From xen-announce-bounces@lists.xenproject.org Mon Mar 01 14:49:30 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 01 Mar 2021 14:49:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.91561.173006 (Exim 4.92) (envelope-from ) id 1lGjr1-00074R-2U; Mon, 01 Mar 2021 14:48:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 91561.173006; Mon, 01 Mar 2021 14:48:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lGjr0-00073C-UI; Mon, 01 Mar 2021 14:48:58 +0000 Received: by outflank-mailman (input) for mailman id 91561; Mon, 01 Mar 2021 14:47:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lGjq0-0006rX-DD for xen-announce@lists.xenproject.org; Mon, 01 Mar 2021 14:47:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lGjq0-0001oH-Ag for xen-announce@lists.xenproject.org; Mon, 01 Mar 2021 14:47:56 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1lGjq0-0002UC-8a for xen-announce@lists.xenproject.org; Mon, 01 Mar 2021 14:47:56 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1lGjpy-0004Y6-7q; Mon, 01 Mar 2021 14:47:54 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=Subject:CC:To:Date:Message-ID: Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=M2WkUt006XUcXBS6ZdOOEsbGxq1SqeHeM11823JqgI8=; b=kFRgc5LrT+BP3gRzUXXbt3hJrw baC5bWRo0GuB8vdg+SLGBNPZrKPRyRNeYq5mIx2QMpHGddZW4hiGa13Z+sVGJ8oCc33hF2I14i2LM erQt4YNkEW7VD1S47UtLU7t2vwGWX4dMSc/tabgecGU9a+OGsPi1d41DC7c4Ph3uYQLg=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24636.65178.20011.678957@mariner.uk.xensource.com> Date: Mon, 1 Mar 2021 14:47:54 +0000 To: xen-announce@lists.xenproject.org CC: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Xen 4.15 RC1 X-Mailer: VM 8.2.0b under 24.5.1 (i686-pc-linux-gnu) Xen 4.15 RC1 is now available. It is available from git: git clone https://xenbits.xenproject.org/git-http/xen.git -b 4.15.0-rc1 For your convenience a tarball is available: https://downloads.xenproject.org/release/xen/4.15.0-rc1/xen-4.15.0-rc1.tar.gz https://downloads.xenproject.org/release/xen/4.15.0-rc1/xen-4.15.0-rc1.tar.gz.sig Please send bug reports and test reports to xen-devel@lists.xenproject.org. When sending bug reports, please CC relevant maintainers and me (iwj@xenproject.org). We will have Xen Test Days from RC2 onwards. Ian. From xen-announce-bounces@lists.xenproject.org Thu Mar 04 10:40:21 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Mar 2021 10:40:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.93102.175749 (Exim 4.92) (envelope-from ) id 1lHlOg-00066M-RU; Thu, 04 Mar 2021 10:39:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 93102.175749; Thu, 04 Mar 2021 10:39:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHlOg-00066F-NN; Thu, 04 Mar 2021 10:39:58 +0000 Received: by outflank-mailman (input) for mailman id 93102; Thu, 04 Mar 2021 10:39:56 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHlOe-00065n-Qa for xen-announce@lists.xen.org; Thu, 04 Mar 2021 10:39:56 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 371d9cdb-5c63-454a-9f7f-84cd4103e0dc; Thu, 04 Mar 2021 10:39:51 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHlOS-0000bP-VK; Thu, 04 Mar 2021 10:39:44 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lHlOS-0000Se-RY; Thu, 04 Mar 2021 10:39:44 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 371d9cdb-5c63-454a-9f7f-84cd4103e0dc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=my0l2403/dVXAUYLCcMAG2vIG582kdfMfEvrO9lUiLo=; b=v9RdhD+AJ/fpTm0ck/gSTXVE/S yPUcPnw0xBszoN8OQaV+Twztk3899MbFf0NZ3n2hK1fRVmadGWHaw3SbVd1lq9OZ7EprB8jF+C2HA PadLCN5HWot1YqOfN2AxT26NWyCiiscF+MjULXNcjFIKi1jflXsfZrBNQ4mEytaNvw4s=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 367 v1 - Linux: netback fails to honor grant mapping errors Message-Id: Date: Thu, 04 Mar 2021 10:39:44 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-367 Linux: netback fails to honor grant mapping errors ISSUE DESCRIPTION ================= XSA-362 tried to address issues here, but in the case of the netback driver the changes were insufficient: It left the relevant function invocation with, effectively, no error handling at all. As a result, memory allocation failures there could still lead to frontend-induced crashes of the backend. IMPACT ====== A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS). VULNERABLE SYSTEMS ================== Linux versions from at least 2.6.39 onwards are vulnerable, when run in PV mode. Earlier versions differ significantly in behavior and may therefore instead surface other issues under the same conditions. Linux run in HVM / PVH modes is not vulnerable. MITIGATION ========== For Linux, running the backends in HVM or PVH domains will avoid the vulnerability. For example, by running the dom0 in PVH mode. In all other cases there is no known mitigation. RESOLUTION ========== Applying the attached patch resolves this issue. xsa367-linux.patch Linux 5.12-rc $ sha256sum xsa367* b0244bfddee91cd7986172893e70664b74e698c5d44f25865870f179f80f9a92 xsa367-linux.patch $ CREDITS ======= This issue was reported by Intel's kernel test robot and recognized as a security issue by Jan Beulich of SUSE. NOTE REGARDING LACK OF EMBARGO ============================== This issue was reported publicly, before the XSA could be issued. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBAuOYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZUCAH/1zw5d2l1R3k+nvJ659plwOYDe8Cmh4GeJ02PoUv fC/5efe7l/tXEmfg4rg5WiY8JZqQGeGmhwiOs8bI/8c5IXucaPOM1wDUaHUMkWTA tl/P/tbDamzd1/dSK4DdILTApibU+M/nmUn0sBBYpu53VUbeyXq2EAtjmliKgCG9 Oo4PW4ys5ro+hwrPtYdLD1ktIN64+C+TqkKUdJset7po5sWX4nV1Cwp/4oKaNyeF Alh495TUCnhgc8gnXUgXhmxWKp3Iag/tHjmtu34mT5HHZdBrNBShFKhHSP5bJHE2 CxYD1b/KbkRiLPOgZXNec+ikDQT4bTCeVLpnWvOXQ1FTXR4= =hY2s -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa367-linux.patch" Content-Disposition: attachment; filename="xsa367-linux.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBYZW4vZ250dGFiOiBoYW5kbGUgcDJtIHVwZGF0ZSBlcnJvcnMgb24gYSBw ZXItc2xvdCBiYXNpcwoKQmFpbGluZyBpbW1lZGlhdGVseSBmcm9tIHNldF9m b3JlaWduX3AybV9tYXBwaW5nKCkgdXBvbiBhIHAybSB1cGRhdGluZwplcnJv ciBsZWF2ZXMgdGhlIGZ1bGwgYmF0Y2ggaW4gYW4gYW1iaWd1b3VzIHN0YXRl IGFzIGZhciBhcyB0aGUgY2FsbGVyCmlzIGNvbmNlcm5lZC4gSW5zdGVhZCBm bGFncyByZXNwZWN0aXZlIHNsb3RzIGFzIGJhZCwgdW5tYXBwaW5nIHdoYXQK d2FzIG1hcHBlZCB0aGVyZSByaWdodCBhd2F5LgoKSFlQRVJWSVNPUl9ncmFu dF90YWJsZV9vcCgpJ3MgcmV0dXJuIHZhbHVlIGFuZCB0aGUgaW5kaXZpZHVh bCB1bm1hcApzbG90cycgc3RhdHVzIGZpZWxkcyBnZXQgdXNlZCBvbmx5IGZv ciBhIG9uZS10aW1lIC0gdGhlcmUncyBub3QgbXVjaCB3ZQpjYW4gZG8gaW4g Y2FzZSBvZiBhIGZhaWx1cmUuCgpOb3RlIHRoYXQgdGhlcmUncyBubyBHTlRT VF9lbm9tZW0gb3IgYWxpa2UsIHNvIEdOVFNUX2dlbmVyYWxfZXJyb3IgZ2V0 cwp1c2VkLgoKVGhlIG1hcCBvcHMnIGhhbmRsZSBmaWVsZHMgZ2V0IG92ZXJ3 cml0dGVuIGp1c3QgdG8gYmUgb24gdGhlIHNhZmUgc2lkZS4KClRoaXMgaXMg WFNBLTM2Ny4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9z c0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IFdlaSBMaXUgPHdlaS5saXVAa2Vy bmVsLm9yZz4KLS0tCnYyOiBMb2cgbWVzc2FnZS4gSW52YWxpZGF0ZSBtYXAg b3BzJyBoYW5kbGVzLgoKLS0tIGEvYXJjaC9hcm0veGVuL3AybS5jCisrKyBi L2FyY2gvYXJtL3hlbi9wMm0uYwpAQCAtOTMsMTIgKzkzLDM5IEBAIGludCBz ZXRfZm9yZWlnbl9wMm1fbWFwcGluZyhzdHJ1Y3QgZ250dGEKIAlpbnQgaTsK IAogCWZvciAoaSA9IDA7IGkgPCBjb3VudDsgaSsrKSB7CisJCXN0cnVjdCBn bnR0YWJfdW5tYXBfZ3JhbnRfcmVmIHVubWFwOworCQlpbnQgcmM7CisKIAkJ aWYgKG1hcF9vcHNbaV0uc3RhdHVzKQogCQkJY29udGludWU7Ci0JCWlmICh1 bmxpa2VseSghc2V0X3BoeXNfdG9fbWFjaGluZShtYXBfb3BzW2ldLmhvc3Rf YWRkciA+PiBYRU5fUEFHRV9TSElGVCwKLQkJCQkgICAgbWFwX29wc1tpXS5k ZXZfYnVzX2FkZHIgPj4gWEVOX1BBR0VfU0hJRlQpKSkgewotCQkJcmV0dXJu IC1FTk9NRU07Ci0JCX0KKwkJaWYgKGxpa2VseShzZXRfcGh5c190b19tYWNo aW5lKG1hcF9vcHNbaV0uaG9zdF9hZGRyID4+IFhFTl9QQUdFX1NISUZULAor CQkJCSAgICBtYXBfb3BzW2ldLmRldl9idXNfYWRkciA+PiBYRU5fUEFHRV9T SElGVCkpKQorCQkJY29udGludWU7CisKKwkJLyoKKwkJICogU2lnbmFsIGFu IGVycm9yIGZvciB0aGlzIHNsb3QuIFRoaXMgaW4gdHVybiByZXF1aXJlcwor CQkgKiBpbW1lZGlhdGUgdW5tYXBwaW5nLgorCQkgKi8KKwkJbWFwX29wc1tp XS5zdGF0dXMgPSBHTlRTVF9nZW5lcmFsX2Vycm9yOworCQl1bm1hcC5ob3N0 X2FkZHIgPSBtYXBfb3BzW2ldLmhvc3RfYWRkciwKKwkJdW5tYXAuaGFuZGxl ID0gbWFwX29wc1tpXS5oYW5kbGU7CisJCW1hcF9vcHNbaV0uaGFuZGxlID0g fjA7CisJCWlmIChtYXBfb3BzW2ldLmZsYWdzICYgR05UTUFQX2RldmljZV9t YXApCisJCQl1bm1hcC5kZXZfYnVzX2FkZHIgPSBtYXBfb3BzW2ldLmRldl9i dXNfYWRkcjsKKwkJZWxzZQorCQkJdW5tYXAuZGV2X2J1c19hZGRyID0gMDsK KworCQkvKgorCQkgKiBQcmUtcG9wdWxhdGUgdGhlIHN0YXR1cyBmaWVsZCwg dG8gYmUgcmVjb2duaXphYmxlIGluCisJCSAqIHRoZSBsb2cgbWVzc2FnZSBi ZWxvdy4KKwkJICovCisJCXVubWFwLnN0YXR1cyA9IDE7CisKKwkJcmMgPSBI WVBFUlZJU09SX2dyYW50X3RhYmxlX29wKEdOVFRBQk9QX3VubWFwX2dyYW50 X3JlZiwKKwkJCQkJICAgICAgICZ1bm1hcCwgMSk7CisJCWlmIChyYyB8fCB1 bm1hcC5zdGF0dXMgIT0gR05UU1Rfb2theSkKKwkJCXByX2Vycl9vbmNlKCJn bnR0YWIgdW5tYXAgZmFpbGVkOiByYz0lZCBzdD0lZFxuIiwKKwkJCQkgICAg cmMsIHVubWFwLnN0YXR1cyk7CiAJfQogCiAJcmV0dXJuIDA7Ci0tLSBhL2Fy Y2gveDg2L3hlbi9wMm0uYworKysgYi9hcmNoL3g4Ni94ZW4vcDJtLmMKQEAg LTcxMCw2ICs3MTAsOCBAQCBpbnQgc2V0X2ZvcmVpZ25fcDJtX21hcHBpbmco c3RydWN0IGdudHRhCiAKIAlmb3IgKGkgPSAwOyBpIDwgY291bnQ7IGkrKykg ewogCQl1bnNpZ25lZCBsb25nIG1mbiwgcGZuOworCQlzdHJ1Y3QgZ250dGFi X3VubWFwX2dyYW50X3JlZiB1bm1hcFsyXTsKKwkJaW50IHJjOwogCiAJCS8q IERvIG5vdCBhZGQgdG8gb3ZlcnJpZGUgaWYgdGhlIG1hcCBmYWlsZWQuICov CiAJCWlmIChtYXBfb3BzW2ldLnN0YXR1cyAhPSBHTlRTVF9va2F5IHx8CkBA IC03MjcsMTAgKzcyOSw0NiBAQCBpbnQgc2V0X2ZvcmVpZ25fcDJtX21hcHBp bmcoc3RydWN0IGdudHRhCiAKIAkJV0FSTihwZm5fdG9fbWZuKHBmbikgIT0g SU5WQUxJRF9QMk1fRU5UUlksICJwYWdlIG11c3QgYmUgYmFsbG9vbmVkIik7 CiAKLQkJaWYgKHVubGlrZWx5KCFzZXRfcGh5c190b19tYWNoaW5lKHBmbiwg Rk9SRUlHTl9GUkFNRShtZm4pKSkpIHsKLQkJCXJldCA9IC1FTk9NRU07Ci0J CQlnb3RvIG91dDsKKwkJaWYgKGxpa2VseShzZXRfcGh5c190b19tYWNoaW5l KHBmbiwgRk9SRUlHTl9GUkFNRShtZm4pKSkpCisJCQljb250aW51ZTsKKwor CQkvKgorCQkgKiBTaWduYWwgYW4gZXJyb3IgZm9yIHRoaXMgc2xvdC4gVGhp cyBpbiB0dXJuIHJlcXVpcmVzCisJCSAqIGltbWVkaWF0ZSB1bm1hcHBpbmcu CisJCSAqLworCQltYXBfb3BzW2ldLnN0YXR1cyA9IEdOVFNUX2dlbmVyYWxf ZXJyb3I7CisJCXVubWFwWzBdLmhvc3RfYWRkciA9IG1hcF9vcHNbaV0uaG9z dF9hZGRyLAorCQl1bm1hcFswXS5oYW5kbGUgPSBtYXBfb3BzW2ldLmhhbmRs ZTsKKwkJbWFwX29wc1tpXS5oYW5kbGUgPSB+MDsKKwkJaWYgKG1hcF9vcHNb aV0uZmxhZ3MgJiBHTlRNQVBfZGV2aWNlX21hcCkKKwkJCXVubWFwWzBdLmRl dl9idXNfYWRkciA9IG1hcF9vcHNbaV0uZGV2X2J1c19hZGRyOworCQllbHNl CisJCQl1bm1hcFswXS5kZXZfYnVzX2FkZHIgPSAwOworCisJCWlmIChrbWFw X29wcykgeworCQkJa21hcF9vcHNbaV0uc3RhdHVzID0gR05UU1RfZ2VuZXJh bF9lcnJvcjsKKwkJCXVubWFwWzFdLmhvc3RfYWRkciA9IGttYXBfb3BzW2ld Lmhvc3RfYWRkciwKKwkJCXVubWFwWzFdLmhhbmRsZSA9IGttYXBfb3BzW2ld LmhhbmRsZTsKKwkJCWttYXBfb3BzW2ldLmhhbmRsZSA9IH4wOworCQkJaWYg KGttYXBfb3BzW2ldLmZsYWdzICYgR05UTUFQX2RldmljZV9tYXApCisJCQkJ dW5tYXBbMV0uZGV2X2J1c19hZGRyID0ga21hcF9vcHNbaV0uZGV2X2J1c19h ZGRyOworCQkJZWxzZQorCQkJCXVubWFwWzFdLmRldl9idXNfYWRkciA9IDA7 CiAJCX0KKworCQkvKgorCQkgKiBQcmUtcG9wdWxhdGUgYm90aCBzdGF0dXMg ZmllbGRzLCB0byBiZSByZWNvZ25pemFibGUgaW4KKwkJICogdGhlIGxvZyBt ZXNzYWdlIGJlbG93LgorCQkgKi8KKwkJdW5tYXBbMF0uc3RhdHVzID0gMTsK KwkJdW5tYXBbMV0uc3RhdHVzID0gMTsKKworCQlyYyA9IEhZUEVSVklTT1Jf Z3JhbnRfdGFibGVfb3AoR05UVEFCT1BfdW5tYXBfZ3JhbnRfcmVmLAorCQkJ CQkgICAgICAgdW5tYXAsIDEgKyAhIWttYXBfb3BzKTsKKwkJaWYgKHJjIHx8 IHVubWFwWzBdLnN0YXR1cyAhPSBHTlRTVF9va2F5IHx8CisJCSAgICB1bm1h cFsxXS5zdGF0dXMgIT0gR05UU1Rfb2theSkKKwkJCXByX2Vycl9vbmNlKCJn bnR0YWIgdW5tYXAgZmFpbGVkOiByYz0lZCBzdDA9JWQgc3QxPSVkXG4iLAor CQkJCSAgICByYywgdW5tYXBbMF0uc3RhdHVzLCB1bm1hcFsxXS5zdGF0dXMp OwogCX0KIAogb3V0Ogo= --=separator-- From xen-announce-bounces@lists.xenproject.org Thu Mar 04 10:58:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Mar 2021 10:58:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.93155.175820 (Exim 4.92) (envelope-from ) id 1lHlgU-0000F2-Q1; Thu, 04 Mar 2021 10:58:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 93155.175820; Thu, 04 Mar 2021 10:58:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHlgU-0000Ev-Mf; Thu, 04 Mar 2021 10:58:22 +0000 Received: by outflank-mailman (input) for mailman id 93155; Thu, 04 Mar 2021 10:58:22 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHlgU-0000EB-2d for xen-announce@lists.xen.org; Thu, 04 Mar 2021 10:58:22 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 49a6fae3-d2a5-4eaf-90f4-e1164d2812c4; Thu, 04 Mar 2021 10:58:16 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHlgJ-0000v8-Qb; Thu, 04 Mar 2021 10:58:11 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lHlgJ-0003KK-Ms; Thu, 04 Mar 2021 10:58:11 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 49a6fae3-d2a5-4eaf-90f4-e1164d2812c4 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=9//W9NVX0OPw4RURgTZOd9DdR5TW685wHuUJYEASpTA=; b=boeON9A0IU4UYFlMt57H2R5tPx /zVYJKzXqEuKmYwn5g27xheTjrHiRO7YohfblG50cUIzgFMEWZuZ4C+TcI8gI7lVcyEgwEjqhABvD /i3jb/HKsIJhHyIEyJYOs2bq1fkwoXwgEb6yw5fsoWM45/VARHeN7FfucR//kiIZ5nTs=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 369 v1 - Linux: special config may crash when trying to map foreign pages Message-Id: Date: Thu, 04 Mar 2021 10:58:11 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-369 Linux: special config may crash when trying to map foreign pages ISSUE DESCRIPTION ================= With CONFIG_XEN_BALLOON_MEMORY_HOTPLUG disabled and CONFIG_XEN_UNPOPULATED_ALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONE_DEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the initial memory size of the domain plus some padding at the end. Most ZONE_DEVICE allocated addresses will be outside the p2m range and thus a mapping can't be established with those memory addresses, resulting in a crash. The attack involves doing I/O requiring large amounts of data to be mapped by the Dom0 or driver domain. The amount of data needed to result in a crash can vary depending on the memory layout of the affected Dom0 or driver domain. IMPACT ====== A Dom0 or driver domain based on a Linux kernel (configured as described above) can be crashed by a malicious guest administrator, or possibly malicious unprivileged guest processes. VULNERABLE SYSTEMS ================== Only x86 paravirtualized (PV) Dom0 or driver domains are affected. Only Linux kernels configured *with* CONFIG_XEN_UNPOPULATED_ALLOC and *without* CONFIG_XEN_BALLOON_MEMORY_HOTPLUG are vulnerable. Only kernels from kernel version 5.9 onwards are affected. CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is enabled by default in upstream Linux when Xen support is enabled, so kernels using upstream default Kconfig are not affected. Most distribution kernels supporting Xen dom0 use are likewise not vulnerable. Arm systems or x86 PVH or x86 HVM driver domains are not affected. MITIGATION ========== There is no mitigation available. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa369-linux.patch Linux 5.9-stable - 5.12-rc $ sha256sum xsa369* 937df4f078a070cf47bdd718c6b8a042ec6bee255eedc422d833c2ae3dd561c7 xsa369-linux.patch $ CREDITS ======= This issue was discovered by Marek Marczykowski-Górecki of Invisible Things Lab. For patch: Reported-by: Marek Marczykowski-Górecki NOTE REGARDING LACK OF EMBARGO ============================== This was reported publicly multiple times, before the XSA could be issued. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBAvMQMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ5PoH/2EY28X1Fe+2RW5SrnAo2dZWLXeIrXQIXbsDCdlI GKhFChUhYHJP3wLhE4F7J5SAjl48ta/gtdpbpJWXsZSS+2KIdV/dDZ3ZA6cxWFAI DuVvqqt5O0xpF02bgTZrL1GUL8975L0O7cwtGmsIbPjVSF5UktuLS0Q1zRAiYvG9 l5Xu32nekxz2fGebMYrJTIPYNc8LOg3d+MIAE4W1u3Wj46S8yRJhyNQmsPQXZTEk nlTp0ed8ScAt7pIZn7dbnLz8zUAQ64h2yar0UBih51kd3Bss5E4PXsS0zlXlVNfk 046nBhbFfB3dgM49NlJ3oHhiZh6dN5LpMblmGK4Tb+FJqNE= =QwG+ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa369-linux.patch" Content-Disposition: attachment; filename="xsa369-linux.patch" Content-Transfer-Encoding: base64 RnJvbTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpTdWJqZWN0 OiB4ZW46IGZpeCBwMm0gc2l6ZSBpbiBkb20wIGZvciBkaXNhYmxlZCBtZW1v cnkgaG90cGx1ZyBjYXNlCgpTaW5jZSBjb21taXQgOWUyMzY5YzA2YzhhMTgg KCJ4ZW46IGFkZCBoZWxwZXJzIHRvIGFsbG9jYXRlIHVucG9wdWxhdGVkCm1l bW9yeSIpIGZvcmVpZ24gbWFwcGluZ3MgYXJlIHVzaW5nIGd1ZXN0IHBoeXNp Y2FsIGFkZHJlc3NlcyBhbGxvY2F0ZWQKdmlhIFpPTkVfREVWSUNFIGZ1bmN0 aW9uYWxpdHkuCgpUaGlzIHdpbGwgcmVzdWx0IGluIHByb2JsZW1zIGZvciB0 aGUgY2FzZSBvZiBubyBiYWxsb29uIG1lbW9yeSBob3RwbHVnCmJlaW5nIGNv bmZpZ3VyZWQsIGFzIHRoZSBwMm0gbGlzdCB3aWxsIG9ubHkgY292ZXIgdGhl IGluaXRpYWwgbWVtb3J5CnNpemUgb2YgdGhlIGRvbWFpbi4gQW55IFpPTkVf REVWSUNFIGFsbG9jYXRlZCBhZGRyZXNzIHdpbGwgYmUgb3V0c2lkZQp0aGUg cDJtIHJhbmdlIGFuZCB0aHVzIGEgbWFwcGluZyBjYW4ndCBiZSBlc3RhYmxp c2hlZCB3aXRoIHRoYXQgbWVtb3J5CmFkZHJlc3MuCgpGaXggdGhhdCBieSBl eHRlbmRpbmcgdGhlIHAybSBzaXplIGZvciB0aGF0IGNhc2UuIEF0IHRoZSBz YW1lIHRpbWUgYWRkCmEgY2hlY2sgZm9yIGEgdG8gYmUgY3JlYXRlZCBtYXBw aW5nIHRvIGJlIHdpdGhpbiB0aGUgcDJtIGxpbWl0cyBpbgpvcmRlciB0byBk ZXRlY3QgZXJyb3JzIGVhcmx5LgoKV2hpbGUgY2hhbmdpbmcgYSBjb21tZW50 LCByZW1vdmUgc29tZSAzMi1iaXQgbGVmdG92ZXJzLgoKVGhpcyBpcyBYU0Et MzY5LgoKRml4ZXM6IDllMjM2OWMwNmM4YTE4ICgieGVuOiBhZGQgaGVscGVy cyB0byBhbGxvY2F0ZSB1bnBvcHVsYXRlZCBtZW1vcnkiKQpDYzogPHN0YWJs ZUB2Z2VyLmtlcm5lbC5vcmc+ICMgNS45ClJlcG9ydGVkLWJ5OiBNYXJlayBN YXJjenlrb3dza2ktR8OzcmVja2kgPG1hcm1hcmVrQGludmlzaWJsZXRoaW5n c2xhYi5jb20+ClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9z c0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KU2lnbmVkLW9mZi1ieTogSnVlcmdlbiBHcm9zcyA8amdy b3NzQHN1c2UuY29tPgotLS0KIGFyY2gveDg2L2luY2x1ZGUvYXNtL3hlbi9w YWdlLmggfCAxMiArKysrKysrKysrKysKIGFyY2gveDg2L3hlbi9wMm0uYyAg ICAgICAgICAgICAgfCAxMCArKysrKystLS0tCiBhcmNoL3g4Ni94ZW4vc2V0 dXAuYyAgICAgICAgICAgIHwgMjUgKysrLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQogMyBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25zKCspLCAyNiBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9pbmNsdWRlL2FzbS94 ZW4vcGFnZS5oIGIvYXJjaC94ODYvaW5jbHVkZS9hc20veGVuL3BhZ2UuaApp bmRleCAxYTE2MmU1NTk3NTMuLjcwNjhlNGJiMDU3ZCAxMDA2NDQKLS0tIGEv YXJjaC94ODYvaW5jbHVkZS9hc20veGVuL3BhZ2UuaAorKysgYi9hcmNoL3g4 Ni9pbmNsdWRlL2FzbS94ZW4vcGFnZS5oCkBAIC04Niw2ICs4NiwxOCBAQCBj bGVhcl9mb3JlaWduX3AybV9tYXBwaW5nKHN0cnVjdCBnbnR0YWJfdW5tYXBf Z3JhbnRfcmVmICp1bm1hcF9vcHMsCiB9CiAjZW5kaWYKIAorLyoKKyAqIFRo ZSBtYXhpbXVtIGFtb3VudCBvZiBleHRyYSBtZW1vcnkgY29tcGFyZWQgdG8g dGhlIGJhc2Ugc2l6ZS4gIFRoZQorICogbWFpbiBzY2FsaW5nIGZhY3RvciBp cyB0aGUgc2l6ZSBvZiBzdHJ1Y3QgcGFnZS4gIEF0IGV4dHJlbWUgcmF0aW9z CisgKiBvZiBiYXNlOmV4dHJhLCBhbGwgdGhlIGJhc2UgbWVtb3J5IGNhbiBi ZSBmaWxsZWQgd2l0aCBwYWdlCisgKiBzdHJ1Y3R1cmVzIGZvciB0aGUgZXh0 cmEgbWVtb3J5LCBsZWF2aW5nIG5vIHNwYWNlIGZvciBhbnl0aGluZworICog ZWxzZS4KKyAqCisgKiAxMHggc2VlbXMgbGlrZSBhIHJlYXNvbmFibGUgYmFs YW5jZSBiZXR3ZWVuIHNjYWxpbmcgZmxleGliaWxpdHkgYW5kCisgKiBsZWF2 aW5nIGEgcHJhY3RpY2FsbHkgdXNhYmxlIHN5c3RlbS4KKyAqLworI2RlZmlu ZSBYRU5fRVhUUkFfTUVNX1JBVElPCSgxMCkKKwogLyoKICAqIEhlbHBlciBm dW5jdGlvbnMgdG8gd3JpdGUgb3IgcmVhZCB1bnNpZ25lZCBsb25nIHZhbHVl cyB0by9mcm9tCiAgKiBtZW1vcnksIHdoZW4gdGhlIGFjY2VzcyBtYXkgZmF1 bHQuCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni94ZW4vcDJtLmMgYi9hcmNoL3g4 Ni94ZW4vcDJtLmMKaW5kZXggOTU0NWI4ZGY1MzE1Li5lZDM1ODVlZWJjNGUg MTAwNjQ0Ci0tLSBhL2FyY2gveDg2L3hlbi9wMm0uYworKysgYi9hcmNoL3g4 Ni94ZW4vcDJtLmMKQEAgLTQxNiw2ICs0MTYsOSBAQCB2b2lkIF9faW5pdCB4 ZW5fdm1hbGxvY19wMm1fdHJlZSh2b2lkKQogCXhlbl9wMm1fbGFzdF9wZm4g PSB4ZW5fbWF4X3AybV9wZm47CiAKIAlwMm1fbGltaXQgPSAocGh5c19hZGRy X3QpUDJNX0xJTUlUICogMTAyNCAqIDEwMjQgKiAxMDI0IC8gUEFHRV9TSVpF OworCWlmICghcDJtX2xpbWl0ICYmIElTX0VOQUJMRUQoQ09ORklHX1hFTl9V TlBPUFVMQVRFRF9BTExPQykpCisJCXAybV9saW1pdCA9IHhlbl9zdGFydF9p bmZvLT5ucl9wYWdlcyAqIFhFTl9FWFRSQV9NRU1fUkFUSU87CisKIAl2bS5m bGFncyA9IFZNX0FMTE9DOwogCXZtLnNpemUgPSBBTElHTihzaXplb2YodW5z aWduZWQgbG9uZykgKiBtYXgoeGVuX21heF9wMm1fcGZuLCBwMm1fbGltaXQp LAogCQkJUE1EX1NJWkUgKiBQTURTX1BFUl9NSURfUEFHRSk7CkBAIC02NTIs MTAgKzY1NSw5IEBAIGJvb2wgX19zZXRfcGh5c190b19tYWNoaW5lKHVuc2ln bmVkIGxvbmcgcGZuLCB1bnNpZ25lZCBsb25nIG1mbikKIAlwdGVfdCAqcHRl cDsKIAl1bnNpZ25lZCBpbnQgbGV2ZWw7CiAKLQlpZiAodW5saWtlbHkocGZu ID49IHhlbl9wMm1fc2l6ZSkpIHsKLQkJQlVHX09OKG1mbiAhPSBJTlZBTElE X1AyTV9FTlRSWSk7Ci0JCXJldHVybiB0cnVlOwotCX0KKwkvKiBPbmx5IGlu dmFsaWQgZW50cmllcyBhbGxvd2VkIGFib3ZlIHRoZSBoaWdoZXN0IHAybSBj b3ZlcmVkIGZyYW1lLiAqLworCWlmICh1bmxpa2VseShwZm4gPj0geGVuX3Ay bV9zaXplKSkKKwkJcmV0dXJuIG1mbiA9PSBJTlZBTElEX1AyTV9FTlRSWTsK IAogCS8qCiAJICogVGhlIGludGVyZmFjZSByZXF1aXJlcyBhdG9taWMgdXBk YXRlcyBvbiBwMm0gZWxlbWVudHMuCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni94 ZW4vc2V0dXAuYyBiL2FyY2gveDg2L3hlbi9zZXR1cC5jCmluZGV4IDdlYWIx NGQ1NjM2OS4uMWEzYjc1NjUyZmE0IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni94 ZW4vc2V0dXAuYworKysgYi9hcmNoL3g4Ni94ZW4vc2V0dXAuYwpAQCAtNTks MTggKzU5LDYgQEAgc3RhdGljIHN0cnVjdCB7CiB9IHhlbl9yZW1hcF9idWYg X19pbml0ZGF0YSBfX2FsaWduZWQoUEFHRV9TSVpFKTsKIHN0YXRpYyB1bnNp Z25lZCBsb25nIHhlbl9yZW1hcF9tZm4gX19pbml0ZGF0YSA9IElOVkFMSURf UDJNX0VOVFJZOwogCi0vKiAKLSAqIFRoZSBtYXhpbXVtIGFtb3VudCBvZiBl eHRyYSBtZW1vcnkgY29tcGFyZWQgdG8gdGhlIGJhc2Ugc2l6ZS4gIFRoZQot ICogbWFpbiBzY2FsaW5nIGZhY3RvciBpcyB0aGUgc2l6ZSBvZiBzdHJ1Y3Qg cGFnZS4gIEF0IGV4dHJlbWUgcmF0aW9zCi0gKiBvZiBiYXNlOmV4dHJhLCBh bGwgdGhlIGJhc2UgbWVtb3J5IGNhbiBiZSBmaWxsZWQgd2l0aCBwYWdlCi0g KiBzdHJ1Y3R1cmVzIGZvciB0aGUgZXh0cmEgbWVtb3J5LCBsZWF2aW5nIG5v IHNwYWNlIGZvciBhbnl0aGluZwotICogZWxzZS4KLSAqIAotICogMTB4IHNl ZW1zIGxpa2UgYSByZWFzb25hYmxlIGJhbGFuY2UgYmV0d2VlbiBzY2FsaW5n IGZsZXhpYmlsaXR5IGFuZAotICogbGVhdmluZyBhIHByYWN0aWNhbGx5IHVz YWJsZSBzeXN0ZW0uCi0gKi8KLSNkZWZpbmUgRVhUUkFfTUVNX1JBVElPCQko MTApCi0KIHN0YXRpYyBib29sIHhlbl81MTJnYl9saW1pdCBfX2luaXRkYXRh ID0gSVNfRU5BQkxFRChDT05GSUdfWEVOXzUxMkdCKTsKIAogc3RhdGljIHZv aWQgX19pbml0IHhlbl9wYXJzZV81MTJnYih2b2lkKQpAQCAtNzkwLDIwICs3 NzgsMTMgQEAgY2hhciAqIF9faW5pdCB4ZW5fbWVtb3J5X3NldHVwKHZvaWQp CiAJCWV4dHJhX3BhZ2VzICs9IG1heF9wYWdlcyAtIG1heF9wZm47CiAKIAkv KgotCSAqIENsYW1wIHRoZSBhbW91bnQgb2YgZXh0cmEgbWVtb3J5IHRvIGEg RVhUUkFfTUVNX1JBVElPCi0JICogZmFjdG9yIHRoZSBiYXNlIHNpemUuICBP biBub24taGlnaG1lbSBzeXN0ZW1zLCB0aGUgYmFzZQotCSAqIHNpemUgaXMg dGhlIGZ1bGwgaW5pdGlhbCBtZW1vcnkgYWxsb2NhdGlvbjsgb24gaGlnaG1l bSBpdAotCSAqIGlzIGxpbWl0ZWQgdG8gdGhlIG1heCBzaXplIG9mIGxvd21l bSwgc28gdGhhdCBpdCBkb2Vzbid0Ci0JICogZ2V0IGNvbXBsZXRlbHkgZmls bGVkLgorCSAqIENsYW1wIHRoZSBhbW91bnQgb2YgZXh0cmEgbWVtb3J5IHRv IGEgWEVOX0VYVFJBX01FTV9SQVRJTworCSAqIGZhY3RvciB0aGUgYmFzZSBz aXplLgogCSAqCiAJICogTWFrZSBzdXJlIHdlIGhhdmUgbm8gbWVtb3J5IGFi b3ZlIG1heF9wYWdlcywgYXMgdGhpcyBhcmVhCiAJICogaXNuJ3QgaGFuZGxl ZCBieSB0aGUgcDJtIG1hbmFnZW1lbnQuCi0JICoKLQkgKiBJbiBwcmluY2lw bGUgdGhlcmUgY291bGQgYmUgYSBwcm9ibGVtIGluIGxvd21lbSBzeXN0ZW1z IGlmCi0JICogdGhlIGluaXRpYWwgbWVtb3J5IGlzIGFsc28gdmVyeSBsYXJn ZSB3aXRoIHJlc3BlY3QgdG8KLQkgKiBsb3dtZW0sIGJ1dCB3ZSB3b24ndCB0 cnkgdG8gZGVhbCB3aXRoIHRoYXQgaGVyZS4KIAkgKi8KLQlleHRyYV9wYWdl cyA9IG1pbjMoRVhUUkFfTUVNX1JBVElPICogbWluKG1heF9wZm4sIFBGTl9E T1dOKE1BWE1FTSkpLAorCWV4dHJhX3BhZ2VzID0gbWluMyhYRU5fRVhUUkFf TUVNX1JBVElPICogbWluKG1heF9wZm4sIFBGTl9ET1dOKE1BWE1FTSkpLAog CQkJICAgZXh0cmFfcGFnZXMsIG1heF9wYWdlcyAtIG1heF9wZm4pOwogCWkg PSAwOwogCWFkZHIgPSB4ZW5fZTgyMF90YWJsZS5lbnRyaWVzWzBdLmFkZHI7 Ci0tIAoyLjI2LjIKCg== --=separator-- From xen-announce-bounces@lists.xenproject.org Fri Mar 05 17:08:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Mar 2021 17:08:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.93918.177435 (Exim 4.92) (envelope-from ) id 1lIDvl-0008C8-St; Fri, 05 Mar 2021 17:08:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 93918.177435; Fri, 05 Mar 2021 17:08:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lIDvl-0008C1-PM; Fri, 05 Mar 2021 17:08:01 +0000 Received: by outflank-mailman (input) for mailman id 93918; Fri, 05 Mar 2021 17:08:01 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lIDvl-0008Bc-EV for xen-announce@lists.xen.org; Fri, 05 Mar 2021 17:08:01 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 0a23bac4-c977-4ec3-b76a-846840fe1beb; Fri, 05 Mar 2021 17:07:55 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lIDvZ-0002pj-SS; Fri, 05 Mar 2021 17:07:49 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lIDvZ-0006Cd-QZ; Fri, 05 Mar 2021 17:07:49 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 0a23bac4-c977-4ec3-b76a-846840fe1beb DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=CL5PKWaZCv3kmSVfNkNFDGXqsmxIRvBTHwUcV6+gMtE=; b=HgZjDX/XM1XUUawK5lHjJsmDSz v4206n3lSNN0bumuAijuvL0OTaJSPMWrHu5aPBpz0lak7irCUqNBN0hIwpGTlwQqRvnwJSBuvRnM6 YQ7J09RJlEJBTqE0D9c6ZAKU+UHCjmNyoI8ZCASL69VFe2n0hBUZ/nbG9V0rm7IWoZss=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors Message-Id: Date: Fri, 05 Mar 2021 17:07:49 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28038 / XSA-367 version 2 Linux: netback fails to honor grant mapping errors UPDATES IN VERSION 2 ==================== CVE assigned. ISSUE DESCRIPTION ================= XSA-362 tried to address issues here, but in the case of the netback driver the changes were insufficient: It left the relevant function invocation with, effectively, no error handling at all. As a result, memory allocation failures there could still lead to frontend-induced crashes of the backend. IMPACT ====== A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS). VULNERABLE SYSTEMS ================== Linux versions from at least 2.6.39 onwards are vulnerable, when run in PV mode. Earlier versions differ significantly in behavior and may therefore instead surface other issues under the same conditions. Linux run in HVM / PVH modes is not vulnerable. MITIGATION ========== For Linux, running the backends in HVM or PVH domains will avoid the vulnerability. For example, by running the dom0 in PVH mode. In all other cases there is no known mitigation. RESOLUTION ========== Applying the attached patch resolves this issue. xsa367-linux.patch Linux 5.12-rc $ sha256sum xsa367* b0244bfddee91cd7986172893e70664b74e698c5d44f25865870f179f80f9a92 xsa367-linux.patch $ CREDITS ======= This issue was reported by Intel's kernel test robot and recognized as a security issue by Jan Beulich of SUSE. NOTE REGARDING LACK OF EMBARGO ============================== This issue was reported publicly, before the XSA could be issued. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBCZVEMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZfqAH/i7ypTUP90UIxeyMB9XmNRiqD+LaTSBExt8xTowd zbsWrxFYnZRPSLqs/dVHlDQfF65eD40Agh/Hxp5f0hGHjv8x1kepvpo2di1ovA2h C8/WpOK2nFq77/GTG2mAsJA3ltDF0WJsr5oqaBNVf/lwQSmiescTWtI6+LDFmmpd q1EyKPUClKZW3PoZkCVmiWDtqhVJc3LaJJcy4x/Zd4EgV+uGi2wsYsiQzObrwPss 2D5laUr8RJcSTE7+bXlMA8KnzrOZ6UqK1YIPSGIYBOJnhizGf9CBZCxcNTONWQFC zh1d9GAv93fugE37xRHE7PRjgl/RVO5rn0k5EQw5GTa676A= =GKdV -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa367-linux.patch" Content-Disposition: attachment; filename="xsa367-linux.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBYZW4vZ250dGFiOiBoYW5kbGUgcDJtIHVwZGF0ZSBlcnJvcnMgb24gYSBw ZXItc2xvdCBiYXNpcwoKQmFpbGluZyBpbW1lZGlhdGVseSBmcm9tIHNldF9m b3JlaWduX3AybV9tYXBwaW5nKCkgdXBvbiBhIHAybSB1cGRhdGluZwplcnJv ciBsZWF2ZXMgdGhlIGZ1bGwgYmF0Y2ggaW4gYW4gYW1iaWd1b3VzIHN0YXRl IGFzIGZhciBhcyB0aGUgY2FsbGVyCmlzIGNvbmNlcm5lZC4gSW5zdGVhZCBm bGFncyByZXNwZWN0aXZlIHNsb3RzIGFzIGJhZCwgdW5tYXBwaW5nIHdoYXQK d2FzIG1hcHBlZCB0aGVyZSByaWdodCBhd2F5LgoKSFlQRVJWSVNPUl9ncmFu dF90YWJsZV9vcCgpJ3MgcmV0dXJuIHZhbHVlIGFuZCB0aGUgaW5kaXZpZHVh bCB1bm1hcApzbG90cycgc3RhdHVzIGZpZWxkcyBnZXQgdXNlZCBvbmx5IGZv ciBhIG9uZS10aW1lIC0gdGhlcmUncyBub3QgbXVjaCB3ZQpjYW4gZG8gaW4g Y2FzZSBvZiBhIGZhaWx1cmUuCgpOb3RlIHRoYXQgdGhlcmUncyBubyBHTlRT VF9lbm9tZW0gb3IgYWxpa2UsIHNvIEdOVFNUX2dlbmVyYWxfZXJyb3IgZ2V0 cwp1c2VkLgoKVGhlIG1hcCBvcHMnIGhhbmRsZSBmaWVsZHMgZ2V0IG92ZXJ3 cml0dGVuIGp1c3QgdG8gYmUgb24gdGhlIHNhZmUgc2lkZS4KClRoaXMgaXMg WFNBLTM2Ny4KClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9z c0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IFdlaSBMaXUgPHdlaS5saXVAa2Vy bmVsLm9yZz4KLS0tCnYyOiBMb2cgbWVzc2FnZS4gSW52YWxpZGF0ZSBtYXAg b3BzJyBoYW5kbGVzLgoKLS0tIGEvYXJjaC9hcm0veGVuL3AybS5jCisrKyBi L2FyY2gvYXJtL3hlbi9wMm0uYwpAQCAtOTMsMTIgKzkzLDM5IEBAIGludCBz ZXRfZm9yZWlnbl9wMm1fbWFwcGluZyhzdHJ1Y3QgZ250dGEKIAlpbnQgaTsK IAogCWZvciAoaSA9IDA7IGkgPCBjb3VudDsgaSsrKSB7CisJCXN0cnVjdCBn bnR0YWJfdW5tYXBfZ3JhbnRfcmVmIHVubWFwOworCQlpbnQgcmM7CisKIAkJ aWYgKG1hcF9vcHNbaV0uc3RhdHVzKQogCQkJY29udGludWU7Ci0JCWlmICh1 bmxpa2VseSghc2V0X3BoeXNfdG9fbWFjaGluZShtYXBfb3BzW2ldLmhvc3Rf YWRkciA+PiBYRU5fUEFHRV9TSElGVCwKLQkJCQkgICAgbWFwX29wc1tpXS5k ZXZfYnVzX2FkZHIgPj4gWEVOX1BBR0VfU0hJRlQpKSkgewotCQkJcmV0dXJu IC1FTk9NRU07Ci0JCX0KKwkJaWYgKGxpa2VseShzZXRfcGh5c190b19tYWNo aW5lKG1hcF9vcHNbaV0uaG9zdF9hZGRyID4+IFhFTl9QQUdFX1NISUZULAor CQkJCSAgICBtYXBfb3BzW2ldLmRldl9idXNfYWRkciA+PiBYRU5fUEFHRV9T SElGVCkpKQorCQkJY29udGludWU7CisKKwkJLyoKKwkJICogU2lnbmFsIGFu IGVycm9yIGZvciB0aGlzIHNsb3QuIFRoaXMgaW4gdHVybiByZXF1aXJlcwor CQkgKiBpbW1lZGlhdGUgdW5tYXBwaW5nLgorCQkgKi8KKwkJbWFwX29wc1tp XS5zdGF0dXMgPSBHTlRTVF9nZW5lcmFsX2Vycm9yOworCQl1bm1hcC5ob3N0 X2FkZHIgPSBtYXBfb3BzW2ldLmhvc3RfYWRkciwKKwkJdW5tYXAuaGFuZGxl ID0gbWFwX29wc1tpXS5oYW5kbGU7CisJCW1hcF9vcHNbaV0uaGFuZGxlID0g fjA7CisJCWlmIChtYXBfb3BzW2ldLmZsYWdzICYgR05UTUFQX2RldmljZV9t YXApCisJCQl1bm1hcC5kZXZfYnVzX2FkZHIgPSBtYXBfb3BzW2ldLmRldl9i dXNfYWRkcjsKKwkJZWxzZQorCQkJdW5tYXAuZGV2X2J1c19hZGRyID0gMDsK KworCQkvKgorCQkgKiBQcmUtcG9wdWxhdGUgdGhlIHN0YXR1cyBmaWVsZCwg dG8gYmUgcmVjb2duaXphYmxlIGluCisJCSAqIHRoZSBsb2cgbWVzc2FnZSBi ZWxvdy4KKwkJICovCisJCXVubWFwLnN0YXR1cyA9IDE7CisKKwkJcmMgPSBI WVBFUlZJU09SX2dyYW50X3RhYmxlX29wKEdOVFRBQk9QX3VubWFwX2dyYW50 X3JlZiwKKwkJCQkJICAgICAgICZ1bm1hcCwgMSk7CisJCWlmIChyYyB8fCB1 bm1hcC5zdGF0dXMgIT0gR05UU1Rfb2theSkKKwkJCXByX2Vycl9vbmNlKCJn bnR0YWIgdW5tYXAgZmFpbGVkOiByYz0lZCBzdD0lZFxuIiwKKwkJCQkgICAg cmMsIHVubWFwLnN0YXR1cyk7CiAJfQogCiAJcmV0dXJuIDA7Ci0tLSBhL2Fy Y2gveDg2L3hlbi9wMm0uYworKysgYi9hcmNoL3g4Ni94ZW4vcDJtLmMKQEAg LTcxMCw2ICs3MTAsOCBAQCBpbnQgc2V0X2ZvcmVpZ25fcDJtX21hcHBpbmco c3RydWN0IGdudHRhCiAKIAlmb3IgKGkgPSAwOyBpIDwgY291bnQ7IGkrKykg ewogCQl1bnNpZ25lZCBsb25nIG1mbiwgcGZuOworCQlzdHJ1Y3QgZ250dGFi X3VubWFwX2dyYW50X3JlZiB1bm1hcFsyXTsKKwkJaW50IHJjOwogCiAJCS8q IERvIG5vdCBhZGQgdG8gb3ZlcnJpZGUgaWYgdGhlIG1hcCBmYWlsZWQuICov CiAJCWlmIChtYXBfb3BzW2ldLnN0YXR1cyAhPSBHTlRTVF9va2F5IHx8CkBA IC03MjcsMTAgKzcyOSw0NiBAQCBpbnQgc2V0X2ZvcmVpZ25fcDJtX21hcHBp bmcoc3RydWN0IGdudHRhCiAKIAkJV0FSTihwZm5fdG9fbWZuKHBmbikgIT0g SU5WQUxJRF9QMk1fRU5UUlksICJwYWdlIG11c3QgYmUgYmFsbG9vbmVkIik7 CiAKLQkJaWYgKHVubGlrZWx5KCFzZXRfcGh5c190b19tYWNoaW5lKHBmbiwg Rk9SRUlHTl9GUkFNRShtZm4pKSkpIHsKLQkJCXJldCA9IC1FTk9NRU07Ci0J CQlnb3RvIG91dDsKKwkJaWYgKGxpa2VseShzZXRfcGh5c190b19tYWNoaW5l KHBmbiwgRk9SRUlHTl9GUkFNRShtZm4pKSkpCisJCQljb250aW51ZTsKKwor CQkvKgorCQkgKiBTaWduYWwgYW4gZXJyb3IgZm9yIHRoaXMgc2xvdC4gVGhp cyBpbiB0dXJuIHJlcXVpcmVzCisJCSAqIGltbWVkaWF0ZSB1bm1hcHBpbmcu CisJCSAqLworCQltYXBfb3BzW2ldLnN0YXR1cyA9IEdOVFNUX2dlbmVyYWxf ZXJyb3I7CisJCXVubWFwWzBdLmhvc3RfYWRkciA9IG1hcF9vcHNbaV0uaG9z dF9hZGRyLAorCQl1bm1hcFswXS5oYW5kbGUgPSBtYXBfb3BzW2ldLmhhbmRs ZTsKKwkJbWFwX29wc1tpXS5oYW5kbGUgPSB+MDsKKwkJaWYgKG1hcF9vcHNb aV0uZmxhZ3MgJiBHTlRNQVBfZGV2aWNlX21hcCkKKwkJCXVubWFwWzBdLmRl dl9idXNfYWRkciA9IG1hcF9vcHNbaV0uZGV2X2J1c19hZGRyOworCQllbHNl CisJCQl1bm1hcFswXS5kZXZfYnVzX2FkZHIgPSAwOworCisJCWlmIChrbWFw X29wcykgeworCQkJa21hcF9vcHNbaV0uc3RhdHVzID0gR05UU1RfZ2VuZXJh bF9lcnJvcjsKKwkJCXVubWFwWzFdLmhvc3RfYWRkciA9IGttYXBfb3BzW2ld Lmhvc3RfYWRkciwKKwkJCXVubWFwWzFdLmhhbmRsZSA9IGttYXBfb3BzW2ld LmhhbmRsZTsKKwkJCWttYXBfb3BzW2ldLmhhbmRsZSA9IH4wOworCQkJaWYg KGttYXBfb3BzW2ldLmZsYWdzICYgR05UTUFQX2RldmljZV9tYXApCisJCQkJ dW5tYXBbMV0uZGV2X2J1c19hZGRyID0ga21hcF9vcHNbaV0uZGV2X2J1c19h ZGRyOworCQkJZWxzZQorCQkJCXVubWFwWzFdLmRldl9idXNfYWRkciA9IDA7 CiAJCX0KKworCQkvKgorCQkgKiBQcmUtcG9wdWxhdGUgYm90aCBzdGF0dXMg ZmllbGRzLCB0byBiZSByZWNvZ25pemFibGUgaW4KKwkJICogdGhlIGxvZyBt ZXNzYWdlIGJlbG93LgorCQkgKi8KKwkJdW5tYXBbMF0uc3RhdHVzID0gMTsK KwkJdW5tYXBbMV0uc3RhdHVzID0gMTsKKworCQlyYyA9IEhZUEVSVklTT1Jf Z3JhbnRfdGFibGVfb3AoR05UVEFCT1BfdW5tYXBfZ3JhbnRfcmVmLAorCQkJ CQkgICAgICAgdW5tYXAsIDEgKyAhIWttYXBfb3BzKTsKKwkJaWYgKHJjIHx8 IHVubWFwWzBdLnN0YXR1cyAhPSBHTlRTVF9va2F5IHx8CisJCSAgICB1bm1h cFsxXS5zdGF0dXMgIT0gR05UU1Rfb2theSkKKwkJCXByX2Vycl9vbmNlKCJn bnR0YWIgdW5tYXAgZmFpbGVkOiByYz0lZCBzdDA9JWQgc3QxPSVkXG4iLAor CQkJCSAgICByYywgdW5tYXBbMF0uc3RhdHVzLCB1bm1hcFsxXS5zdGF0dXMp OwogCX0KIAogb3V0Ogo= --=separator-- From xen-announce-bounces@lists.xenproject.org Fri Mar 05 17:08:27 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Mar 2021 17:08:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.93921.177479 (Exim 4.92) (envelope-from ) id 1lIDw1-0008JH-Tc; Fri, 05 Mar 2021 17:08:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 93921.177479; Fri, 05 Mar 2021 17:08:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lIDw1-0008JA-Ps; Fri, 05 Mar 2021 17:08:17 +0000 Received: by outflank-mailman (input) for mailman id 93921; Fri, 05 Mar 2021 17:08:16 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lIDw0-0008Bc-Ez for xen-announce@lists.xen.org; Fri, 05 Mar 2021 17:08:16 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id bba8bc0d-d8fe-4eec-91df-9b8f16d0d13c; Fri, 05 Mar 2021 17:07:57 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lIDvd-0002py-5g; Fri, 05 Mar 2021 17:07:53 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lIDvd-0006DY-2i; Fri, 05 Mar 2021 17:07:53 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: bba8bc0d-d8fe-4eec-91df-9b8f16d0d13c DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=pcs0J1LGYyWD7P7XSVjGHJrS5z474WyVnONCbcRttWs=; b=gbcqdpYStqyx7Nyz9vVFGxyCHM GUAajoYTHYe6983ylwOH7tzRQYsmpeh2+hDukRcJbIWUg/9VsWCXReZIND0B09e4HHFzqVcDOvFer cWQWwLMdgKjff9Tx+zaH6Uh3p7KyfExg0oFNPCbtJAEHSbtWtzqqbOEg7U++t7a/DiGw=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages Message-Id: Date: Fri, 05 Mar 2021 17:07:53 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28039 / XSA-369 version 2 Linux: special config may crash when trying to map foreign pages UPDATES IN VERSION 2 ==================== CVE assigned. ISSUE DESCRIPTION ================= With CONFIG_XEN_BALLOON_MEMORY_HOTPLUG disabled and CONFIG_XEN_UNPOPULATED_ALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONE_DEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the initial memory size of the domain plus some padding at the end. Most ZONE_DEVICE allocated addresses will be outside the p2m range and thus a mapping can't be established with those memory addresses, resulting in a crash. The attack involves doing I/O requiring large amounts of data to be mapped by the Dom0 or driver domain. The amount of data needed to result in a crash can vary depending on the memory layout of the affected Dom0 or driver domain. IMPACT ====== A Dom0 or driver domain based on a Linux kernel (configured as described above) can be crashed by a malicious guest administrator, or possibly malicious unprivileged guest processes. VULNERABLE SYSTEMS ================== Only x86 paravirtualized (PV) Dom0 or driver domains are affected. Only Linux kernels configured *with* CONFIG_XEN_UNPOPULATED_ALLOC and *without* CONFIG_XEN_BALLOON_MEMORY_HOTPLUG are vulnerable. Only kernels from kernel version 5.9 onwards are affected. CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is enabled by default in upstream Linux when Xen support is enabled, so kernels using upstream default Kconfig are not affected. Most distribution kernels supporting Xen dom0 use are likewise not vulnerable. Arm systems or x86 PVH or x86 HVM driver domains are not affected. MITIGATION ========== There is no mitigation available. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa369-linux.patch Linux 5.9-stable - 5.12-rc $ sha256sum xsa369* 937df4f078a070cf47bdd718c6b8a042ec6bee255eedc422d833c2ae3dd561c7 xsa369-linux.patch $ CREDITS ======= This issue was discovered by Marek Marczykowski-Górecki of Invisible Things Lab. For patch: Reported-by: Marek Marczykowski-Górecki NOTE REGARDING LACK OF EMBARGO ============================== This was reported publicly multiple times, before the XSA could be issued. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBCZVUMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZp8wIALvuzrh0iQDIg86Mx/eTtfVflmrz91YiDPfhrDj1 L1D2lR+uFPKFpb3CdDTlzKoby/1ym4wbTLCjnDdXxjmPTdn4KybcBNbNONt2p69X dr/3KsO6yW5tjSi3FRZnnyTnTJN/q65tijG23sAcF7KuNW+xT2d70tWMH+LeMQZO fGkztK08cZspFfZZiOJHuqi5qpzoaBw7/vqlCphoiDMeE1EOGpaa/+bGb4doehyj dN8dyEWbyWdTp5lAxmduJfDMuixeESIxPnXP8jV3Z9b+Gt5l9S0cM+DCWDRUkW3M W0Z7va35sFLCx4+N7fLuzMUkzoLWpTJq2i2m9lploexe3nY= =PtNk -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa369-linux.patch" Content-Disposition: attachment; filename="xsa369-linux.patch" Content-Transfer-Encoding: base64 RnJvbTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpTdWJqZWN0 OiB4ZW46IGZpeCBwMm0gc2l6ZSBpbiBkb20wIGZvciBkaXNhYmxlZCBtZW1v cnkgaG90cGx1ZyBjYXNlCgpTaW5jZSBjb21taXQgOWUyMzY5YzA2YzhhMTgg KCJ4ZW46IGFkZCBoZWxwZXJzIHRvIGFsbG9jYXRlIHVucG9wdWxhdGVkCm1l bW9yeSIpIGZvcmVpZ24gbWFwcGluZ3MgYXJlIHVzaW5nIGd1ZXN0IHBoeXNp Y2FsIGFkZHJlc3NlcyBhbGxvY2F0ZWQKdmlhIFpPTkVfREVWSUNFIGZ1bmN0 aW9uYWxpdHkuCgpUaGlzIHdpbGwgcmVzdWx0IGluIHByb2JsZW1zIGZvciB0 aGUgY2FzZSBvZiBubyBiYWxsb29uIG1lbW9yeSBob3RwbHVnCmJlaW5nIGNv bmZpZ3VyZWQsIGFzIHRoZSBwMm0gbGlzdCB3aWxsIG9ubHkgY292ZXIgdGhl IGluaXRpYWwgbWVtb3J5CnNpemUgb2YgdGhlIGRvbWFpbi4gQW55IFpPTkVf REVWSUNFIGFsbG9jYXRlZCBhZGRyZXNzIHdpbGwgYmUgb3V0c2lkZQp0aGUg cDJtIHJhbmdlIGFuZCB0aHVzIGEgbWFwcGluZyBjYW4ndCBiZSBlc3RhYmxp c2hlZCB3aXRoIHRoYXQgbWVtb3J5CmFkZHJlc3MuCgpGaXggdGhhdCBieSBl eHRlbmRpbmcgdGhlIHAybSBzaXplIGZvciB0aGF0IGNhc2UuIEF0IHRoZSBz YW1lIHRpbWUgYWRkCmEgY2hlY2sgZm9yIGEgdG8gYmUgY3JlYXRlZCBtYXBw aW5nIHRvIGJlIHdpdGhpbiB0aGUgcDJtIGxpbWl0cyBpbgpvcmRlciB0byBk ZXRlY3QgZXJyb3JzIGVhcmx5LgoKV2hpbGUgY2hhbmdpbmcgYSBjb21tZW50 LCByZW1vdmUgc29tZSAzMi1iaXQgbGVmdG92ZXJzLgoKVGhpcyBpcyBYU0Et MzY5LgoKRml4ZXM6IDllMjM2OWMwNmM4YTE4ICgieGVuOiBhZGQgaGVscGVy cyB0byBhbGxvY2F0ZSB1bnBvcHVsYXRlZCBtZW1vcnkiKQpDYzogPHN0YWJs ZUB2Z2VyLmtlcm5lbC5vcmc+ICMgNS45ClJlcG9ydGVkLWJ5OiBNYXJlayBN YXJjenlrb3dza2ktR8OzcmVja2kgPG1hcm1hcmVrQGludmlzaWJsZXRoaW5n c2xhYi5jb20+ClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9z c0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KU2lnbmVkLW9mZi1ieTogSnVlcmdlbiBHcm9zcyA8amdy b3NzQHN1c2UuY29tPgotLS0KIGFyY2gveDg2L2luY2x1ZGUvYXNtL3hlbi9w YWdlLmggfCAxMiArKysrKysrKysrKysKIGFyY2gveDg2L3hlbi9wMm0uYyAg ICAgICAgICAgICAgfCAxMCArKysrKystLS0tCiBhcmNoL3g4Ni94ZW4vc2V0 dXAuYyAgICAgICAgICAgIHwgMjUgKysrLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQogMyBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25zKCspLCAyNiBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9pbmNsdWRlL2FzbS94 ZW4vcGFnZS5oIGIvYXJjaC94ODYvaW5jbHVkZS9hc20veGVuL3BhZ2UuaApp bmRleCAxYTE2MmU1NTk3NTMuLjcwNjhlNGJiMDU3ZCAxMDA2NDQKLS0tIGEv YXJjaC94ODYvaW5jbHVkZS9hc20veGVuL3BhZ2UuaAorKysgYi9hcmNoL3g4 Ni9pbmNsdWRlL2FzbS94ZW4vcGFnZS5oCkBAIC04Niw2ICs4NiwxOCBAQCBj bGVhcl9mb3JlaWduX3AybV9tYXBwaW5nKHN0cnVjdCBnbnR0YWJfdW5tYXBf Z3JhbnRfcmVmICp1bm1hcF9vcHMsCiB9CiAjZW5kaWYKIAorLyoKKyAqIFRo ZSBtYXhpbXVtIGFtb3VudCBvZiBleHRyYSBtZW1vcnkgY29tcGFyZWQgdG8g dGhlIGJhc2Ugc2l6ZS4gIFRoZQorICogbWFpbiBzY2FsaW5nIGZhY3RvciBp cyB0aGUgc2l6ZSBvZiBzdHJ1Y3QgcGFnZS4gIEF0IGV4dHJlbWUgcmF0aW9z CisgKiBvZiBiYXNlOmV4dHJhLCBhbGwgdGhlIGJhc2UgbWVtb3J5IGNhbiBi ZSBmaWxsZWQgd2l0aCBwYWdlCisgKiBzdHJ1Y3R1cmVzIGZvciB0aGUgZXh0 cmEgbWVtb3J5LCBsZWF2aW5nIG5vIHNwYWNlIGZvciBhbnl0aGluZworICog ZWxzZS4KKyAqCisgKiAxMHggc2VlbXMgbGlrZSBhIHJlYXNvbmFibGUgYmFs YW5jZSBiZXR3ZWVuIHNjYWxpbmcgZmxleGliaWxpdHkgYW5kCisgKiBsZWF2 aW5nIGEgcHJhY3RpY2FsbHkgdXNhYmxlIHN5c3RlbS4KKyAqLworI2RlZmlu ZSBYRU5fRVhUUkFfTUVNX1JBVElPCSgxMCkKKwogLyoKICAqIEhlbHBlciBm dW5jdGlvbnMgdG8gd3JpdGUgb3IgcmVhZCB1bnNpZ25lZCBsb25nIHZhbHVl cyB0by9mcm9tCiAgKiBtZW1vcnksIHdoZW4gdGhlIGFjY2VzcyBtYXkgZmF1 bHQuCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni94ZW4vcDJtLmMgYi9hcmNoL3g4 Ni94ZW4vcDJtLmMKaW5kZXggOTU0NWI4ZGY1MzE1Li5lZDM1ODVlZWJjNGUg MTAwNjQ0Ci0tLSBhL2FyY2gveDg2L3hlbi9wMm0uYworKysgYi9hcmNoL3g4 Ni94ZW4vcDJtLmMKQEAgLTQxNiw2ICs0MTYsOSBAQCB2b2lkIF9faW5pdCB4 ZW5fdm1hbGxvY19wMm1fdHJlZSh2b2lkKQogCXhlbl9wMm1fbGFzdF9wZm4g PSB4ZW5fbWF4X3AybV9wZm47CiAKIAlwMm1fbGltaXQgPSAocGh5c19hZGRy X3QpUDJNX0xJTUlUICogMTAyNCAqIDEwMjQgKiAxMDI0IC8gUEFHRV9TSVpF OworCWlmICghcDJtX2xpbWl0ICYmIElTX0VOQUJMRUQoQ09ORklHX1hFTl9V TlBPUFVMQVRFRF9BTExPQykpCisJCXAybV9saW1pdCA9IHhlbl9zdGFydF9p bmZvLT5ucl9wYWdlcyAqIFhFTl9FWFRSQV9NRU1fUkFUSU87CisKIAl2bS5m bGFncyA9IFZNX0FMTE9DOwogCXZtLnNpemUgPSBBTElHTihzaXplb2YodW5z aWduZWQgbG9uZykgKiBtYXgoeGVuX21heF9wMm1fcGZuLCBwMm1fbGltaXQp LAogCQkJUE1EX1NJWkUgKiBQTURTX1BFUl9NSURfUEFHRSk7CkBAIC02NTIs MTAgKzY1NSw5IEBAIGJvb2wgX19zZXRfcGh5c190b19tYWNoaW5lKHVuc2ln bmVkIGxvbmcgcGZuLCB1bnNpZ25lZCBsb25nIG1mbikKIAlwdGVfdCAqcHRl cDsKIAl1bnNpZ25lZCBpbnQgbGV2ZWw7CiAKLQlpZiAodW5saWtlbHkocGZu ID49IHhlbl9wMm1fc2l6ZSkpIHsKLQkJQlVHX09OKG1mbiAhPSBJTlZBTElE X1AyTV9FTlRSWSk7Ci0JCXJldHVybiB0cnVlOwotCX0KKwkvKiBPbmx5IGlu dmFsaWQgZW50cmllcyBhbGxvd2VkIGFib3ZlIHRoZSBoaWdoZXN0IHAybSBj b3ZlcmVkIGZyYW1lLiAqLworCWlmICh1bmxpa2VseShwZm4gPj0geGVuX3Ay bV9zaXplKSkKKwkJcmV0dXJuIG1mbiA9PSBJTlZBTElEX1AyTV9FTlRSWTsK IAogCS8qCiAJICogVGhlIGludGVyZmFjZSByZXF1aXJlcyBhdG9taWMgdXBk YXRlcyBvbiBwMm0gZWxlbWVudHMuCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni94 ZW4vc2V0dXAuYyBiL2FyY2gveDg2L3hlbi9zZXR1cC5jCmluZGV4IDdlYWIx NGQ1NjM2OS4uMWEzYjc1NjUyZmE0IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni94 ZW4vc2V0dXAuYworKysgYi9hcmNoL3g4Ni94ZW4vc2V0dXAuYwpAQCAtNTks MTggKzU5LDYgQEAgc3RhdGljIHN0cnVjdCB7CiB9IHhlbl9yZW1hcF9idWYg X19pbml0ZGF0YSBfX2FsaWduZWQoUEFHRV9TSVpFKTsKIHN0YXRpYyB1bnNp Z25lZCBsb25nIHhlbl9yZW1hcF9tZm4gX19pbml0ZGF0YSA9IElOVkFMSURf UDJNX0VOVFJZOwogCi0vKiAKLSAqIFRoZSBtYXhpbXVtIGFtb3VudCBvZiBl eHRyYSBtZW1vcnkgY29tcGFyZWQgdG8gdGhlIGJhc2Ugc2l6ZS4gIFRoZQot ICogbWFpbiBzY2FsaW5nIGZhY3RvciBpcyB0aGUgc2l6ZSBvZiBzdHJ1Y3Qg cGFnZS4gIEF0IGV4dHJlbWUgcmF0aW9zCi0gKiBvZiBiYXNlOmV4dHJhLCBh bGwgdGhlIGJhc2UgbWVtb3J5IGNhbiBiZSBmaWxsZWQgd2l0aCBwYWdlCi0g KiBzdHJ1Y3R1cmVzIGZvciB0aGUgZXh0cmEgbWVtb3J5LCBsZWF2aW5nIG5v IHNwYWNlIGZvciBhbnl0aGluZwotICogZWxzZS4KLSAqIAotICogMTB4IHNl ZW1zIGxpa2UgYSByZWFzb25hYmxlIGJhbGFuY2UgYmV0d2VlbiBzY2FsaW5n IGZsZXhpYmlsaXR5IGFuZAotICogbGVhdmluZyBhIHByYWN0aWNhbGx5IHVz YWJsZSBzeXN0ZW0uCi0gKi8KLSNkZWZpbmUgRVhUUkFfTUVNX1JBVElPCQko MTApCi0KIHN0YXRpYyBib29sIHhlbl81MTJnYl9saW1pdCBfX2luaXRkYXRh ID0gSVNfRU5BQkxFRChDT05GSUdfWEVOXzUxMkdCKTsKIAogc3RhdGljIHZv aWQgX19pbml0IHhlbl9wYXJzZV81MTJnYih2b2lkKQpAQCAtNzkwLDIwICs3 NzgsMTMgQEAgY2hhciAqIF9faW5pdCB4ZW5fbWVtb3J5X3NldHVwKHZvaWQp CiAJCWV4dHJhX3BhZ2VzICs9IG1heF9wYWdlcyAtIG1heF9wZm47CiAKIAkv KgotCSAqIENsYW1wIHRoZSBhbW91bnQgb2YgZXh0cmEgbWVtb3J5IHRvIGEg RVhUUkFfTUVNX1JBVElPCi0JICogZmFjdG9yIHRoZSBiYXNlIHNpemUuICBP biBub24taGlnaG1lbSBzeXN0ZW1zLCB0aGUgYmFzZQotCSAqIHNpemUgaXMg dGhlIGZ1bGwgaW5pdGlhbCBtZW1vcnkgYWxsb2NhdGlvbjsgb24gaGlnaG1l bSBpdAotCSAqIGlzIGxpbWl0ZWQgdG8gdGhlIG1heCBzaXplIG9mIGxvd21l bSwgc28gdGhhdCBpdCBkb2Vzbid0Ci0JICogZ2V0IGNvbXBsZXRlbHkgZmls bGVkLgorCSAqIENsYW1wIHRoZSBhbW91bnQgb2YgZXh0cmEgbWVtb3J5IHRv IGEgWEVOX0VYVFJBX01FTV9SQVRJTworCSAqIGZhY3RvciB0aGUgYmFzZSBz aXplLgogCSAqCiAJICogTWFrZSBzdXJlIHdlIGhhdmUgbm8gbWVtb3J5IGFi b3ZlIG1heF9wYWdlcywgYXMgdGhpcyBhcmVhCiAJICogaXNuJ3QgaGFuZGxl ZCBieSB0aGUgcDJtIG1hbmFnZW1lbnQuCi0JICoKLQkgKiBJbiBwcmluY2lw bGUgdGhlcmUgY291bGQgYmUgYSBwcm9ibGVtIGluIGxvd21lbSBzeXN0ZW1z IGlmCi0JICogdGhlIGluaXRpYWwgbWVtb3J5IGlzIGFsc28gdmVyeSBsYXJn ZSB3aXRoIHJlc3BlY3QgdG8KLQkgKiBsb3dtZW0sIGJ1dCB3ZSB3b24ndCB0 cnkgdG8gZGVhbCB3aXRoIHRoYXQgaGVyZS4KIAkgKi8KLQlleHRyYV9wYWdl cyA9IG1pbjMoRVhUUkFfTUVNX1JBVElPICogbWluKG1heF9wZm4sIFBGTl9E T1dOKE1BWE1FTSkpLAorCWV4dHJhX3BhZ2VzID0gbWluMyhYRU5fRVhUUkFf TUVNX1JBVElPICogbWluKG1heF9wZm4sIFBGTl9ET1dOKE1BWE1FTSkpLAog CQkJICAgZXh0cmFfcGFnZXMsIG1heF9wYWdlcyAtIG1heF9wZm4pOwogCWkg PSAwOwogCWFkZHIgPSB4ZW5fZTgyMF90YWJsZS5lbnRyaWVzWzBdLmFkZHI7 Ci0tIAoyLjI2LjIKCg== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Mar 10 14:01:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Mar 2021 14:01:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.96079.181572 (Exim 4.92) (envelope-from ) id 1lJzOJ-0007Ev-TO; Wed, 10 Mar 2021 14:00:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 96079.181572; Wed, 10 Mar 2021 14:00:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lJzOJ-0007Eo-PM; Wed, 10 Mar 2021 14:00:47 +0000 Received: by outflank-mailman (input) for mailman id 96079; Wed, 10 Mar 2021 13:59:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lJzNK-0006Ms-Ss for xen-announce@lists.xenproject.org; Wed, 10 Mar 2021 13:59:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lJzNK-00033M-Ro for xen-announce@lists.xenproject.org; Wed, 10 Mar 2021 13:59:46 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1lJzNK-0006OG-OO for xen-announce@lists.xenproject.org; Wed, 10 Mar 2021 13:59:46 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1lJzNJ-0006Ma-2W; Wed, 10 Mar 2021 13:59:45 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=Subject:CC:To:Date:Message-ID: Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=q8OwsW3WlNB1U1E47WtbBFhdXqcGgmgEv3iFeYC72U4=; b=IjC1H7RbJRt3cKLcgywKOVV4d4 MF7NzgThabkzAsdJS6oHG1a4VYh8DJCIOsUuupVYS08glWpiP/O3tk4Yl8NQY05I3XVojJvQbFASB UQJt0R9/V7/rzB8bJVj5wGO+HB1VcPHIHR2Thd1aAbCLbw7OxdrCxhCj1IknansukNS0=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24648.53456.877705.383162@mariner.uk.xensource.com> Date: Wed, 10 Mar 2021 13:59:44 +0000 To: xen-announce@lists.xenproject.org CC: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Xen 4.15 RC2 Xen 4.15 RC2 is now available. It is available from git: git clone https://xenbits.xenproject.org/git-http/xen.git -b 4.15.0-rc2 For your convenience a tarball is available: https://downloads.xenproject.org/release/xen/4.15.0-rc2/xen-4.15.0-rc2.tar.gz https://downloads.xenproject.org/release/xen/4.15.0-rc2/xen-4.15.0-rc2.tar.gz.sig Please send bug reports and test reports to xen-devel@lists.xenproject.org. When sending bug reports, please CC relevant maintainers and me (iwj@xenproject.org). Sorry for the lateness of this RC, which I originally intended to be available this last Monday. I hope to resume the schedule with RC3 this coming Monday. There are still some important fixes and docs changes outstanding. Ian. From xen-announce-bounces@lists.xenproject.org Wed Mar 17 10:13:13 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Mar 2021 10:13:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.97984.187117 (Exim 4.92) (envelope-from ) id 1lMTAG-0003qf-6i; Wed, 17 Mar 2021 10:12:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 97984.187117; Wed, 17 Mar 2021 10:12:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMTAG-0003qY-1O; Wed, 17 Mar 2021 10:12:32 +0000 Received: by outflank-mailman (input) for mailman id 97984; Mon, 15 Mar 2021 12:14:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lLm7Z-00059z-Jx for xen-announce@lists.xenproject.org; Mon, 15 Mar 2021 12:14:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lLm7Z-0007aK-Fu for xen-announce@lists.xenproject.org; Mon, 15 Mar 2021 12:14:53 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1lLm7Z-0006jg-EL for xen-announce@lists.xenproject.org; Mon, 15 Mar 2021 12:14:53 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1lLm7X-0003tJ-Mb; Mon, 15 Mar 2021 12:14:51 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=Subject:CC:To:Date:Message-ID: Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=USBbzM/XOaBEpC7riV/wEGY0P7yozameGwecBSEVX2s=; b=uaCngqlBRqSfqWbY+m77sKuYOY oZnA3w+FmAN0o3pvSYYTG4mAKzqox7XeGUnphzDSki+jq8AZlnJeM7v3MvnyU61K0EFanCBTFhUpI o9j2K3YKVt95V6273tMyPZzz1e3aJaKIvae+MRy9Sd2sxIcXjxnOiVB2mI5IHIOuEYgc=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24655.20411.433579.576842@mariner.uk.xensource.com> Date: Mon, 15 Mar 2021 12:14:51 +0000 To: xen-announce@lists.xenproject.org CC: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Xen 4.15 RC3 Xen 4.15 RC3 is now available. It is available from git: git clone https://xenbits.xenproject.org/git-http/xen.git -b 4.15.0-rc3 For your convenience a tarball is available: https://downloads.xenproject.org/release/xen/4.15.0-rc3/xen-4.15.0-rc3.tar.gz https://downloads.xenproject.org/release/xen/4.15.0-rc3/xen-4.15.0-rc3.tar.gz.sig Please send bug reports and test reports to xen-devel@lists.xenproject.org. When sending bug reports, please CC relevant maintainers and me (iwj@xenproject.org). I will send an update on the state of the release in a moment. Ian. From xen-announce-bounces@lists.xenproject.org Thu Mar 18 12:00:54 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Mar 2021 12:00:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.98903.187946 (Exim 4.92) (envelope-from ) id 1lMrKJ-0001nE-10; Thu, 18 Mar 2021 12:00:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 98903.187946; Thu, 18 Mar 2021 12:00:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMrKI-0001n7-TF; Thu, 18 Mar 2021 12:00:30 +0000 Received: by outflank-mailman (input) for mailman id 98903; Thu, 18 Mar 2021 12:00:30 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMrKI-0001iQ-Gj for xen-announce@lists.xen.org; Thu, 18 Mar 2021 12:00:30 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 7fe64e6f-40c5-4b41-afd7-b488ea1a4ef3; Thu, 18 Mar 2021 12:00:18 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMrJv-0007mb-KC; Thu, 18 Mar 2021 12:00:07 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lMrJv-00073c-GM; Thu, 18 Mar 2021 12:00:07 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 7fe64e6f-40c5-4b41-afd7-b488ea1a4ef3 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=0oQDx6XVZVbI4x/2m9DAoJyP+AFavQiMYTB2bg2sd+c=; b=ZQH7tbTVCW/suZxet6R3c8OEKI LIN9t5JkawZimzkTV1tikEZuB/I8e4tViP+MNEUGN98Y5vney8h5u59VYb0FhMR0MDMLaQlhVODIj g0vTT6d1icaEnEcT2QQtLJ9asaggrbiVQ7DMJ5lOLfb2DBElTCGbOdJdbHp27MQpxWtU=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 368 v2 - HVM soft-reset crashes toolstack Message-Id: Date: Thu, 18 Mar 2021 12:00:07 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-368 version 2 HVM soft-reset crashes toolstack UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS. IMPACT ====== A malicious guest can crash the management daemon, leading to at least a localized, possibly system-wide denial-of-service. VULNERABLE SYSTEMS ================== Only Xen versions 4.12 through 4.14 are affected. Earlier versions are not affected. The issue affects only systems with a guest monitoring process, which is linked against libxl, and which is important other than simply for the functioning of one particular guest. libvirt is one common toolstack affected. Systems using the `xl` command-line tool should generally suffer no security-relevant effects. The xapi toolstack does not currently link against libxl, and so is not affected. MITIGATION ========== Ensuring that any management daemons are restarted automatically after a crash will partially mitigate the issue. CREDITS ======= This issue was discovered by Olaf Hering. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa368.patch xen-unstable xsa368-4.14.patch Xen 4.14.x xsa368-4.13.patch Xen 4.13.x - Xen 4.12.x $ sha256sum xsa368* e80f33c3ce45372fef7bd91ec71b2b66e557176b79f9771872ce111bfff34150 xsa368.meta b82f2b110514cdf47a2688913ad5af68b01050751d56705a15ddf9a970b6fa0d xsa368.patch 636df70ae5eaf00b50ef0b5ac219a2aeda771c66833fae88e7ee43b18ae889f4 xsa368-4.13.patch 55bbe59c75b69f493e364dfcf6cdbc7db4acd32dbf0b4d2466815b7c1f1823ce xsa368-4.14.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBTQEMMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZDAIH/ibVSFJRukaH4TKAtm0Qy7Qb0jSF6u5lHdUH4lfa EXTAS4/vAJI70bMt2yePGoaa+QPSJ340MwlKcW8GerAEWeW0hTxOp23GGavEwbtu I+OFdls2YGrxGM2FMQR0ZEftV4jsyVAcCNF6oq6nqzTDe1OZC0bQSDUL69CWnIKn hC9Br/hV3AuijwwQdOGQoe+rj8aZK134UaNjr0AI9e1l2jEsJ3NxC3IxeHy4/J3E meoHKtTRZXFdG2VMu709jqrnhpOQcZDT+meiNhoOdUvXyPBa2MzVj3XY32yWuJxa Fi7qrpXIAZ8qNbCbLIbNYMGlgB+7sLsKQULycgai8Sk7QpU= =ea+C -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa368.meta" Content-Disposition: attachment; filename="xsa368.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzNjgsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xNCIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIK ICBdLAogICJUcmVlcyI6IFsKICAgICJ4ZW4iCiAgXSwKICAiUmVjaXBlcyI6 IHsKICAgICI0LjEyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI0Y2Y1OTI5NjA2YWRj MmZiMWFiNGUyOTIxYzE0YmE0YjgwNDZlY2QxIiwKICAgICAgICAgICJQcmVy ZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAg InhzYTM2OC00LjEzLnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAg ICAgfQogICAgfSwKICAgICI0LjEzIjogewogICAgICAiUmVjaXBlcyI6IHsK ICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJkN2Ex ZTA2ZWZkM2FlMmIxNmQ1YmIzMzU5MzIzNzZiN2Q3ZWFmNjMzIiwKICAgICAg ICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAg ICAgICAgICAgInhzYTM2OC00LjEzLnBhdGNoIgogICAgICAgICAgXQogICAg ICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjE0IjogewogICAgICAiUmVj aXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJl ZiI6ICJiMGI3MzRhOGIzZTUxNmZmMTA0MDg4NGI3NTVhOGQ0N2FmZWQzMWVh IiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hl cyI6IFsKICAgICAgICAgICAgInhzYTM2OC00LjE0LnBhdGNoIgogICAgICAg ICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7 CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAg ICAiU3RhYmxlUmVmIjogIjQ4MzQ5MzY1NDlmNzg4Mzc4OTE4ZGE4ZTliYzk3 ZGY3ZGQzZWUxNmQiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAg ICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzY4LnBhdGNoIgog ICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa368.patch" Content-Disposition: attachment; filename="xsa368.patch" Content-Transfer-Encoding: base64 RnJvbSBlYWIyYjRhYjA2NDE5YjgyYmUxZTJjZmNkYzViYTJhNDYyNTI4ZDY4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAyNCBG ZWIgMjAyMSAxODozOToyMCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhs OiBGaXggZG9tYWluIHNvZnQgcmVzZXQgc3RhdGUgaGFuZGxpbmcKCkluIGRv X2RvbWFpbl9zb2Z0X3Jlc2V0KCksIGEgYGxpYnhsX19kb21haW5fc3VzcGVu ZF9zdGF0ZScgaXMgdXNlZAp3aXRob3V0IGJlZW4gcHJvcGVybHkgaW5pdGlh bGlzZWQgYW5kIGRpc3Bvc2VkIG9mLiBUaGlzIGxlYWQgZG8gYQphYm9ydCgp IGluIGxpYnhsIGR1ZSB0byB0aGUgYGRzcHMucW1wJyBzdGF0ZSBiZWVuIHVz ZWQgYmVmb3JlIGJlZW4KaW5pdGlhbGlzZWQ6CiAgICBsaWJ4bF9fZXZfcW1w X3NlbmQ6IEFzc2VydGlvbiBgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9kaXNj b25uZWN0ZWQgfHwgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9jb25uZWN0ZWQn IGZhaWxlZC4KCk9uY2UgaW5pdGlhbGlzZWQsIGBkc3BzJyBhbHNvIG5lZWRz IHRvIGJlIGRpc3Bvc2VkIG9mIGFzIHRoZSBgcW1wJwpzdGF0ZSBtaWdodCBz dGlsbCBiZSBpbiB0aGUgYENvbm5lY3RlZCcgc3RhdGUgaW4gdGhlIGNhbGxi YWNrIGZvcgpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKCku IFNvIHRoaXMgcGF0Y2ggYWRkcwpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlz cG9zZSgpIHdoaWNoIGNhbiBiZSBjYWxsZWQgZnJvbSB0aGUgdHdvCnBsYWNl cyB3aGVyZSB3ZSBuZWVkIHRvIGRpc3Bvc2Ugb2YgYGRzcHMnLgoKUmVwb3J0 ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4KU2lnbmVkLW9m Zi1ieTogQW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5j b20+ClJldmlld2VkLWJ5OiBJYW4gSmFja3NvbiA8aXdqQHhlbnByb2plY3Qu b3JnPgpUZXN0ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4K LS0tCiB0b29scy9saWJzL2xpZ2h0L2xpYnhsX2NyZWF0ZS5jICAgICAgfCAx MSArKysrKysrKy0tLQogdG9vbHMvbGlicy9saWdodC9saWJ4bF9kb21fc3Vz cGVuZC5jIHwgMTUgKysrKysrKysrKystLS0tCiB0b29scy9saWJzL2xpZ2h0 L2xpYnhsX2ludGVybmFsLmggICAgfCAgMiArKwogMyBmaWxlcyBjaGFuZ2Vk LCAyMSBpbnNlcnRpb25zKCspLCA3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp dCBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxfY3JlYXRlLmMgYi90b29scy9s aWJzL2xpZ2h0L2xpYnhsX2NyZWF0ZS5jCmluZGV4IDQ2ZjY4ZGE2OTcuLmRj YTI3NjY4MDUgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxf Y3JlYXRlLmMKKysrIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9jcmVhdGUu YwpAQCAtMjE3OSw5ICsyMTc5LDcgQEAgc3RhdGljIGludCBkb19kb21haW5f c29mdF9yZXNldChsaWJ4bF9jdHggKmN0eCwKICAgICBzdGF0ZS0+Y29uc29s ZV90dHkgPSBsaWJ4bF9fc3RyZHVwKGdjLCBjb25zb2xlX3R0eSk7CiAKICAg ICBkc3MtPmFvID0gYW87Ci0gICAgZHNzLT5kb21pZCA9IGRzcy0+ZHNwcy5k b21pZCA9IGRvbWlkOwotICAgIGRzcy0+ZHNwcy5kbV9zYXZlZmlsZSA9IEdD U1BSSU5URihMSUJYTF9ERVZJQ0VfTU9ERUxfU0FWRV9GSUxFIi4lZCIsCi0g ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvbWlkKTsK KyAgICBkc3MtPmRvbWlkID0gZG9taWQ7CiAKICAgICByYyA9IGxpYnhsX19z YXZlX2VtdWxhdG9yX3hlbnN0b3JlX2RhdGEoZHNzLCAmc3JzLT50b29sc3Rh Y2tfYnVmLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAmc3JzLT50b29sc3RhY2tfbGVuKTsKQEAgLTIxOTEsNiArMjE4 OSwxMSBAQCBzdGF0aWMgaW50IGRvX2RvbWFpbl9zb2Z0X3Jlc2V0KGxpYnhs X2N0eCAqY3R4LAogICAgIH0KIAogICAgIGRzcy0+ZHNwcy5hbyA9IGFvOwor ICAgIGRzcy0+ZHNwcy5kb21pZCA9IGRvbWlkOworICAgIGRzcy0+ZHNwcy5s aXZlID0gZmFsc2U7CisgICAgcmMgPSBsaWJ4bF9fZG9tYWluX3N1c3BlbmRf aW5pdChlZ2MsICZkc3MtPmRzcHMsIGRfY29uZmlnLT5iX2luZm8udHlwZSk7 CisgICAgaWYgKHJjKQorICAgICAgICBnb3RvIG91dDsKICAgICBkc3MtPmRz cHMuY2FsbGJhY2tfZGV2aWNlX21vZGVsX2RvbmUgPSBzb2Z0X3Jlc2V0X2Rt X3N1c3BlbmRlZDsKICAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNl X21vZGVsKGVnYywgJmRzcy0+ZHNwcyk7IC8qIG11c3QgYmUgbGFzdCAqLwog CkBAIC0yMjA5LDYgKzIyMTIsOCBAQCBzdGF0aWMgdm9pZCBzb2Z0X3Jlc2V0 X2RtX3N1c3BlbmRlZChsaWJ4bF9fZWdjICplZ2MsCiAgICAgICAgIENPTlRB SU5FUl9PRihkc3BzLCAqc3JzLCBkc3MuZHNwcyk7CiAgICAgbGlieGxfX2Fw cF9kb21haW5fY3JlYXRlX3N0YXRlICpjZGNzID0gJnNycy0+Y2RjczsKIAor ICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGdjLCBkc3BzKTsK KwogICAgIC8qCiAgICAgICogQXNrIGFsbCBiYWNrZW5kcyB0byBkaXNjb25u ZWN0IGJ5IHJlbW92aW5nIHRoZSBkb21haW4gZnJvbQogICAgICAqIHhlbnN0 b3JlLiBPbiB0aGUgY3JlYXRpb24gcGF0aCB0aGUgZG9tYWluIHdpbGwgYmUg aW50cm9kdWNlZCB0bwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlicy9saWdodC9s aWJ4bF9kb21fc3VzcGVuZC5jIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9k b21fc3VzcGVuZC5jCmluZGV4IGY3ODIzYmJjOGYuLjRmYTIyYmI3MzkgMTAw NjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxfZG9tX3N1c3BlbmQu YworKysgYi90b29scy9saWJzL2xpZ2h0L2xpYnhsX2RvbV9zdXNwZW5kLmMK QEAgLTY3LDYgKzY3LDE2IEBAIG91dDoKICAgICByZXR1cm4gcmM7CiB9CiAK K3ZvaWQgbGlieGxfX2RvbWFpbl9zdXNwZW5kX2Rpc3Bvc2UobGlieGxfX2dj ICpnYywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbGli eGxfX2RvbWFpbl9zdXNwZW5kX3N0YXRlICAqZHNwcykKK3sKKyAgICBsaWJ4 bF9feHN3YWl0X3N0b3AoZ2MsICZkc3BzLT5wdmNvbnRyb2wpOworICAgIGxp YnhsX19ldl9ldnRjaG5fY2FuY2VsKGdjLCAmZHNwcy0+Z3Vlc3RfZXZ0Y2hu KTsKKyAgICBsaWJ4bF9fZXZfeHN3YXRjaF9kZXJlZ2lzdGVyKGdjLCAmZHNw cy0+Z3Vlc3Rfd2F0Y2gpOworICAgIGxpYnhsX19ldl90aW1lX2RlcmVnaXN0 ZXIoZ2MsICZkc3BzLT5ndWVzdF90aW1lb3V0KTsKKyAgICBsaWJ4bF9fZXZf cW1wX2Rpc3Bvc2UoZ2MsICZkc3BzLT5xbXApOworfQorCiAvKi0tLS0tIGNh bGxiYWNrcywgY2FsbGVkIGJ5IHhjX2RvbWFpbl9zYXZlIC0tLS0tKi8KIAog dm9pZCBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKGxpYnhs X19lZ2MgKmVnYywKQEAgLTM4OCwxMCArMzk4LDcgQEAgc3RhdGljIHZvaWQg ZG9tYWluX3N1c3BlbmRfY29tbW9uX2RvbmUobGlieGxfX2VnYyAqZWdjLAog ewogICAgIEVHQ19HQzsKICAgICBhc3NlcnQoIWxpYnhsX194c3dhaXRfaW51 c2UoJmRzcHMtPnB2Y29udHJvbCkpOwotICAgIGxpYnhsX19ldl9ldnRjaG5f Y2FuY2VsKGdjLCAmZHNwcy0+Z3Vlc3RfZXZ0Y2huKTsKLSAgICBsaWJ4bF9f ZXZfeHN3YXRjaF9kZXJlZ2lzdGVyKGdjLCAmZHNwcy0+Z3Vlc3Rfd2F0Y2gp OwotICAgIGxpYnhsX19ldl90aW1lX2RlcmVnaXN0ZXIoZ2MsICZkc3BzLT5n dWVzdF90aW1lb3V0KTsKLSAgICBsaWJ4bF9fZXZfcW1wX2Rpc3Bvc2UoZ2Ms ICZkc3BzLT5xbXApOworICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNw b3NlKGdjLCBkc3BzKTsKICAgICBkc3BzLT5jYWxsYmFja19jb21tb25fZG9u ZShlZ2MsIGRzcHMsIHJjKTsKIH0KIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGli cy9saWdodC9saWJ4bF9pbnRlcm5hbC5oIGIvdG9vbHMvbGlicy9saWdodC9s aWJ4bF9pbnRlcm5hbC5oCmluZGV4IDAyOGJjMDEzZDkuLmM2YTRhMTg3ZjUg MTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxfaW50ZXJuYWwu aAorKysgYi90b29scy9saWJzL2xpZ2h0L2xpYnhsX2ludGVybmFsLmgKQEAg LTM2MTcsNiArMzYxNyw4IEBAIHN0cnVjdCBsaWJ4bF9fZG9tYWluX3N1c3Bl bmRfc3RhdGUgewogaW50IGxpYnhsX19kb21haW5fc3VzcGVuZF9pbml0KGxp YnhsX19lZ2MgKmVnYywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfc3RhdGUgKmRzcHMsCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgbGlieGxfZG9tYWluX3R5cGUgdHlw ZSk7Cit2b2lkIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGxpYnhs X19nYyAqZ2MsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGxpYnhsX19kb21haW5fc3VzcGVuZF9zdGF0ZSAgKmRzcHMpOwogCiAvKiBj YWxscyBkc3BzLT5jYWxsYmFja19kZXZpY2VfbW9kZWxfZG9uZSB3aGVuIGRv bmUKICAqIG1heSBzeW5jaHJvbm91c2x5IGNhbGxzIHRoaXMgY2FsbGJhY2sg Ki8KLS0gCjIuMzAuMQoK --=separator Content-Type: application/octet-stream; name="xsa368-4.13.patch" Content-Disposition: attachment; filename="xsa368-4.13.patch" Content-Transfer-Encoding: base64 RnJvbSBhNzMzZmNjYTk3ZDRlMGQ3NTAzMTk4YmExZGQ3MzlhNWQ3YTAwZGFj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAyNCBG ZWIgMjAyMSAxODozOToyMCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhs OiBGaXggZG9tYWluIHNvZnQgcmVzZXQgc3RhdGUgaGFuZGxpbmcKCkluIGRv X2RvbWFpbl9zb2Z0X3Jlc2V0KCksIGEgYGxpYnhsX19kb21haW5fc3VzcGVu ZF9zdGF0ZScgaXMgdXNlZAp3aXRob3V0IGJlZW4gcHJvcGVybHkgaW5pdGlh bGlzZWQgYW5kIGRpc3Bvc2VkIG9mLiBUaGlzIGxlYWQgZG8gYQphYm9ydCgp IGluIGxpYnhsIGR1ZSB0byB0aGUgYGRzcHMucW1wJyBzdGF0ZSBiZWVuIHVz ZWQgYmVmb3JlIGJlZW4KaW5pdGlhbGlzZWQ6CiAgICBsaWJ4bF9fZXZfcW1w X3NlbmQ6IEFzc2VydGlvbiBgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9kaXNj b25uZWN0ZWQgfHwgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9jb25uZWN0ZWQn IGZhaWxlZC4KCk9uY2UgaW5pdGlhbGlzZWQsIGBkc3BzJyBhbHNvIG5lZWRz IHRvIGJlIGRpc3Bvc2VkIG9mIGFzIHRoZSBgcW1wJwpzdGF0ZSBtaWdodCBz dGlsbCBiZSBpbiB0aGUgYENvbm5lY3RlZCcgc3RhdGUgaW4gdGhlIGNhbGxi YWNrIGZvcgpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKCku IFNvIHRoaXMgcGF0Y2ggYWRkcwpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlz cG9zZSgpIHdoaWNoIGNhbiBiZSBjYWxsZWQgZnJvbSB0aGUgdHdvCnBsYWNl cyB3aGVyZSB3ZSBuZWVkIHRvIGRpc3Bvc2Ugb2YgYGRzcHMnLgoKUmVwb3J0 ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4KU2lnbmVkLW9m Zi1ieTogQW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5j b20+ClJldmlld2VkLWJ5OiBJYW4gSmFja3NvbiA8aXdqQHhlbnByb2plY3Qu b3JnPgpUZXN0ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4K LS0tCiB0b29scy9saWJ4bC9saWJ4bF9jcmVhdGUuYyAgICAgIHwgMTEgKysr KysrKystLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMgfCAx NSArKysrKysrKysrKy0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFs LmggICAgfCAgMiArKwogMyBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25z KCspLCA3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhs L2xpYnhsX2NyZWF0ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMK aW5kZXggMzJkNDVkY2VmMC4uNjUxYWQxOGQyZCAxMDA2NDQKLS0tIGEvdG9v bHMvbGlieGwvbGlieGxfY3JlYXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGli eGxfY3JlYXRlLmMKQEAgLTE5NzQsOSArMTk3NCw3IEBAIHN0YXRpYyBpbnQg ZG9fZG9tYWluX3NvZnRfcmVzZXQobGlieGxfY3R4ICpjdHgsCiAgICAgc3Rh dGUtPmNvbnNvbGVfdHR5ID0gbGlieGxfX3N0cmR1cChnYywgY29uc29sZV90 dHkpOwogCiAgICAgZHNzLT5hbyA9IGFvOwotICAgIGRzcy0+ZG9taWQgPSBk c3MtPmRzcHMuZG9taWQgPSBkb21pZF9zb2Z0X3Jlc2V0OwotICAgIGRzcy0+ ZHNwcy5kbV9zYXZlZmlsZSA9IEdDU1BSSU5URihMSUJYTF9ERVZJQ0VfTU9E RUxfU0FWRV9GSUxFIi4lZCIsCi0gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGRvbWlkX3NvZnRfcmVzZXQpOworICAgIGRzcy0+ZG9t aWQgPSBkb21pZF9zb2Z0X3Jlc2V0OwogCiAgICAgcmMgPSBsaWJ4bF9fc2F2 ZV9lbXVsYXRvcl94ZW5zdG9yZV9kYXRhKGRzcywgJnNycy0+dG9vbHN0YWNr X2J1ZiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgJnNycy0+dG9vbHN0YWNrX2xlbik7CkBAIC0xOTg2LDYgKzE5ODQs MTEgQEAgc3RhdGljIGludCBkb19kb21haW5fc29mdF9yZXNldChsaWJ4bF9j dHggKmN0eCwKICAgICB9CiAKICAgICBkc3MtPmRzcHMuYW8gPSBhbzsKKyAg ICBkc3MtPmRzcHMuZG9taWQgPSBkb21pZF9zb2Z0X3Jlc2V0OworICAgIGRz cy0+ZHNwcy5saXZlID0gZmFsc2U7CisgICAgcmMgPSBsaWJ4bF9fZG9tYWlu X3N1c3BlbmRfaW5pdChlZ2MsICZkc3MtPmRzcHMsIGRfY29uZmlnLT5iX2lu Zm8udHlwZSk7CisgICAgaWYgKHJjKQorICAgICAgICBnb3RvIG91dDsKICAg ICBkc3MtPmRzcHMuY2FsbGJhY2tfZGV2aWNlX21vZGVsX2RvbmUgPSBzb2Z0 X3Jlc2V0X2RtX3N1c3BlbmRlZDsKICAgICBsaWJ4bF9fZG9tYWluX3N1c3Bl bmRfZGV2aWNlX21vZGVsKGVnYywgJmRzcy0+ZHNwcyk7IC8qIG11c3QgYmUg bGFzdCAqLwogCkBAIC0yMDA0LDYgKzIwMDcsOCBAQCBzdGF0aWMgdm9pZCBz b2Z0X3Jlc2V0X2RtX3N1c3BlbmRlZChsaWJ4bF9fZWdjICplZ2MsCiAgICAg ICAgIENPTlRBSU5FUl9PRihkc3BzLCAqc3JzLCBkc3MuZHNwcyk7CiAgICAg bGlieGxfX2FwcF9kb21haW5fY3JlYXRlX3N0YXRlICpjZGNzID0gJnNycy0+ Y2RjczsKIAorICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGdj LCBkc3BzKTsKKwogICAgIC8qCiAgICAgICogQXNrIGFsbCBiYWNrZW5kcyB0 byBkaXNjb25uZWN0IGJ5IHJlbW92aW5nIHRoZSBkb21haW4gZnJvbQogICAg ICAqIHhlbnN0b3JlLiBPbiB0aGUgY3JlYXRpb24gcGF0aCB0aGUgZG9tYWlu IHdpbGwgYmUgaW50cm9kdWNlZCB0bwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGwvbGlieGxfZG9tX3N1c3BlbmQuYyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2Rv bV9zdXNwZW5kLmMKaW5kZXggMjVkMTU3MTg5NS4uMmEyODBmNjlhMSAxMDA2 NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG9tX3N1c3BlbmQuYworKysg Yi90b29scy9saWJ4bC9saWJ4bF9kb21fc3VzcGVuZC5jCkBAIC02Nyw2ICs2 NywxNiBAQCBvdXQ6CiAgICAgcmV0dXJuIHJjOwogfQogCit2b2lkIGxpYnhs X19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGxpYnhsX19nYyAqZ2MsCisgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGxpYnhsX19kb21haW5f c3VzcGVuZF9zdGF0ZSAgKmRzcHMpCit7CisgICAgbGlieGxfX3hzd2FpdF9z dG9wKGdjLCAmZHNwcy0+cHZjb250cm9sKTsKKyAgICBsaWJ4bF9fZXZfZXZ0 Y2huX2NhbmNlbChnYywgJmRzcHMtPmd1ZXN0X2V2dGNobik7CisgICAgbGli eGxfX2V2X3hzd2F0Y2hfZGVyZWdpc3RlcihnYywgJmRzcHMtPmd1ZXN0X3dh dGNoKTsKKyAgICBsaWJ4bF9fZXZfdGltZV9kZXJlZ2lzdGVyKGdjLCAmZHNw cy0+Z3Vlc3RfdGltZW91dCk7CisgICAgbGlieGxfX2V2X3FtcF9kaXNwb3Nl KGdjLCAmZHNwcy0+cW1wKTsKK30KKwogLyotLS0tLSBjYWxsYmFja3MsIGNh bGxlZCBieSB4Y19kb21haW5fc2F2ZSAtLS0tLSovCiAKIHZvaWQgbGlieGxf X2RvbWFpbl9zdXNwZW5kX2RldmljZV9tb2RlbChsaWJ4bF9fZWdjICplZ2Ms CkBAIC0zODgsMTAgKzM5OCw3IEBAIHN0YXRpYyB2b2lkIGRvbWFpbl9zdXNw ZW5kX2NvbW1vbl9kb25lKGxpYnhsX19lZ2MgKmVnYywKIHsKICAgICBFR0Nf R0M7CiAgICAgYXNzZXJ0KCFsaWJ4bF9feHN3YWl0X2ludXNlKCZkc3BzLT5w dmNvbnRyb2wpKTsKLSAgICBsaWJ4bF9fZXZfZXZ0Y2huX2NhbmNlbChnYywg JmRzcHMtPmd1ZXN0X2V2dGNobik7Ci0gICAgbGlieGxfX2V2X3hzd2F0Y2hf ZGVyZWdpc3RlcihnYywgJmRzcHMtPmd1ZXN0X3dhdGNoKTsKLSAgICBsaWJ4 bF9fZXZfdGltZV9kZXJlZ2lzdGVyKGdjLCAmZHNwcy0+Z3Vlc3RfdGltZW91 dCk7Ci0gICAgbGlieGxfX2V2X3FtcF9kaXNwb3NlKGdjLCAmZHNwcy0+cW1w KTsKKyAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlzcG9zZShnYywgZHNw cyk7CiAgICAgZHNwcy0+Y2FsbGJhY2tfY29tbW9uX2RvbmUoZWdjLCBkc3Bz LCByYyk7CiB9CiAKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2lu dGVybmFsLmggYi90b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCmluZGV4 IDI0NzUxOGE3YWMuLjViNDc5NTkwOGIgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xp YnhsL2xpYnhsX2ludGVybmFsLmgKKysrIGIvdG9vbHMvbGlieGwvbGlieGxf aW50ZXJuYWwuaApAQCAtMzU2OSw2ICszNTY5LDggQEAgc3RydWN0IGxpYnhs X19kb21haW5fc3VzcGVuZF9zdGF0ZSB7CiBpbnQgbGlieGxfX2RvbWFpbl9z dXNwZW5kX2luaXQobGlieGxfX2VnYyAqZWdjLAogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9zdGF0ZSAq ZHNwcywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsaWJ4bF9k b21haW5fdHlwZSB0eXBlKTsKK3ZvaWQgbGlieGxfX2RvbWFpbl9zdXNwZW5k X2Rpc3Bvc2UobGlieGxfX2djICpnYywKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgbGlieGxfX2RvbWFpbl9zdXNwZW5kX3N0YXRlICAq ZHNwcyk7CiAKIC8qIGNhbGxzIGRzcHMtPmNhbGxiYWNrX2RldmljZV9tb2Rl bF9kb25lIHdoZW4gZG9uZQogICogbWF5IHN5bmNocm9ub3VzbHkgY2FsbHMg dGhpcyBjYWxsYmFjayAqLwotLSAKMi4zMC4xCgo= --=separator Content-Type: application/octet-stream; name="xsa368-4.14.patch" Content-Disposition: attachment; filename="xsa368-4.14.patch" Content-Transfer-Encoding: base64 RnJvbSBiMWQ1ZTAzM2RmMTg1OGVkZDZmYTMyOGFiZDEyNjUyMjk0NzQ0MGFh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAyNCBG ZWIgMjAyMSAxODozOToyMCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhs OiBGaXggZG9tYWluIHNvZnQgcmVzZXQgc3RhdGUgaGFuZGxpbmcKCkluIGRv X2RvbWFpbl9zb2Z0X3Jlc2V0KCksIGEgYGxpYnhsX19kb21haW5fc3VzcGVu ZF9zdGF0ZScgaXMgdXNlZAp3aXRob3V0IGJlZW4gcHJvcGVybHkgaW5pdGlh bGlzZWQgYW5kIGRpc3Bvc2VkIG9mLiBUaGlzIGxlYWQgZG8gYQphYm9ydCgp IGluIGxpYnhsIGR1ZSB0byB0aGUgYGRzcHMucW1wJyBzdGF0ZSBiZWVuIHVz ZWQgYmVmb3JlIGJlZW4KaW5pdGlhbGlzZWQ6CiAgICBsaWJ4bF9fZXZfcW1w X3NlbmQ6IEFzc2VydGlvbiBgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9kaXNj b25uZWN0ZWQgfHwgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9jb25uZWN0ZWQn IGZhaWxlZC4KCk9uY2UgaW5pdGlhbGlzZWQsIGBkc3BzJyBhbHNvIG5lZWRz IHRvIGJlIGRpc3Bvc2VkIG9mIGFzIHRoZSBgcW1wJwpzdGF0ZSBtaWdodCBz dGlsbCBiZSBpbiB0aGUgYENvbm5lY3RlZCcgc3RhdGUgaW4gdGhlIGNhbGxi YWNrIGZvcgpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKCku IFNvIHRoaXMgcGF0Y2ggYWRkcwpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlz cG9zZSgpIHdoaWNoIGNhbiBiZSBjYWxsZWQgZnJvbSB0aGUgdHdvCnBsYWNl cyB3aGVyZSB3ZSBuZWVkIHRvIGRpc3Bvc2Ugb2YgYGRzcHMnLgoKUmVwb3J0 ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4KU2lnbmVkLW9m Zi1ieTogQW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5j b20+ClJldmlld2VkLWJ5OiBJYW4gSmFja3NvbiA8aXdqQHhlbnByb2plY3Qu b3JnPgpUZXN0ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4K LS0tCiB0b29scy9saWJ4bC9saWJ4bF9jcmVhdGUuYyAgICAgIHwgMTEgKysr KysrKystLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMgfCAx NSArKysrKysrKysrKy0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFs LmggICAgfCAgMiArKwogMyBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25z KCspLCA3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhs L2xpYnhsX2NyZWF0ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMK aW5kZXggMjgxNDgxOGUzNC4uODNiMGViMDBiZiAxMDA2NDQKLS0tIGEvdG9v bHMvbGlieGwvbGlieGxfY3JlYXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGli eGxfY3JlYXRlLmMKQEAgLTIxNzQsOSArMjE3NCw3IEBAIHN0YXRpYyBpbnQg ZG9fZG9tYWluX3NvZnRfcmVzZXQobGlieGxfY3R4ICpjdHgsCiAgICAgc3Rh dGUtPmNvbnNvbGVfdHR5ID0gbGlieGxfX3N0cmR1cChnYywgY29uc29sZV90 dHkpOwogCiAgICAgZHNzLT5hbyA9IGFvOwotICAgIGRzcy0+ZG9taWQgPSBk c3MtPmRzcHMuZG9taWQgPSBkb21pZDsKLSAgICBkc3MtPmRzcHMuZG1fc2F2 ZWZpbGUgPSBHQ1NQUklOVEYoTElCWExfREVWSUNFX01PREVMX1NBVkVfRklM RSIuJWQiLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBkb21pZCk7CisgICAgZHNzLT5kb21pZCA9IGRvbWlkOwogCiAgICAgcmMg PSBsaWJ4bF9fc2F2ZV9lbXVsYXRvcl94ZW5zdG9yZV9kYXRhKGRzcywgJnNy cy0+dG9vbHN0YWNrX2J1ZiwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgJnNycy0+dG9vbHN0YWNrX2xlbik7CkBAIC0y MTg2LDYgKzIxODQsMTEgQEAgc3RhdGljIGludCBkb19kb21haW5fc29mdF9y ZXNldChsaWJ4bF9jdHggKmN0eCwKICAgICB9CiAKICAgICBkc3MtPmRzcHMu YW8gPSBhbzsKKyAgICBkc3MtPmRzcHMuZG9taWQgPSBkb21pZDsKKyAgICBk c3MtPmRzcHMubGl2ZSA9IGZhbHNlOworICAgIHJjID0gbGlieGxfX2RvbWFp bl9zdXNwZW5kX2luaXQoZWdjLCAmZHNzLT5kc3BzLCBkX2NvbmZpZy0+Yl9p bmZvLnR5cGUpOworICAgIGlmIChyYykKKyAgICAgICAgZ290byBvdXQ7CiAg ICAgZHNzLT5kc3BzLmNhbGxiYWNrX2RldmljZV9tb2RlbF9kb25lID0gc29m dF9yZXNldF9kbV9zdXNwZW5kZWQ7CiAgICAgbGlieGxfX2RvbWFpbl9zdXNw ZW5kX2RldmljZV9tb2RlbChlZ2MsICZkc3MtPmRzcHMpOyAvKiBtdXN0IGJl IGxhc3QgKi8KIApAQCAtMjIwNCw2ICsyMjA3LDggQEAgc3RhdGljIHZvaWQg c29mdF9yZXNldF9kbV9zdXNwZW5kZWQobGlieGxfX2VnYyAqZWdjLAogICAg ICAgICBDT05UQUlORVJfT0YoZHNwcywgKnNycywgZHNzLmRzcHMpOwogICAg IGxpYnhsX19hcHBfZG9tYWluX2NyZWF0ZV9zdGF0ZSAqY2RjcyA9ICZzcnMt PmNkY3M7CiAKKyAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlzcG9zZShn YywgZHNwcyk7CisKICAgICAvKgogICAgICAqIEFzayBhbGwgYmFja2VuZHMg dG8gZGlzY29ubmVjdCBieSByZW1vdmluZyB0aGUgZG9tYWluIGZyb20KICAg ICAgKiB4ZW5zdG9yZS4gT24gdGhlIGNyZWF0aW9uIHBhdGggdGhlIGRvbWFp biB3aWxsIGJlIGludHJvZHVjZWQgdG8KZGlmZiAtLWdpdCBhL3Rvb2xzL2xp YnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMgYi90b29scy9saWJ4bC9saWJ4bF9k b21fc3VzcGVuZC5jCmluZGV4IDI1ZDE1NzE4OTUuLjJhMjgwZjY5YTEgMTAw NjQ0Ci0tLSBhL3Rvb2xzL2xpYnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMKKysr IGIvdG9vbHMvbGlieGwvbGlieGxfZG9tX3N1c3BlbmQuYwpAQCAtNjcsNiAr NjcsMTYgQEAgb3V0OgogICAgIHJldHVybiByYzsKIH0KIAordm9pZCBsaWJ4 bF9fZG9tYWluX3N1c3BlbmRfZGlzcG9zZShsaWJ4bF9fZ2MgKmdjLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsaWJ4bF9fZG9tYWlu X3N1c3BlbmRfc3RhdGUgICpkc3BzKQoreworICAgIGxpYnhsX194c3dhaXRf c3RvcChnYywgJmRzcHMtPnB2Y29udHJvbCk7CisgICAgbGlieGxfX2V2X2V2 dGNobl9jYW5jZWwoZ2MsICZkc3BzLT5ndWVzdF9ldnRjaG4pOworICAgIGxp YnhsX19ldl94c3dhdGNoX2RlcmVnaXN0ZXIoZ2MsICZkc3BzLT5ndWVzdF93 YXRjaCk7CisgICAgbGlieGxfX2V2X3RpbWVfZGVyZWdpc3RlcihnYywgJmRz cHMtPmd1ZXN0X3RpbWVvdXQpOworICAgIGxpYnhsX19ldl9xbXBfZGlzcG9z ZShnYywgJmRzcHMtPnFtcCk7Cit9CisKIC8qLS0tLS0gY2FsbGJhY2tzLCBj YWxsZWQgYnkgeGNfZG9tYWluX3NhdmUgLS0tLS0qLwogCiB2b2lkIGxpYnhs X19kb21haW5fc3VzcGVuZF9kZXZpY2VfbW9kZWwobGlieGxfX2VnYyAqZWdj LApAQCAtMzg4LDEwICszOTgsNyBAQCBzdGF0aWMgdm9pZCBkb21haW5fc3Vz cGVuZF9jb21tb25fZG9uZShsaWJ4bF9fZWdjICplZ2MsCiB7CiAgICAgRUdD X0dDOwogICAgIGFzc2VydCghbGlieGxfX3hzd2FpdF9pbnVzZSgmZHNwcy0+ cHZjb250cm9sKSk7Ci0gICAgbGlieGxfX2V2X2V2dGNobl9jYW5jZWwoZ2Ms ICZkc3BzLT5ndWVzdF9ldnRjaG4pOwotICAgIGxpYnhsX19ldl94c3dhdGNo X2RlcmVnaXN0ZXIoZ2MsICZkc3BzLT5ndWVzdF93YXRjaCk7Ci0gICAgbGli eGxfX2V2X3RpbWVfZGVyZWdpc3RlcihnYywgJmRzcHMtPmd1ZXN0X3RpbWVv dXQpOwotICAgIGxpYnhsX19ldl9xbXBfZGlzcG9zZShnYywgJmRzcHMtPnFt cCk7CisgICAgbGlieGxfX2RvbWFpbl9zdXNwZW5kX2Rpc3Bvc2UoZ2MsIGRz cHMpOwogICAgIGRzcHMtPmNhbGxiYWNrX2NvbW1vbl9kb25lKGVnYywgZHNw cywgcmMpOwogfQogCmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9p bnRlcm5hbC5oIGIvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaAppbmRl eCA5NGEyMzE3OWQzLi4zYmMzYmJjZjg0IDEwMDY0NAotLS0gYS90b29scy9s aWJ4bC9saWJ4bF9pbnRlcm5hbC5oCisrKyBiL3Rvb2xzL2xpYnhsL2xpYnhs X2ludGVybmFsLmgKQEAgLTM2MTUsNiArMzYxNSw4IEBAIHN0cnVjdCBsaWJ4 bF9fZG9tYWluX3N1c3BlbmRfc3RhdGUgewogaW50IGxpYnhsX19kb21haW5f c3VzcGVuZF9pbml0KGxpYnhsX19lZ2MgKmVnYywKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfc3RhdGUg KmRzcHMsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbGlieGxf ZG9tYWluX3R5cGUgdHlwZSk7Cit2b2lkIGxpYnhsX19kb21haW5fc3VzcGVu ZF9kaXNwb3NlKGxpYnhsX19nYyAqZ2MsCisgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9zdGF0ZSAg KmRzcHMpOwogCiAvKiBjYWxscyBkc3BzLT5jYWxsYmFja19kZXZpY2VfbW9k ZWxfZG9uZSB3aGVuIGRvbmUKICAqIG1heSBzeW5jaHJvbm91c2x5IGNhbGxz IHRoaXMgY2FsbGJhY2sgKi8KLS0gCjIuMzAuMQoK --=separator-- From xen-announce-bounces@lists.xenproject.org Thu Mar 18 13:57:04 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Mar 2021 13:57:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.98975.188017 (Exim 4.92) (envelope-from ) id 1lMt8j-0004OW-1L; Thu, 18 Mar 2021 13:56:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 98975.188017; Thu, 18 Mar 2021 13:56:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMt8i-0004OM-To; Thu, 18 Mar 2021 13:56:40 +0000 Received: by outflank-mailman (input) for mailman id 98975; Thu, 18 Mar 2021 13:56:40 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMt8i-0004Jq-2u for xen-announce@lists.xen.org; Thu, 18 Mar 2021 13:56:40 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 820487c9-4685-42a4-ae71-10b3d4814333; Thu, 18 Mar 2021 13:56:28 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lMt8S-0001Dx-0g; Thu, 18 Mar 2021 13:56:24 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lMt8R-000718-Sb; Thu, 18 Mar 2021 13:56:23 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 820487c9-4685-42a4-ae71-10b3d4814333 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=Ut4jnS8RkrbTcZZFmLZa5+CbVR3NJ6IAwQOVyYtLDRM=; b=tTBFURJp6HO4MuTixVQ8klB+6t GpnF9pgijqkUDAfN2iW7BKZqg9YRLFp3ncPEUMOOABANAJm6IK7h/TjQJRw8iIOOST9403SBmOAre hQERHZX8PhtwKSvRfscYA/KvGVvaMXgbXk7d0UdJlal2QLXfF4n+CVVIapzcnLsGB9dg=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 368 v3 (CVE-2021-28687) - HVM soft-reset crashes toolstack Message-Id: Date: Thu, 18 Mar 2021 13:56:23 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28687 / XSA-368 version 3 HVM soft-reset crashes toolstack UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS. IMPACT ====== A malicious guest can crash the management daemon, leading to at least a localized, possibly system-wide denial-of-service. VULNERABLE SYSTEMS ================== Only Xen versions 4.12 through 4.14 are affected. Earlier versions are not affected. The issue affects only systems with a guest monitoring process, which is linked against libxl, and which is important other than simply for the functioning of one particular guest. libvirt is one common toolstack affected. Systems using the `xl` command-line tool should generally suffer no security-relevant effects. The xapi toolstack does not currently link against libxl, and so is not affected. MITIGATION ========== Ensuring that any management daemons are restarted automatically after a crash will partially mitigate the issue. CREDITS ======= This issue was discovered by Olaf Hering. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa368.patch xen-unstable xsa368-4.14.patch Xen 4.14.x xsa368-4.13.patch Xen 4.13.x - Xen 4.12.x $ sha256sum xsa368* e80f33c3ce45372fef7bd91ec71b2b66e557176b79f9771872ce111bfff34150 xsa368.meta b82f2b110514cdf47a2688913ad5af68b01050751d56705a15ddf9a970b6fa0d xsa368.patch 636df70ae5eaf00b50ef0b5ac219a2aeda771c66833fae88e7ee43b18ae889f4 xsa368-4.13.patch 55bbe59c75b69f493e364dfcf6cdbc7db4acd32dbf0b4d2466815b7c1f1823ce xsa368-4.14.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBTXAAMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZdgcH/RTW41tLPh8KHJ+82qefaI2EUBK3nmNnR5hnye3c 9GPP/QB7QdHp+JSIRTAZxOayBQeFEcYSX/5VxDypIiqT02wHS9hDr3jcpOfGLcdt MiN9kB3vYqe353Lask0mN7AX3J5v3wvrYzBRx9ccaYcX/Jcubrx6Jy5laQSYpTUu 4GCeLZQ2tHI8N3ZHiKI7YUyxmn9vKgvFil1gyuk8L5x6npnW4ixdWF0MRyHe7wbS dbZbug0g6bbJbs4CFZbm1CbQjGGOwznfT8z9ppmgPdi+33X+Cimz3wlbpXeJKpZk /nJObobdPGk7ClChvUjntv0oaZ+2zFoUoe3Yc08aa+B29e8= =Dehk -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa368.meta" Content-Disposition: attachment; filename="xsa368.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAzNjgsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xNCIsCiAgICAiNC4xMyIsCiAgICAiNC4xMiIK ICBdLAogICJUcmVlcyI6IFsKICAgICJ4ZW4iCiAgXSwKICAiUmVjaXBlcyI6 IHsKICAgICI0LjEyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI0Y2Y1OTI5NjA2YWRj MmZiMWFiNGUyOTIxYzE0YmE0YjgwNDZlY2QxIiwKICAgICAgICAgICJQcmVy ZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAg InhzYTM2OC00LjEzLnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAg ICAgfQogICAgfSwKICAgICI0LjEzIjogewogICAgICAiUmVjaXBlcyI6IHsK ICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJkN2Ex ZTA2ZWZkM2FlMmIxNmQ1YmIzMzU5MzIzNzZiN2Q3ZWFmNjMzIiwKICAgICAg ICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAg ICAgICAgICAgInhzYTM2OC00LjEzLnBhdGNoIgogICAgICAgICAgXQogICAg ICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjE0IjogewogICAgICAiUmVj aXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJl ZiI6ICJiMGI3MzRhOGIzZTUxNmZmMTA0MDg4NGI3NTVhOGQ0N2FmZWQzMWVh IiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hl cyI6IFsKICAgICAgICAgICAgInhzYTM2OC00LjE0LnBhdGNoIgogICAgICAg ICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7 CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAg ICAiU3RhYmxlUmVmIjogIjQ4MzQ5MzY1NDlmNzg4Mzc4OTE4ZGE4ZTliYzk3 ZGY3ZGQzZWUxNmQiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAg ICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMzY4LnBhdGNoIgog ICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa368.patch" Content-Disposition: attachment; filename="xsa368.patch" Content-Transfer-Encoding: base64 RnJvbSBlYWIyYjRhYjA2NDE5YjgyYmUxZTJjZmNkYzViYTJhNDYyNTI4ZDY4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAyNCBG ZWIgMjAyMSAxODozOToyMCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhs OiBGaXggZG9tYWluIHNvZnQgcmVzZXQgc3RhdGUgaGFuZGxpbmcKCkluIGRv X2RvbWFpbl9zb2Z0X3Jlc2V0KCksIGEgYGxpYnhsX19kb21haW5fc3VzcGVu ZF9zdGF0ZScgaXMgdXNlZAp3aXRob3V0IGJlZW4gcHJvcGVybHkgaW5pdGlh bGlzZWQgYW5kIGRpc3Bvc2VkIG9mLiBUaGlzIGxlYWQgZG8gYQphYm9ydCgp IGluIGxpYnhsIGR1ZSB0byB0aGUgYGRzcHMucW1wJyBzdGF0ZSBiZWVuIHVz ZWQgYmVmb3JlIGJlZW4KaW5pdGlhbGlzZWQ6CiAgICBsaWJ4bF9fZXZfcW1w X3NlbmQ6IEFzc2VydGlvbiBgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9kaXNj b25uZWN0ZWQgfHwgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9jb25uZWN0ZWQn IGZhaWxlZC4KCk9uY2UgaW5pdGlhbGlzZWQsIGBkc3BzJyBhbHNvIG5lZWRz IHRvIGJlIGRpc3Bvc2VkIG9mIGFzIHRoZSBgcW1wJwpzdGF0ZSBtaWdodCBz dGlsbCBiZSBpbiB0aGUgYENvbm5lY3RlZCcgc3RhdGUgaW4gdGhlIGNhbGxi YWNrIGZvcgpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKCku IFNvIHRoaXMgcGF0Y2ggYWRkcwpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlz cG9zZSgpIHdoaWNoIGNhbiBiZSBjYWxsZWQgZnJvbSB0aGUgdHdvCnBsYWNl cyB3aGVyZSB3ZSBuZWVkIHRvIGRpc3Bvc2Ugb2YgYGRzcHMnLgoKUmVwb3J0 ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4KU2lnbmVkLW9m Zi1ieTogQW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5j b20+ClJldmlld2VkLWJ5OiBJYW4gSmFja3NvbiA8aXdqQHhlbnByb2plY3Qu b3JnPgpUZXN0ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4K LS0tCiB0b29scy9saWJzL2xpZ2h0L2xpYnhsX2NyZWF0ZS5jICAgICAgfCAx MSArKysrKysrKy0tLQogdG9vbHMvbGlicy9saWdodC9saWJ4bF9kb21fc3Vz cGVuZC5jIHwgMTUgKysrKysrKysrKystLS0tCiB0b29scy9saWJzL2xpZ2h0 L2xpYnhsX2ludGVybmFsLmggICAgfCAgMiArKwogMyBmaWxlcyBjaGFuZ2Vk LCAyMSBpbnNlcnRpb25zKCspLCA3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp dCBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxfY3JlYXRlLmMgYi90b29scy9s aWJzL2xpZ2h0L2xpYnhsX2NyZWF0ZS5jCmluZGV4IDQ2ZjY4ZGE2OTcuLmRj YTI3NjY4MDUgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxf Y3JlYXRlLmMKKysrIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9jcmVhdGUu YwpAQCAtMjE3OSw5ICsyMTc5LDcgQEAgc3RhdGljIGludCBkb19kb21haW5f c29mdF9yZXNldChsaWJ4bF9jdHggKmN0eCwKICAgICBzdGF0ZS0+Y29uc29s ZV90dHkgPSBsaWJ4bF9fc3RyZHVwKGdjLCBjb25zb2xlX3R0eSk7CiAKICAg ICBkc3MtPmFvID0gYW87Ci0gICAgZHNzLT5kb21pZCA9IGRzcy0+ZHNwcy5k b21pZCA9IGRvbWlkOwotICAgIGRzcy0+ZHNwcy5kbV9zYXZlZmlsZSA9IEdD U1BSSU5URihMSUJYTF9ERVZJQ0VfTU9ERUxfU0FWRV9GSUxFIi4lZCIsCi0g ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvbWlkKTsK KyAgICBkc3MtPmRvbWlkID0gZG9taWQ7CiAKICAgICByYyA9IGxpYnhsX19z YXZlX2VtdWxhdG9yX3hlbnN0b3JlX2RhdGEoZHNzLCAmc3JzLT50b29sc3Rh Y2tfYnVmLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAmc3JzLT50b29sc3RhY2tfbGVuKTsKQEAgLTIxOTEsNiArMjE4 OSwxMSBAQCBzdGF0aWMgaW50IGRvX2RvbWFpbl9zb2Z0X3Jlc2V0KGxpYnhs X2N0eCAqY3R4LAogICAgIH0KIAogICAgIGRzcy0+ZHNwcy5hbyA9IGFvOwor ICAgIGRzcy0+ZHNwcy5kb21pZCA9IGRvbWlkOworICAgIGRzcy0+ZHNwcy5s aXZlID0gZmFsc2U7CisgICAgcmMgPSBsaWJ4bF9fZG9tYWluX3N1c3BlbmRf aW5pdChlZ2MsICZkc3MtPmRzcHMsIGRfY29uZmlnLT5iX2luZm8udHlwZSk7 CisgICAgaWYgKHJjKQorICAgICAgICBnb3RvIG91dDsKICAgICBkc3MtPmRz cHMuY2FsbGJhY2tfZGV2aWNlX21vZGVsX2RvbmUgPSBzb2Z0X3Jlc2V0X2Rt X3N1c3BlbmRlZDsKICAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNl X21vZGVsKGVnYywgJmRzcy0+ZHNwcyk7IC8qIG11c3QgYmUgbGFzdCAqLwog CkBAIC0yMjA5LDYgKzIyMTIsOCBAQCBzdGF0aWMgdm9pZCBzb2Z0X3Jlc2V0 X2RtX3N1c3BlbmRlZChsaWJ4bF9fZWdjICplZ2MsCiAgICAgICAgIENPTlRB SU5FUl9PRihkc3BzLCAqc3JzLCBkc3MuZHNwcyk7CiAgICAgbGlieGxfX2Fw cF9kb21haW5fY3JlYXRlX3N0YXRlICpjZGNzID0gJnNycy0+Y2RjczsKIAor ICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGdjLCBkc3BzKTsK KwogICAgIC8qCiAgICAgICogQXNrIGFsbCBiYWNrZW5kcyB0byBkaXNjb25u ZWN0IGJ5IHJlbW92aW5nIHRoZSBkb21haW4gZnJvbQogICAgICAqIHhlbnN0 b3JlLiBPbiB0aGUgY3JlYXRpb24gcGF0aCB0aGUgZG9tYWluIHdpbGwgYmUg aW50cm9kdWNlZCB0bwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlicy9saWdodC9s aWJ4bF9kb21fc3VzcGVuZC5jIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9k b21fc3VzcGVuZC5jCmluZGV4IGY3ODIzYmJjOGYuLjRmYTIyYmI3MzkgMTAw NjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxfZG9tX3N1c3BlbmQu YworKysgYi90b29scy9saWJzL2xpZ2h0L2xpYnhsX2RvbV9zdXNwZW5kLmMK QEAgLTY3LDYgKzY3LDE2IEBAIG91dDoKICAgICByZXR1cm4gcmM7CiB9CiAK K3ZvaWQgbGlieGxfX2RvbWFpbl9zdXNwZW5kX2Rpc3Bvc2UobGlieGxfX2dj ICpnYywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbGli eGxfX2RvbWFpbl9zdXNwZW5kX3N0YXRlICAqZHNwcykKK3sKKyAgICBsaWJ4 bF9feHN3YWl0X3N0b3AoZ2MsICZkc3BzLT5wdmNvbnRyb2wpOworICAgIGxp YnhsX19ldl9ldnRjaG5fY2FuY2VsKGdjLCAmZHNwcy0+Z3Vlc3RfZXZ0Y2hu KTsKKyAgICBsaWJ4bF9fZXZfeHN3YXRjaF9kZXJlZ2lzdGVyKGdjLCAmZHNw cy0+Z3Vlc3Rfd2F0Y2gpOworICAgIGxpYnhsX19ldl90aW1lX2RlcmVnaXN0 ZXIoZ2MsICZkc3BzLT5ndWVzdF90aW1lb3V0KTsKKyAgICBsaWJ4bF9fZXZf cW1wX2Rpc3Bvc2UoZ2MsICZkc3BzLT5xbXApOworfQorCiAvKi0tLS0tIGNh bGxiYWNrcywgY2FsbGVkIGJ5IHhjX2RvbWFpbl9zYXZlIC0tLS0tKi8KIAog dm9pZCBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKGxpYnhs X19lZ2MgKmVnYywKQEAgLTM4OCwxMCArMzk4LDcgQEAgc3RhdGljIHZvaWQg ZG9tYWluX3N1c3BlbmRfY29tbW9uX2RvbmUobGlieGxfX2VnYyAqZWdjLAog ewogICAgIEVHQ19HQzsKICAgICBhc3NlcnQoIWxpYnhsX194c3dhaXRfaW51 c2UoJmRzcHMtPnB2Y29udHJvbCkpOwotICAgIGxpYnhsX19ldl9ldnRjaG5f Y2FuY2VsKGdjLCAmZHNwcy0+Z3Vlc3RfZXZ0Y2huKTsKLSAgICBsaWJ4bF9f ZXZfeHN3YXRjaF9kZXJlZ2lzdGVyKGdjLCAmZHNwcy0+Z3Vlc3Rfd2F0Y2gp OwotICAgIGxpYnhsX19ldl90aW1lX2RlcmVnaXN0ZXIoZ2MsICZkc3BzLT5n dWVzdF90aW1lb3V0KTsKLSAgICBsaWJ4bF9fZXZfcW1wX2Rpc3Bvc2UoZ2Ms ICZkc3BzLT5xbXApOworICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNw b3NlKGdjLCBkc3BzKTsKICAgICBkc3BzLT5jYWxsYmFja19jb21tb25fZG9u ZShlZ2MsIGRzcHMsIHJjKTsKIH0KIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGli cy9saWdodC9saWJ4bF9pbnRlcm5hbC5oIGIvdG9vbHMvbGlicy9saWdodC9s aWJ4bF9pbnRlcm5hbC5oCmluZGV4IDAyOGJjMDEzZDkuLmM2YTRhMTg3ZjUg MTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQvbGlieGxfaW50ZXJuYWwu aAorKysgYi90b29scy9saWJzL2xpZ2h0L2xpYnhsX2ludGVybmFsLmgKQEAg LTM2MTcsNiArMzYxNyw4IEBAIHN0cnVjdCBsaWJ4bF9fZG9tYWluX3N1c3Bl bmRfc3RhdGUgewogaW50IGxpYnhsX19kb21haW5fc3VzcGVuZF9pbml0KGxp YnhsX19lZ2MgKmVnYywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfc3RhdGUgKmRzcHMsCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgbGlieGxfZG9tYWluX3R5cGUgdHlw ZSk7Cit2b2lkIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGxpYnhs X19nYyAqZ2MsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGxpYnhsX19kb21haW5fc3VzcGVuZF9zdGF0ZSAgKmRzcHMpOwogCiAvKiBj YWxscyBkc3BzLT5jYWxsYmFja19kZXZpY2VfbW9kZWxfZG9uZSB3aGVuIGRv bmUKICAqIG1heSBzeW5jaHJvbm91c2x5IGNhbGxzIHRoaXMgY2FsbGJhY2sg Ki8KLS0gCjIuMzAuMQoK --=separator Content-Type: application/octet-stream; name="xsa368-4.13.patch" Content-Disposition: attachment; filename="xsa368-4.13.patch" Content-Transfer-Encoding: base64 RnJvbSBhNzMzZmNjYTk3ZDRlMGQ3NTAzMTk4YmExZGQ3MzlhNWQ3YTAwZGFj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAyNCBG ZWIgMjAyMSAxODozOToyMCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhs OiBGaXggZG9tYWluIHNvZnQgcmVzZXQgc3RhdGUgaGFuZGxpbmcKCkluIGRv X2RvbWFpbl9zb2Z0X3Jlc2V0KCksIGEgYGxpYnhsX19kb21haW5fc3VzcGVu ZF9zdGF0ZScgaXMgdXNlZAp3aXRob3V0IGJlZW4gcHJvcGVybHkgaW5pdGlh bGlzZWQgYW5kIGRpc3Bvc2VkIG9mLiBUaGlzIGxlYWQgZG8gYQphYm9ydCgp IGluIGxpYnhsIGR1ZSB0byB0aGUgYGRzcHMucW1wJyBzdGF0ZSBiZWVuIHVz ZWQgYmVmb3JlIGJlZW4KaW5pdGlhbGlzZWQ6CiAgICBsaWJ4bF9fZXZfcW1w X3NlbmQ6IEFzc2VydGlvbiBgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9kaXNj b25uZWN0ZWQgfHwgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9jb25uZWN0ZWQn IGZhaWxlZC4KCk9uY2UgaW5pdGlhbGlzZWQsIGBkc3BzJyBhbHNvIG5lZWRz IHRvIGJlIGRpc3Bvc2VkIG9mIGFzIHRoZSBgcW1wJwpzdGF0ZSBtaWdodCBz dGlsbCBiZSBpbiB0aGUgYENvbm5lY3RlZCcgc3RhdGUgaW4gdGhlIGNhbGxi YWNrIGZvcgpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKCku IFNvIHRoaXMgcGF0Y2ggYWRkcwpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlz cG9zZSgpIHdoaWNoIGNhbiBiZSBjYWxsZWQgZnJvbSB0aGUgdHdvCnBsYWNl cyB3aGVyZSB3ZSBuZWVkIHRvIGRpc3Bvc2Ugb2YgYGRzcHMnLgoKUmVwb3J0 ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4KU2lnbmVkLW9m Zi1ieTogQW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5j b20+ClJldmlld2VkLWJ5OiBJYW4gSmFja3NvbiA8aXdqQHhlbnByb2plY3Qu b3JnPgpUZXN0ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4K LS0tCiB0b29scy9saWJ4bC9saWJ4bF9jcmVhdGUuYyAgICAgIHwgMTEgKysr KysrKystLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMgfCAx NSArKysrKysrKysrKy0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFs LmggICAgfCAgMiArKwogMyBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25z KCspLCA3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhs L2xpYnhsX2NyZWF0ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMK aW5kZXggMzJkNDVkY2VmMC4uNjUxYWQxOGQyZCAxMDA2NDQKLS0tIGEvdG9v bHMvbGlieGwvbGlieGxfY3JlYXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGli eGxfY3JlYXRlLmMKQEAgLTE5NzQsOSArMTk3NCw3IEBAIHN0YXRpYyBpbnQg ZG9fZG9tYWluX3NvZnRfcmVzZXQobGlieGxfY3R4ICpjdHgsCiAgICAgc3Rh dGUtPmNvbnNvbGVfdHR5ID0gbGlieGxfX3N0cmR1cChnYywgY29uc29sZV90 dHkpOwogCiAgICAgZHNzLT5hbyA9IGFvOwotICAgIGRzcy0+ZG9taWQgPSBk c3MtPmRzcHMuZG9taWQgPSBkb21pZF9zb2Z0X3Jlc2V0OwotICAgIGRzcy0+ ZHNwcy5kbV9zYXZlZmlsZSA9IEdDU1BSSU5URihMSUJYTF9ERVZJQ0VfTU9E RUxfU0FWRV9GSUxFIi4lZCIsCi0gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGRvbWlkX3NvZnRfcmVzZXQpOworICAgIGRzcy0+ZG9t aWQgPSBkb21pZF9zb2Z0X3Jlc2V0OwogCiAgICAgcmMgPSBsaWJ4bF9fc2F2 ZV9lbXVsYXRvcl94ZW5zdG9yZV9kYXRhKGRzcywgJnNycy0+dG9vbHN0YWNr X2J1ZiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgJnNycy0+dG9vbHN0YWNrX2xlbik7CkBAIC0xOTg2LDYgKzE5ODQs MTEgQEAgc3RhdGljIGludCBkb19kb21haW5fc29mdF9yZXNldChsaWJ4bF9j dHggKmN0eCwKICAgICB9CiAKICAgICBkc3MtPmRzcHMuYW8gPSBhbzsKKyAg ICBkc3MtPmRzcHMuZG9taWQgPSBkb21pZF9zb2Z0X3Jlc2V0OworICAgIGRz cy0+ZHNwcy5saXZlID0gZmFsc2U7CisgICAgcmMgPSBsaWJ4bF9fZG9tYWlu X3N1c3BlbmRfaW5pdChlZ2MsICZkc3MtPmRzcHMsIGRfY29uZmlnLT5iX2lu Zm8udHlwZSk7CisgICAgaWYgKHJjKQorICAgICAgICBnb3RvIG91dDsKICAg ICBkc3MtPmRzcHMuY2FsbGJhY2tfZGV2aWNlX21vZGVsX2RvbmUgPSBzb2Z0 X3Jlc2V0X2RtX3N1c3BlbmRlZDsKICAgICBsaWJ4bF9fZG9tYWluX3N1c3Bl bmRfZGV2aWNlX21vZGVsKGVnYywgJmRzcy0+ZHNwcyk7IC8qIG11c3QgYmUg bGFzdCAqLwogCkBAIC0yMDA0LDYgKzIwMDcsOCBAQCBzdGF0aWMgdm9pZCBz b2Z0X3Jlc2V0X2RtX3N1c3BlbmRlZChsaWJ4bF9fZWdjICplZ2MsCiAgICAg ICAgIENPTlRBSU5FUl9PRihkc3BzLCAqc3JzLCBkc3MuZHNwcyk7CiAgICAg bGlieGxfX2FwcF9kb21haW5fY3JlYXRlX3N0YXRlICpjZGNzID0gJnNycy0+ Y2RjczsKIAorICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGdj LCBkc3BzKTsKKwogICAgIC8qCiAgICAgICogQXNrIGFsbCBiYWNrZW5kcyB0 byBkaXNjb25uZWN0IGJ5IHJlbW92aW5nIHRoZSBkb21haW4gZnJvbQogICAg ICAqIHhlbnN0b3JlLiBPbiB0aGUgY3JlYXRpb24gcGF0aCB0aGUgZG9tYWlu IHdpbGwgYmUgaW50cm9kdWNlZCB0bwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGwvbGlieGxfZG9tX3N1c3BlbmQuYyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2Rv bV9zdXNwZW5kLmMKaW5kZXggMjVkMTU3MTg5NS4uMmEyODBmNjlhMSAxMDA2 NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG9tX3N1c3BlbmQuYworKysg Yi90b29scy9saWJ4bC9saWJ4bF9kb21fc3VzcGVuZC5jCkBAIC02Nyw2ICs2 NywxNiBAQCBvdXQ6CiAgICAgcmV0dXJuIHJjOwogfQogCit2b2lkIGxpYnhs X19kb21haW5fc3VzcGVuZF9kaXNwb3NlKGxpYnhsX19nYyAqZ2MsCisgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGxpYnhsX19kb21haW5f c3VzcGVuZF9zdGF0ZSAgKmRzcHMpCit7CisgICAgbGlieGxfX3hzd2FpdF9z dG9wKGdjLCAmZHNwcy0+cHZjb250cm9sKTsKKyAgICBsaWJ4bF9fZXZfZXZ0 Y2huX2NhbmNlbChnYywgJmRzcHMtPmd1ZXN0X2V2dGNobik7CisgICAgbGli eGxfX2V2X3hzd2F0Y2hfZGVyZWdpc3RlcihnYywgJmRzcHMtPmd1ZXN0X3dh dGNoKTsKKyAgICBsaWJ4bF9fZXZfdGltZV9kZXJlZ2lzdGVyKGdjLCAmZHNw cy0+Z3Vlc3RfdGltZW91dCk7CisgICAgbGlieGxfX2V2X3FtcF9kaXNwb3Nl KGdjLCAmZHNwcy0+cW1wKTsKK30KKwogLyotLS0tLSBjYWxsYmFja3MsIGNh bGxlZCBieSB4Y19kb21haW5fc2F2ZSAtLS0tLSovCiAKIHZvaWQgbGlieGxf X2RvbWFpbl9zdXNwZW5kX2RldmljZV9tb2RlbChsaWJ4bF9fZWdjICplZ2Ms CkBAIC0zODgsMTAgKzM5OCw3IEBAIHN0YXRpYyB2b2lkIGRvbWFpbl9zdXNw ZW5kX2NvbW1vbl9kb25lKGxpYnhsX19lZ2MgKmVnYywKIHsKICAgICBFR0Nf R0M7CiAgICAgYXNzZXJ0KCFsaWJ4bF9feHN3YWl0X2ludXNlKCZkc3BzLT5w dmNvbnRyb2wpKTsKLSAgICBsaWJ4bF9fZXZfZXZ0Y2huX2NhbmNlbChnYywg JmRzcHMtPmd1ZXN0X2V2dGNobik7Ci0gICAgbGlieGxfX2V2X3hzd2F0Y2hf ZGVyZWdpc3RlcihnYywgJmRzcHMtPmd1ZXN0X3dhdGNoKTsKLSAgICBsaWJ4 bF9fZXZfdGltZV9kZXJlZ2lzdGVyKGdjLCAmZHNwcy0+Z3Vlc3RfdGltZW91 dCk7Ci0gICAgbGlieGxfX2V2X3FtcF9kaXNwb3NlKGdjLCAmZHNwcy0+cW1w KTsKKyAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlzcG9zZShnYywgZHNw cyk7CiAgICAgZHNwcy0+Y2FsbGJhY2tfY29tbW9uX2RvbmUoZWdjLCBkc3Bz LCByYyk7CiB9CiAKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2lu dGVybmFsLmggYi90b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCmluZGV4 IDI0NzUxOGE3YWMuLjViNDc5NTkwOGIgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xp YnhsL2xpYnhsX2ludGVybmFsLmgKKysrIGIvdG9vbHMvbGlieGwvbGlieGxf aW50ZXJuYWwuaApAQCAtMzU2OSw2ICszNTY5LDggQEAgc3RydWN0IGxpYnhs X19kb21haW5fc3VzcGVuZF9zdGF0ZSB7CiBpbnQgbGlieGxfX2RvbWFpbl9z dXNwZW5kX2luaXQobGlieGxfX2VnYyAqZWdjLAogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9zdGF0ZSAq ZHNwcywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsaWJ4bF9k b21haW5fdHlwZSB0eXBlKTsKK3ZvaWQgbGlieGxfX2RvbWFpbl9zdXNwZW5k X2Rpc3Bvc2UobGlieGxfX2djICpnYywKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgbGlieGxfX2RvbWFpbl9zdXNwZW5kX3N0YXRlICAq ZHNwcyk7CiAKIC8qIGNhbGxzIGRzcHMtPmNhbGxiYWNrX2RldmljZV9tb2Rl bF9kb25lIHdoZW4gZG9uZQogICogbWF5IHN5bmNocm9ub3VzbHkgY2FsbHMg dGhpcyBjYWxsYmFjayAqLwotLSAKMi4zMC4xCgo= --=separator Content-Type: application/octet-stream; name="xsa368-4.14.patch" Content-Disposition: attachment; filename="xsa368-4.14.patch" Content-Transfer-Encoding: base64 RnJvbSBiMWQ1ZTAzM2RmMTg1OGVkZDZmYTMyOGFiZDEyNjUyMjk0NzQ0MGFh IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogV2VkLCAyNCBG ZWIgMjAyMSAxODozOToyMCArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGxpYnhs OiBGaXggZG9tYWluIHNvZnQgcmVzZXQgc3RhdGUgaGFuZGxpbmcKCkluIGRv X2RvbWFpbl9zb2Z0X3Jlc2V0KCksIGEgYGxpYnhsX19kb21haW5fc3VzcGVu ZF9zdGF0ZScgaXMgdXNlZAp3aXRob3V0IGJlZW4gcHJvcGVybHkgaW5pdGlh bGlzZWQgYW5kIGRpc3Bvc2VkIG9mLiBUaGlzIGxlYWQgZG8gYQphYm9ydCgp IGluIGxpYnhsIGR1ZSB0byB0aGUgYGRzcHMucW1wJyBzdGF0ZSBiZWVuIHVz ZWQgYmVmb3JlIGJlZW4KaW5pdGlhbGlzZWQ6CiAgICBsaWJ4bF9fZXZfcW1w X3NlbmQ6IEFzc2VydGlvbiBgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9kaXNj b25uZWN0ZWQgfHwgZXYtPnN0YXRlID09IHFtcF9zdGF0ZV9jb25uZWN0ZWQn IGZhaWxlZC4KCk9uY2UgaW5pdGlhbGlzZWQsIGBkc3BzJyBhbHNvIG5lZWRz IHRvIGJlIGRpc3Bvc2VkIG9mIGFzIHRoZSBgcW1wJwpzdGF0ZSBtaWdodCBz dGlsbCBiZSBpbiB0aGUgYENvbm5lY3RlZCcgc3RhdGUgaW4gdGhlIGNhbGxi YWNrIGZvcgpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGV2aWNlX21vZGVsKCku IFNvIHRoaXMgcGF0Y2ggYWRkcwpsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlz cG9zZSgpIHdoaWNoIGNhbiBiZSBjYWxsZWQgZnJvbSB0aGUgdHdvCnBsYWNl cyB3aGVyZSB3ZSBuZWVkIHRvIGRpc3Bvc2Ugb2YgYGRzcHMnLgoKUmVwb3J0 ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4KU2lnbmVkLW9m Zi1ieTogQW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5j b20+ClJldmlld2VkLWJ5OiBJYW4gSmFja3NvbiA8aXdqQHhlbnByb2plY3Qu b3JnPgpUZXN0ZWQtYnk6IE9sYWYgSGVyaW5nIDxvbGFmQGFlcGZsZS5kZT4K LS0tCiB0b29scy9saWJ4bC9saWJ4bF9jcmVhdGUuYyAgICAgIHwgMTEgKysr KysrKystLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMgfCAx NSArKysrKysrKysrKy0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFs LmggICAgfCAgMiArKwogMyBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25z KCspLCA3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhs L2xpYnhsX2NyZWF0ZS5jIGIvdG9vbHMvbGlieGwvbGlieGxfY3JlYXRlLmMK aW5kZXggMjgxNDgxOGUzNC4uODNiMGViMDBiZiAxMDA2NDQKLS0tIGEvdG9v bHMvbGlieGwvbGlieGxfY3JlYXRlLmMKKysrIGIvdG9vbHMvbGlieGwvbGli eGxfY3JlYXRlLmMKQEAgLTIxNzQsOSArMjE3NCw3IEBAIHN0YXRpYyBpbnQg ZG9fZG9tYWluX3NvZnRfcmVzZXQobGlieGxfY3R4ICpjdHgsCiAgICAgc3Rh dGUtPmNvbnNvbGVfdHR5ID0gbGlieGxfX3N0cmR1cChnYywgY29uc29sZV90 dHkpOwogCiAgICAgZHNzLT5hbyA9IGFvOwotICAgIGRzcy0+ZG9taWQgPSBk c3MtPmRzcHMuZG9taWQgPSBkb21pZDsKLSAgICBkc3MtPmRzcHMuZG1fc2F2 ZWZpbGUgPSBHQ1NQUklOVEYoTElCWExfREVWSUNFX01PREVMX1NBVkVfRklM RSIuJWQiLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBkb21pZCk7CisgICAgZHNzLT5kb21pZCA9IGRvbWlkOwogCiAgICAgcmMg PSBsaWJ4bF9fc2F2ZV9lbXVsYXRvcl94ZW5zdG9yZV9kYXRhKGRzcywgJnNy cy0+dG9vbHN0YWNrX2J1ZiwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgJnNycy0+dG9vbHN0YWNrX2xlbik7CkBAIC0y MTg2LDYgKzIxODQsMTEgQEAgc3RhdGljIGludCBkb19kb21haW5fc29mdF9y ZXNldChsaWJ4bF9jdHggKmN0eCwKICAgICB9CiAKICAgICBkc3MtPmRzcHMu YW8gPSBhbzsKKyAgICBkc3MtPmRzcHMuZG9taWQgPSBkb21pZDsKKyAgICBk c3MtPmRzcHMubGl2ZSA9IGZhbHNlOworICAgIHJjID0gbGlieGxfX2RvbWFp bl9zdXNwZW5kX2luaXQoZWdjLCAmZHNzLT5kc3BzLCBkX2NvbmZpZy0+Yl9p bmZvLnR5cGUpOworICAgIGlmIChyYykKKyAgICAgICAgZ290byBvdXQ7CiAg ICAgZHNzLT5kc3BzLmNhbGxiYWNrX2RldmljZV9tb2RlbF9kb25lID0gc29m dF9yZXNldF9kbV9zdXNwZW5kZWQ7CiAgICAgbGlieGxfX2RvbWFpbl9zdXNw ZW5kX2RldmljZV9tb2RlbChlZ2MsICZkc3MtPmRzcHMpOyAvKiBtdXN0IGJl IGxhc3QgKi8KIApAQCAtMjIwNCw2ICsyMjA3LDggQEAgc3RhdGljIHZvaWQg c29mdF9yZXNldF9kbV9zdXNwZW5kZWQobGlieGxfX2VnYyAqZWdjLAogICAg ICAgICBDT05UQUlORVJfT0YoZHNwcywgKnNycywgZHNzLmRzcHMpOwogICAg IGxpYnhsX19hcHBfZG9tYWluX2NyZWF0ZV9zdGF0ZSAqY2RjcyA9ICZzcnMt PmNkY3M7CiAKKyAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfZGlzcG9zZShn YywgZHNwcyk7CisKICAgICAvKgogICAgICAqIEFzayBhbGwgYmFja2VuZHMg dG8gZGlzY29ubmVjdCBieSByZW1vdmluZyB0aGUgZG9tYWluIGZyb20KICAg ICAgKiB4ZW5zdG9yZS4gT24gdGhlIGNyZWF0aW9uIHBhdGggdGhlIGRvbWFp biB3aWxsIGJlIGludHJvZHVjZWQgdG8KZGlmZiAtLWdpdCBhL3Rvb2xzL2xp YnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMgYi90b29scy9saWJ4bC9saWJ4bF9k b21fc3VzcGVuZC5jCmluZGV4IDI1ZDE1NzE4OTUuLjJhMjgwZjY5YTEgMTAw NjQ0Ci0tLSBhL3Rvb2xzL2xpYnhsL2xpYnhsX2RvbV9zdXNwZW5kLmMKKysr IGIvdG9vbHMvbGlieGwvbGlieGxfZG9tX3N1c3BlbmQuYwpAQCAtNjcsNiAr NjcsMTYgQEAgb3V0OgogICAgIHJldHVybiByYzsKIH0KIAordm9pZCBsaWJ4 bF9fZG9tYWluX3N1c3BlbmRfZGlzcG9zZShsaWJ4bF9fZ2MgKmdjLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsaWJ4bF9fZG9tYWlu X3N1c3BlbmRfc3RhdGUgICpkc3BzKQoreworICAgIGxpYnhsX194c3dhaXRf c3RvcChnYywgJmRzcHMtPnB2Y29udHJvbCk7CisgICAgbGlieGxfX2V2X2V2 dGNobl9jYW5jZWwoZ2MsICZkc3BzLT5ndWVzdF9ldnRjaG4pOworICAgIGxp YnhsX19ldl94c3dhdGNoX2RlcmVnaXN0ZXIoZ2MsICZkc3BzLT5ndWVzdF93 YXRjaCk7CisgICAgbGlieGxfX2V2X3RpbWVfZGVyZWdpc3RlcihnYywgJmRz cHMtPmd1ZXN0X3RpbWVvdXQpOworICAgIGxpYnhsX19ldl9xbXBfZGlzcG9z ZShnYywgJmRzcHMtPnFtcCk7Cit9CisKIC8qLS0tLS0gY2FsbGJhY2tzLCBj YWxsZWQgYnkgeGNfZG9tYWluX3NhdmUgLS0tLS0qLwogCiB2b2lkIGxpYnhs X19kb21haW5fc3VzcGVuZF9kZXZpY2VfbW9kZWwobGlieGxfX2VnYyAqZWdj LApAQCAtMzg4LDEwICszOTgsNyBAQCBzdGF0aWMgdm9pZCBkb21haW5fc3Vz cGVuZF9jb21tb25fZG9uZShsaWJ4bF9fZWdjICplZ2MsCiB7CiAgICAgRUdD X0dDOwogICAgIGFzc2VydCghbGlieGxfX3hzd2FpdF9pbnVzZSgmZHNwcy0+ cHZjb250cm9sKSk7Ci0gICAgbGlieGxfX2V2X2V2dGNobl9jYW5jZWwoZ2Ms ICZkc3BzLT5ndWVzdF9ldnRjaG4pOwotICAgIGxpYnhsX19ldl94c3dhdGNo X2RlcmVnaXN0ZXIoZ2MsICZkc3BzLT5ndWVzdF93YXRjaCk7Ci0gICAgbGli eGxfX2V2X3RpbWVfZGVyZWdpc3RlcihnYywgJmRzcHMtPmd1ZXN0X3RpbWVv dXQpOwotICAgIGxpYnhsX19ldl9xbXBfZGlzcG9zZShnYywgJmRzcHMtPnFt cCk7CisgICAgbGlieGxfX2RvbWFpbl9zdXNwZW5kX2Rpc3Bvc2UoZ2MsIGRz cHMpOwogICAgIGRzcHMtPmNhbGxiYWNrX2NvbW1vbl9kb25lKGVnYywgZHNw cywgcmMpOwogfQogCmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9p bnRlcm5hbC5oIGIvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaAppbmRl eCA5NGEyMzE3OWQzLi4zYmMzYmJjZjg0IDEwMDY0NAotLS0gYS90b29scy9s aWJ4bC9saWJ4bF9pbnRlcm5hbC5oCisrKyBiL3Rvb2xzL2xpYnhsL2xpYnhs X2ludGVybmFsLmgKQEAgLTM2MTUsNiArMzYxNSw4IEBAIHN0cnVjdCBsaWJ4 bF9fZG9tYWluX3N1c3BlbmRfc3RhdGUgewogaW50IGxpYnhsX19kb21haW5f c3VzcGVuZF9pbml0KGxpYnhsX19lZ2MgKmVnYywKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBsaWJ4bF9fZG9tYWluX3N1c3BlbmRfc3RhdGUg KmRzcHMsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbGlieGxf ZG9tYWluX3R5cGUgdHlwZSk7Cit2b2lkIGxpYnhsX19kb21haW5fc3VzcGVu ZF9kaXNwb3NlKGxpYnhsX19nYyAqZ2MsCisgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGxpYnhsX19kb21haW5fc3VzcGVuZF9zdGF0ZSAg KmRzcHMpOwogCiAvKiBjYWxscyBkc3BzLT5jYWxsYmFja19kZXZpY2VfbW9k ZWxfZG9uZSB3aGVuIGRvbmUKICAqIG1heSBzeW5jaHJvbm91c2x5IGNhbGxz IHRoaXMgY2FsbGJhY2sgKi8KLS0gCjIuMzAuMQoK --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Mar 22 15:59:56 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Mar 2021 15:59:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.100290.191049 (Exim 4.92) (envelope-from ) id 1lOMxh-00081P-8U; Mon, 22 Mar 2021 15:59:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 100290.191049; Mon, 22 Mar 2021 15:59:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lOMxh-00081I-4u; Mon, 22 Mar 2021 15:59:25 +0000 Received: by outflank-mailman (input) for mailman id 100290; Mon, 22 Mar 2021 15:47:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lOMlo-0006rj-9W for xen-announce@lists.xenproject.org; Mon, 22 Mar 2021 15:47:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lOMlo-0006VI-6O for xen-announce@lists.xenproject.org; Mon, 22 Mar 2021 15:47:08 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1lOMlo-0007Za-5G for xen-announce@lists.xenproject.org; Mon, 22 Mar 2021 15:47:08 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1lOMlm-0000SU-Dc; Mon, 22 Mar 2021 15:47:06 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=Subject:CC:To:Date:Message-ID: Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=QFVieVe62zkpf8DxrvcbVuPF/MGQ0CiXLe0qGXhW0ek=; b=cmcsQ6bt3tOplT+Csjxg7G1pyC 5P3MJsfZ994ErY6rHPvs6aqofl2nHmvUdbNtWkf/ExhLzjsa335NN7/KaiUumNC1XRPjsjkiwyItC Nr5AnXsngo4Gjt0GBPmT3WsYLwc0+IkwYk9UQK+eTTKNpYnslgZ7fsmgXoT/mEh20SUU=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24664.48122.241503.647432@mariner.uk.xensource.com> Date: Mon, 22 Mar 2021 15:47:06 +0000 To: xen-announce@lists.xenproject.org CC: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Xen 4.15 RC4 From: Ian Jackson Date: Mon, 15 Mar 2021 12:14:51 +0000 Xen 4.15 RC4 is now available. It is available from git: git clone https://xenbits.xenproject.org/git-http/xen.git -b 4.15.0-rc4 For your convenience a tarball is available: https://downloads.xenproject.org/release/xen/4.15.0-rc4/xen-4.15.0-rc4.tar.gz https://downloads.xenproject.org/release/xen/4.15.0-rc4/xen-4.15.0-rc4.tar.gz.sig Please send bug reports and test reports to xen-devel@lists.xenproject.org. When sending bug reports, please CC relevant maintainers and me (iwj@xenproject.org). I will send an update on the state of the release fairly soon. Ian. From xen-announce-bounces@lists.xenproject.org Mon Mar 29 14:12:53 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Mar 2021 14:12:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.103021.196664 (Exim 4.92) (envelope-from ) id 1lQsd8-00019b-7g; Mon, 29 Mar 2021 14:12:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 103021.196664; Mon, 29 Mar 2021 14:12:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lQsd8-00019P-2y; Mon, 29 Mar 2021 14:12:34 +0000 Received: by outflank-mailman (input) for mailman id 103021; Mon, 29 Mar 2021 14:10:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lQsay-0000e9-D7 for xen-announce@lists.xenproject.org; Mon, 29 Mar 2021 14:10:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lQsay-0006wn-6l for xen-announce@lists.xenproject.org; Mon, 29 Mar 2021 14:10:20 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1lQsay-0004gC-4G for xen-announce@lists.xenproject.org; Mon, 29 Mar 2021 14:10:20 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1lQsaw-0001lF-Cc; Mon, 29 Mar 2021 15:10:18 +0100 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=Subject:CC:To:Date:Message-ID: Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=KlRdUK1U4mJ2FB4CumiP+oB77O33dsxlKoyL1MmCPyU=; b=w2fvo70gOvj3xi9NvC3SpUdXNT VXlw6x7pL9u+UTxULaj9ckb92g+/ya2dUWplq1fw4W+k3houWVM3U/vltlsAkjpR//mCgcH3EvUqW sme5pkKMzq58kl+/LHHyhxV7JJEKrEOqD/WelKq1ux9ecGeFo4HGFH0K1vJh6MlQoriM=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <24673.57290.133130.448247@mariner.uk.xensource.com> Date: Mon, 29 Mar 2021 15:10:18 +0100 To: xen-announce@lists.xenproject.org CC: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Xen 4.15 RC5 Xen 4.15 RC5 is now available. It is available from git: git clone https://xenbits.xenproject.org/git-http/xen.git -b 4.15.0-rc5 For your convenience a tarball is available: https://downloads.xenproject.org/release/xen/4.15.0-rc5/xen-4.15.0-rc5.tar.gz https://downloads.xenproject.org/release/xen/4.15.0-rc5/xen-4.15.0-rc5.tar.gz.sig Please send bug reports and test reports to xen-devel@lists.xenproject.org. When sending bug reports, please CC relevant maintainers and me (iwj@xenproject.org). I am hoping that this will be the last RC. Please send any reports of serious bugs (or brown paper bag mistakes) quickly, or we may have to release without the fix. Thanks, Ian. From xen-announce-bounces@lists.xenproject.org Mon Mar 29 14:12:53 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Mar 2021 14:12:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.102951.196657 (Exim 4.92) (envelope-from ) id 1lQsd7-000194-TL; Mon, 29 Mar 2021 14:12:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 102951.196657; Mon, 29 Mar 2021 14:12:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lQsd7-00018x-Pj; Mon, 29 Mar 2021 14:12:33 +0000 Received: by outflank-mailman (input) for mailman id 102951; Mon, 29 Mar 2021 11:11:35 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lQpnz-0006qE-Lf for xen-announce@lists.xenproject.org; Mon, 29 Mar 2021 11:11:35 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 1d28439f-c7fa-419a-9a30-3e25f47a9dbd; Mon, 29 Mar 2021 11:11:34 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 7CD39B454; Mon, 29 Mar 2021 11:11:33 +0000 (UTC) X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 1d28439f-c7fa-419a-9a30-3e25f47a9dbd X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1617016293; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g0ufvfcK6pCGF1gqf8ZNOjSLsB+r2xUS5n9A5y63ipE=; b=n/8H+mwFqBqFI12fvV6EBU8j/4JAOua5hlEAjCUIBd0C3LfdZnkpQ/ouMmvoLi1YUE6HcE 2ZgLsQlobhFvQSEnfsNYqX1/juAceTZME6pqoTuv25AG/QTRN44iNFEuYhf2fdAAcCzb5W nbok2nrGUaIIa8UeQbfpts7Yus4rTpI= From: Jan Beulich Subject: Xen 4.13.3 released To: xen-announce@lists.xenproject.org Cc: "xen-devel@lists.xenproject.org" Message-ID: <47e12a5f-173c-81ff-97be-d854c9d57527@suse.com> Date: Mon, 29 Mar 2021 13:11:34 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit All, I am pleased to announce the release of Xen 4.13.3. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.13 (tag RELEASE-4.13.3) or from the XenProject download page https://xenproject.org/downloads/xen-project-archives/xen-project-4-13-series/xen-project-4-13-3/ (where a list of changes can also be found). We recommend all users of the 4.13 stable series to update to this latest point release. Regards, Jan From xen-announce-bounces@lists.xenproject.org Tue Mar 30 12:02:25 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Mar 2021 12:02:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.103434.197366 (Exim 4.92) (envelope-from ) id 1lRD4O-0006GP-7Z; Tue, 30 Mar 2021 12:02:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 103434.197366; Tue, 30 Mar 2021 12:02:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lRD4O-0006GI-2v; Tue, 30 Mar 2021 12:02:04 +0000 Received: by outflank-mailman (input) for mailman id 103434; Tue, 30 Mar 2021 12:02:02 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lRD4M-0006BX-Dp for xen-announce@lists.xen.org; Tue, 30 Mar 2021 12:02:02 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 792c86ef-4c9b-43b5-8be2-c91b175898c9; Tue, 30 Mar 2021 12:01:50 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lRD3z-0003Uf-Uy; Tue, 30 Mar 2021 12:01:39 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1lRD3z-0005Dv-Rd; Tue, 30 Mar 2021 12:01:39 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 792c86ef-4c9b-43b5-8be2-c91b175898c9 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=NHPFu1XAUVlJbUfeISmXiuipVxaCU0mvsytRR5Xe7gc=; b=L9zjRtVYmmNayLh/y6MP7JX8ER I3AgjlvIFboC04oIQZxXoJCdQ6p9v41/TZqHZCwuH6RVenbOFaBtQ/Hk5ff3aFmmrBVM6C8AZzcms tAfIKTsKy8k/ZNv6aaLM1our1QttBgIeiQHanCx/DuDVXDuGGnwVpYwiAei6HHu3cC24=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 371 v3 (CVE-2021-28688) - Linux: blkback driver may leak persistent grants Message-Id: Date: Tue, 30 Mar 2021 12:01:39 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28688 / XSA-371 version 3 Linux: blkback driver may leak persistent grants UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. IMPACT ====== A malicious or buggy frontend driver may be able to cause resource leaks from the corresponding backend driver. This can result in a host-wide Denial of Sevice (DoS). VULNERABLE SYSTEMS ================== All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. MITIGATION ========== Reconfiguring guests to use alternative (e.g. qemu-based) backends may avoid the vulnerability. Avoiding the use of persistent grants will also avoid the vulnerability. This can be achieved by passing the "feature_persistent=0" module option to the xen-blkback driver. CREDITS ======= This issue was discovered by Nicolai Stange of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa371-linux.patch Linux 5.12-rc, 5.11.1 onwards, 5.10.18 onwards Linux 5.10.0 - 5.10.17, 5.11.0 Linux 4.4 - 5.9 Linux 3.11 - 4.3 $ sha256sum xsa371* 1b2472253aa82385b3eff280fa4adf52742f06813fc093f5f86cd4a3021f736c xsa371-linux.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. HOWEVER, deployment of the mitigations described above is NOT permitted during the embargo on public-facing systems with untrusted guest users and administrators. This is because such configuration changes may be recognizable by the affected guests. AND: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBjBWYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZbkQIAKjv5DaESSOUA8DzOk4LmBZQHIMtTsN2wF2Q0/6g 3hJ3HoGzQwul00eUem+sbAqrEKJAEGLrcWpAGlcp8jW5i+44dyHE4o4vDmUOLx/x eJGMKwhv2Xe7Us15Fh4ioOBtmO6/AH60Scbid3aZ6zlJiUEPwpotzD9Jm/nR+B/E /KRsXZ+dTIZpeke9vVXbml/nrq/xwvpAZrEGeXBg1FDUHNsGWEeqPFq2ZfygVw22 x5loXeb8cqIETuA3EJQ1fx0Ioqnh3Q85TtNTCTpZrKcrTqJX+lZTlrEn4iAaMvp1 Bp/Mu9dkFrIJaid0iwdJKk2STsROh5ZCXCOyFOo5LFvFoKE= =DlVS -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa371-linux.patch" Content-Disposition: attachment; filename="xsa371-linux.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ZW4tYmxrYmFjazogZG9uJ3QgbGVhayBwZXJzaXN0ZW50IGdyYW50cyBm cm9tIHhlbl9ibGtia19tYXAoKQoKVGhlIGZpeCBmb3IgWFNBLTM2NSB6YXBw ZWQgdG9vIG1hbnkgb2YgdGhlIC0+cGVyc2lzdGVudF9nbnRbXSBlbnRyaWVz LgpPbmVzIHN1Y2Nlc3NmdWxseSBvYnRhaW5lZCBzaG91bGQgbm90IGJlIG92 ZXJ3cml0dGVuLCBidXQgaW5zdGVhZCBsZWZ0CmZvciB4ZW5fYmxrYmtfdW5t YXBfcHJlcGFyZSgpIHRvIHBpY2sgdXAgYW5kIHB1dC4KClRoaXMgaXMgWFNB LTM3MS4KClJlcG9ydGVkLWJ5OiBOaWNvbGFpIFN0YW5nZSA8bnN0YW5nZUBz dXNlLmRlPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hA c3VzZS5jb20+CkNjOiBzdGFibGVAdmdlci5rZXJuZWwub3JnClJldmlld2Vk LWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ClJldmlld2Vk LWJ5OiBXZWkgTGl1IDx3bEB4ZW4ub3JnPgoKLS0tIGEvZHJpdmVycy9ibG9j ay94ZW4tYmxrYmFjay9ibGtiYWNrLmMKKysrIGIvZHJpdmVycy9ibG9jay94 ZW4tYmxrYmFjay9ibGtiYWNrLmMKQEAgLTg5MSw3ICs4OTEsNyBAQCBuZXh0 Ogogb3V0OgogCWZvciAoaSA9IGxhc3RfbWFwOyBpIDwgbnVtOyBpKyspIHsK IAkJLyogRG9uJ3QgemFwIGN1cnJlbnQgYmF0Y2gncyB2YWxpZCBwZXJzaXN0 ZW50IGdyYW50cy4gKi8KLQkJaWYoaSA+PSBsYXN0X21hcCArIHNlZ3NfdG9f bWFwKQorCQlpZihpID49IG1hcF91bnRpbCkKIAkJCXBhZ2VzW2ldLT5wZXJz aXN0ZW50X2dudCA9IE5VTEw7CiAJCXBhZ2VzW2ldLT5oYW5kbGUgPSBCTEtC QUNLX0lOVkFMSURfSEFORExFOwogCX0K --=separator--