBhbGxvY19hbWRfaW9tbXVfcGd0YWJs ZSgpOwpAQCAtNjgxLDcgKzY5MSw3IEBAIGludCBhbWRfaW9tbXVfbWFwX3Bh Z2Uoc3RydWN0IGRvbWFpbiAqZCwKICAgICAgICAgfQogICAgIH0KIAotICAg IGlmICggaW9tbXVfcGRlX2Zyb21fZ2ZuKGQsIGdmbiwgcHRfbWZuKSB8fCAo cHRfbWZuWzFdID09IDApICkKKyAgICBpZiAoIGlvbW11X3BkZV9mcm9tX2dm bihkLCBnZm4sIHB0X21mbiwgdHJ1ZSkgfHwgKHB0X21mblsxXSA9PSAwKSAp CiAgICAgewogICAgICAgICBzcGluX3VubG9jaygmaGQtPmFyY2gubWFwcGlu Z19sb2NrKTsKICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJbnZhbGlkIElP IHBhZ2V0YWJsZSBlbnRyeSBnZm4gPSAlbHhcbiIsIGdmbik7CkBAIC03NTYs MjMgKzc2Niw3IEBAIGludCBhbWRfaW9tbXVfdW5tYXBfcGFnZShzdHJ1Y3Qg ZG9tYWluICoKIAogICAgIHNwaW5fbG9jaygmaGQtPmFyY2gubWFwcGluZ19s b2NrKTsKIAotICAgIC8qIFNpbmNlIEhWTSBkb21haW4gaXMgaW5pdGlhbGl6 ZWQgd2l0aCAyIGxldmVsIElPIHBhZ2UgdGFibGUsCi0gICAgICogd2UgbWln aHQgbmVlZCBhIGRlZXBlciBwYWdlIHRhYmxlIGZvciBsYWdlciBnZm4gbm93 ICovCi0gICAgaWYgKCBpc19odm1fZG9tYWluKGQpICkKLSAgICB7Ci0gICAg ICAgIGludCByYyA9IHVwZGF0ZV9wYWdpbmdfbW9kZShkLCBnZm4pOwotCi0g ICAgICAgIGlmICggcmMgKQotICAgICAgICB7Ci0gICAgICAgICAgICBzcGlu X3VubG9jaygmaGQtPmFyY2gubWFwcGluZ19sb2NrKTsKLSAgICAgICAgICAg IEFNRF9JT01NVV9ERUJVRygiVXBkYXRlIHBhZ2UgbW9kZSBmYWlsZWQgZ2Zu ID0gJWx4XG4iLCBnZm4pOwotICAgICAgICAgICAgaWYgKCByYyAhPSAtRUFE RFJOT1RBVkFJTCApCi0gICAgICAgICAgICAgICAgZG9tYWluX2NyYXNoKGQp OwotICAgICAgICAgICAgcmV0dXJuIHJjOwotICAgICAgICB9Ci0gICAgfQot Ci0gICAgaWYgKCBpb21tdV9wZGVfZnJvbV9nZm4oZCwgZ2ZuLCBwdF9tZm4p IHx8IChwdF9tZm5bMV0gPT0gMCkgKQorICAgIGlmICggaW9tbXVfcGRlX2Zy b21fZ2ZuKGQsIGdmbiwgcHRfbWZuLCBmYWxzZSkgKQogICAgIHsKICAgICAg ICAgc3Bpbl91bmxvY2soJmhkLT5hcmNoLm1hcHBpbmdfbG9jayk7CiAgICAg ICAgIEFNRF9JT01NVV9ERUJVRygiSW52YWxpZCBJTyBwYWdldGFibGUgZW50 cnkgZ2ZuID0gJWx4XG4iLCBnZm4pOwpAQCAtNzgwLDggKzc3NCwxMSBAQCBp bnQgYW1kX2lvbW11X3VubWFwX3BhZ2Uoc3RydWN0IGRvbWFpbiAqCiAgICAg ICAgIHJldHVybiAtRUZBVUxUOwogICAgIH0KIAotICAgIC8qIG1hcmsgUFRF IGFzICdwYWdlIG5vdCBwcmVzZW50JyAqLwotICAgIGNsZWFyX2lvbW11X3B0 ZV9wcmVzZW50KHB0X21mblsxXSwgZ2ZuKTsKKyAgICBpZiAoIHB0X21mblsx XSApCisgICAgeworICAgICAgICAvKiBNYXJrIFBURSBhcyAncGFnZSBub3Qg cHJlc2VudCcuICovCisgICAgICAgIGNsZWFyX2lvbW11X3B0ZV9wcmVzZW50 KHB0X21mblsxXSwgZ2ZuKTsKKyAgICB9CiAKICAgICAvKiBObyBmdXJ0aGVy IG1lcmdpbmcgaW4gYW1kX2lvbW11X21hcF9wYWdlKCksIGFzIHRoZSBsb2dp YyBkb2Vzbid0IGNvcGUuICovCiAgICAgaGQtPmFyY2gubm9fbWVyZ2UgPSB0 cnVlOwo= --=separator Content-Type: application/octet-stream; name="xsa311-4.8-2.patch" Content-Disposition: attachment; filename="xsa311-4.8-2.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogQU1EL0lPTU1VOiBDZWFzZSB1c2luZyBhIGR5bmFtaWMg aGVpZ2h0IGZvciB0aGUgSU9NTVUgcGFnZXRhYmxlcwoKdXBkYXRlX3BhZ2lu Z19tb2RlKCkgaGFzIG11bHRpcGxlIGJ1Z3M6CgogMSkgQm9vdGluZyB3aXRo IGlvbW11PWRlYnVnIHdpbGwgY2F1c2UgaXQgdG8gaW5mb3JtIHlvdSB0aGF0 IHRoYXQgaXQgY2FsbGVkCiAgICB3aXRob3V0IHRoZSBwZGV2X2xpc3QgbG9j ayBoZWxkLgogMikgV2hlbiBncm93aW5nIGJ5IG1vcmUgdGhhbiBhIHNpbmds ZSBsZXZlbCwgaXQgbGVha3MgdGhlIG5ld2x5IGFsbG9jYXRlZAogICAgdGFi bGUocykgaW4gdGhlIGNhc2Ugb2YgYSBmdXJ0aGVyIGVycm9yLgoKRnVydGhl cm1vcmUsIHRoZSBjaG9pY2Ugb2YgZGVmYXVsdCBsZXZlbCBmb3IgYSBkb21h aW4gaGFzIGlzc3VlczoKCiAxKSBBbGwgSFZNIGd1ZXN0cyBncm93IGZyb20g MiB0byAzIGxldmVscyBkdXJpbmcgY29uc3RydWN0aW9uIGJlY2F1c2Ugb2Yg dGhlCiAgICBwb3NpdGlvbiBvZiB0aGUgVlJBTSBqdXN0IGJlbG93IHRoZSA0 RyBib3VuZGFyeSwgc28gZGVmYXVsdGluZyB0byAyIGlzIGEKICAgIHdhc3Rl IG9mIGVmZm9ydC4KIDIpIFRoZSBsaW1pdCBmb3IgUFYgZ3Vlc3RzIGRvZXNu J3QgdGFrZSBtZW1vcnkgaG90cGx1ZyBpbnRvIGFjY291bnQsIGFuZAogICAg aXNuJ3QgZHluYW1pYyBhdCBydW50aW1lIGxpa2UgSFZNIGd1ZXN0cy4gIFRo aXMgbWVhbnMgdGhhdCBhIFBWIGd1ZXN0IG1heQogICAgZ2V0IFJBTSB3aGlj aCBpdCBjYW4ndCBtYXAgaW4gdGhlIElPTU1VLgoKVGhlIGR5bmFtaWMgaGVp Z2h0IGlzIGEgcHJvcGVydHkgdW5pcXVlIHRvIEFNRCwgYW5kIGFkZHMgYSBz dWJzdGFudGlhbApxdWFudGl0eSBvZiBjb21wbGV4aXR5IGZvciB3aGF0IGlz IGEgbWFyZ2luYWwgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnQuICBSZW1vdmUK dGhlIGNvbXBsZXhpdHkgYnkgcmVtb3ZpbmcgdGhlIGR5bmFtaWMgaGVpZ2h0 LgoKUFYgZ3Vlc3RzIG5vdyBnZXQgMyBvciA0IGxldmVscyBiYXNlZCBvbiBh bnkgaG90cGx1ZyByZWdpb25zIGluIHRoZSBob3N0LgpUaGlzIG9ubHkgbWFr ZXMgYSBkaWZmZXJlbmNlIGZvciBoYXJkd2FyZSB3aGljaCBwcmV2aW91c2x5 IGhhZCBhbGwgUkFNIGJlbG93CnRoZSA1MTJHIGJvdW5kYXJ5LCBhbmQgYSBo b3RwbHVnIHJlZ2lvbiBhYm92ZS4KCkhWTSBndWVzdHMgbm93IGdldCA0IGxl dmVscyAod2hpY2ggd2lsbCBiZSBzdWZmaWNpZW50IHVudGlsIDI1NlRCIGd1 ZXN0cwpiZWNvbWUgYSB0aGluZyksIGJlY2F1c2Ugd2UgZG9uJ3QgY3VycmVu dGx5IGhhdmUgdGhlIGluZm9ybWF0aW9uIHRvIGtub3cgd2hlbgozIHdvdWxk IGJlIHNhZmUgdG8gdXNlLgoKVGhlIG92ZXJoZWFkIG9mIHRoaXMgZXh0cmEg bGV2ZWwgaXMgbm90IGV4cGVjdGVkIHRvIGJlIG5vdGljZWFibGUuICBJdCBj b3N0cwpvbmUgcGFnZSAoNGspIHBlciBkb21haW4sIGFuZCBvbmUgZXh0cmEg SU8tVExCIHBhZ2luZyBzdHJ1Y3R1cmUgY2FjaGUgZW50cnkKd2hpY2ggaXMg dmVyeSBob3QgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIGV2aWN0ZWQuCgpUaGlz IGlzIFhTQS0zMTEuCgpSZXBvcnRlZC1ieTogWFhYIFBFUlNPTiA8WFhYIEVN QUlMPjMKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNv b3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KQWNrZWQtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL3hlbi9hcmNoL3g4 Ni9tbS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS5jCkBAIC03NDAzLDYgKzc0 MDMsMTcgQEAgdm9pZCBwYWdpbmdfaW52bHBnKHN0cnVjdCB2Y3B1ICp2LCB1 bnNpZwogICAgICAgICBodm1fZnVuY3MuaW52bHBnKHYsIHZhKTsKIH0KIAor dW5zaWduZWQgbG9uZyBnZXRfdXBwZXJfbWZuX2JvdW5kKHZvaWQpCit7Cisg ICAgdW5zaWduZWQgbG9uZyBtYXhfbWZuOworCisgICAgbWF4X21mbiA9IG1l bV9ob3RwbHVnID8gUEZOX0RPV04obWVtX2hvdHBsdWcpIDogbWF4X3BhZ2U7 CisjaWZuZGVmIENPTkZJR19CSUdNRU0KKyAgICBtYXhfbWZuID0gbWluKG1h eF9tZm4sIDFVTCA8PCAzMik7CisjZW5kaWYKKyAgICByZXR1cm4gbWluKG1h eF9tZm4sIDFVTCA8PCAocGFkZHJfYml0cyAtIFBBR0VfU0hJRlQpKSAtIDE7 Cit9CisKIC8qCiAgKiBMb2NhbCB2YXJpYWJsZXM6CiAgKiBtb2RlOiBDCi0t LSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9tYXAuYwor KysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMK QEAgLTU3MCw5NyArNTcwLDYgQEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJv bV9nZm4oc3RydWN0IGRvbQogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMg aW50IHVwZGF0ZV9wYWdpbmdfbW9kZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNp Z25lZCBsb25nIGdmbikKLXsKLSAgICB1MTYgYmRmOwotICAgIHZvaWQgKmRl dmljZV9lbnRyeTsKLSAgICB1bnNpZ25lZCBpbnQgcmVxX2lkLCBsZXZlbCwg b2Zmc2V0OwotICAgIHVuc2lnbmVkIGxvbmcgZmxhZ3M7Ci0gICAgc3RydWN0 IHBjaV9kZXYgKnBkZXY7Ci0gICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUg PSBOVUxMOwotICAgIHN0cnVjdCBwYWdlX2luZm8gKm5ld19yb290ID0gTlVM TDsKLSAgICBzdHJ1Y3QgcGFnZV9pbmZvICpvbGRfcm9vdCA9IE5VTEw7Ci0g ICAgdm9pZCAqbmV3X3Jvb3RfdmFkZHI7Ci0gICAgdW5zaWduZWQgbG9uZyBv bGRfcm9vdF9tZm47Ci0gICAgc3RydWN0IGRvbWFpbl9pb21tdSAqaGQgPSBk b21faW9tbXUoZCk7Ci0KLSAgICBpZiAoIGdmbiA9PSBnZm5feChJTlZBTElE X0dGTikgKQotICAgICAgICByZXR1cm4gLUVBRERSTk9UQVZBSUw7Ci0gICAg QVNTRVJUKCEoZ2ZuID4+IERFRkFVTFRfRE9NQUlOX0FERFJFU1NfV0lEVEgp KTsKLQotICAgIGxldmVsID0gaGQtPmFyY2gucGFnaW5nX21vZGU7Ci0gICAg b2xkX3Jvb3QgPSBoZC0+YXJjaC5yb290X3RhYmxlOwotICAgIG9mZnNldCA9 IGdmbiA+PiAoUFRFX1BFUl9UQUJMRV9TSElGVCAqIChsZXZlbCAtIDEpKTsK LQotICAgIEFTU0VSVChzcGluX2lzX2xvY2tlZCgmaGQtPmFyY2gubWFwcGlu Z19sb2NrKSAmJiBpc19odm1fZG9tYWluKGQpKTsKLQotICAgIHdoaWxlICgg b2Zmc2V0ID49IFBURV9QRVJfVEFCTEVfU0laRSApCi0gICAgewotICAgICAg ICAvKiBBbGxvY2F0ZSBhbmQgaW5zdGFsbCBhIG5ldyByb290IHRhYmxlLgot ICAgICAgICAgKiBPbmx5IHVwcGVyIEkvTyBwYWdlIHRhYmxlIGdyb3dzLCBu byBuZWVkIHRvIGZpeCBuZXh0IGxldmVsIGJpdHMgKi8KLSAgICAgICAgbmV3 X3Jvb3QgPSBhbGxvY19hbWRfaW9tbXVfcGd0YWJsZSgpOwotICAgICAgICBp ZiAoIG5ld19yb290ID09IE5VTEwgKQotICAgICAgICB7Ci0gICAgICAgICAg ICBBTURfSU9NTVVfREVCVUcoIiVzIENhbm5vdCBhbGxvY2F0ZSBJL08gcGFn ZSB0YWJsZVxuIiwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICBfX2Z1 bmNfXyk7Ci0gICAgICAgICAgICByZXR1cm4gLUVOT01FTTsKLSAgICAgICAg fQotCi0gICAgICAgIG5ld19yb290X3ZhZGRyID0gX19tYXBfZG9tYWluX3Bh Z2UobmV3X3Jvb3QpOwotICAgICAgICBvbGRfcm9vdF9tZm4gPSBwYWdlX3Rv X21mbihvbGRfcm9vdCk7Ci0gICAgICAgIHNldF9pb21tdV9wZGVfcHJlc2Vu dChuZXdfcm9vdF92YWRkciwgb2xkX3Jvb3RfbWZuLCBsZXZlbCwKLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICEhSU9NTVVGX3dyaXRhYmxlLCAh IUlPTU1VRl9yZWFkYWJsZSk7Ci0gICAgICAgIGxldmVsKys7Ci0gICAgICAg IG9sZF9yb290ID0gbmV3X3Jvb3Q7Ci0gICAgICAgIG9mZnNldCA+Pj0gUFRF X1BFUl9UQUJMRV9TSElGVDsKLSAgICAgICAgdW5tYXBfZG9tYWluX3BhZ2Uo bmV3X3Jvb3RfdmFkZHIpOwotICAgIH0KLQotICAgIGlmICggbmV3X3Jvb3Qg IT0gTlVMTCApCi0gICAgewotICAgICAgICBoZC0+YXJjaC5wYWdpbmdfbW9k ZSA9IGxldmVsOwotICAgICAgICBoZC0+YXJjaC5yb290X3RhYmxlID0gbmV3 X3Jvb3Q7Ci0KLSAgICAgICAgaWYgKCAhcGNpZGV2c19sb2NrZWQoKSApCi0g ICAgICAgICAgICBBTURfSU9NTVVfREVCVUcoIiVzIFRyeSB0byBhY2Nlc3Mg cGRldl9saXN0ICIKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAid2l0 aG91dCBhcXVpcmluZyBwY2lkZXZzX2xvY2suXG4iLCBfX2Z1bmNfXyk7Ci0K LSAgICAgICAgLyogVXBkYXRlIGRldmljZSB0YWJsZSBlbnRyaWVzIHVzaW5n IG5ldyByb290IHRhYmxlIGFuZCBwYWdpbmcgbW9kZSAqLwotICAgICAgICBm b3JfZWFjaF9wZGV2KCBkLCBwZGV2ICkKLSAgICAgICAgewotICAgICAgICAg ICAgYmRmID0gUENJX0JERjIocGRldi0+YnVzLCBwZGV2LT5kZXZmbik7Ci0g ICAgICAgICAgICBpb21tdSA9IGZpbmRfaW9tbXVfZm9yX2RldmljZShwZGV2 LT5zZWcsIGJkZik7Ci0gICAgICAgICAgICBpZiAoICFpb21tdSApCi0gICAg ICAgICAgICB7Ci0gICAgICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCIl cyBGYWlsIHRvIGZpbmQgaW9tbXUuXG4iLCBfX2Z1bmNfXyk7Ci0gICAgICAg ICAgICAgICAgcmV0dXJuIC1FTk9ERVY7Ci0gICAgICAgICAgICB9Ci0KLSAg ICAgICAgICAgIHNwaW5fbG9ja19pcnFzYXZlKCZpb21tdS0+bG9jaywgZmxh Z3MpOwotICAgICAgICAgICAgZG8gewotICAgICAgICAgICAgICAgIHJlcV9p ZCA9IGdldF9kbWFfcmVxdWVzdG9yX2lkKHBkZXYtPnNlZywgYmRmKTsKLSAg ICAgICAgICAgICAgICBkZXZpY2VfZW50cnkgPSBpb21tdS0+ZGV2X3RhYmxl LmJ1ZmZlciArCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHJl cV9pZCAqIElPTU1VX0RFVl9UQUJMRV9FTlRSWV9TSVpFKTsKLQotICAgICAg ICAgICAgICAgIC8qIHZhbGlkID0gMCBvbmx5IHdvcmtzIGZvciBkb20wIHBh c3N0aHJvdWdoIG1vZGUgKi8KLSAgICAgICAgICAgICAgICBhbWRfaW9tbXVf c2V0X3Jvb3RfcGFnZV90YWJsZSgodTMyICopZGV2aWNlX2VudHJ5LAotICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHBh Z2VfdG9fbWFkZHIoaGQtPmFyY2gucm9vdF90YWJsZSksCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZC0+ZG9tYWlu X2lkLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIGhkLT5hcmNoLnBhZ2luZ19tb2RlLCAxKTsKLQotICAgICAgICAg ICAgICAgIGFtZF9pb21tdV9mbHVzaF9kZXZpY2UoaW9tbXUsIHJlcV9pZCk7 Ci0gICAgICAgICAgICAgICAgYmRmICs9IHBkZXYtPnBoYW50b21fc3RyaWRl OwotICAgICAgICAgICAgfSB3aGlsZSAoIFBDSV9ERVZGTjIoYmRmKSAhPSBw ZGV2LT5kZXZmbiAmJgotICAgICAgICAgICAgICAgICAgICAgIFBDSV9TTE9U KGJkZikgPT0gUENJX1NMT1QocGRldi0+ZGV2Zm4pICk7Ci0gICAgICAgICAg ICBzcGluX3VubG9ja19pcnFyZXN0b3JlKCZpb21tdS0+bG9jaywgZmxhZ3Mp OwotICAgICAgICB9Ci0KLSAgICAgICAgLyogRm9yIHNhZmV0eSwgaW52YWxp ZGF0ZSBhbGwgZW50cmllcyAqLwotICAgICAgICBhbWRfaW9tbXVfZmx1c2hf YWxsX3BhZ2VzKGQpOwotICAgIH0KLSAgICByZXR1cm4gMDsKLX0KLQogaW50 IGFtZF9pb21tdV9tYXBfcGFnZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNpZ25l ZCBsb25nIGdmbiwgdW5zaWduZWQgbG9uZyBtZm4sCiAgICAgICAgICAgICAg ICAgICAgICAgIHVuc2lnbmVkIGludCBmbGFncykKIHsKQEAgLTY3OCwxOSAr NTg3LDYgQEAgaW50IGFtZF9pb21tdV9tYXBfcGFnZShzdHJ1Y3QgZG9tYWlu ICpkLAogCiAgICAgc3Bpbl9sb2NrKCZoZC0+YXJjaC5tYXBwaW5nX2xvY2sp OwogCi0gICAgLyogU2luY2UgSFZNIGRvbWFpbiBpcyBpbml0aWFsaXplZCB3 aXRoIDIgbGV2ZWwgSU8gcGFnZSB0YWJsZSwKLSAgICAgKiB3ZSBtaWdodCBu ZWVkIGEgZGVlcGVyIHBhZ2UgdGFibGUgZm9yIGxhZ2VyIGdmbiBub3cgKi8K LSAgICBpZiAoIGlzX2h2bV9kb21haW4oZCkgKQotICAgIHsKLSAgICAgICAg aWYgKCB1cGRhdGVfcGFnaW5nX21vZGUoZCwgZ2ZuKSApCi0gICAgICAgIHsK LSAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJjaC5tYXBwaW5nX2xv Y2spOwotICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJVcGRhdGUgcGFn ZSBtb2RlIGZhaWxlZCBnZm4gPSAlbHhcbiIsIGdmbik7Ci0gICAgICAgICAg ICBkb21haW5fY3Jhc2goZCk7Ci0gICAgICAgICAgICByZXR1cm4gLUVGQVVM VDsKLSAgICAgICAgfQotICAgIH0KLQogICAgIGlmICggaW9tbXVfcGRlX2Zy b21fZ2ZuKGQsIGdmbiwgcHRfbWZuLCB0cnVlKSB8fCAocHRfbWZuWzFdID09 IDApICkKICAgICB7CiAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJjaC5t YXBwaW5nX2xvY2spOwotLS0gYS94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9h bWQvcGNpX2FtZF9pb21tdS5jCisrKyBiL3hlbi9kcml2ZXJzL3Bhc3N0aHJv dWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKQEAgLTI3MSwxMSArMjcxLDE3IEBA IHN0YXRpYyBpbnQgYW1kX2lvbW11X2RvbWFpbl9pbml0KHN0cnVjdAogICAg ICAgICByZXR1cm4gLUVOT01FTTsKICAgICB9CiAKLSAgICAvKiBGb3IgcHYg YW5kIGRvbTAsIHN0aWNrIHdpdGggZ2V0X3BhZ2luZ19tb2RlKG1heF9wYWdl KQotICAgICAqIEZvciBIVk0gZG9tMCwgdXNlIDIgbGV2ZWwgcGFnZSB0YWJs ZSBhdCBmaXJzdCAqLwotICAgIGhkLT5hcmNoLnBhZ2luZ19tb2RlID0gaXNf aHZtX2RvbWFpbihkKSA/Ci0gICAgICAgICAgICAgICAgICAgICAgSU9NTVVf UEFHSU5HX01PREVfTEVWRUxfMiA6Ci0gICAgICAgICAgICAgICAgICAgICAg Z2V0X3BhZ2luZ19tb2RlKG1heF9wYWdlKTsKKyAgICAvKgorICAgICAqIENo b29zZSB0aGUgbnVtYmVyIG9mIGxldmVscyBmb3IgdGhlIElPTU1VIHBhZ2Ug dGFibGVzLgorICAgICAqIC0gUFYgbmVlZHMgMyBvciA0LCBkZXBlbmRpbmcg b24gd2hldGhlciB0aGVyZSBpcyBSQU0gKGluY2x1ZGluZyBob3RwbHVnCisg ICAgICogICBSQU0pIGFib3ZlIHRoZSA1MTJHIGJvdW5kYXJ5LgorICAgICAq IC0gSFZNIGNvdWxkIGluIHByaW5jaXBsZSB1c2UgMyBvciA0IGRlcGVuZGlu ZyBvbiBob3cgbXVjaCBndWVzdAorICAgICAqICAgcGh5c2ljYWwgYWRkcmVz cyBzcGFjZSB3ZSBnaXZlIGl0LCBidXQgdGhpcyBpc24ndCBrbm93biB5ZXQg c28gdXNlIDQKKyAgICAgKiAgIHVuaWxhdGVyYWxseS4KKyAgICAgKi8KKyAg ICBoZC0+YXJjaC5wYWdpbmdfbW9kZSA9IGlzX2h2bV9kb21haW4oZCkKKyAg ICAgICAgPyBJT01NVV9QQUdJTkdfTU9ERV9MRVZFTF80IDogZ2V0X3BhZ2lu Z19tb2RlKGdldF91cHBlcl9tZm5fYm91bmQoKSk7CisKICAgICByZXR1cm4g MDsKIH0KIAotLS0gYS94ZW4vaW5jbHVkZS94ZW4vbW0uaAorKysgYi94ZW4v aW5jbHVkZS94ZW4vbW0uaApAQCAtNTc3LDYgKzU3Nyw5IEBAIGludCBwcmVw YXJlX3JpbmdfZm9yX2hlbHBlcihzdHJ1Y3QgZG9tYWkKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBzdHJ1Y3QgcGFnZV9pbmZvICoqX3BhZ2UsIHZv aWQgKipfdmEpOwogdm9pZCBkZXN0cm95X3JpbmdfZm9yX2hlbHBlcih2b2lk ICoqX3ZhLCBzdHJ1Y3QgcGFnZV9pbmZvICpwYWdlKTsKIAorLyogUmV0dXJu IHRoZSB1cHBlciBib3VuZCBvZiBNRk5zLCBpbmNsdWRpbmcgaG90cGx1ZyBt ZW1vcnkuICovCit1bnNpZ25lZCBsb25nIGdldF91cHBlcl9tZm5fYm91bmQo dm9pZCk7CisKICNpbmNsdWRlIDxhc20vZmx1c2h0bGIuaD4KIAogc3RhdGlj IGlubGluZSB2b2lkIGFjY3VtdWxhdGVfdGxiZmx1c2goYm9vbCAqbmVlZF90 bGJmbHVzaCwK --=separator Content-Type: application/octet-stream; name="xsa311-4.9-1.patch" Content-Disposition: attachment; filename="xsa311-4.9-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBBTUQvSU9NTVU6IGRvbid0IG5lZWRsZXNzbHkgdHJpZ2dlciBlcnJvcnMv Y3Jhc2hlcyB3aGVuIHVubWFwcGluZyBhIHBhZ2UKClVubWFwcGluZyBhIHBh Z2Ugd2hpY2ggaGFzIG5ldmVyIGJlZW4gbWFwcGVkIHNob3VsZCBiZSBhIG5v LW9wIChub3RlIGhvdwppdCBhbHJlYWR5IGlzIGluIGNhc2UgdGhlcmUgd2Fz IG5vIHJvb3QgcGFnZSB0YWJsZSBhbGxvY2F0ZWQpLiBUaGVyZSdzCmluIHBh cnRpY3VsYXIgbm8gbmVlZCB0byBncm93IHRoZSBudW1iZXIgb2YgcGFnZSB0 YWJsZSBsZXZlbHMgaW4gdXNlLAphbmQgdGhlcmUncyBhbHNvIG5vIG5lZWQg dG8gYWxsb2NhdGUgaW50ZXJtZWRpYXRlIHBhZ2UgdGFibGVzIGV4Y2VwdAp3 aGVuIG5lZWRpbmcgdG8gc3BsaXQgYSBsYXJnZSBwYWdlLgoKUmVwb3J0ZWQt Ynk6IFhYWCBQRVJTT04gPFhYWCBFTUFJTD4zClNpZ25lZC1vZmYtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IFBhdWwgRHVycmFudCA8cGF1bEB4ZW4ub3JnPgpBY2tlZC1i eTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4K Ci0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9tYXAu YworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFw LmMKQEAgLTQ1Niw3ICs0NTYsNyBAQCBzdGF0aWMgaW50IGlvbW11X21lcmdl X3BhZ2VzKHN0cnVjdCBkb21hCiAgKiBwYWdlIHRhYmxlcy4KICAqLwogc3Rh dGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0IGRvbWFpbiAqZCwg dW5zaWduZWQgbG9uZyBwZm4sIAotICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdW5zaWduZWQgbG9uZyBwdF9tZm5bXSkKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcgcHRfbWZuW10sIGJvb2wg bWFwKQogewogICAgIHU2NCAqcGRlLCAqbmV4dF90YWJsZV92YWRkcjsKICAg ICB1bnNpZ25lZCBsb25nICBuZXh0X3RhYmxlX21mbjsKQEAgLTQ3MCw2ICs0 NzAsMTMgQEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0 IGRvbQogICAgIEJVR19PTiggdGFibGUgPT0gTlVMTCB8fCBsZXZlbCA8IElP TU1VX1BBR0lOR19NT0RFX0xFVkVMXzEgfHwgCiAgICAgICAgICAgICBsZXZl bCA+IElPTU1VX1BBR0lOR19NT0RFX0xFVkVMXzYgKTsKIAorICAgIC8qCisg ICAgICogQSBmcmFtZSBudW1iZXIgcGFzdCB3aGF0IHRoZSBjdXJyZW50IHBh Z2UgdGFibGVzIGNhbiByZXByZXNlbnQgY2FuJ3QKKyAgICAgKiBwb3NzaWJs eSBoYXZlIGEgbWFwcGluZy4KKyAgICAgKi8KKyAgICBpZiAoIHBmbiA+PiAo UFRFX1BFUl9UQUJMRV9TSElGVCAqIGxldmVsKSApCisgICAgICAgIHJldHVy biAwOworCiAgICAgbmV4dF90YWJsZV9tZm4gPSBwYWdlX3RvX21mbih0YWJs ZSk7CiAKICAgICBpZiAoIGxldmVsID09IElPTU1VX1BBR0lOR19NT0RFX0xF VkVMXzEgKQpAQCAtNTMwLDYgKzUzNyw5IEBAIHN0YXRpYyBpbnQgaW9tbXVf cGRlX2Zyb21fZ2ZuKHN0cnVjdCBkb20KICAgICAgICAgLyogSW5zdGFsbCBs b3dlciBsZXZlbCBwYWdlIHRhYmxlIGZvciBub24tcHJlc2VudCBlbnRyaWVz ICovCiAgICAgICAgIGVsc2UgaWYgKCAhaW9tbXVfaXNfcHRlX3ByZXNlbnQo KHUzMiopcGRlKSApCiAgICAgICAgIHsKKyAgICAgICAgICAgIGlmICggIW1h cCApCisgICAgICAgICAgICAgICAgcmV0dXJuIDA7CisKICAgICAgICAgICAg IGlmICggbmV4dF90YWJsZV9tZm4gPT0gMCApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgdGFibGUgPSBhbGxvY19hbWRfaW9tbXVfcGd0YWJs ZSgpOwpAQCAtNjg4LDcgKzY5OCw3IEBAIGludCBhbWRfaW9tbXVfbWFwX3Bh Z2Uoc3RydWN0IGRvbWFpbiAqZCwKICAgICAgICAgfQogICAgIH0KIAotICAg IGlmICggaW9tbXVfcGRlX2Zyb21fZ2ZuKGQsIGdmbiwgcHRfbWZuKSB8fCAo cHRfbWZuWzFdID09IDApICkKKyAgICBpZiAoIGlvbW11X3BkZV9mcm9tX2dm bihkLCBnZm4sIHB0X21mbiwgdHJ1ZSkgfHwgKHB0X21mblsxXSA9PSAwKSAp CiAgICAgewogICAgICAgICBzcGluX3VubG9jaygmaGQtPmFyY2gubWFwcGlu Z19sb2NrKTsKICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJbnZhbGlkIElP IHBhZ2V0YWJsZSBlbnRyeSBnZm4gPSAlbHhcbiIsIGdmbik7CkBAIC03Njcs MjMgKzc3Nyw3IEBAIGludCBhbWRfaW9tbXVfdW5tYXBfcGFnZShzdHJ1Y3Qg ZG9tYWluICoKICAgICAgICAgcmV0dXJuIDA7CiAgICAgfQogCi0gICAgLyog U2luY2UgSFZNIGRvbWFpbiBpcyBpbml0aWFsaXplZCB3aXRoIDIgbGV2ZWwg SU8gcGFnZSB0YWJsZSwKLSAgICAgKiB3ZSBtaWdodCBuZWVkIGEgZGVlcGVy IHBhZ2UgdGFibGUgZm9yIGxhZ2VyIGdmbiBub3cgKi8KLSAgICBpZiAoIGlz X2h2bV9kb21haW4oZCkgKQotICAgIHsKLSAgICAgICAgaW50IHJjID0gdXBk YXRlX3BhZ2luZ19tb2RlKGQsIGdmbik7Ci0KLSAgICAgICAgaWYgKCByYyAp Ci0gICAgICAgIHsKLSAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJj aC5tYXBwaW5nX2xvY2spOwotICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVH KCJVcGRhdGUgcGFnZSBtb2RlIGZhaWxlZCBnZm4gPSAlbHhcbiIsIGdmbik7 Ci0gICAgICAgICAgICBpZiAoIHJjICE9IC1FQUREUk5PVEFWQUlMICkKLSAg ICAgICAgICAgICAgICBkb21haW5fY3Jhc2goZCk7Ci0gICAgICAgICAgICBy ZXR1cm4gcmM7Ci0gICAgICAgIH0KLSAgICB9Ci0KLSAgICBpZiAoIGlvbW11 X3BkZV9mcm9tX2dmbihkLCBnZm4sIHB0X21mbikgfHwgKHB0X21mblsxXSA9 PSAwKSApCisgICAgaWYgKCBpb21tdV9wZGVfZnJvbV9nZm4oZCwgZ2ZuLCBw dF9tZm4sIGZhbHNlKSApCiAgICAgewogICAgICAgICBzcGluX3VubG9jaygm aGQtPmFyY2gubWFwcGluZ19sb2NrKTsKICAgICAgICAgQU1EX0lPTU1VX0RF QlVHKCJJbnZhbGlkIElPIHBhZ2V0YWJsZSBlbnRyeSBnZm4gPSAlbHhcbiIs IGdmbik7CkBAIC03OTEsOCArNzg1LDExIEBAIGludCBhbWRfaW9tbXVfdW5t YXBfcGFnZShzdHJ1Y3QgZG9tYWluICoKICAgICAgICAgcmV0dXJuIC1FRkFV TFQ7CiAgICAgfQogCi0gICAgLyogbWFyayBQVEUgYXMgJ3BhZ2Ugbm90IHBy ZXNlbnQnICovCi0gICAgY2xlYXJfaW9tbXVfcHRlX3ByZXNlbnQocHRfbWZu WzFdLCBnZm4pOworICAgIGlmICggcHRfbWZuWzFdICkKKyAgICB7CisgICAg ICAgIC8qIE1hcmsgUFRFIGFzICdwYWdlIG5vdCBwcmVzZW50Jy4gKi8KKyAg ICAgICAgY2xlYXJfaW9tbXVfcHRlX3ByZXNlbnQocHRfbWZuWzFdLCBnZm4p OworICAgIH0KIAogICAgIC8qIE5vIGZ1cnRoZXIgbWVyZ2luZyBpbiBhbWRf aW9tbXVfbWFwX3BhZ2UoKSwgYXMgdGhlIGxvZ2ljIGRvZXNuJ3QgY29wZS4g Ki8KICAgICBoZC0+YXJjaC5ub19tZXJnZSA9IHRydWU7Cg== --=separator Content-Type: application/octet-stream; name="xsa311-4.9-2.patch" Content-Disposition: attachment; filename="xsa311-4.9-2.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogQU1EL0lPTU1VOiBDZWFzZSB1c2luZyBhIGR5bmFtaWMg aGVpZ2h0IGZvciB0aGUgSU9NTVUgcGFnZXRhYmxlcwoKdXBkYXRlX3BhZ2lu Z19tb2RlKCkgaGFzIG11bHRpcGxlIGJ1Z3M6CgogMSkgQm9vdGluZyB3aXRo IGlvbW11PWRlYnVnIHdpbGwgY2F1c2UgaXQgdG8gaW5mb3JtIHlvdSB0aGF0 IHRoYXQgaXQgY2FsbGVkCiAgICB3aXRob3V0IHRoZSBwZGV2X2xpc3QgbG9j ayBoZWxkLgogMikgV2hlbiBncm93aW5nIGJ5IG1vcmUgdGhhbiBhIHNpbmds ZSBsZXZlbCwgaXQgbGVha3MgdGhlIG5ld2x5IGFsbG9jYXRlZAogICAgdGFi bGUocykgaW4gdGhlIGNhc2Ugb2YgYSBmdXJ0aGVyIGVycm9yLgoKRnVydGhl cm1vcmUsIHRoZSBjaG9pY2Ugb2YgZGVmYXVsdCBsZXZlbCBmb3IgYSBkb21h aW4gaGFzIGlzc3VlczoKCiAxKSBBbGwgSFZNIGd1ZXN0cyBncm93IGZyb20g MiB0byAzIGxldmVscyBkdXJpbmcgY29uc3RydWN0aW9uIGJlY2F1c2Ugb2Yg dGhlCiAgICBwb3NpdGlvbiBvZiB0aGUgVlJBTSBqdXN0IGJlbG93IHRoZSA0 RyBib3VuZGFyeSwgc28gZGVmYXVsdGluZyB0byAyIGlzIGEKICAgIHdhc3Rl IG9mIGVmZm9ydC4KIDIpIFRoZSBsaW1pdCBmb3IgUFYgZ3Vlc3RzIGRvZXNu J3QgdGFrZSBtZW1vcnkgaG90cGx1ZyBpbnRvIGFjY291bnQsIGFuZAogICAg aXNuJ3QgZHluYW1pYyBhdCBydW50aW1lIGxpa2UgSFZNIGd1ZXN0cy4gIFRo aXMgbWVhbnMgdGhhdCBhIFBWIGd1ZXN0IG1heQogICAgZ2V0IFJBTSB3aGlj aCBpdCBjYW4ndCBtYXAgaW4gdGhlIElPTU1VLgoKVGhlIGR5bmFtaWMgaGVp Z2h0IGlzIGEgcHJvcGVydHkgdW5pcXVlIHRvIEFNRCwgYW5kIGFkZHMgYSBz dWJzdGFudGlhbApxdWFudGl0eSBvZiBjb21wbGV4aXR5IGZvciB3aGF0IGlz IGEgbWFyZ2luYWwgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnQuICBSZW1vdmUK dGhlIGNvbXBsZXhpdHkgYnkgcmVtb3ZpbmcgdGhlIGR5bmFtaWMgaGVpZ2h0 LgoKUFYgZ3Vlc3RzIG5vdyBnZXQgMyBvciA0IGxldmVscyBiYXNlZCBvbiBh bnkgaG90cGx1ZyByZWdpb25zIGluIHRoZSBob3N0LgpUaGlzIG9ubHkgbWFr ZXMgYSBkaWZmZXJlbmNlIGZvciBoYXJkd2FyZSB3aGljaCBwcmV2aW91c2x5 IGhhZCBhbGwgUkFNIGJlbG93CnRoZSA1MTJHIGJvdW5kYXJ5LCBhbmQgYSBo b3RwbHVnIHJlZ2lvbiBhYm92ZS4KCkhWTSBndWVzdHMgbm93IGdldCA0IGxl dmVscyAod2hpY2ggd2lsbCBiZSBzdWZmaWNpZW50IHVudGlsIDI1NlRCIGd1 ZXN0cwpiZWNvbWUgYSB0aGluZyksIGJlY2F1c2Ugd2UgZG9uJ3QgY3VycmVu dGx5IGhhdmUgdGhlIGluZm9ybWF0aW9uIHRvIGtub3cgd2hlbgozIHdvdWxk IGJlIHNhZmUgdG8gdXNlLgoKVGhlIG92ZXJoZWFkIG9mIHRoaXMgZXh0cmEg bGV2ZWwgaXMgbm90IGV4cGVjdGVkIHRvIGJlIG5vdGljZWFibGUuICBJdCBj b3N0cwpvbmUgcGFnZSAoNGspIHBlciBkb21haW4sIGFuZCBvbmUgZXh0cmEg SU8tVExCIHBhZ2luZyBzdHJ1Y3R1cmUgY2FjaGUgZW50cnkKd2hpY2ggaXMg dmVyeSBob3QgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIGV2aWN0ZWQuCgpUaGlz IGlzIFhTQS0zMTEuCgpSZXBvcnRlZC1ieTogWFhYIFBFUlNPTiA8WFhYIEVN QUlMPjMKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNv b3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KQWNrZWQtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL3hlbi9hcmNoL3g4 Ni9tbS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS5jCkBAIC03NTc0LDYgKzc1 NzQsMTcgQEAgdm9pZCB3cml0ZV8zMmJpdF9wc2VfaWRlbnRtYXAodWludDMy X3QgKgogICAgICAgICAgICAgICAgICBfUEFHRV9BQ0NFU1NFRCB8IF9QQUdF X0RJUlRZIHwgX1BBR0VfUFNFKTsKIH0KIAordW5zaWduZWQgbG9uZyBnZXRf dXBwZXJfbWZuX2JvdW5kKHZvaWQpCit7CisgICAgdW5zaWduZWQgbG9uZyBt YXhfbWZuOworCisgICAgbWF4X21mbiA9IG1lbV9ob3RwbHVnID8gUEZOX0RP V04obWVtX2hvdHBsdWcpIDogbWF4X3BhZ2U7CisjaWZuZGVmIENPTkZJR19C SUdNRU0KKyAgICBtYXhfbWZuID0gbWluKG1heF9tZm4sIDFVTCA8PCAzMik7 CisjZW5kaWYKKyAgICByZXR1cm4gbWluKG1heF9tZm4sIDFVTCA8PCAocGFk ZHJfYml0cyAtIFBBR0VfU0hJRlQpKSAtIDE7Cit9CisKIC8qCiAgKiBMb2Nh bCB2YXJpYWJsZXM6CiAgKiBtb2RlOiBDCi0tLSBhL3hlbi9kcml2ZXJzL3Bh c3N0aHJvdWdoL2FtZC9pb21tdV9tYXAuYworKysgYi94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKQEAgLTU2OSw5NyArNTY5LDYg QEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0IGRvbQog ICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMgaW50IHVwZGF0ZV9wYWdpbmdf bW9kZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNpZ25lZCBsb25nIGdmbikKLXsK LSAgICB1MTYgYmRmOwotICAgIHZvaWQgKmRldmljZV9lbnRyeTsKLSAgICB1 bnNpZ25lZCBpbnQgcmVxX2lkLCBsZXZlbCwgb2Zmc2V0OwotICAgIHVuc2ln bmVkIGxvbmcgZmxhZ3M7Ci0gICAgc3RydWN0IHBjaV9kZXYgKnBkZXY7Ci0g ICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUgPSBOVUxMOwotICAgIHN0cnVj dCBwYWdlX2luZm8gKm5ld19yb290ID0gTlVMTDsKLSAgICBzdHJ1Y3QgcGFn ZV9pbmZvICpvbGRfcm9vdCA9IE5VTEw7Ci0gICAgdm9pZCAqbmV3X3Jvb3Rf dmFkZHI7Ci0gICAgdW5zaWduZWQgbG9uZyBvbGRfcm9vdF9tZm47Ci0gICAg c3RydWN0IGRvbWFpbl9pb21tdSAqaGQgPSBkb21faW9tbXUoZCk7Ci0KLSAg ICBpZiAoIGdmbiA9PSBnZm5feChJTlZBTElEX0dGTikgKQotICAgICAgICBy ZXR1cm4gLUVBRERSTk9UQVZBSUw7Ci0gICAgQVNTRVJUKCEoZ2ZuID4+IERF RkFVTFRfRE9NQUlOX0FERFJFU1NfV0lEVEgpKTsKLQotICAgIGxldmVsID0g aGQtPmFyY2gucGFnaW5nX21vZGU7Ci0gICAgb2xkX3Jvb3QgPSBoZC0+YXJj aC5yb290X3RhYmxlOwotICAgIG9mZnNldCA9IGdmbiA+PiAoUFRFX1BFUl9U QUJMRV9TSElGVCAqIChsZXZlbCAtIDEpKTsKLQotICAgIEFTU0VSVChzcGlu X2lzX2xvY2tlZCgmaGQtPmFyY2gubWFwcGluZ19sb2NrKSAmJiBpc19odm1f ZG9tYWluKGQpKTsKLQotICAgIHdoaWxlICggb2Zmc2V0ID49IFBURV9QRVJf VEFCTEVfU0laRSApCi0gICAgewotICAgICAgICAvKiBBbGxvY2F0ZSBhbmQg aW5zdGFsbCBhIG5ldyByb290IHRhYmxlLgotICAgICAgICAgKiBPbmx5IHVw cGVyIEkvTyBwYWdlIHRhYmxlIGdyb3dzLCBubyBuZWVkIHRvIGZpeCBuZXh0 IGxldmVsIGJpdHMgKi8KLSAgICAgICAgbmV3X3Jvb3QgPSBhbGxvY19hbWRf aW9tbXVfcGd0YWJsZSgpOwotICAgICAgICBpZiAoIG5ld19yb290ID09IE5V TEwgKQotICAgICAgICB7Ci0gICAgICAgICAgICBBTURfSU9NTVVfREVCVUco IiVzIENhbm5vdCBhbGxvY2F0ZSBJL08gcGFnZSB0YWJsZVxuIiwKLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICBfX2Z1bmNfXyk7Ci0gICAgICAgICAg ICByZXR1cm4gLUVOT01FTTsKLSAgICAgICAgfQotCi0gICAgICAgIG5ld19y b290X3ZhZGRyID0gX19tYXBfZG9tYWluX3BhZ2UobmV3X3Jvb3QpOwotICAg ICAgICBvbGRfcm9vdF9tZm4gPSBwYWdlX3RvX21mbihvbGRfcm9vdCk7Ci0g ICAgICAgIHNldF9pb21tdV9wZGVfcHJlc2VudChuZXdfcm9vdF92YWRkciwg b2xkX3Jvb3RfbWZuLCBsZXZlbCwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICEhSU9NTVVGX3dyaXRhYmxlLCAhIUlPTU1VRl9yZWFkYWJsZSk7 Ci0gICAgICAgIGxldmVsKys7Ci0gICAgICAgIG9sZF9yb290ID0gbmV3X3Jv b3Q7Ci0gICAgICAgIG9mZnNldCA+Pj0gUFRFX1BFUl9UQUJMRV9TSElGVDsK LSAgICAgICAgdW5tYXBfZG9tYWluX3BhZ2UobmV3X3Jvb3RfdmFkZHIpOwot ICAgIH0KLQotICAgIGlmICggbmV3X3Jvb3QgIT0gTlVMTCApCi0gICAgewot ICAgICAgICBoZC0+YXJjaC5wYWdpbmdfbW9kZSA9IGxldmVsOwotICAgICAg ICBoZC0+YXJjaC5yb290X3RhYmxlID0gbmV3X3Jvb3Q7Ci0KLSAgICAgICAg aWYgKCAhcGNpZGV2c19sb2NrZWQoKSApCi0gICAgICAgICAgICBBTURfSU9N TVVfREVCVUcoIiVzIFRyeSB0byBhY2Nlc3MgcGRldl9saXN0ICIKLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAid2l0aG91dCBhcXVpcmluZyBwY2lk ZXZzX2xvY2suXG4iLCBfX2Z1bmNfXyk7Ci0KLSAgICAgICAgLyogVXBkYXRl IGRldmljZSB0YWJsZSBlbnRyaWVzIHVzaW5nIG5ldyByb290IHRhYmxlIGFu ZCBwYWdpbmcgbW9kZSAqLwotICAgICAgICBmb3JfZWFjaF9wZGV2KCBkLCBw ZGV2ICkKLSAgICAgICAgewotICAgICAgICAgICAgYmRmID0gUENJX0JERjIo cGRldi0+YnVzLCBwZGV2LT5kZXZmbik7Ci0gICAgICAgICAgICBpb21tdSA9 IGZpbmRfaW9tbXVfZm9yX2RldmljZShwZGV2LT5zZWcsIGJkZik7Ci0gICAg ICAgICAgICBpZiAoICFpb21tdSApCi0gICAgICAgICAgICB7Ci0gICAgICAg ICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCIlcyBGYWlsIHRvIGZpbmQgaW9t bXUuXG4iLCBfX2Z1bmNfXyk7Ci0gICAgICAgICAgICAgICAgcmV0dXJuIC1F Tk9ERVY7Ci0gICAgICAgICAgICB9Ci0KLSAgICAgICAgICAgIHNwaW5fbG9j a19pcnFzYXZlKCZpb21tdS0+bG9jaywgZmxhZ3MpOwotICAgICAgICAgICAg ZG8gewotICAgICAgICAgICAgICAgIHJlcV9pZCA9IGdldF9kbWFfcmVxdWVz dG9yX2lkKHBkZXYtPnNlZywgYmRmKTsKLSAgICAgICAgICAgICAgICBkZXZp Y2VfZW50cnkgPSBpb21tdS0+ZGV2X3RhYmxlLmJ1ZmZlciArCi0gICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKHJlcV9pZCAqIElPTU1VX0RFVl9U QUJMRV9FTlRSWV9TSVpFKTsKLQotICAgICAgICAgICAgICAgIC8qIHZhbGlk ID0gMCBvbmx5IHdvcmtzIGZvciBkb20wIHBhc3N0aHJvdWdoIG1vZGUgKi8K LSAgICAgICAgICAgICAgICBhbWRfaW9tbXVfc2V0X3Jvb3RfcGFnZV90YWJs ZSgodTMyICopZGV2aWNlX2VudHJ5LAotICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHBhZ2VfdG9fbWFkZHIoaGQtPmFy Y2gucm9vdF90YWJsZSksCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgZC0+ZG9tYWluX2lkLAotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhkLT5hcmNoLnBh Z2luZ19tb2RlLCAxKTsKLQotICAgICAgICAgICAgICAgIGFtZF9pb21tdV9m bHVzaF9kZXZpY2UoaW9tbXUsIHJlcV9pZCk7Ci0gICAgICAgICAgICAgICAg YmRmICs9IHBkZXYtPnBoYW50b21fc3RyaWRlOwotICAgICAgICAgICAgfSB3 aGlsZSAoIFBDSV9ERVZGTjIoYmRmKSAhPSBwZGV2LT5kZXZmbiAmJgotICAg ICAgICAgICAgICAgICAgICAgIFBDSV9TTE9UKGJkZikgPT0gUENJX1NMT1Qo cGRldi0+ZGV2Zm4pICk7Ci0gICAgICAgICAgICBzcGluX3VubG9ja19pcnFy ZXN0b3JlKCZpb21tdS0+bG9jaywgZmxhZ3MpOwotICAgICAgICB9Ci0KLSAg ICAgICAgLyogRm9yIHNhZmV0eSwgaW52YWxpZGF0ZSBhbGwgZW50cmllcyAq LwotICAgICAgICBhbWRfaW9tbXVfZmx1c2hfYWxsX3BhZ2VzKGQpOwotICAg IH0KLSAgICByZXR1cm4gMDsKLX0KLQogaW50IGFtZF9pb21tdV9tYXBfcGFn ZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNpZ25lZCBsb25nIGdmbiwgdW5zaWdu ZWQgbG9uZyBtZm4sCiAgICAgICAgICAgICAgICAgICAgICAgIHVuc2lnbmVk IGludCBmbGFncykKIHsKQEAgLTY4NSwxOSArNTk0LDYgQEAgaW50IGFtZF9p b21tdV9tYXBfcGFnZShzdHJ1Y3QgZG9tYWluICpkLAogICAgICAgICByZXR1 cm4gcmM7CiAgICAgfQogCi0gICAgLyogU2luY2UgSFZNIGRvbWFpbiBpcyBp bml0aWFsaXplZCB3aXRoIDIgbGV2ZWwgSU8gcGFnZSB0YWJsZSwKLSAgICAg KiB3ZSBtaWdodCBuZWVkIGEgZGVlcGVyIHBhZ2UgdGFibGUgZm9yIGxhZ2Vy IGdmbiBub3cgKi8KLSAgICBpZiAoIGlzX2h2bV9kb21haW4oZCkgKQotICAg IHsKLSAgICAgICAgaWYgKCB1cGRhdGVfcGFnaW5nX21vZGUoZCwgZ2ZuKSAp Ci0gICAgICAgIHsKLSAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJj aC5tYXBwaW5nX2xvY2spOwotICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVH KCJVcGRhdGUgcGFnZSBtb2RlIGZhaWxlZCBnZm4gPSAlbHhcbiIsIGdmbik7 Ci0gICAgICAgICAgICBkb21haW5fY3Jhc2goZCk7Ci0gICAgICAgICAgICBy ZXR1cm4gLUVGQVVMVDsKLSAgICAgICAgfQotICAgIH0KLQogICAgIGlmICgg aW9tbXVfcGRlX2Zyb21fZ2ZuKGQsIGdmbiwgcHRfbWZuLCB0cnVlKSB8fCAo cHRfbWZuWzFdID09IDApICkKICAgICB7CiAgICAgICAgIHNwaW5fdW5sb2Nr KCZoZC0+YXJjaC5tYXBwaW5nX2xvY2spOwotLS0gYS94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jCisrKyBiL3hlbi9kcml2 ZXJzL3Bhc3N0aHJvdWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKQEAgLTI2OSwx MSArMjY5LDE3IEBAIHN0YXRpYyBpbnQgYW1kX2lvbW11X2RvbWFpbl9pbml0 KHN0cnVjdAogewogICAgIHN0cnVjdCBkb21haW5faW9tbXUgKmhkID0gZG9t X2lvbW11KGQpOwogCi0gICAgLyogRm9yIHB2IGFuZCBkb20wLCBzdGljayB3 aXRoIGdldF9wYWdpbmdfbW9kZShtYXhfcGFnZSkKLSAgICAgKiBGb3IgSFZN IGRvbTAsIHVzZSAyIGxldmVsIHBhZ2UgdGFibGUgYXQgZmlyc3QgKi8KLSAg ICBoZC0+YXJjaC5wYWdpbmdfbW9kZSA9IGlzX2h2bV9kb21haW4oZCkgPwot ICAgICAgICAgICAgICAgICAgICAgIElPTU1VX1BBR0lOR19NT0RFX0xFVkVM XzIgOgotICAgICAgICAgICAgICAgICAgICAgIGdldF9wYWdpbmdfbW9kZSht YXhfcGFnZSk7CisgICAgLyoKKyAgICAgKiBDaG9vc2UgdGhlIG51bWJlciBv ZiBsZXZlbHMgZm9yIHRoZSBJT01NVSBwYWdlIHRhYmxlcy4KKyAgICAgKiAt IFBWIG5lZWRzIDMgb3IgNCwgZGVwZW5kaW5nIG9uIHdoZXRoZXIgdGhlcmUg aXMgUkFNIChpbmNsdWRpbmcgaG90cGx1ZworICAgICAqICAgUkFNKSBhYm92 ZSB0aGUgNTEyRyBib3VuZGFyeS4KKyAgICAgKiAtIEhWTSBjb3VsZCBpbiBw cmluY2lwbGUgdXNlIDMgb3IgNCBkZXBlbmRpbmcgb24gaG93IG11Y2ggZ3Vl c3QKKyAgICAgKiAgIHBoeXNpY2FsIGFkZHJlc3Mgc3BhY2Ugd2UgZ2l2ZSBp dCwgYnV0IHRoaXMgaXNuJ3Qga25vd24geWV0IHNvIHVzZSA0CisgICAgICog ICB1bmlsYXRlcmFsbHkuCisgICAgICovCisgICAgaGQtPmFyY2gucGFnaW5n X21vZGUgPSBpc19odm1fZG9tYWluKGQpCisgICAgICAgID8gSU9NTVVfUEFH SU5HX01PREVfTEVWRUxfNCA6IGdldF9wYWdpbmdfbW9kZShnZXRfdXBwZXJf bWZuX2JvdW5kKCkpOworCiAgICAgcmV0dXJuIDA7CiB9CiAKLS0tIGEveGVu L2luY2x1ZGUveGVuL21tLmgKKysrIGIveGVuL2luY2x1ZGUveGVuL21tLmgK QEAgLTU3Nyw2ICs1NzcsOSBAQCBpbnQgcHJlcGFyZV9yaW5nX2Zvcl9oZWxw ZXIoc3RydWN0IGRvbWFpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg c3RydWN0IHBhZ2VfaW5mbyAqKl9wYWdlLCB2b2lkICoqX3ZhKTsKIHZvaWQg ZGVzdHJveV9yaW5nX2Zvcl9oZWxwZXIodm9pZCAqKl92YSwgc3RydWN0IHBh Z2VfaW5mbyAqcGFnZSk7CiAKKy8qIFJldHVybiB0aGUgdXBwZXIgYm91bmQg b2YgTUZOcywgaW5jbHVkaW5nIGhvdHBsdWcgbWVtb3J5LiAqLwordW5zaWdu ZWQgbG9uZyBnZXRfdXBwZXJfbWZuX2JvdW5kKHZvaWQpOworCiAjaW5jbHVk ZSA8YXNtL2ZsdXNodGxiLmg+CiAKIHN0YXRpYyBpbmxpbmUgdm9pZCBhY2N1 bXVsYXRlX3RsYmZsdXNoKGJvb2wgKm5lZWRfdGxiZmx1c2gsCg== --=separator Content-Type: application/octet-stream; name="xsa311-4.10-1.patch" Content-Disposition: attachment; filename="xsa311-4.10-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBBTUQvSU9NTVU6IGRvbid0IG5lZWRsZXNzbHkgdHJpZ2dlciBlcnJvcnMv Y3Jhc2hlcyB3aGVuIHVubWFwcGluZyBhIHBhZ2UKClVubWFwcGluZyBhIHBh Z2Ugd2hpY2ggaGFzIG5ldmVyIGJlZW4gbWFwcGVkIHNob3VsZCBiZSBhIG5v LW9wIChub3RlIGhvdwppdCBhbHJlYWR5IGlzIGluIGNhc2UgdGhlcmUgd2Fz IG5vIHJvb3QgcGFnZSB0YWJsZSBhbGxvY2F0ZWQpLiBUaGVyZSdzCmluIHBh cnRpY3VsYXIgbm8gbmVlZCB0byBncm93IHRoZSBudW1iZXIgb2YgcGFnZSB0 YWJsZSBsZXZlbHMgaW4gdXNlLAphbmQgdGhlcmUncyBhbHNvIG5vIG5lZWQg dG8gYWxsb2NhdGUgaW50ZXJtZWRpYXRlIHBhZ2UgdGFibGVzIGV4Y2VwdAp3 aGVuIG5lZWRpbmcgdG8gc3BsaXQgYSBsYXJnZSBwYWdlLgoKUmVwb3J0ZWQt Ynk6IFhYWCBQRVJTT04gPFhYWCBFTUFJTD4zClNpZ25lZC1vZmYtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IFBhdWwgRHVycmFudCA8cGF1bEB4ZW4ub3JnPgpBY2tlZC1i eTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4K Ci0tLSBhL3hlbi9kcml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9tYXAu YworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFw LmMKQEAgLTQ1Niw3ICs0NTYsNyBAQCBzdGF0aWMgaW50IGlvbW11X21lcmdl X3BhZ2VzKHN0cnVjdCBkb21hCiAgKiBwYWdlIHRhYmxlcy4KICAqLwogc3Rh dGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0IGRvbWFpbiAqZCwg dW5zaWduZWQgbG9uZyBwZm4sIAotICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdW5zaWduZWQgbG9uZyBwdF9tZm5bXSkKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHVuc2lnbmVkIGxvbmcgcHRfbWZuW10sIGJvb2wg bWFwKQogewogICAgIHU2NCAqcGRlLCAqbmV4dF90YWJsZV92YWRkcjsKICAg ICB1bnNpZ25lZCBsb25nICBuZXh0X3RhYmxlX21mbjsKQEAgLTQ3MCw2ICs0 NzAsMTMgQEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0 IGRvbQogICAgIEJVR19PTiggdGFibGUgPT0gTlVMTCB8fCBsZXZlbCA8IElP TU1VX1BBR0lOR19NT0RFX0xFVkVMXzEgfHwgCiAgICAgICAgICAgICBsZXZl bCA+IElPTU1VX1BBR0lOR19NT0RFX0xFVkVMXzYgKTsKIAorICAgIC8qCisg ICAgICogQSBmcmFtZSBudW1iZXIgcGFzdCB3aGF0IHRoZSBjdXJyZW50IHBh Z2UgdGFibGVzIGNhbiByZXByZXNlbnQgY2FuJ3QKKyAgICAgKiBwb3NzaWJs eSBoYXZlIGEgbWFwcGluZy4KKyAgICAgKi8KKyAgICBpZiAoIHBmbiA+PiAo UFRFX1BFUl9UQUJMRV9TSElGVCAqIGxldmVsKSApCisgICAgICAgIHJldHVy biAwOworCiAgICAgbmV4dF90YWJsZV9tZm4gPSBwYWdlX3RvX21mbih0YWJs ZSk7CiAKICAgICBpZiAoIGxldmVsID09IElPTU1VX1BBR0lOR19NT0RFX0xF VkVMXzEgKQpAQCAtNTMwLDYgKzUzNyw5IEBAIHN0YXRpYyBpbnQgaW9tbXVf cGRlX2Zyb21fZ2ZuKHN0cnVjdCBkb20KICAgICAgICAgLyogSW5zdGFsbCBs b3dlciBsZXZlbCBwYWdlIHRhYmxlIGZvciBub24tcHJlc2VudCBlbnRyaWVz ICovCiAgICAgICAgIGVsc2UgaWYgKCAhaW9tbXVfaXNfcHRlX3ByZXNlbnQo KHUzMiopcGRlKSApCiAgICAgICAgIHsKKyAgICAgICAgICAgIGlmICggIW1h cCApCisgICAgICAgICAgICAgICAgcmV0dXJuIDA7CisKICAgICAgICAgICAg IGlmICggbmV4dF90YWJsZV9tZm4gPT0gMCApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgdGFibGUgPSBhbGxvY19hbWRfaW9tbXVfcGd0YWJs ZSgpOwpAQCAtNjg4LDcgKzY5OCw3IEBAIGludCBhbWRfaW9tbXVfbWFwX3Bh Z2Uoc3RydWN0IGRvbWFpbiAqZCwKICAgICAgICAgfQogICAgIH0KIAotICAg IGlmICggaW9tbXVfcGRlX2Zyb21fZ2ZuKGQsIGdmbiwgcHRfbWZuKSB8fCAo cHRfbWZuWzFdID09IDApICkKKyAgICBpZiAoIGlvbW11X3BkZV9mcm9tX2dm bihkLCBnZm4sIHB0X21mbiwgdHJ1ZSkgfHwgKHB0X21mblsxXSA9PSAwKSAp CiAgICAgewogICAgICAgICBzcGluX3VubG9jaygmaGQtPmFyY2gubWFwcGlu Z19sb2NrKTsKICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJJbnZhbGlkIElP IHBhZ2V0YWJsZSBlbnRyeSBnZm4gPSAlbHhcbiIsIGdmbik7CkBAIC03Njcs MjMgKzc3Nyw3IEBAIGludCBhbWRfaW9tbXVfdW5tYXBfcGFnZShzdHJ1Y3Qg ZG9tYWluICoKICAgICAgICAgcmV0dXJuIDA7CiAgICAgfQogCi0gICAgLyog U2luY2UgSFZNIGRvbWFpbiBpcyBpbml0aWFsaXplZCB3aXRoIDIgbGV2ZWwg SU8gcGFnZSB0YWJsZSwKLSAgICAgKiB3ZSBtaWdodCBuZWVkIGEgZGVlcGVy IHBhZ2UgdGFibGUgZm9yIGxhZ2VyIGdmbiBub3cgKi8KLSAgICBpZiAoIGlz X2h2bV9kb21haW4oZCkgKQotICAgIHsKLSAgICAgICAgaW50IHJjID0gdXBk YXRlX3BhZ2luZ19tb2RlKGQsIGdmbik7Ci0KLSAgICAgICAgaWYgKCByYyAp Ci0gICAgICAgIHsKLSAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJj aC5tYXBwaW5nX2xvY2spOwotICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVH KCJVcGRhdGUgcGFnZSBtb2RlIGZhaWxlZCBnZm4gPSAlbHhcbiIsIGdmbik7 Ci0gICAgICAgICAgICBpZiAoIHJjICE9IC1FQUREUk5PVEFWQUlMICkKLSAg ICAgICAgICAgICAgICBkb21haW5fY3Jhc2goZCk7Ci0gICAgICAgICAgICBy ZXR1cm4gcmM7Ci0gICAgICAgIH0KLSAgICB9Ci0KLSAgICBpZiAoIGlvbW11 X3BkZV9mcm9tX2dmbihkLCBnZm4sIHB0X21mbikgfHwgKHB0X21mblsxXSA9 PSAwKSApCisgICAgaWYgKCBpb21tdV9wZGVfZnJvbV9nZm4oZCwgZ2ZuLCBw dF9tZm4sIGZhbHNlKSApCiAgICAgewogICAgICAgICBzcGluX3VubG9jaygm aGQtPmFyY2gubWFwcGluZ19sb2NrKTsKICAgICAgICAgQU1EX0lPTU1VX0RF QlVHKCJJbnZhbGlkIElPIHBhZ2V0YWJsZSBlbnRyeSBnZm4gPSAlbHhcbiIs IGdmbik7CkBAIC03OTEsOCArNzg1LDExIEBAIGludCBhbWRfaW9tbXVfdW5t YXBfcGFnZShzdHJ1Y3QgZG9tYWluICoKICAgICAgICAgcmV0dXJuIC1FRkFV TFQ7CiAgICAgfQogCi0gICAgLyogbWFyayBQVEUgYXMgJ3BhZ2Ugbm90IHBy ZXNlbnQnICovCi0gICAgY2xlYXJfaW9tbXVfcHRlX3ByZXNlbnQocHRfbWZu WzFdLCBnZm4pOworICAgIGlmICggcHRfbWZuWzFdICkKKyAgICB7CisgICAg ICAgIC8qIE1hcmsgUFRFIGFzICdwYWdlIG5vdCBwcmVzZW50Jy4gKi8KKyAg ICAgICAgY2xlYXJfaW9tbXVfcHRlX3ByZXNlbnQocHRfbWZuWzFdLCBnZm4p OworICAgIH0KIAogICAgIC8qIE5vIGZ1cnRoZXIgbWVyZ2luZyBpbiBhbWRf aW9tbXVfbWFwX3BhZ2UoKSwgYXMgdGhlIGxvZ2ljIGRvZXNuJ3QgY29wZS4g Ki8KICAgICBoZC0+YXJjaC5ub19tZXJnZSA9IHRydWU7Cg== --=separator Content-Type: application/octet-stream; name="xsa311-4.10-2.patch" Content-Disposition: attachment; filename="xsa311-4.10-2.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogQU1EL0lPTU1VOiBDZWFzZSB1c2luZyBhIGR5bmFtaWMg aGVpZ2h0IGZvciB0aGUgSU9NTVUgcGFnZXRhYmxlcwoKdXBkYXRlX3BhZ2lu Z19tb2RlKCkgaGFzIG11bHRpcGxlIGJ1Z3M6CgogMSkgQm9vdGluZyB3aXRo IGlvbW11PWRlYnVnIHdpbGwgY2F1c2UgaXQgdG8gaW5mb3JtIHlvdSB0aGF0 IHRoYXQgaXQgY2FsbGVkCiAgICB3aXRob3V0IHRoZSBwZGV2X2xpc3QgbG9j ayBoZWxkLgogMikgV2hlbiBncm93aW5nIGJ5IG1vcmUgdGhhbiBhIHNpbmds ZSBsZXZlbCwgaXQgbGVha3MgdGhlIG5ld2x5IGFsbG9jYXRlZAogICAgdGFi bGUocykgaW4gdGhlIGNhc2Ugb2YgYSBmdXJ0aGVyIGVycm9yLgoKRnVydGhl cm1vcmUsIHRoZSBjaG9pY2Ugb2YgZGVmYXVsdCBsZXZlbCBmb3IgYSBkb21h aW4gaGFzIGlzc3VlczoKCiAxKSBBbGwgSFZNIGd1ZXN0cyBncm93IGZyb20g MiB0byAzIGxldmVscyBkdXJpbmcgY29uc3RydWN0aW9uIGJlY2F1c2Ugb2Yg dGhlCiAgICBwb3NpdGlvbiBvZiB0aGUgVlJBTSBqdXN0IGJlbG93IHRoZSA0 RyBib3VuZGFyeSwgc28gZGVmYXVsdGluZyB0byAyIGlzIGEKICAgIHdhc3Rl IG9mIGVmZm9ydC4KIDIpIFRoZSBsaW1pdCBmb3IgUFYgZ3Vlc3RzIGRvZXNu J3QgdGFrZSBtZW1vcnkgaG90cGx1ZyBpbnRvIGFjY291bnQsIGFuZAogICAg aXNuJ3QgZHluYW1pYyBhdCBydW50aW1lIGxpa2UgSFZNIGd1ZXN0cy4gIFRo aXMgbWVhbnMgdGhhdCBhIFBWIGd1ZXN0IG1heQogICAgZ2V0IFJBTSB3aGlj aCBpdCBjYW4ndCBtYXAgaW4gdGhlIElPTU1VLgoKVGhlIGR5bmFtaWMgaGVp Z2h0IGlzIGEgcHJvcGVydHkgdW5pcXVlIHRvIEFNRCwgYW5kIGFkZHMgYSBz dWJzdGFudGlhbApxdWFudGl0eSBvZiBjb21wbGV4aXR5IGZvciB3aGF0IGlz IGEgbWFyZ2luYWwgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnQuICBSZW1vdmUK dGhlIGNvbXBsZXhpdHkgYnkgcmVtb3ZpbmcgdGhlIGR5bmFtaWMgaGVpZ2h0 LgoKUFYgZ3Vlc3RzIG5vdyBnZXQgMyBvciA0IGxldmVscyBiYXNlZCBvbiBh bnkgaG90cGx1ZyByZWdpb25zIGluIHRoZSBob3N0LgpUaGlzIG9ubHkgbWFr ZXMgYSBkaWZmZXJlbmNlIGZvciBoYXJkd2FyZSB3aGljaCBwcmV2aW91c2x5 IGhhZCBhbGwgUkFNIGJlbG93CnRoZSA1MTJHIGJvdW5kYXJ5LCBhbmQgYSBo b3RwbHVnIHJlZ2lvbiBhYm92ZS4KCkhWTSBndWVzdHMgbm93IGdldCA0IGxl dmVscyAod2hpY2ggd2lsbCBiZSBzdWZmaWNpZW50IHVudGlsIDI1NlRCIGd1 ZXN0cwpiZWNvbWUgYSB0aGluZyksIGJlY2F1c2Ugd2UgZG9uJ3QgY3VycmVu dGx5IGhhdmUgdGhlIGluZm9ybWF0aW9uIHRvIGtub3cgd2hlbgozIHdvdWxk IGJlIHNhZmUgdG8gdXNlLgoKVGhlIG92ZXJoZWFkIG9mIHRoaXMgZXh0cmEg bGV2ZWwgaXMgbm90IGV4cGVjdGVkIHRvIGJlIG5vdGljZWFibGUuICBJdCBj b3N0cwpvbmUgcGFnZSAoNGspIHBlciBkb21haW4sIGFuZCBvbmUgZXh0cmEg SU8tVExCIHBhZ2luZyBzdHJ1Y3R1cmUgY2FjaGUgZW50cnkKd2hpY2ggaXMg dmVyeSBob3QgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIGV2aWN0ZWQuCgpUaGlz IGlzIFhTQS0zMTEuCgpSZXBvcnRlZC1ieTogWFhYIFBFUlNPTiA8WFhYIEVN QUlMPjMKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNv b3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KQWNrZWQtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL3hlbi9kcml2ZXJz L3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9tYXAuYworKysgYi94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKQEAgLTU2OSw5NyArNTY5 LDYgQEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0IGRv bQogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMgaW50IHVwZGF0ZV9wYWdp bmdfbW9kZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNpZ25lZCBsb25nIGdmbikK LXsKLSAgICB1MTYgYmRmOwotICAgIHZvaWQgKmRldmljZV9lbnRyeTsKLSAg ICB1bnNpZ25lZCBpbnQgcmVxX2lkLCBsZXZlbCwgb2Zmc2V0OwotICAgIHVu c2lnbmVkIGxvbmcgZmxhZ3M7Ci0gICAgc3RydWN0IHBjaV9kZXYgKnBkZXY7 Ci0gICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUgPSBOVUxMOwotICAgIHN0 cnVjdCBwYWdlX2luZm8gKm5ld19yb290ID0gTlVMTDsKLSAgICBzdHJ1Y3Qg cGFnZV9pbmZvICpvbGRfcm9vdCA9IE5VTEw7Ci0gICAgdm9pZCAqbmV3X3Jv b3RfdmFkZHI7Ci0gICAgdW5zaWduZWQgbG9uZyBvbGRfcm9vdF9tZm47Ci0g ICAgc3RydWN0IGRvbWFpbl9pb21tdSAqaGQgPSBkb21faW9tbXUoZCk7Ci0K LSAgICBpZiAoIGdmbiA9PSBnZm5feChJTlZBTElEX0dGTikgKQotICAgICAg ICByZXR1cm4gLUVBRERSTk9UQVZBSUw7Ci0gICAgQVNTRVJUKCEoZ2ZuID4+ IERFRkFVTFRfRE9NQUlOX0FERFJFU1NfV0lEVEgpKTsKLQotICAgIGxldmVs ID0gaGQtPmFyY2gucGFnaW5nX21vZGU7Ci0gICAgb2xkX3Jvb3QgPSBoZC0+ YXJjaC5yb290X3RhYmxlOwotICAgIG9mZnNldCA9IGdmbiA+PiAoUFRFX1BF Ul9UQUJMRV9TSElGVCAqIChsZXZlbCAtIDEpKTsKLQotICAgIEFTU0VSVChz cGluX2lzX2xvY2tlZCgmaGQtPmFyY2gubWFwcGluZ19sb2NrKSAmJiBpc19o dm1fZG9tYWluKGQpKTsKLQotICAgIHdoaWxlICggb2Zmc2V0ID49IFBURV9Q RVJfVEFCTEVfU0laRSApCi0gICAgewotICAgICAgICAvKiBBbGxvY2F0ZSBh bmQgaW5zdGFsbCBhIG5ldyByb290IHRhYmxlLgotICAgICAgICAgKiBPbmx5 IHVwcGVyIEkvTyBwYWdlIHRhYmxlIGdyb3dzLCBubyBuZWVkIHRvIGZpeCBu ZXh0IGxldmVsIGJpdHMgKi8KLSAgICAgICAgbmV3X3Jvb3QgPSBhbGxvY19h bWRfaW9tbXVfcGd0YWJsZSgpOwotICAgICAgICBpZiAoIG5ld19yb290ID09 IE5VTEwgKQotICAgICAgICB7Ci0gICAgICAgICAgICBBTURfSU9NTVVfREVC VUcoIiVzIENhbm5vdCBhbGxvY2F0ZSBJL08gcGFnZSB0YWJsZVxuIiwKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgICBfX2Z1bmNfXyk7Ci0gICAgICAg ICAgICByZXR1cm4gLUVOT01FTTsKLSAgICAgICAgfQotCi0gICAgICAgIG5l d19yb290X3ZhZGRyID0gX19tYXBfZG9tYWluX3BhZ2UobmV3X3Jvb3QpOwot ICAgICAgICBvbGRfcm9vdF9tZm4gPSBwYWdlX3RvX21mbihvbGRfcm9vdCk7 Ci0gICAgICAgIHNldF9pb21tdV9wZGVfcHJlc2VudChuZXdfcm9vdF92YWRk ciwgb2xkX3Jvb3RfbWZuLCBsZXZlbCwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICEhSU9NTVVGX3dyaXRhYmxlLCAhIUlPTU1VRl9yZWFkYWJs ZSk7Ci0gICAgICAgIGxldmVsKys7Ci0gICAgICAgIG9sZF9yb290ID0gbmV3 X3Jvb3Q7Ci0gICAgICAgIG9mZnNldCA+Pj0gUFRFX1BFUl9UQUJMRV9TSElG VDsKLSAgICAgICAgdW5tYXBfZG9tYWluX3BhZ2UobmV3X3Jvb3RfdmFkZHIp OwotICAgIH0KLQotICAgIGlmICggbmV3X3Jvb3QgIT0gTlVMTCApCi0gICAg ewotICAgICAgICBoZC0+YXJjaC5wYWdpbmdfbW9kZSA9IGxldmVsOwotICAg ICAgICBoZC0+YXJjaC5yb290X3RhYmxlID0gbmV3X3Jvb3Q7Ci0KLSAgICAg ICAgaWYgKCAhcGNpZGV2c19sb2NrZWQoKSApCi0gICAgICAgICAgICBBTURf SU9NTVVfREVCVUcoIiVzIFRyeSB0byBhY2Nlc3MgcGRldl9saXN0ICIKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgICAid2l0aG91dCBhcXVpcmluZyBw Y2lkZXZzX2xvY2suXG4iLCBfX2Z1bmNfXyk7Ci0KLSAgICAgICAgLyogVXBk YXRlIGRldmljZSB0YWJsZSBlbnRyaWVzIHVzaW5nIG5ldyByb290IHRhYmxl IGFuZCBwYWdpbmcgbW9kZSAqLwotICAgICAgICBmb3JfZWFjaF9wZGV2KCBk LCBwZGV2ICkKLSAgICAgICAgewotICAgICAgICAgICAgYmRmID0gUENJX0JE RjIocGRldi0+YnVzLCBwZGV2LT5kZXZmbik7Ci0gICAgICAgICAgICBpb21t dSA9IGZpbmRfaW9tbXVfZm9yX2RldmljZShwZGV2LT5zZWcsIGJkZik7Ci0g ICAgICAgICAgICBpZiAoICFpb21tdSApCi0gICAgICAgICAgICB7Ci0gICAg ICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCIlcyBGYWlsIHRvIGZpbmQg aW9tbXUuXG4iLCBfX2Z1bmNfXyk7Ci0gICAgICAgICAgICAgICAgcmV0dXJu IC1FTk9ERVY7Ci0gICAgICAgICAgICB9Ci0KLSAgICAgICAgICAgIHNwaW5f bG9ja19pcnFzYXZlKCZpb21tdS0+bG9jaywgZmxhZ3MpOwotICAgICAgICAg ICAgZG8gewotICAgICAgICAgICAgICAgIHJlcV9pZCA9IGdldF9kbWFfcmVx dWVzdG9yX2lkKHBkZXYtPnNlZywgYmRmKTsKLSAgICAgICAgICAgICAgICBk ZXZpY2VfZW50cnkgPSBpb21tdS0+ZGV2X3RhYmxlLmJ1ZmZlciArCi0gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgKHJlcV9pZCAqIElPTU1VX0RF Vl9UQUJMRV9FTlRSWV9TSVpFKTsKLQotICAgICAgICAgICAgICAgIC8qIHZh bGlkID0gMCBvbmx5IHdvcmtzIGZvciBkb20wIHBhc3N0aHJvdWdoIG1vZGUg Ki8KLSAgICAgICAgICAgICAgICBhbWRfaW9tbXVfc2V0X3Jvb3RfcGFnZV90 YWJsZSgodTMyICopZGV2aWNlX2VudHJ5LAotICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHBhZ2VfdG9fbWFkZHIoaGQt PmFyY2gucm9vdF90YWJsZSksCi0gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgZC0+ZG9tYWluX2lkLAotICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhkLT5hcmNo LnBhZ2luZ19tb2RlLCAxKTsKLQotICAgICAgICAgICAgICAgIGFtZF9pb21t dV9mbHVzaF9kZXZpY2UoaW9tbXUsIHJlcV9pZCk7Ci0gICAgICAgICAgICAg ICAgYmRmICs9IHBkZXYtPnBoYW50b21fc3RyaWRlOwotICAgICAgICAgICAg fSB3aGlsZSAoIFBDSV9ERVZGTjIoYmRmKSAhPSBwZGV2LT5kZXZmbiAmJgot ICAgICAgICAgICAgICAgICAgICAgIFBDSV9TTE9UKGJkZikgPT0gUENJX1NM T1QocGRldi0+ZGV2Zm4pICk7Ci0gICAgICAgICAgICBzcGluX3VubG9ja19p cnFyZXN0b3JlKCZpb21tdS0+bG9jaywgZmxhZ3MpOwotICAgICAgICB9Ci0K LSAgICAgICAgLyogRm9yIHNhZmV0eSwgaW52YWxpZGF0ZSBhbGwgZW50cmll cyAqLwotICAgICAgICBhbWRfaW9tbXVfZmx1c2hfYWxsX3BhZ2VzKGQpOwot ICAgIH0KLSAgICByZXR1cm4gMDsKLX0KLQogaW50IGFtZF9pb21tdV9tYXBf cGFnZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNpZ25lZCBsb25nIGdmbiwgdW5z aWduZWQgbG9uZyBtZm4sCiAgICAgICAgICAgICAgICAgICAgICAgIHVuc2ln bmVkIGludCBmbGFncykKIHsKQEAgLTY4NSwxOSArNTk0LDYgQEAgaW50IGFt ZF9pb21tdV9tYXBfcGFnZShzdHJ1Y3QgZG9tYWluICpkLAogICAgICAgICBy ZXR1cm4gcmM7CiAgICAgfQogCi0gICAgLyogU2luY2UgSFZNIGRvbWFpbiBp cyBpbml0aWFsaXplZCB3aXRoIDIgbGV2ZWwgSU8gcGFnZSB0YWJsZSwKLSAg ICAgKiB3ZSBtaWdodCBuZWVkIGEgZGVlcGVyIHBhZ2UgdGFibGUgZm9yIGxh Z2VyIGdmbiBub3cgKi8KLSAgICBpZiAoIGlzX2h2bV9kb21haW4oZCkgKQot ICAgIHsKLSAgICAgICAgaWYgKCB1cGRhdGVfcGFnaW5nX21vZGUoZCwgZ2Zu KSApCi0gICAgICAgIHsKLSAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+ YXJjaC5tYXBwaW5nX2xvY2spOwotICAgICAgICAgICAgQU1EX0lPTU1VX0RF QlVHKCJVcGRhdGUgcGFnZSBtb2RlIGZhaWxlZCBnZm4gPSAlbHhcbiIsIGdm bik7Ci0gICAgICAgICAgICBkb21haW5fY3Jhc2goZCk7Ci0gICAgICAgICAg ICByZXR1cm4gLUVGQVVMVDsKLSAgICAgICAgfQotICAgIH0KLQogICAgIGlm ICggaW9tbXVfcGRlX2Zyb21fZ2ZuKGQsIGdmbiwgcHRfbWZuLCB0cnVlKSB8 fCAocHRfbWZuWzFdID09IDApICkKICAgICB7CiAgICAgICAgIHNwaW5fdW5s b2NrKCZoZC0+YXJjaC5tYXBwaW5nX2xvY2spOwotLS0gYS94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jCisrKyBiL3hlbi9k cml2ZXJzL3Bhc3N0aHJvdWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKQEAgLTI0 MiwxMSArMjQyLDE3IEBAIHN0YXRpYyBpbnQgYW1kX2lvbW11X2RvbWFpbl9p bml0KHN0cnVjdAogewogICAgIHN0cnVjdCBkb21haW5faW9tbXUgKmhkID0g ZG9tX2lvbW11KGQpOwogCi0gICAgLyogRm9yIHB2IGFuZCBkb20wLCBzdGlj ayB3aXRoIGdldF9wYWdpbmdfbW9kZShtYXhfcGFnZSkKLSAgICAgKiBGb3Ig SFZNIGRvbTAsIHVzZSAyIGxldmVsIHBhZ2UgdGFibGUgYXQgZmlyc3QgKi8K LSAgICBoZC0+YXJjaC5wYWdpbmdfbW9kZSA9IGlzX2h2bV9kb21haW4oZCkg PwotICAgICAgICAgICAgICAgICAgICAgIElPTU1VX1BBR0lOR19NT0RFX0xF VkVMXzIgOgotICAgICAgICAgICAgICAgICAgICAgIGdldF9wYWdpbmdfbW9k ZShtYXhfcGFnZSk7CisgICAgLyoKKyAgICAgKiBDaG9vc2UgdGhlIG51bWJl ciBvZiBsZXZlbHMgZm9yIHRoZSBJT01NVSBwYWdlIHRhYmxlcy4KKyAgICAg KiAtIFBWIG5lZWRzIDMgb3IgNCwgZGVwZW5kaW5nIG9uIHdoZXRoZXIgdGhl cmUgaXMgUkFNIChpbmNsdWRpbmcgaG90cGx1ZworICAgICAqICAgUkFNKSBh Ym92ZSB0aGUgNTEyRyBib3VuZGFyeS4KKyAgICAgKiAtIEhWTSBjb3VsZCBp biBwcmluY2lwbGUgdXNlIDMgb3IgNCBkZXBlbmRpbmcgb24gaG93IG11Y2gg Z3Vlc3QKKyAgICAgKiAgIHBoeXNpY2FsIGFkZHJlc3Mgc3BhY2Ugd2UgZ2l2 ZSBpdCwgYnV0IHRoaXMgaXNuJ3Qga25vd24geWV0IHNvIHVzZSA0CisgICAg ICogICB1bmlsYXRlcmFsbHkuCisgICAgICovCisgICAgaGQtPmFyY2gucGFn aW5nX21vZGUgPSBpc19odm1fZG9tYWluKGQpCisgICAgICAgID8gSU9NTVVf UEFHSU5HX01PREVfTEVWRUxfNCA6IGdldF9wYWdpbmdfbW9kZShnZXRfdXBw ZXJfbWZuX2JvdW5kKCkpOworCiAgICAgcmV0dXJuIDA7CiB9CiAK --=separator Content-Type: application/octet-stream; name="xsa311-4.11.patch" Content-Disposition: attachment; filename="xsa311-4.11.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogQU1EL0lPTU1VOiBDZWFzZSB1c2luZyBhIGR5bmFtaWMg aGVpZ2h0IGZvciB0aGUgSU9NTVUgcGFnZXRhYmxlcwoKdXBkYXRlX3BhZ2lu Z19tb2RlKCkgaGFzIG11bHRpcGxlIGJ1Z3M6CgogMSkgQm9vdGluZyB3aXRo IGlvbW11PWRlYnVnIHdpbGwgY2F1c2UgaXQgdG8gaW5mb3JtIHlvdSB0aGF0 IHRoYXQgaXQgY2FsbGVkCiAgICB3aXRob3V0IHRoZSBwZGV2X2xpc3QgbG9j ayBoZWxkLgogMikgV2hlbiBncm93aW5nIGJ5IG1vcmUgdGhhbiBhIHNpbmds ZSBsZXZlbCwgaXQgbGVha3MgdGhlIG5ld2x5IGFsbG9jYXRlZAogICAgdGFi bGUocykgaW4gdGhlIGNhc2Ugb2YgYSBmdXJ0aGVyIGVycm9yLgoKRnVydGhl cm1vcmUsIHRoZSBjaG9pY2Ugb2YgZGVmYXVsdCBsZXZlbCBmb3IgYSBkb21h aW4gaGFzIGlzc3VlczoKCiAxKSBBbGwgSFZNIGd1ZXN0cyBncm93IGZyb20g MiB0byAzIGxldmVscyBkdXJpbmcgY29uc3RydWN0aW9uIGJlY2F1c2Ugb2Yg dGhlCiAgICBwb3NpdGlvbiBvZiB0aGUgVlJBTSBqdXN0IGJlbG93IHRoZSA0 RyBib3VuZGFyeSwgc28gZGVmYXVsdGluZyB0byAyIGlzIGEKICAgIHdhc3Rl IG9mIGVmZm9ydC4KIDIpIFRoZSBsaW1pdCBmb3IgUFYgZ3Vlc3RzIGRvZXNu J3QgdGFrZSBtZW1vcnkgaG90cGx1ZyBpbnRvIGFjY291bnQsIGFuZAogICAg aXNuJ3QgZHluYW1pYyBhdCBydW50aW1lIGxpa2UgSFZNIGd1ZXN0cy4gIFRo aXMgbWVhbnMgdGhhdCBhIFBWIGd1ZXN0IG1heQogICAgZ2V0IFJBTSB3aGlj aCBpdCBjYW4ndCBtYXAgaW4gdGhlIElPTU1VLgoKVGhlIGR5bmFtaWMgaGVp Z2h0IGlzIGEgcHJvcGVydHkgdW5pcXVlIHRvIEFNRCwgYW5kIGFkZHMgYSBz dWJzdGFudGlhbApxdWFudGl0eSBvZiBjb21wbGV4aXR5IGZvciB3aGF0IGlz IGEgbWFyZ2luYWwgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnQuICBSZW1vdmUK dGhlIGNvbXBsZXhpdHkgYnkgcmVtb3ZpbmcgdGhlIGR5bmFtaWMgaGVpZ2h0 LgoKUFYgZ3Vlc3RzIG5vdyBnZXQgMyBvciA0IGxldmVscyBiYXNlZCBvbiBh bnkgaG90cGx1ZyByZWdpb25zIGluIHRoZSBob3N0LgpUaGlzIG9ubHkgbWFr ZXMgYSBkaWZmZXJlbmNlIGZvciBoYXJkd2FyZSB3aGljaCBwcmV2aW91c2x5 IGhhZCBhbGwgUkFNIGJlbG93CnRoZSA1MTJHIGJvdW5kYXJ5LCBhbmQgYSBo b3RwbHVnIHJlZ2lvbiBhYm92ZS4KCkhWTSBndWVzdHMgbm93IGdldCA0IGxl dmVscyAod2hpY2ggd2lsbCBiZSBzdWZmaWNpZW50IHVudGlsIDI1NlRCIGd1 ZXN0cwpiZWNvbWUgYSB0aGluZyksIGJlY2F1c2Ugd2UgZG9uJ3QgY3VycmVu dGx5IGhhdmUgdGhlIGluZm9ybWF0aW9uIHRvIGtub3cgd2hlbgozIHdvdWxk IGJlIHNhZmUgdG8gdXNlLgoKVGhlIG92ZXJoZWFkIG9mIHRoaXMgZXh0cmEg bGV2ZWwgaXMgbm90IGV4cGVjdGVkIHRvIGJlIG5vdGljZWFibGUuICBJdCBj b3N0cwpvbmUgcGFnZSAoNGspIHBlciBkb21haW4sIGFuZCBvbmUgZXh0cmEg SU8tVExCIHBhZ2luZyBzdHJ1Y3R1cmUgY2FjaGUgZW50cnkKd2hpY2ggaXMg dmVyeSBob3QgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIGV2aWN0ZWQuCgpUaGlz IGlzIFhTQS0zMTEuCgpSZXBvcnRlZC1ieTogWFhYIFBFUlNPTiA8WFhYIEVN QUlMPjMKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNv b3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KQWNrZWQtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCi0tLSBhL3hlbi9kcml2ZXJz L3Bhc3N0aHJvdWdoL2FtZC9pb21tdV9tYXAuYworKysgYi94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKQEAgLTU2OSw5NyArNTY5 LDYgQEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9nZm4oc3RydWN0IGRv bQogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMgaW50IHVwZGF0ZV9wYWdp bmdfbW9kZShzdHJ1Y3QgZG9tYWluICpkLCB1bnNpZ25lZCBsb25nIGdmbikK LXsKLSAgICB1MTYgYmRmOwotICAgIHZvaWQgKmRldmljZV9lbnRyeTsKLSAg ICB1bnNpZ25lZCBpbnQgcmVxX2lkLCBsZXZlbCwgb2Zmc2V0OwotICAgIHVu c2lnbmVkIGxvbmcgZmxhZ3M7Ci0gICAgc3RydWN0IHBjaV9kZXYgKnBkZXY7 Ci0gICAgc3RydWN0IGFtZF9pb21tdSAqaW9tbXUgPSBOVUxMOwotICAgIHN0 cnVjdCBwYWdlX2luZm8gKm5ld19yb290ID0gTlVMTDsKLSAgICBzdHJ1Y3Qg cGFnZV9pbmZvICpvbGRfcm9vdCA9IE5VTEw7Ci0gICAgdm9pZCAqbmV3X3Jv b3RfdmFkZHI7Ci0gICAgdW5zaWduZWQgbG9uZyBvbGRfcm9vdF9tZm47Ci0g ICAgc3RydWN0IGRvbWFpbl9pb21tdSAqaGQgPSBkb21faW9tbXUoZCk7Ci0K LSAgICBpZiAoIGdmbiA9PSBnZm5feChJTlZBTElEX0dGTikgKQotICAgICAg ICByZXR1cm4gLUVBRERSTk9UQVZBSUw7Ci0gICAgQVNTRVJUKCEoZ2ZuID4+ IERFRkFVTFRfRE9NQUlOX0FERFJFU1NfV0lEVEgpKTsKLQotICAgIGxldmVs ID0gaGQtPmFyY2gucGFnaW5nX21vZGU7Ci0gICAgb2xkX3Jvb3QgPSBoZC0+ YXJjaC5yb290X3RhYmxlOwotICAgIG9mZnNldCA9IGdmbiA+PiAoUFRFX1BF Ul9UQUJMRV9TSElGVCAqIChsZXZlbCAtIDEpKTsKLQotICAgIEFTU0VSVChz cGluX2lzX2xvY2tlZCgmaGQtPmFyY2gubWFwcGluZ19sb2NrKSAmJiBpc19o dm1fZG9tYWluKGQpKTsKLQotICAgIHdoaWxlICggb2Zmc2V0ID49IFBURV9Q RVJfVEFCTEVfU0laRSApCi0gICAgewotICAgICAgICAvKiBBbGxvY2F0ZSBh bmQgaW5zdGFsbCBhIG5ldyByb290IHRhYmxlLgotICAgICAgICAgKiBPbmx5 IHVwcGVyIEkvTyBwYWdlIHRhYmxlIGdyb3dzLCBubyBuZWVkIHRvIGZpeCBu ZXh0IGxldmVsIGJpdHMgKi8KLSAgICAgICAgbmV3X3Jvb3QgPSBhbGxvY19h bWRfaW9tbXVfcGd0YWJsZSgpOwotICAgICAgICBpZiAoIG5ld19yb290ID09 IE5VTEwgKQotICAgICAgICB7Ci0gICAgICAgICAgICBBTURfSU9NTVVfREVC VUcoIiVzIENhbm5vdCBhbGxvY2F0ZSBJL08gcGFnZSB0YWJsZVxuIiwKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgICBfX2Z1bmNfXyk7Ci0gICAgICAg ICAgICByZXR1cm4gLUVOT01FTTsKLSAgICAgICAgfQotCi0gICAgICAgIG5l d19yb290X3ZhZGRyID0gX19tYXBfZG9tYWluX3BhZ2UobmV3X3Jvb3QpOwot ICAgICAgICBvbGRfcm9vdF9tZm4gPSBtZm5feChwYWdlX3RvX21mbihvbGRf cm9vdCkpOwotICAgICAgICBzZXRfaW9tbXVfcGRlX3ByZXNlbnQobmV3X3Jv b3RfdmFkZHIsIG9sZF9yb290X21mbiwgbGV2ZWwsCi0gICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAhIUlPTU1VRl93cml0YWJsZSwgISFJT01NVUZf cmVhZGFibGUpOwotICAgICAgICBsZXZlbCsrOwotICAgICAgICBvbGRfcm9v dCA9IG5ld19yb290OwotICAgICAgICBvZmZzZXQgPj49IFBURV9QRVJfVEFC TEVfU0hJRlQ7Ci0gICAgICAgIHVubWFwX2RvbWFpbl9wYWdlKG5ld19yb290 X3ZhZGRyKTsKLSAgICB9Ci0KLSAgICBpZiAoIG5ld19yb290ICE9IE5VTEwg KQotICAgIHsKLSAgICAgICAgaGQtPmFyY2gucGFnaW5nX21vZGUgPSBsZXZl bDsKLSAgICAgICAgaGQtPmFyY2gucm9vdF90YWJsZSA9IG5ld19yb290Owot Ci0gICAgICAgIGlmICggIXBjaWRldnNfbG9ja2VkKCkgKQotICAgICAgICAg ICAgQU1EX0lPTU1VX0RFQlVHKCIlcyBUcnkgdG8gYWNjZXNzIHBkZXZfbGlz dCAiCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgIndpdGhvdXQgYXF1 aXJpbmcgcGNpZGV2c19sb2NrLlxuIiwgX19mdW5jX18pOwotCi0gICAgICAg IC8qIFVwZGF0ZSBkZXZpY2UgdGFibGUgZW50cmllcyB1c2luZyBuZXcgcm9v dCB0YWJsZSBhbmQgcGFnaW5nIG1vZGUgKi8KLSAgICAgICAgZm9yX2VhY2hf cGRldiggZCwgcGRldiApCi0gICAgICAgIHsKLSAgICAgICAgICAgIGJkZiA9 IFBDSV9CREYyKHBkZXYtPmJ1cywgcGRldi0+ZGV2Zm4pOwotICAgICAgICAg ICAgaW9tbXUgPSBmaW5kX2lvbW11X2Zvcl9kZXZpY2UocGRldi0+c2VnLCBi ZGYpOwotICAgICAgICAgICAgaWYgKCAhaW9tbXUgKQotICAgICAgICAgICAg ewotICAgICAgICAgICAgICAgIEFNRF9JT01NVV9ERUJVRygiJXMgRmFpbCB0 byBmaW5kIGlvbW11LlxuIiwgX19mdW5jX18pOwotICAgICAgICAgICAgICAg IHJldHVybiAtRU5PREVWOwotICAgICAgICAgICAgfQotCi0gICAgICAgICAg ICBzcGluX2xvY2tfaXJxc2F2ZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKLSAg ICAgICAgICAgIGRvIHsKLSAgICAgICAgICAgICAgICByZXFfaWQgPSBnZXRf ZG1hX3JlcXVlc3Rvcl9pZChwZGV2LT5zZWcsIGJkZik7Ci0gICAgICAgICAg ICAgICAgZGV2aWNlX2VudHJ5ID0gaW9tbXUtPmRldl90YWJsZS5idWZmZXIg KwotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChyZXFfaWQgKiBJ T01NVV9ERVZfVEFCTEVfRU5UUllfU0laRSk7Ci0KLSAgICAgICAgICAgICAg ICAvKiB2YWxpZCA9IDAgb25seSB3b3JrcyBmb3IgZG9tMCBwYXNzdGhyb3Vn aCBtb2RlICovCi0gICAgICAgICAgICAgICAgYW1kX2lvbW11X3NldF9yb290 X3BhZ2VfdGFibGUoKHUzMiAqKWRldmljZV9lbnRyeSwKLSAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwYWdlX3RvX21h ZGRyKGhkLT5hcmNoLnJvb3RfdGFibGUpLAotICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGQtPmRvbWFpbl9pZCwKLSAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBo ZC0+YXJjaC5wYWdpbmdfbW9kZSwgMSk7Ci0KLSAgICAgICAgICAgICAgICBh bWRfaW9tbXVfZmx1c2hfZGV2aWNlKGlvbW11LCByZXFfaWQpOwotICAgICAg ICAgICAgICAgIGJkZiArPSBwZGV2LT5waGFudG9tX3N0cmlkZTsKLSAgICAg ICAgICAgIH0gd2hpbGUgKCBQQ0lfREVWRk4yKGJkZikgIT0gcGRldi0+ZGV2 Zm4gJiYKLSAgICAgICAgICAgICAgICAgICAgICBQQ0lfU0xPVChiZGYpID09 IFBDSV9TTE9UKHBkZXYtPmRldmZuKSApOwotICAgICAgICAgICAgc3Bpbl91 bmxvY2tfaXJxcmVzdG9yZSgmaW9tbXUtPmxvY2ssIGZsYWdzKTsKLSAgICAg ICAgfQotCi0gICAgICAgIC8qIEZvciBzYWZldHksIGludmFsaWRhdGUgYWxs IGVudHJpZXMgKi8KLSAgICAgICAgYW1kX2lvbW11X2ZsdXNoX2FsbF9wYWdl cyhkKTsKLSAgICB9Ci0gICAgcmV0dXJuIDA7Ci19Ci0KIGludCBhbWRfaW9t bXVfbWFwX3BhZ2Uoc3RydWN0IGRvbWFpbiAqZCwgdW5zaWduZWQgbG9uZyBn Zm4sIHVuc2lnbmVkIGxvbmcgbWZuLAogICAgICAgICAgICAgICAgICAgICAg ICB1bnNpZ25lZCBpbnQgZmxhZ3MpCiB7CkBAIC02ODUsMTkgKzU5NCw2IEBA IGludCBhbWRfaW9tbXVfbWFwX3BhZ2Uoc3RydWN0IGRvbWFpbiAqZCwKICAg ICAgICAgcmV0dXJuIHJjOwogICAgIH0KIAotICAgIC8qIFNpbmNlIEhWTSBk b21haW4gaXMgaW5pdGlhbGl6ZWQgd2l0aCAyIGxldmVsIElPIHBhZ2UgdGFi bGUsCi0gICAgICogd2UgbWlnaHQgbmVlZCBhIGRlZXBlciBwYWdlIHRhYmxl IGZvciBsYWdlciBnZm4gbm93ICovCi0gICAgaWYgKCBpc19odm1fZG9tYWlu KGQpICkKLSAgICB7Ci0gICAgICAgIGlmICggdXBkYXRlX3BhZ2luZ19tb2Rl KGQsIGdmbikgKQotICAgICAgICB7Ci0gICAgICAgICAgICBzcGluX3VubG9j aygmaGQtPmFyY2gubWFwcGluZ19sb2NrKTsKLSAgICAgICAgICAgIEFNRF9J T01NVV9ERUJVRygiVXBkYXRlIHBhZ2UgbW9kZSBmYWlsZWQgZ2ZuID0gJWx4 XG4iLCBnZm4pOwotICAgICAgICAgICAgZG9tYWluX2NyYXNoKGQpOwotICAg ICAgICAgICAgcmV0dXJuIC1FRkFVTFQ7Ci0gICAgICAgIH0KLSAgICB9Ci0K ICAgICBpZiAoIGlvbW11X3BkZV9mcm9tX2dmbihkLCBnZm4sIHB0X21mbiwg dHJ1ZSkgfHwgKHB0X21mblsxXSA9PSAwKSApCiAgICAgewogICAgICAgICBz cGluX3VubG9jaygmaGQtPmFyY2gubWFwcGluZ19sb2NrKTsKLS0tIGEveGVu L2RyaXZlcnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYworKysg Yi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5j CkBAIC0yNDIsMTEgKzI0MiwxNyBAQCBzdGF0aWMgaW50IGFtZF9pb21tdV9k b21haW5faW5pdChzdHJ1Y3QKIHsKICAgICBzdHJ1Y3QgZG9tYWluX2lvbW11 ICpoZCA9IGRvbV9pb21tdShkKTsKIAotICAgIC8qIEZvciBwdiBhbmQgZG9t MCwgc3RpY2sgd2l0aCBnZXRfcGFnaW5nX21vZGUobWF4X3BhZ2UpCi0gICAg ICogRm9yIEhWTSBkb20wLCB1c2UgMiBsZXZlbCBwYWdlIHRhYmxlIGF0IGZp cnN0ICovCi0gICAgaGQtPmFyY2gucGFnaW5nX21vZGUgPSBpc19odm1fZG9t YWluKGQpID8KLSAgICAgICAgICAgICAgICAgICAgICBJT01NVV9QQUdJTkdf TU9ERV9MRVZFTF8yIDoKLSAgICAgICAgICAgICAgICAgICAgICBnZXRfcGFn aW5nX21vZGUobWF4X3BhZ2UpOworICAgIC8qCisgICAgICogQ2hvb3NlIHRo ZSBudW1iZXIgb2YgbGV2ZWxzIGZvciB0aGUgSU9NTVUgcGFnZSB0YWJsZXMu CisgICAgICogLSBQViBuZWVkcyAzIG9yIDQsIGRlcGVuZGluZyBvbiB3aGV0 aGVyIHRoZXJlIGlzIFJBTSAoaW5jbHVkaW5nIGhvdHBsdWcKKyAgICAgKiAg IFJBTSkgYWJvdmUgdGhlIDUxMkcgYm91bmRhcnkuCisgICAgICogLSBIVk0g Y291bGQgaW4gcHJpbmNpcGxlIHVzZSAzIG9yIDQgZGVwZW5kaW5nIG9uIGhv dyBtdWNoIGd1ZXN0CisgICAgICogICBwaHlzaWNhbCBhZGRyZXNzIHNwYWNl IHdlIGdpdmUgaXQsIGJ1dCB0aGlzIGlzbid0IGtub3duIHlldCBzbyB1c2Ug NAorICAgICAqICAgdW5pbGF0ZXJhbGx5LgorICAgICAqLworICAgIGhkLT5h cmNoLnBhZ2luZ19tb2RlID0gaXNfaHZtX2RvbWFpbihkKQorICAgICAgICA/ IElPTU1VX1BBR0lOR19NT0RFX0xFVkVMXzQgOiBnZXRfcGFnaW5nX21vZGUo Z2V0X3VwcGVyX21mbl9ib3VuZCgpKTsKKwogICAgIHJldHVybiAwOwogfQog Cg== --=separator Content-Type: application/octet-stream; name="xsa311-4.12.patch" Content-Disposition: attachment; filename="xsa311-4.12.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogQU1EL0lPTU1VOiBDZWFzZSB1c2luZyBhIGR5bmFtaWMg aGVpZ2h0IGZvciB0aGUgSU9NTVUgcGFnZXRhYmxlcwoKdXBkYXRlX3BhZ2lu Z19tb2RlKCkgaGFzIG11bHRpcGxlIGJ1Z3M6CgogMSkgQm9vdGluZyB3aXRo IGlvbW11PWRlYnVnIHdpbGwgY2F1c2UgaXQgdG8gaW5mb3JtIHlvdSB0aGF0 IHRoYXQgaXQgY2FsbGVkCiAgICB3aXRob3V0IHRoZSBwZGV2X2xpc3QgbG9j ayBoZWxkLgogMikgV2hlbiBncm93aW5nIGJ5IG1vcmUgdGhhbiBhIHNpbmds ZSBsZXZlbCwgaXQgbGVha3MgdGhlIG5ld2x5IGFsbG9jYXRlZAogICAgdGFi bGUocykgaW4gdGhlIGNhc2Ugb2YgYSBmdXJ0aGVyIGVycm9yLgoKRnVydGhl cm1vcmUsIHRoZSBjaG9pY2Ugb2YgZGVmYXVsdCBsZXZlbCBmb3IgYSBkb21h aW4gaGFzIGlzc3VlczoKCiAxKSBBbGwgSFZNIGd1ZXN0cyBncm93IGZyb20g MiB0byAzIGxldmVscyBkdXJpbmcgY29uc3RydWN0aW9uIGJlY2F1c2Ugb2Yg dGhlCiAgICBwb3NpdGlvbiBvZiB0aGUgVlJBTSBqdXN0IGJlbG93IHRoZSA0 RyBib3VuZGFyeSwgc28gZGVmYXVsdGluZyB0byAyIGlzIGEKICAgIHdhc3Rl IG9mIGVmZm9ydC4KIDIpIFRoZSBsaW1pdCBmb3IgUFYgZ3Vlc3RzIGRvZXNu J3QgdGFrZSBtZW1vcnkgaG90cGx1ZyBpbnRvIGFjY291bnQsIGFuZAogICAg aXNuJ3QgZHluYW1pYyBhdCBydW50aW1lIGxpa2UgSFZNIGd1ZXN0cy4gIFRo aXMgbWVhbnMgdGhhdCBhIFBWIGd1ZXN0IG1heQogICAgZ2V0IFJBTSB3aGlj aCBpdCBjYW4ndCBtYXAgaW4gdGhlIElPTU1VLgoKVGhlIGR5bmFtaWMgaGVp Z2h0IGlzIGEgcHJvcGVydHkgdW5pcXVlIHRvIEFNRCwgYW5kIGFkZHMgYSBz dWJzdGFudGlhbApxdWFudGl0eSBvZiBjb21wbGV4aXR5IGZvciB3aGF0IGlz IGEgbWFyZ2luYWwgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnQuICBSZW1vdmUK dGhlIGNvbXBsZXhpdHkgYnkgcmVtb3ZpbmcgdGhlIGR5bmFtaWMgaGVpZ2h0 LgoKUFYgZ3Vlc3RzIG5vdyBnZXQgMyBvciA0IGxldmVscyBiYXNlZCBvbiBh bnkgaG90cGx1ZyByZWdpb25zIGluIHRoZSBob3N0LgpUaGlzIG9ubHkgbWFr ZXMgYSBkaWZmZXJlbmNlIGZvciBoYXJkd2FyZSB3aGljaCBwcmV2aW91c2x5 IGhhZCBhbGwgUkFNIGJlbG93CnRoZSA1MTJHIGJvdW5kYXJ5LCBhbmQgYSBo b3RwbHVnIHJlZ2lvbiBhYm92ZS4KCkhWTSBndWVzdHMgbm93IGdldCA0IGxl dmVscyAod2hpY2ggd2lsbCBiZSBzdWZmaWNpZW50IHVudGlsIDI1NlRCIGd1 ZXN0cwpiZWNvbWUgYSB0aGluZyksIGJlY2F1c2Ugd2UgZG9uJ3QgY3VycmVu dGx5IGhhdmUgdGhlIGluZm9ybWF0aW9uIHRvIGtub3cgd2hlbgozIHdvdWxk IGJlIHNhZmUgdG8gdXNlLgoKVGhlIG92ZXJoZWFkIG9mIHRoaXMgZXh0cmEg bGV2ZWwgaXMgbm90IGV4cGVjdGVkIHRvIGJlIG5vdGljZWFibGUuICBJdCBj b3N0cwpvbmUgcGFnZSAoNGspIHBlciBkb21haW4sIGFuZCBvbmUgZXh0cmEg SU8tVExCIHBhZ2luZyBzdHJ1Y3R1cmUgY2FjaGUgZW50cnkKd2hpY2ggaXMg dmVyeSBob3QgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIGV2aWN0ZWQuCgpUaGlz IGlzIFhTQS0zMTEuCgpSZXBvcnRlZC1ieTogWFhYIFBFUlNPTiA8WFhYIEVN QUlMPjMKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNv b3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3Bl ciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KQWNrZWQtYnk6IEphbiBC ZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KCmRpZmYgLS1naXQgYS94ZW4v ZHJpdmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMgYi94ZW4vZHJp dmVycy9wYXNzdGhyb3VnaC9hbWQvaW9tbXVfbWFwLmMKaW5kZXggNjI4YWE2 MDIzMC4uOWEyMjJjOTVlMSAxMDA2NDQKLS0tIGEveGVuL2RyaXZlcnMvcGFz c3Rocm91Z2gvYW1kL2lvbW11X21hcC5jCisrKyBiL3hlbi9kcml2ZXJzL3Bh c3N0aHJvdWdoL2FtZC9pb21tdV9tYXAuYwpAQCAtNDU1LDEwMCArNDU1LDYg QEAgc3RhdGljIGludCBpb21tdV9wZGVfZnJvbV9kZm4oc3RydWN0IGRvbWFp biAqZCwgdW5zaWduZWQgbG9uZyBkZm4sCiAgICAgcmV0dXJuIDA7CiB9CiAK LXN0YXRpYyBpbnQgdXBkYXRlX3BhZ2luZ19tb2RlKHN0cnVjdCBkb21haW4g KmQsIHVuc2lnbmVkIGxvbmcgZGZuKQotewotICAgIHVpbnQxNl90IGJkZjsK LSAgICB2b2lkICpkZXZpY2VfZW50cnk7Ci0gICAgdW5zaWduZWQgaW50IHJl cV9pZCwgbGV2ZWwsIG9mZnNldDsKLSAgICB1bnNpZ25lZCBsb25nIGZsYWdz OwotICAgIHN0cnVjdCBwY2lfZGV2ICpwZGV2OwotICAgIHN0cnVjdCBhbWRf aW9tbXUgKmlvbW11ID0gTlVMTDsKLSAgICBzdHJ1Y3QgcGFnZV9pbmZvICpu ZXdfcm9vdCA9IE5VTEw7Ci0gICAgc3RydWN0IHBhZ2VfaW5mbyAqb2xkX3Jv b3QgPSBOVUxMOwotICAgIHZvaWQgKm5ld19yb290X3ZhZGRyOwotICAgIHVu c2lnbmVkIGxvbmcgb2xkX3Jvb3RfbWZuOwotICAgIHN0cnVjdCBkb21haW5f aW9tbXUgKmhkID0gZG9tX2lvbW11KGQpOwotCi0gICAgaWYgKCBkZm4gPT0g ZGZuX3goSU5WQUxJRF9ERk4pICkKLSAgICAgICAgcmV0dXJuIC1FQUREUk5P VEFWQUlMOwotICAgIEFTU0VSVCghKGRmbiA+PiBERUZBVUxUX0RPTUFJTl9B RERSRVNTX1dJRFRIKSk7Ci0KLSAgICBsZXZlbCA9IGhkLT5hcmNoLnBhZ2lu Z19tb2RlOwotICAgIG9sZF9yb290ID0gaGQtPmFyY2gucm9vdF90YWJsZTsK LSAgICBvZmZzZXQgPSBkZm4gPj4gKFBURV9QRVJfVEFCTEVfU0hJRlQgKiAo bGV2ZWwgLSAxKSk7Ci0KLSAgICBBU1NFUlQoc3Bpbl9pc19sb2NrZWQoJmhk LT5hcmNoLm1hcHBpbmdfbG9jaykgJiYgaXNfaHZtX2RvbWFpbihkKSk7Ci0K LSAgICB3aGlsZSAoIG9mZnNldCA+PSBQVEVfUEVSX1RBQkxFX1NJWkUgKQot ICAgIHsKLSAgICAgICAgLyogQWxsb2NhdGUgYW5kIGluc3RhbGwgYSBuZXcg cm9vdCB0YWJsZS4KLSAgICAgICAgICogT25seSB1cHBlciBJL08gcGFnZSB0 YWJsZSBncm93cywgbm8gbmVlZCB0byBmaXggbmV4dCBsZXZlbCBiaXRzICov Ci0gICAgICAgIG5ld19yb290ID0gYWxsb2NfYW1kX2lvbW11X3BndGFibGUo KTsKLSAgICAgICAgaWYgKCBuZXdfcm9vdCA9PSBOVUxMICkKLSAgICAgICAg ewotICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCIlcyBDYW5ub3QgYWxs b2NhdGUgSS9PIHBhZ2UgdGFibGVcbiIsCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgX19mdW5jX18pOwotICAgICAgICAgICAgcmV0dXJuIC1FTk9N RU07Ci0gICAgICAgIH0KLQotICAgICAgICBuZXdfcm9vdF92YWRkciA9IF9f bWFwX2RvbWFpbl9wYWdlKG5ld19yb290KTsKLSAgICAgICAgb2xkX3Jvb3Rf bWZuID0gbWZuX3gocGFnZV90b19tZm4ob2xkX3Jvb3QpKTsKLSAgICAgICAg c2V0X2lvbW11X3BkZV9wcmVzZW50KG5ld19yb290X3ZhZGRyLCBvbGRfcm9v dF9tZm4sIGxldmVsLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ISFJT01NVUZfd3JpdGFibGUsICEhSU9NTVVGX3JlYWRhYmxlKTsKLSAgICAg ICAgbGV2ZWwrKzsKLSAgICAgICAgb2xkX3Jvb3QgPSBuZXdfcm9vdDsKLSAg ICAgICAgb2Zmc2V0ID4+PSBQVEVfUEVSX1RBQkxFX1NISUZUOwotICAgICAg ICB1bm1hcF9kb21haW5fcGFnZShuZXdfcm9vdF92YWRkcik7Ci0gICAgfQot Ci0gICAgaWYgKCBuZXdfcm9vdCAhPSBOVUxMICkKLSAgICB7Ci0gICAgICAg IGhkLT5hcmNoLnBhZ2luZ19tb2RlID0gbGV2ZWw7Ci0gICAgICAgIGhkLT5h cmNoLnJvb3RfdGFibGUgPSBuZXdfcm9vdDsKLQotICAgICAgICBpZiAoICFw Y2lkZXZzX2xvY2tlZCgpICkKLSAgICAgICAgICAgIEFNRF9JT01NVV9ERUJV RygiJXMgVHJ5IHRvIGFjY2VzcyBwZGV2X2xpc3QgIgotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICJ3aXRob3V0IGFxdWlyaW5nIHBjaWRldnNfbG9j ay5cbiIsIF9fZnVuY19fKTsKLQotICAgICAgICAvKiBVcGRhdGUgZGV2aWNl IHRhYmxlIGVudHJpZXMgdXNpbmcgbmV3IHJvb3QgdGFibGUgYW5kIHBhZ2lu ZyBtb2RlICovCi0gICAgICAgIGZvcl9lYWNoX3BkZXYoIGQsIHBkZXYgKQot ICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoIHBkZXYtPnR5cGUgPT0gREVW X1RZUEVfUENJX0hPU1RfQlJJREdFICkKLSAgICAgICAgICAgICAgICBjb250 aW51ZTsKLQotICAgICAgICAgICAgYmRmID0gUENJX0JERjIocGRldi0+YnVz LCBwZGV2LT5kZXZmbik7Ci0gICAgICAgICAgICBpb21tdSA9IGZpbmRfaW9t bXVfZm9yX2RldmljZShwZGV2LT5zZWcsIGJkZik7Ci0gICAgICAgICAgICBp ZiAoICFpb21tdSApCi0gICAgICAgICAgICB7Ci0gICAgICAgICAgICAgICAg QU1EX0lPTU1VX0RFQlVHKCIlcyBGYWlsIHRvIGZpbmQgaW9tbXUuXG4iLCBf X2Z1bmNfXyk7Ci0gICAgICAgICAgICAgICAgcmV0dXJuIC1FTk9ERVY7Ci0g ICAgICAgICAgICB9Ci0KLSAgICAgICAgICAgIHNwaW5fbG9ja19pcnFzYXZl KCZpb21tdS0+bG9jaywgZmxhZ3MpOwotICAgICAgICAgICAgZG8gewotICAg ICAgICAgICAgICAgIHJlcV9pZCA9IGdldF9kbWFfcmVxdWVzdG9yX2lkKHBk ZXYtPnNlZywgYmRmKTsKLSAgICAgICAgICAgICAgICBkZXZpY2VfZW50cnkg PSBpb21tdS0+ZGV2X3RhYmxlLmJ1ZmZlciArCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgKHJlcV9pZCAqIElPTU1VX0RFVl9UQUJMRV9FTlRS WV9TSVpFKTsKLQotICAgICAgICAgICAgICAgIC8qIHZhbGlkID0gMCBvbmx5 IHdvcmtzIGZvciBkb20wIHBhc3N0aHJvdWdoIG1vZGUgKi8KLSAgICAgICAg ICAgICAgICBhbWRfaW9tbXVfc2V0X3Jvb3RfcGFnZV90YWJsZSgodWludDMy X3QgKilkZXZpY2VfZW50cnksCi0gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgcGFnZV90b19tYWRkcihoZC0+YXJjaC5y b290X3RhYmxlKSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBkLT5kb21haW5faWQsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaGQtPmFyY2gucGFnaW5n X21vZGUsIDEpOwotCi0gICAgICAgICAgICAgICAgYW1kX2lvbW11X2ZsdXNo X2RldmljZShpb21tdSwgcmVxX2lkKTsKLSAgICAgICAgICAgICAgICBiZGYg Kz0gcGRldi0+cGhhbnRvbV9zdHJpZGU7Ci0gICAgICAgICAgICB9IHdoaWxl ICggUENJX0RFVkZOMihiZGYpICE9IHBkZXYtPmRldmZuICYmCi0gICAgICAg ICAgICAgICAgICAgICAgUENJX1NMT1QoYmRmKSA9PSBQQ0lfU0xPVChwZGV2 LT5kZXZmbikgKTsKLSAgICAgICAgICAgIHNwaW5fdW5sb2NrX2lycXJlc3Rv cmUoJmlvbW11LT5sb2NrLCBmbGFncyk7Ci0gICAgICAgIH0KLQotICAgICAg ICAvKiBGb3Igc2FmZXR5LCBpbnZhbGlkYXRlIGFsbCBlbnRyaWVzICovCi0g ICAgICAgIGFtZF9pb21tdV9mbHVzaF9hbGxfcGFnZXMoZCk7Ci0gICAgfQot ICAgIHJldHVybiAwOwotfQotCiBpbnQgYW1kX2lvbW11X21hcF9wYWdlKHN0 cnVjdCBkb21haW4gKmQsIGRmbl90IGRmbiwgbWZuX3QgbWZuLAogICAgICAg ICAgICAgICAgICAgICAgICB1bnNpZ25lZCBpbnQgZmxhZ3MsIHVuc2lnbmVk IGludCAqZmx1c2hfZmxhZ3MpCiB7CkBAIC01NzMsMjAgKzQ3OSw2IEBAIGlu dCBhbWRfaW9tbXVfbWFwX3BhZ2Uoc3RydWN0IGRvbWFpbiAqZCwgZGZuX3Qg ZGZuLCBtZm5fdCBtZm4sCiAgICAgICAgIHJldHVybiByYzsKICAgICB9CiAK LSAgICAvKiBTaW5jZSBIVk0gZG9tYWluIGlzIGluaXRpYWxpemVkIHdpdGgg MiBsZXZlbCBJTyBwYWdlIHRhYmxlLAotICAgICAqIHdlIG1pZ2h0IG5lZWQg YSBkZWVwZXIgcGFnZSB0YWJsZSBmb3Igd2lkZXIgZGZuIG5vdyAqLwotICAg IGlmICggaXNfaHZtX2RvbWFpbihkKSApCi0gICAgewotICAgICAgICBpZiAo IHVwZGF0ZV9wYWdpbmdfbW9kZShkLCBkZm5feChkZm4pKSApCi0gICAgICAg IHsKLSAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZoZC0+YXJjaC5tYXBwaW5n X2xvY2spOwotICAgICAgICAgICAgQU1EX0lPTU1VX0RFQlVHKCJVcGRhdGUg cGFnZSBtb2RlIGZhaWxlZCBkZm4gPSAlIlBSSV9kZm4iXG4iLAotICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGRmbl94KGRmbikpOwotICAgICAgICAg ICAgZG9tYWluX2NyYXNoKGQpOwotICAgICAgICAgICAgcmV0dXJuIC1FRkFV TFQ7Ci0gICAgICAgIH0KLSAgICB9Ci0KICAgICBpZiAoIGlvbW11X3BkZV9m cm9tX2RmbihkLCBkZm5feChkZm4pLCBwdF9tZm4sIHRydWUpIHx8IChwdF9t Zm5bMV0gPT0gMCkgKQogICAgIHsKICAgICAgICAgc3Bpbl91bmxvY2soJmhk LT5hcmNoLm1hcHBpbmdfbG9jayk7CmRpZmYgLS1naXQgYS94ZW4vZHJpdmVy cy9wYXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jIGIveGVuL2RyaXZl cnMvcGFzc3Rocm91Z2gvYW1kL3BjaV9hbWRfaW9tbXUuYwppbmRleCAxNWMx M2UxMTYzLi41N2RjMmM1ZjIwIDEwMDY0NAotLS0gYS94ZW4vZHJpdmVycy9w YXNzdGhyb3VnaC9hbWQvcGNpX2FtZF9pb21tdS5jCisrKyBiL3hlbi9kcml2 ZXJzL3Bhc3N0aHJvdWdoL2FtZC9wY2lfYW1kX2lvbW11LmMKQEAgLTI0Miwx MCArMjQyLDE3IEBAIHN0YXRpYyBpbnQgYW1kX2lvbW11X2RvbWFpbl9pbml0 KHN0cnVjdCBkb21haW4gKmQpCiB7CiAgICAgc3RydWN0IGRvbWFpbl9pb21t dSAqaGQgPSBkb21faW9tbXUoZCk7CiAKLSAgICAvKiBGb3IgcHYgYW5kIGRv bTAsIHN0aWNrIHdpdGggZ2V0X3BhZ2luZ19tb2RlKG1heF9wYWdlKQotICAg ICAqIEZvciBIVk0gZG9tMCwgdXNlIDIgbGV2ZWwgcGFnZSB0YWJsZSBhdCBm aXJzdCAqLwotICAgIGhkLT5hcmNoLnBhZ2luZ19tb2RlID0gaXNfaHZtX2Rv bWFpbihkKSA/Ci0gICAgICAgIDIgOiBhbWRfaW9tbXVfZ2V0X3BhZ2luZ19t b2RlKG1heF9wYWdlKTsKKyAgICAvKgorICAgICAqIENob29zZSB0aGUgbnVt YmVyIG9mIGxldmVscyBmb3IgdGhlIElPTU1VIHBhZ2UgdGFibGVzLgorICAg ICAqIC0gUFYgbmVlZHMgMyBvciA0LCBkZXBlbmRpbmcgb24gd2hldGhlciB0 aGVyZSBpcyBSQU0gKGluY2x1ZGluZyBob3RwbHVnCisgICAgICogICBSQU0p IGFib3ZlIHRoZSA1MTJHIGJvdW5kYXJ5LgorICAgICAqIC0gSFZNIGNvdWxk IGluIHByaW5jaXBsZSB1c2UgMyBvciA0IGRlcGVuZGluZyBvbiBob3cgbXVj aCBndWVzdAorICAgICAqICAgcGh5c2ljYWwgYWRkcmVzcyBzcGFjZSB3ZSBn aXZlIGl0LCBidXQgdGhpcyBpc24ndCBrbm93biB5ZXQgc28gdXNlIDQKKyAg ICAgKiAgIHVuaWxhdGVyYWxseS4KKyAgICAgKi8KKyAgICBoZC0+YXJjaC5w YWdpbmdfbW9kZSA9IGlzX2h2bV9kb21haW4oZCkKKyAgICAgICAgPyA0IDog YW1kX2lvbW11X2dldF9wYWdpbmdfbW9kZShnZXRfdXBwZXJfbWZuX2JvdW5k KCkpOworCiAgICAgcmV0dXJuIDA7CiB9CiAK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Dec 11 12:10:07 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 11 Dec 2019 12:10:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0o2-0005PR-Qt; Wed, 11 Dec 2019 12:09:26 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0o1-0005PE-Av for xen-announce@lists.xen.org; Wed, 11 Dec 2019 12:09:25 +0000 X-Inumbo-ID: 11dbc626-1c0f-11ea-a1e1-bc764e2007e4 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 11dbc626-1c0f-11ea-a1e1-bc764e2007e4; Wed, 11 Dec 2019 12:09:23 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1if0nu-0008Qx-Ka; Wed, 11 Dec 2019 12:09:18 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1if0nu-0001Zr-J5; Wed, 11 Dec 2019 12:09:18 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 11 Dec 2019 12:09:18 +0000 Subject: [Xen-announce] Xen Security Advisory 309 v3 (CVE-2019-19578) - Linear pagetable use / entry miscounts X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19578 / XSA-309 version 3 Linear pagetable use / entry miscounts UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. IMPACT ====== A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. MITIGATION ========== If you don't have any guests which need linear pagetables, you can disable the feature by adding pv-linear-pt=false to your Xen command-line. NetBSD is known to use linear pagetables; Linux and MiniOS are known not to use linear pagetables. CREDITS ======= This issue was discovered by Manuel Bouyer and diagnosed as a security issue by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa309.patch xen-unstable, Xen 4.13 - Xen 4.8 $ sha256sum xsa309* ddd00dfbc85bada4e4cee8a51b989e3138cc47c58992657054246bc95c8ae34d xsa309.meta 0e4b75f4416624de698f3ed619c28418917ab0a5c9663c1641804e1d0a0dec1b xsa309.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Deployment of the `pv-linear-pt=false` mitigation is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because someone may notice the feature going away, and armed with the knowledge of where the issue is, re-discover it. Deployment of the mitigation is permitted only AFTER the embargo ends. Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3FwMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZt+QIAL4wU2XUXRQZFk4uS9m4EYV3tlzOidJVcAOvr4pC x9O0rCRrUTnXvaqDj/X7fqPC4e/uHy4yPgg2gnRqb4y/jXJexPBkY/fsZJ64JdWJ Fo+0a9CK8IrlzhXFcxVff49kUC3Vv/X2FMa5mY07wfg3ww2qyh9rUiKSFEX4B8vV 6lfMbFZNyOiO2vm1RnQzUCRnUeHnLXmR22BIvwLX6496qoI/ubHDBOK8NX0RU81e N1wdKlOlfmX1SuXfYzKPcdulmKLHnxiVgxG5FAsaQ5At3luA0+WEn5scoBXG99uB e6EkbmDpLabceQufMPR7Bvad3uVSzg3qLe/NvW4bd4Fvzb0= =Td+m -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa309.meta" Content-Disposition: attachment; filename="xsa309.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzMDksCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIsCiAgICAiNC4xMSIs CiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiCiAgXSwKICAiVHJl ZXMiOiBbCiAgICAieGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4x MCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiZTQ4OTk1NTBmZjc4MzRlMWVhNWRmYmJm YjFjNjE4ZjY0ZTI0Nzc2MSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgKICAgICAgICAgIF0sCiAg ICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMwOS5wYXRj aCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAi NC4xMSI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsK ICAgICAgICAgICJTdGFibGVSZWYiOiAiMjM5ZDM3ZTUxNGM5M2UyOWQ1MGQ3 MWY3MzRiMWRjNDUzYjIyMzZhNiIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsK ICAgICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgKICAgICAgICAgIF0s CiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMwOS5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC4xMiI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6 IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiMjEyYjg1MDBjYjM5NGIzYTY2 NDY1NWY3OWNhMGJkY2IzMTI0NmZmNyIsCiAgICAgICAgICAiUHJlcmVxcyI6 IFsKICAgICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgKICAgICAgICAg IF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTMw OS5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0s CiAgICAiNC4xMyI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhl biI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZmQ5YmZhYmY2OWVhNTlm MjI4MGMxNzAzNTAwNzkzZmExNWU4MTk1NiIsCiAgICAgICAgICAiUHJlcmVx cyI6IFtdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4 c2EzMDkucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAg ICB9LAogICAgIjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAg InhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiYTI2MGU5M2RiNzk0 ZjU2MDUwMmU4OTg1OWFhZjExMWQxNzhlODBlNCIsCiAgICAgICAgICAiUHJl cmVxcyI6IFsKICAgICAgICAgICAgMzA3LAogICAgICAgICAgICAzMDgKICAg ICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAg InhzYTMwOS5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0K ICAgIH0sCiAgICAiNC45IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAg ICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI4ZDFlZTlmMmM0 NzNmZWM1NGI1MDE4YzAxYWQ1NTZkN2FmZDYyYzE3IiwKICAgICAgICAgICJQ cmVyZXFzIjogWwogICAgICAgICAgICAzMDcsCiAgICAgICAgICAgIDMwOAog ICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAg ICAieHNhMzA5LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAg fQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAgICJSZWNpcGVzIjogewog ICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImI3M2Fh ZDRjOGI2YTc2N2NlMTVjYzhjYjY1ZjllZWFiN2JmY2NkYWUiLAogICAgICAg ICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDMwNywKICAgICAgICAgICAg MzA4CiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAg ICAgICAgICJ4c2EzMDkucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQog ICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa309.patch" Content-Disposition: attachment; filename="xsa309.patch" Content-Transfer-Encoding: base64 RnJvbSA1MjNlMzk3NGVkMjIxMzcxOWExOTIxOGY1YjI0NmUzODJjZWVmMThh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBHZW9yZ2UgRHVubGFw IDxnZW9yZ2UuZHVubGFwQGNpdHJpeC5jb20+CkRhdGU6IFdlZCwgMzAgT2N0 IDIwMTkgMTc6MDU6MjggKzAwMDAKU3ViamVjdDogW1BBVENIXSB4ODYvbW06 IERvbid0IHJlc2V0IGxpbmVhcl9wdF9jb3VudCBvbiBwYXJ0aWFsIHZhbGlk YXRpb24KCiJMaW5lYXIgcGFnZXRhYmxlcyIgaXMgYSB0ZWNobmlxdWUgd2hp Y2ggaW52b2x2ZXMgZWl0aGVyIHBvaW50aW5nIGEKcGFnZXRhYmxlIGF0IGl0 c2VsZiwgb3IgdG8gYW5vdGhlciBwYWdldGFibGUgdGhlIHNhbWUgb3IgaGln aGVyIGxldmVsLgpYZW4gaGFzIGxpbWl0ZWQgc3VwcG9ydCBmb3IgbGluZWFy IHBhZ2V0YWJsZXM6IEEgcGFnZSBtYXkgZWl0aGVyIHBvaW50CnRvIGl0c2Vs Ziwgb3IgcG9pbnQgdG8gYW5vdGhlciBwYWdlIG9mIHRoZSBzYW1lIGxldmVs IChpLmUuLCBMMiB0byBMMiwKTDMgdG8gTDMsIGFuZCBzbyBvbikuCgpYU0Et MjQwIGludHJvZHVjZWQgYW4gYWRkaXRpb25hbCByZXN0cmljdGlvbiB0aGF0 IGxpbWl0ZWQgdGhlICJkZXB0aCIKb2Ygc3VjaCBjaGFpbnMgYnkgYWxsb3dp bmcgcGFnZXMgdG8gZWl0aGVyICpwb2ludCB0byogb3RoZXIgcGFnZXMgb2YK dGhlIHNhbWUgbGV2ZWwsIG9yICpiZSBwb2ludGVkIHRvKiBieSBvdGhlciBw YWdlcyBvZiB0aGUgc2FtZSBsZXZlbCwKYnV0IG5vdCBib3RoLiAgVG8gaW1w bGVtZW50IHRoaXMsIHdlIGtlZXAgdHJhY2sgb2YgdGhlIG51bWJlciBvZgpv dXRzdGFuZGluZyB0aW1lcyBhIHBhZ2UgcG9pbnRzIHRvIG9yIGlzIHBvaW50 ZWQgdG8gYW5vdGhlciBwYWdlCnRhYmxlLCB0byBwcmV2ZW50IGJvdGggZnJv bSBoYXBwZW5pbmcgYXQgdGhlIHNhbWUgdGltZS4KClVuZm9ydHVuYXRlbHks IHRoZSBvcmlnaW5hbCBjb21taXQgaW50cm9kdWNpbmcgdGhpcyByZXNldCB0 aGlzIGNvdW50CndoZW4gcmVzdW1pbmcgdmFsaWRhdGlvbiBvZiBhIHBhcnRp YWxseS12YWxpZGF0ZWQgcGFnZXRhYmxlLCBkcm9wcGluZwpzb21lICJsaW5l YXJfcHRfZW50cnkiIGNvdW50cy4KCk9uIGRlYnVnIGJ1aWxkcyBvbiBzeXN0 ZW1zIHdoZXJlIGd1ZXN0cyB1c2VkIHRoaXMgZmVhdHVyZSwgdGhpcyBtaWdo dApsZWFkIHRvIGNyYXNoZXMgdGhhdCBsb29rIGxpa2UgdGhpczoKCiAgICBB c3NlcnRpb24gJ29jID4gMCcgZmFpbGVkIGF0IG1tLmM6ODc0CgpXb3JzZSwg aWYgYW4gYXR0YWNrZXIgY291bGQgZW5naW5lZXIgc3VjaCBhIHNpdHVhdGlv biB0byBvY2N1ciwgdGhleQptaWdodCBiZSBhYmxlIHRvIG1ha2UgbG9vcHMg b3Igb3RoZXIgYWJpdHJhcnkgY2hhaW5zIG9mIGxpbmVhcgpwYWdldGFibGVz LCBsZWFkaW5nIHRvIHRoZSBkZW5pYWwtb2Ytc2VydmljZSBzaXR1YXRpb24g b3V0bGluZWQgaW4KWFNBLTI0MC4KClRoaXMgaXMgWFNBLTMwOS4KClJlcG9y dGVkLWJ5OiBNYW51ZWwgQm91eWVyIDxib3V5ZXJAYW50aW9jaGUuZXUub3Jn PgpTaWduZWQtb2ZmLWJ5OiBHZW9yZ2UgRHVubGFwIDxnZW9yZ2UuZHVubGFw QGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+Ci0tLQogeGVuL2FyY2gveDg2L21tLmMgfCAyICstCiAx IGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKyksIDEgZGVsZXRpb24oLSkK CmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvbW0uYyBiL3hlbi9hcmNoL3g4 Ni9tbS5jCmluZGV4IDdkNGRkODBhODUuLjAxMzkzZmIwZGEgMTAwNjQ0Ci0t LSBhL3hlbi9hcmNoL3g4Ni9tbS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS5j CkBAIC0zMDU5LDggKzMwNTksOCBAQCBzdGF0aWMgaW50IF9nZXRfcGFnZV90 eXBlKHN0cnVjdCBwYWdlX2luZm8gKnBhZ2UsIHVuc2lnbmVkIGxvbmcgdHlw ZSwKICAgICAgICAgewogICAgICAgICAgICAgcGFnZS0+bnJfdmFsaWRhdGVk X3B0ZXMgPSAwOwogICAgICAgICAgICAgcGFnZS0+cGFydGlhbF9mbGFncyA9 IDA7CisgICAgICAgICAgICBwYWdlLT5saW5lYXJfcHRfY291bnQgPSAwOwog ICAgICAgICB9Ci0gICAgICAgIHBhZ2UtPmxpbmVhcl9wdF9jb3VudCA9IDA7 CiAgICAgICAgIHJjID0gYWxsb2NfcGFnZV90eXBlKHBhZ2UsIHR5cGUsIHBy ZWVtcHRpYmxlKTsKICAgICB9CiAKLS0gCjIuMjQuMAoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Dec 16 11:46:52 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 16 Dec 2019 11:46:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1igopA-00073k-JU; Mon, 16 Dec 2019 11:46:04 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1igop8-00073f-VF for xen-announce@lists.xenproject.org; Mon, 16 Dec 2019 11:46:02 +0000 X-Inumbo-ID: 904c8eee-1ff9-11ea-88e7-bc764e2007e4 Received: from mx1.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 904c8eee-1ff9-11ea-88e7-bc764e2007e4; Mon, 16 Dec 2019 11:45:32 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 4F36DAD5F; Mon, 16 Dec 2019 11:45:31 +0000 (UTC) From: Juergen Gross To: xen-users , xen-devel , xen-announce@lists.xenproject.org Message-ID: <7f9da449-4405-0d64-4327-dca1ae783c3f@suse.com> Date: Mon, 16 Dec 2019 12:45:30 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 Content-Language: en-US Subject: [Xen-announce] Xen 4.13 RC5 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" SGkgYWxsLAoKWGVuIDQuMTMgcmM1IGlzIHRhZ2dlZC4gWW91IGNhbiBjaGVjayB0aGF0IG91dCBm cm9tIHhlbi5naXQ6CgpnaXQ6Ly94ZW5iaXRzLnhlbi5vcmcveGVuLmdpdCA0LjEzLjAtcmM1CgpG b3IgeW91ciBjb252ZW5pZW5jZSB0aGVyZSBpcyBhbHNvIGEgdGFyYmFsbCBhdDoKaHR0cHM6Ly9k b3dubG9hZHMueGVucHJvamVjdC5vcmcvcmVsZWFzZS94ZW4vNC4xMy4wLXJjNS94ZW4tNC4xMy4w LXJjNS50YXIuZ3oKCkFuZCB0aGUgc2lnbmF0dXJlIGlzIGF0OgpodHRwczovL2Rvd25sb2Fkcy54 ZW5wcm9qZWN0Lm9yZy9yZWxlYXNlL3hlbi80LjEzLjAtcmM1L3hlbi00LjEzLjAtcmM1LnRhci5n ei5zaWcKClBsZWFzZSBzZW5kIGJ1ZyByZXBvcnRzIGFuZCB0ZXN0IHJlcG9ydHMgdG8geGVuLWRl dmVsQGxpc3RzLnhlbnByb2plY3Qub3JnLgpXaGVuIHNlbmRpbmcgYnVnIHJlcG9ydHMsIHBsZWFz ZSBDQyByZWxldmFudCBtYWludGFpbmVycyBhbmQgbWUKKGpncm9zc0BzdXNlLmNvbSkuCgpUaGlz IHdpbGwgcHJvYmFibHkgdGhlIGZpbmFsIFJDIG9mIDQuMTMgYmVmb3JlIHRoZSByZWxlYXNlIG9m IFhlbiA0LjEzLgoKCkp1ZXJnZW4KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fClhlbi1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKWGVuLWFubm91bmNlQGxpc3Rz LnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1hbi9saXN0 aW5mby94ZW4tYW5ub3VuY2U= From xen-announce-bounces@lists.xenproject.org Wed Dec 18 17:00:58 2019 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 18 Dec 2019 17:00:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihcgF-0001Hh-Dk; Wed, 18 Dec 2019 17:00:11 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihcgD-0001Hc-Fx for xen-announce@lists.xenproject.org; Wed, 18 Dec 2019 17:00:09 +0000 X-Inumbo-ID: d5d3c4ff-21b7-11ea-90cb-12813bfff9fa Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id d5d3c4ff-21b7-11ea-90cb-12813bfff9fa; Wed, 18 Dec 2019 17:00:05 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 5DF29AB92; Wed, 18 Dec 2019 17:00:04 +0000 (UTC) From: Juergen Gross To: xen-users , xen-devel , xen-announce@lists.xenproject.org Message-ID: Date: Wed, 18 Dec 2019 18:00:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 Content-Language: en-US Subject: [Xen-announce] [ANNOUNCEMENT] Xen 4.13 is released X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" RGVhciBjb21tdW5pdHkgbWVtYmVycywKCkknbSBwbGVhc2VkIHRvIGFubm91bmNlIHRoYXQgWGVu IDQuMTMuMCBpcyByZWxlYXNlZC4KClBsZWFzZSBmaW5kIHRoZSB0YXJiYWxsIGFuZCBpdHMgc2ln bmF0dXJlIGF0OgoKICAgaHR0cHM6Ly9kb3dubG9hZHMueGVucHJvamVjdC5vcmcvcmVsZWFzZS94 ZW4vNC4xMy4wLwoKWW91IGNhbiBhbHNvIGNoZWNrIG91dCB0aGUgdGFnIGluIHhlbi5naXQ6Cgog ICBodHRwczovL3hlbmJpdHMueGVuLm9yZy9naXQtaHR0cC94ZW4uZ2l0IFJFTEVBU0UtNC4xMy4w CgpHaXQgY2hlY2tvdXQgYW5kIGJ1aWxkIGluc3RydWN0aW9ucyBjYW4gYmUgZm91bmQgYXQ6Cgpo dHRwczovL3dpa2kueGVucHJvamVjdC5vcmcvd2lraS9YZW5fUHJvamVjdF80LjEzX1JlbGVhc2Vf Tm90ZXMjQnVpbGRfUmVxdWlyZW1lbnRzCgpSZWxlYXNlIG5vdGVzIGNhbiBiZSBmb3VuZCBhdDoK CiAgIGh0dHBzOi8vd2lraS54ZW5wcm9qZWN0Lm9yZy93aWtpL1hlbl9Qcm9qZWN0XzQuMTNfUmVs ZWFzZV9Ob3RlcwoKQSBzdW1tYXJ5IGZvciA0LjEzIHJlbGVhc2UgZG9jdW1lbnRzIGNhbiBiZSBm b3VuZCBhdDoKCiAgIGh0dHBzOi8vd2lraS54ZW5wcm9qZWN0Lm9yZy93aWtpL0NhdGVnb3J5Olhl bl80LjEzCgpUZWNobmljYWwgYmxvZyBwb3N0IGZvciA0LjEzIGNhbiBiZSBmb3VuZCBhdDoKCiAg IGh0dHBzOi8veGVucHJvamVjdC5vcmcvMjAxOS8xMi8xOC93aGF0cy1uZXctaW4teGVuLTQtMTMv CgpUaGFua3MgZXZlcnlvbmUgd2hvIGNvbnRyaWJ1dGVkIHRvIHRoaXMgcmVsZWFzZS4gVGhpcyBy ZWxlYXNlIHdvdWxkCm5vdCBoYXZlIGhhcHBlbmVkIHdpdGhvdXQgYWxsIHRoZSBhd2Vzb21lIGNv bnRyaWJ1dGlvbnMgZnJvbSBhcm91bmQKdGhlIGdsb2JlLgoKUmVnYXJkcywKCkp1ZXJnZW4gR3Jv c3MgKG9uIGJlaGFsZiBvZiB0aGUgWGVuIFByb2plY3QgSHlwZXJ2aXNvciB0ZWFtKQoKX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91bmNlIG1h aWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6Ly9saXN0 cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ==