From xen-announce-bounces@lists.xenproject.org Thu Dec 02 14:41:39 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Dec 2021 14:41:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.236632.410499 (Exim 4.92) (envelope-from ) id 1msnGn-0006yD-3X; Thu, 02 Dec 2021 14:41:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 236632.410499; Thu, 02 Dec 2021 14:41:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1msnGm-0006y4-VO; Thu, 02 Dec 2021 14:41:08 +0000 Received: by outflank-mailman (input) for mailman id 236632; Thu, 02 Dec 2021 14:41:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1msnGl-0006xy-NJ for xen-announce@lists.xenproject.org; Thu, 02 Dec 2021 14:41:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1msnGl-0002sl-Lj for xen-announce@lists.xenproject.org; Thu, 02 Dec 2021 14:41:07 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1msnGl-0004iJ-Ko for xen-announce@lists.xenproject.org; Thu, 02 Dec 2021 14:41:07 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1msnGg-0001cG-CA; Thu, 02 Dec 2021 14:41:02 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=Subject:CC:To:Date:Message-ID: Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=IdKijzTVza9VWjHs/w1KY38fWn3s9Wj3zBBWmEmfja0=; b=LAVEUZyFpxd1q1hrejfirCsl6f 5+5XU7/LrXsB+ZHVsJqqncU9J2T3QZHvlIItNNJVSLDrwt3dJC9F7S4fGSEjH65RuMhhnkL5+A+W6 LOxd5bMj0zHNQJ5VPQIhBCD1Dew+iVmeDVN639lgq27bTaR3LyQoVqXEn08RneTqEpuU=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <25000.56055.611856.335342@mariner.uk.xensource.com> Date: Thu, 2 Dec 2021 14:40:55 +0000 To: xen-announce@lists.xenproject.org CC: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Xen 4.16 is released Xen 4.16, the product of 9 months' work by the Xen Project community, is now released. You can find it here: git clone -b RELEASE-4.16.0 https://xenbits.xen.org/git-http/xen.git https://downloads.xenproject.org/release/xen/4.16.0/ For more information see the release notes: https://wiki.xenproject.org/wiki/Xen_Project_4.16_Release_Notes There is also the press release: https://xenproject.org/2021/04/08/xen-project-hypervisor-4-15/ Xen 4.16 has a number of improvements, ranging from cleanups to significant new features in a number of areas: https://wiki.xenproject.org/wiki/Xen_Project_4.16_Feature_List (reproduced below). Thanks and congratulations are due to all the people and organisations who have contributed. Well done, everyone! Ian. (Xen 4.16 Release Manager) Notable Features ================ This release has seen the increase in hardware support for both x86 and Arm, together with the addition of other improvements and features: • Miscellaneous fixes to the TPM manager software in preparation for TPM 2.0 support. • Increased reliance on the PV shim as 32-bit PV guests will only be supported in shim mode going forward. This change reduces the attack surface in the hypervisor. • Increased hardware support by allowing Xen to boot on Intel devices that lack a Programmable Interval Timer. • Cleanup of legacy components by no longer building QEMU Traditional or PV-Grub by default. Note both projects have upstream Xen support merged now, so it is no longer recommended to use the Xen specific forks. • Initial support for guest virtualized Performance Monitor Counters on Arm. • Improved support for dom0less mode by allowing the usage on Arm 64bit hardware with EFI firmware. • Improved support for Arm 64-bit heterogeneous systems by leveling the CPU features across all to improve big.LITTLE support. Features and improvements ========================= CI loop (gitlab CI) • 32-bit Arm builds. • Full system tests for x86. Ongoing activities ================== The Xen community has several interesting initiatives, where work is ongoing and is expected to bear fruit in forthcoming releases. Some of the highlights: Functional Safety ----------------- In collaboration with the Zephyr project and the MISRA consortium, the Xen FuSaSpecial Interest Group analyzed MISRA C rules in depth and defined a subset of rules that apply to Xen and will be tackled with the community. The SIG evaluated several static code analyzers to scan the Xen code base for MISRA Cviolations. The team started enhancing the Xen build system with the ability to run open source MISRA C checkers as part of the Xen build, so that for future releases Xen, contributors will be able to easily improve the quality of their patches. RISC-V Port ----------- RISC-V, an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles, is a free and open ISA enabling hardware designers to design simpler chips with a royalty-free ISA. The Xen community, led by sub-project XCP.ng, is working on a RISC-V Port for Xen. During this release cycle significant work has been ongoing internally in order to get dom0 booting on RISC-V hardware, focusing on introducing the functionality to allow interrupt management, together with other interfaces required for early boot code. VirtIO ------ The development of VirtIO support for Arm continued making progress, currently focusing on introducing a mechanism to ease the mapping of memory from remote domains by reporting memory regions of the domain currently unused. Further work has also been done in order to improve the toolstack support to handle VirtIO block devices. Zephyr RTOS ----------- As a result of collaboration between the Zephyr and Xen projects, starting version 2.7.0, Zephyr RTOS supports some basic Xen specific features allowing it to run on Xen. With further Xen enhancements on review and development: grant tables, XenBus and starting Zephyr as Domain-0, Xen is getting closer to a full implementation of a RTOS-based "thin dom0" targeting Embedded and Safety use cases. From xen-announce-bounces@lists.xenproject.org Thu Dec 02 15:20:46 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 02 Dec 2021 15:20:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.236715.410596 (Exim 4.92) (envelope-from ) id 1msnsi-0007qa-2Q; Thu, 02 Dec 2021 15:20:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 236715.410596; Thu, 02 Dec 2021 15:20:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1msnsh-0007qR-Si; Thu, 02 Dec 2021 15:20:19 +0000 Received: by outflank-mailman (input) for mailman id 236715; Thu, 02 Dec 2021 15:20:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1msnsg-0007q5-EL for xen-announce@lists.xenproject.org; Thu, 02 Dec 2021 15:20:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1msnsg-0003Za-Ay for xen-announce@lists.xenproject.org; Thu, 02 Dec 2021 15:20:18 +0000 Received: from iwj (helo=mariner.uk.xensource.com) by xenbits.xenproject.org with local-bsmtp (Exim 4.92) (envelope-from ) id 1msnsg-0008II-9x for xen-announce@lists.xenproject.org; Thu, 02 Dec 2021 15:20:18 +0000 Received: from iwj by mariner.uk.xensource.com with local (Exim 4.89) (envelope-from ) id 1msnsL-0001jd-4x; Thu, 02 Dec 2021 15:19:57 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xenproject.org; s=20200302mail; h=References:In-Reply-To:Subject:Cc:To:Date :Message-ID:Content-Transfer-Encoding:Content-Type:MIME-Version:From; bh=O6b2fLLa0NvKYldrbNUtChOHahKwWxiz8PzvcVfhC5Y=; b=p/hFAHHaORXgDZnu/hXDsoJNPR aGu2w2FakKjZhOfX6DfQsnzcCyDlQr03i02ImOfvZJUm9CRJkFpswufu7IosHv+GxLhdBb4bNbr4L ja0hDZkgYl8NJ2kAb+LuitThQrS8SAr+sQLtKVEQf376U0vasluXhk1ZxfApr0vkmyvE=; From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <25000.58384.67916.802992@mariner.uk.xensource.com> Date: Thu, 2 Dec 2021 15:19:44 +0000 To: xen-announce@lists.xenproject.org Cc: xen-devel@lists.xenproject.org, xen-users@lists.xenproject.org Subject: Re: Xen 4.16 is released In-Reply-To: <25000.56055.611856.335342@mariner.uk.xensource.com> References: <25000.56055.611856.335342@mariner.uk.xensource.com> X-Mailer: VM 8.2.0b under 24.5.1 (i686-pc-linux-gnu) Correction: I wrote: > Xen 4.16, the product of 9 months' work by the Xen Project community, > is now released. > > You can find it here: > git clone -b RELEASE-4.16.0 https://xenbits.xen.org/git-http/xen.git > https://downloads.xenproject.org/release/xen/4.16.0/ > For more information see the release notes: > https://wiki.xenproject.org/wiki/Xen_Project_4.16_Release_Notes > There is also the press release: This should have instead linked to the blog post: https://xenproject.org/2021/12/02/xen-project-ships-version-4-16-with-focus-on-improved-performance-security-and-hardware-support/ > Xen 4.16 has a number of improvements, ranging from cleanups to > significant new features in a number of areas: > https://wiki.xenproject.org/wiki/Xen_Project_4.16_Feature_List > (reproduced below). > > Thanks and congratulations are due to all the people and organisations > who have contributed. Well done, everyone! Ian. (Xen 4.16 Release Manager) From xen-announce-bounces@lists.xenproject.org Mon Dec 20 12:03:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 20 Dec 2021 12:03:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.249607.430030 (Exim 4.92) (envelope-from ) id 1mzHNg-0001os-Vg; Mon, 20 Dec 2021 12:03:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 249607.430030; Mon, 20 Dec 2021 12:03:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHNg-0001ol-SD; Mon, 20 Dec 2021 12:03:04 +0000 Received: by outflank-mailman (input) for mailman id 249607; Mon, 20 Dec 2021 12:03:04 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHNg-0001of-Bg for xen-announce@lists.xen.org; Mon, 20 Dec 2021 12:03:04 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c6667e80-618c-11ec-9e60-abaf8a552007; Mon, 20 Dec 2021 13:03:02 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHNS-0003uF-GG; Mon, 20 Dec 2021 12:02:50 +0000 Received: from julieng by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mzHNS-0001sS-ET; Mon, 20 Dec 2021 12:02:50 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: c6667e80-618c-11ec-9e60-abaf8a552007 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=6BgNg28SI0s4sHVA7BGjvIm38wGcrHCuw5I+hdnWL+0=; b=4fYTwlkfU8bRO8FQ3SAmexRmXG 4SBU+P0elAzk3jh+TBftM966KYeguYhwzA3xx1tPJmCTwYoghsLB1FTCtq7acDCLx6rGoxihH3YKq Qb19oHiHBQr5hraLO3uFaUj7vOHpc8ZbpIP+b6OXXvwaAGfMfUU/29w/YZSa7cKq3VYo=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 391 v3 (CVE-2021-28711,CVE-2021-28712,CVE-2021-28713) - Rogue backends can cause DoS of guests via high frequency events Message-Id: Date: Mon, 20 Dec 2021 12:02:50 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28711,CVE-2021-28712,CVE-2021-28713 / XSA-391 version 3 Rogue backends can cause DoS of guests via high frequency events UPDATES IN VERSION 3 ==================== Public release ISSUE DESCRIPTION ================= Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 IMPACT ====== Potentially malicious PV backends can cause guest DoS due to unhardened frontends in the guests, even though this ought to have been prevented by containing them within a driver domain. VULNERABLE SYSTEMS ================== All guests being serviced by potentially malicious backends are vulnerable, even if those backends are running in a less privileged environment. The vulnerability is not affecting the host, but the guests. MITIGATION ========== There is no known mitigation available. RESOLUTION ========== Applying the attached patches resolves this issue. xsa391-linux-1.patch Linux 5.15 xsa391-linux-2.patch Linux 5.15 xsa391-linux-3.patch Linux 5.15 $ sha256sum xsa391* e55d3f15a85ff31e62a291981de89f7b0c08da807db9b2a6a2b9cbb2e29847cd xsa391-linux-1.patch 163fc4b9966768eb74e3bc1858a0b0254eff771898bd5f4d71806beeae0ffd2a xsa391-linux-2.patch de888abe8d11d3204b4033b304cf3d66104a65956089e23f1736db682d3cedc4 xsa391-linux-3.patch $ CREDITS ======= This issue was discovered by Jürgen Groß of SUSE. DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because the patches need to be applied to the guests, which will be visible by the guest administrators. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmG8srwMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZz/kH/RFI60D9qJnbNmDMgtbvihwn+jeHI0ejS7en8Ojf CL9QftZ2+YdyxjMISOHCCaWgUKQQyF/n9chF5sMMOkWRfUPL2TDPPKTmEnC9XMOq MYIftwT0OoMAVVhrRU3FZUZtpvTeQstofOYhBGhElmeEibYU+DbjKiv4agTEE3+8 9M3cxDk3Zw9cO1/6tU3kYtPkbxVP3r6kZQSHnpRnKLbABXWJB3Y02cX09tU//mV7 2REisCWKViLcKoupYTUOQHPWOD+VFE48mwKB4D9H9t9aTyn5PVjH/jVhiGrqbbic ia8a0AKi5F9l8xIKha81+TGIbjCY+HCuLbaShRDnaU9/2Qc= =wKo2 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa391-linux-1.patch" Content-Disposition: attachment; filename="xsa391-linux-1.patch" Content-Transfer-Encoding: base64 RnJvbSAyNmIyYmQxMDc3YjgxMWE1ZmFlOTJmZGQ5NTg2NzAzZmQ4MWE3YWQx IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFdlZCwgMSBEZWMgMjAyMSAxMzow MDowNCArMDEwMApTdWJqZWN0OiBbUEFUQ0ggMS8zXSB4ZW4vYmxrZnJvbnQ6 IGhhcmRlbiBibGtmcm9udCBhZ2FpbnN0IGV2ZW50IGNoYW5uZWwKIHN0b3Jt cwoKVGhlIFhlbiBibGtmcm9udCBkcml2ZXIgaXMgc3RpbGwgdnVsbmVyYWJs ZSBmb3IgYW4gYXR0YWNrIHZpYSBleGNlc3NpdmUKbnVtYmVyIG9mIGV2ZW50 cyBzZW50IGJ5IHRoZSBiYWNrZW5kLiBGaXggdGhhdCBieSB1c2luZyBsYXRl ZW9pIGV2ZW50CmNoYW5uZWxzLgoKVGhpcyBpcyBDVkUtMjAyMS0yODcxMSwg cGFydCBvZiBYU0EtMzkxCgpTaWduZWQtb2ZmLWJ5OiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8 amJldWxpY2hAc3VzZS5jb20+Ci0tLQogZHJpdmVycy9ibG9jay94ZW4tYmxr ZnJvbnQuYyB8IDE1ICsrKysrKysrKysrKy0tLQogMSBmaWxlIGNoYW5nZWQs IDEyIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvZHJpdmVycy9ibG9jay94ZW4tYmxrZnJvbnQuYyBiL2RyaXZlcnMvYmxv Y2sveGVuLWJsa2Zyb250LmMKaW5kZXggOGUzOTgzZTQ1NmYzLi4yODZjZjFh ZmFkNzggMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvYmxvY2sveGVuLWJsa2Zyb250 LmMKKysrIGIvZHJpdmVycy9ibG9jay94ZW4tYmxrZnJvbnQuYwpAQCAtMTUx Miw5ICsxNTEyLDEyIEBAIHN0YXRpYyBpcnFyZXR1cm5fdCBibGtpZl9pbnRl cnJ1cHQoaW50IGlycSwgdm9pZCAqZGV2X2lkKQogCXVuc2lnbmVkIGxvbmcg ZmxhZ3M7CiAJc3RydWN0IGJsa2Zyb250X3JpbmdfaW5mbyAqcmluZm8gPSAo c3RydWN0IGJsa2Zyb250X3JpbmdfaW5mbyAqKWRldl9pZDsKIAlzdHJ1Y3Qg YmxrZnJvbnRfaW5mbyAqaW5mbyA9IHJpbmZvLT5kZXZfaW5mbzsKKwl1bnNp Z25lZCBpbnQgZW9pZmxhZyA9IFhFTl9FT0lfRkxBR19TUFVSSU9VUzsKIAot CWlmICh1bmxpa2VseShpbmZvLT5jb25uZWN0ZWQgIT0gQkxLSUZfU1RBVEVf Q09OTkVDVEVEKSkKKwlpZiAodW5saWtlbHkoaW5mby0+Y29ubmVjdGVkICE9 IEJMS0lGX1NUQVRFX0NPTk5FQ1RFRCkpIHsKKwkJeGVuX2lycV9sYXRlZW9p KGlycSwgWEVOX0VPSV9GTEFHX1NQVVJJT1VTKTsKIAkJcmV0dXJuIElSUV9I QU5ETEVEOworCX0KIAogCXNwaW5fbG9ja19pcnFzYXZlKCZyaW5mby0+cmlu Z19sb2NrLCBmbGFncyk7CiAgYWdhaW46CkBAIC0xNTMwLDYgKzE1MzMsOCBA QCBzdGF0aWMgaXJxcmV0dXJuX3QgYmxraWZfaW50ZXJydXB0KGludCBpcnEs IHZvaWQgKmRldl9pZCkKIAkJdW5zaWduZWQgbG9uZyBpZDsKIAkJdW5zaWdu ZWQgaW50IG9wOwogCisJCWVvaWZsYWcgPSAwOworCiAJCVJJTkdfQ09QWV9S RVNQT05TRSgmcmluZm8tPnJpbmcsIGksICZicmV0KTsKIAkJaWQgPSBicmV0 LmlkOwogCkBAIC0xNjQ2LDYgKzE2NTEsOCBAQCBzdGF0aWMgaXJxcmV0dXJu X3QgYmxraWZfaW50ZXJydXB0KGludCBpcnEsIHZvaWQgKmRldl9pZCkKIAog CXNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJnJpbmZvLT5yaW5nX2xvY2ssIGZs YWdzKTsKIAorCXhlbl9pcnFfbGF0ZWVvaShpcnEsIGVvaWZsYWcpOworCiAJ cmV0dXJuIElSUV9IQU5ETEVEOwogCiAgZXJyOgpAQCAtMTY1Myw2ICsxNjYw LDggQEAgc3RhdGljIGlycXJldHVybl90IGJsa2lmX2ludGVycnVwdChpbnQg aXJxLCB2b2lkICpkZXZfaWQpCiAKIAlzcGluX3VubG9ja19pcnFyZXN0b3Jl KCZyaW5mby0+cmluZ19sb2NrLCBmbGFncyk7CiAKKwkvKiBObyBFT0kgaW4g b3JkZXIgdG8gYXZvaWQgZnVydGhlciBpbnRlcnJ1cHRzLiAqLworCiAJcHJf YWxlcnQoIiVzIGRpc2FibGVkIGZvciBmdXJ0aGVyIHVzZVxuIiwgaW5mby0+ Z2QtPmRpc2tfbmFtZSk7CiAJcmV0dXJuIElSUV9IQU5ETEVEOwogfQpAQCAt MTY5Miw4ICsxNzAxLDggQEAgc3RhdGljIGludCBzZXR1cF9ibGtyaW5nKHN0 cnVjdCB4ZW5idXNfZGV2aWNlICpkZXYsCiAJaWYgKGVycikKIAkJZ290byBm YWlsOwogCi0JZXJyID0gYmluZF9ldnRjaG5fdG9faXJxaGFuZGxlcihyaW5m by0+ZXZ0Y2huLCBibGtpZl9pbnRlcnJ1cHQsIDAsCi0JCQkJCSJibGtpZiIs IHJpbmZvKTsKKwllcnIgPSBiaW5kX2V2dGNobl90b19pcnFoYW5kbGVyX2xh dGVlb2kocmluZm8tPmV2dGNobiwgYmxraWZfaW50ZXJydXB0LAorCQkJCQkJ MCwgImJsa2lmIiwgcmluZm8pOwogCWlmIChlcnIgPD0gMCkgewogCQl4ZW5i dXNfZGV2X2ZhdGFsKGRldiwgZXJyLAogCQkJCSAiYmluZF9ldnRjaG5fdG9f aXJxaGFuZGxlciBmYWlsZWQiKTsKLS0gCjIuMjYuMgoK --=separator Content-Type: application/octet-stream; name="xsa391-linux-2.patch" Content-Disposition: attachment; filename="xsa391-linux-2.patch" Content-Transfer-Encoding: base64 RnJvbSA4MDVlNjMwMmVlMzgzMTNkNmM0ZTYxNjIzMzJlYzNhNjY4MmNhMDY4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFdlZCwgMSBEZWMgMjAyMSAxMzow MDowNCArMDEwMApTdWJqZWN0OiBbUEFUQ0ggMi8zXSB4ZW4vbmV0ZnJvbnQ6 IGhhcmRlbiBuZXRmcm9udCBhZ2FpbnN0IGV2ZW50IGNoYW5uZWwKIHN0b3Jt cwoKVGhlIFhlbiBuZXRmcm9udCBkcml2ZXIgaXMgc3RpbGwgdnVsbmVyYWJs ZSBmb3IgYW4gYXR0YWNrIHZpYSBleGNlc3NpdmUKbnVtYmVyIG9mIGV2ZW50 cyBzZW50IGJ5IHRoZSBiYWNrZW5kLiBGaXggdGhhdCBieSB1c2luZyBsYXRl ZW9pIGV2ZW50CmNoYW5uZWxzLgoKRm9yIGJlaW5nIGFibGUgdG8gZGV0ZWN0 IHRoZSBjYXNlIG9mIG5vIHJ4IHJlc3BvbnNlcyBiZWluZyBhZGRlZCB3aGls ZQp0aGUgY2FycmllciBpcyBkb3duIGEgbmV3IGxvY2sgaXMgbmVlZGVkIGlu IG9yZGVyIHRvIHVwZGF0ZSBhbmQgdGVzdApyc3BfY29ucyBhbmQgdGhlIG51 bWJlciBvZiBzZWVuIHVuY29uc3VtZWQgcmVzcG9uc2VzIGF0b21pY2FsbHku CgpUaGlzIGlzIENWRS0yMDIxLTI4NzEyLCBwYXJ0IG9mIFhTQS0zOTEKClNp Z25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K LS0tCiBkcml2ZXJzL25ldC94ZW4tbmV0ZnJvbnQuYyB8IDEyNSArKysrKysr KysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdl ZCwgOTQgaW5zZXJ0aW9ucygrKSwgMzEgZGVsZXRpb25zKC0pCgpkaWZmIC0t Z2l0IGEvZHJpdmVycy9uZXQveGVuLW5ldGZyb250LmMgYi9kcml2ZXJzL25l dC94ZW4tbmV0ZnJvbnQuYwppbmRleCA5MTFmNDM5ODZhOGMuLmQ1MTRkOTYw MjdhNiAxMDA2NDQKLS0tIGEvZHJpdmVycy9uZXQveGVuLW5ldGZyb250LmMK KysrIGIvZHJpdmVycy9uZXQveGVuLW5ldGZyb250LmMKQEAgLTE0OCw2ICsx NDgsOSBAQCBzdHJ1Y3QgbmV0ZnJvbnRfcXVldWUgewogCWdyYW50X3JlZl90 IGdyZWZfcnhfaGVhZDsKIAlncmFudF9yZWZfdCBncmFudF9yeF9yZWZbTkVU X1JYX1JJTkdfU0laRV07CiAKKwl1bnNpZ25lZCBpbnQgcnhfcnNwX3VuY29u c3VtZWQ7CisJc3BpbmxvY2tfdCByeF9jb25zX2xvY2s7CisKIAlzdHJ1Y3Qg cGFnZV9wb29sICpwYWdlX3Bvb2w7CiAJc3RydWN0IHhkcF9yeHFfaW5mbyB4 ZHBfcnhxOwogfTsKQEAgLTM3NiwxMiArMzc5LDEzIEBAIHN0YXRpYyBpbnQg eGVubmV0X29wZW4oc3RydWN0IG5ldF9kZXZpY2UgKmRldikKIAlyZXR1cm4g MDsKIH0KIAotc3RhdGljIHZvaWQgeGVubmV0X3R4X2J1Zl9nYyhzdHJ1Y3Qg bmV0ZnJvbnRfcXVldWUgKnF1ZXVlKQorc3RhdGljIGJvb2wgeGVubmV0X3R4 X2J1Zl9nYyhzdHJ1Y3QgbmV0ZnJvbnRfcXVldWUgKnF1ZXVlKQogewogCVJJ TkdfSURYIGNvbnMsIHByb2Q7CiAJdW5zaWduZWQgc2hvcnQgaWQ7CiAJc3Ry dWN0IHNrX2J1ZmYgKnNrYjsKIAlib29sIG1vcmVfdG9fZG87CisJYm9vbCB3 b3JrX2RvbmUgPSBmYWxzZTsKIAljb25zdCBzdHJ1Y3QgZGV2aWNlICpkZXYg PSAmcXVldWUtPmluZm8tPm5ldGRldi0+ZGV2OwogCiAJQlVHX09OKCFuZXRp Zl9jYXJyaWVyX29rKHF1ZXVlLT5pbmZvLT5uZXRkZXYpKTsKQEAgLTM5OCw2 ICs0MDIsOCBAQCBzdGF0aWMgdm9pZCB4ZW5uZXRfdHhfYnVmX2djKHN0cnVj dCBuZXRmcm9udF9xdWV1ZSAqcXVldWUpCiAJCWZvciAoY29ucyA9IHF1ZXVl LT50eC5yc3BfY29uczsgY29ucyAhPSBwcm9kOyBjb25zKyspIHsKIAkJCXN0 cnVjdCB4ZW5fbmV0aWZfdHhfcmVzcG9uc2UgdHhyc3A7CiAKKwkJCXdvcmtf ZG9uZSA9IHRydWU7CisKIAkJCVJJTkdfQ09QWV9SRVNQT05TRSgmcXVldWUt PnR4LCBjb25zLCAmdHhyc3ApOwogCQkJaWYgKHR4cnNwLnN0YXR1cyA9PSBY RU5fTkVUSUZfUlNQX05VTEwpCiAJCQkJY29udGludWU7CkBAIC00NDEsMTEg KzQ0NywxMyBAQCBzdGF0aWMgdm9pZCB4ZW5uZXRfdHhfYnVmX2djKHN0cnVj dCBuZXRmcm9udF9xdWV1ZSAqcXVldWUpCiAKIAl4ZW5uZXRfbWF5YmVfd2Fr ZV90eChxdWV1ZSk7CiAKLQlyZXR1cm47CisJcmV0dXJuIHdvcmtfZG9uZTsK IAogIGVycjoKIAlxdWV1ZS0+aW5mby0+YnJva2VuID0gdHJ1ZTsKIAlkZXZf YWxlcnQoZGV2LCAiRGlzYWJsZWQgZm9yIGZ1cnRoZXIgdXNlXG4iKTsKKwor CXJldHVybiB3b3JrX2RvbmU7CiB9CiAKIHN0cnVjdCB4ZW5uZXRfZ250dGFi X21ha2VfdHhyZXEgewpAQCAtODM0LDYgKzg0MiwxNiBAQCBzdGF0aWMgaW50 IHhlbm5ldF9jbG9zZShzdHJ1Y3QgbmV0X2RldmljZSAqZGV2KQogCXJldHVy biAwOwogfQogCitzdGF0aWMgdm9pZCB4ZW5uZXRfc2V0X3J4X3JzcF9jb25z KHN0cnVjdCBuZXRmcm9udF9xdWV1ZSAqcXVldWUsIFJJTkdfSURYIHZhbCkK K3sKKwl1bnNpZ25lZCBsb25nIGZsYWdzOworCisJc3Bpbl9sb2NrX2lycXNh dmUoJnF1ZXVlLT5yeF9jb25zX2xvY2ssIGZsYWdzKTsKKwlxdWV1ZS0+cngu cnNwX2NvbnMgPSB2YWw7CisJcXVldWUtPnJ4X3JzcF91bmNvbnN1bWVkID0g UklOR19IQVNfVU5DT05TVU1FRF9SRVNQT05TRVMoJnF1ZXVlLT5yeCk7CisJ c3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgmcXVldWUtPnJ4X2NvbnNfbG9jaywg ZmxhZ3MpOworfQorCiBzdGF0aWMgdm9pZCB4ZW5uZXRfbW92ZV9yeF9zbG90 KHN0cnVjdCBuZXRmcm9udF9xdWV1ZSAqcXVldWUsIHN0cnVjdCBza19idWZm ICpza2IsCiAJCQkJZ3JhbnRfcmVmX3QgcmVmKQogewpAQCAtODg1LDcgKzkw Myw3IEBAIHN0YXRpYyBpbnQgeGVubmV0X2dldF9leHRyYXMoc3RydWN0IG5l dGZyb250X3F1ZXVlICpxdWV1ZSwKIAkJeGVubmV0X21vdmVfcnhfc2xvdChx dWV1ZSwgc2tiLCByZWYpOwogCX0gd2hpbGUgKGV4dHJhLmZsYWdzICYgWEVO X05FVElGX0VYVFJBX0ZMQUdfTU9SRSk7CiAKLQlxdWV1ZS0+cngucnNwX2Nv bnMgPSBjb25zOworCXhlbm5ldF9zZXRfcnhfcnNwX2NvbnMocXVldWUsIGNv bnMpOwogCXJldHVybiBlcnI7CiB9CiAKQEAgLTEwMzksNyArMTA1Nyw3IEBA IHN0YXRpYyBpbnQgeGVubmV0X2dldF9yZXNwb25zZXMoc3RydWN0IG5ldGZy b250X3F1ZXVlICpxdWV1ZSwKIAl9CiAKIAlpZiAodW5saWtlbHkoZXJyKSkK LQkJcXVldWUtPnJ4LnJzcF9jb25zID0gY29ucyArIHNsb3RzOworCQl4ZW5u ZXRfc2V0X3J4X3JzcF9jb25zKHF1ZXVlLCBjb25zICsgc2xvdHMpOwogCiAJ cmV0dXJuIGVycjsKIH0KQEAgLTEwOTMsNyArMTExMSw4IEBAIHN0YXRpYyBp bnQgeGVubmV0X2ZpbGxfZnJhZ3Moc3RydWN0IG5ldGZyb250X3F1ZXVlICpx dWV1ZSwKIAkJCV9fcHNrYl9wdWxsX3RhaWwoc2tiLCBwdWxsX3RvIC0gc2ti X2hlYWRsZW4oc2tiKSk7CiAJCX0KIAkJaWYgKHVubGlrZWx5KHNrYl9zaGlu Zm8oc2tiKS0+bnJfZnJhZ3MgPj0gTUFYX1NLQl9GUkFHUykpIHsKLQkJCXF1 ZXVlLT5yeC5yc3BfY29ucyA9ICsrY29ucyArIHNrYl9xdWV1ZV9sZW4obGlz dCk7CisJCQl4ZW5uZXRfc2V0X3J4X3JzcF9jb25zKHF1ZXVlLAorCQkJCQkg ICAgICAgKytjb25zICsgc2tiX3F1ZXVlX2xlbihsaXN0KSk7CiAJCQlrZnJl ZV9za2IobnNrYik7CiAJCQlyZXR1cm4gLUVOT0VOVDsKIAkJfQpAQCAtMTEw Niw3ICsxMTI1LDcgQEAgc3RhdGljIGludCB4ZW5uZXRfZmlsbF9mcmFncyhz dHJ1Y3QgbmV0ZnJvbnRfcXVldWUgKnF1ZXVlLAogCQlrZnJlZV9za2IobnNr Yik7CiAJfQogCi0JcXVldWUtPnJ4LnJzcF9jb25zID0gY29uczsKKwl4ZW5u ZXRfc2V0X3J4X3JzcF9jb25zKHF1ZXVlLCBjb25zKTsKIAogCXJldHVybiAw OwogfQpAQCAtMTIyOSw3ICsxMjQ4LDkgQEAgc3RhdGljIGludCB4ZW5uZXRf cG9sbChzdHJ1Y3QgbmFwaV9zdHJ1Y3QgKm5hcGksIGludCBidWRnZXQpCiAK IAkJCWlmICh1bmxpa2VseSh4ZW5uZXRfc2V0X3NrYl9nc28oc2tiLCBnc28p KSkgewogCQkJCV9fc2tiX3F1ZXVlX2hlYWQoJnRtcHEsIHNrYik7Ci0JCQkJ cXVldWUtPnJ4LnJzcF9jb25zICs9IHNrYl9xdWV1ZV9sZW4oJnRtcHEpOwor CQkJCXhlbm5ldF9zZXRfcnhfcnNwX2NvbnMocXVldWUsCisJCQkJCQkgICAg ICAgcXVldWUtPnJ4LnJzcF9jb25zICsKKwkJCQkJCSAgICAgICBza2JfcXVl dWVfbGVuKCZ0bXBxKSk7CiAJCQkJZ290byBlcnI7CiAJCQl9CiAJCX0KQEAg LTEyNTMsNyArMTI3NCw4IEBAIHN0YXRpYyBpbnQgeGVubmV0X3BvbGwoc3Ry dWN0IG5hcGlfc3RydWN0ICpuYXBpLCBpbnQgYnVkZ2V0KQogCiAJCV9fc2ti X3F1ZXVlX3RhaWwoJnJ4cSwgc2tiKTsKIAotCQlpID0gKytxdWV1ZS0+cngu cnNwX2NvbnM7CisJCWkgPSBxdWV1ZS0+cngucnNwX2NvbnMgKyAxOworCQl4 ZW5uZXRfc2V0X3J4X3JzcF9jb25zKHF1ZXVlLCBpKTsKIAkJd29ya19kb25l Kys7CiAJfQogCWlmIChuZWVkX3hkcF9mbHVzaCkKQEAgLTE0MTcsNDAgKzE0 MzksNzkgQEAgc3RhdGljIGludCB4ZW5uZXRfc2V0X2ZlYXR1cmVzKHN0cnVj dCBuZXRfZGV2aWNlICpkZXYsCiAJcmV0dXJuIDA7CiB9CiAKLXN0YXRpYyBp cnFyZXR1cm5fdCB4ZW5uZXRfdHhfaW50ZXJydXB0KGludCBpcnEsIHZvaWQg KmRldl9pZCkKK3N0YXRpYyBib29sIHhlbm5ldF9oYW5kbGVfdHgoc3RydWN0 IG5ldGZyb250X3F1ZXVlICpxdWV1ZSwgdW5zaWduZWQgaW50ICplb2kpCiB7 Ci0Jc3RydWN0IG5ldGZyb250X3F1ZXVlICpxdWV1ZSA9IGRldl9pZDsKIAl1 bnNpZ25lZCBsb25nIGZsYWdzOwogCi0JaWYgKHF1ZXVlLT5pbmZvLT5icm9r ZW4pCi0JCXJldHVybiBJUlFfSEFORExFRDsKKwlpZiAodW5saWtlbHkocXVl dWUtPmluZm8tPmJyb2tlbikpCisJCXJldHVybiBmYWxzZTsKIAogCXNwaW5f bG9ja19pcnFzYXZlKCZxdWV1ZS0+dHhfbG9jaywgZmxhZ3MpOwotCXhlbm5l dF90eF9idWZfZ2MocXVldWUpOworCWlmICh4ZW5uZXRfdHhfYnVmX2djKHF1 ZXVlKSkKKwkJKmVvaSA9IDA7CiAJc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgm cXVldWUtPnR4X2xvY2ssIGZsYWdzKTsKIAorCXJldHVybiB0cnVlOworfQor CitzdGF0aWMgaXJxcmV0dXJuX3QgeGVubmV0X3R4X2ludGVycnVwdChpbnQg aXJxLCB2b2lkICpkZXZfaWQpCit7CisJdW5zaWduZWQgaW50IGVvaWZsYWcg PSBYRU5fRU9JX0ZMQUdfU1BVUklPVVM7CisKKwlpZiAobGlrZWx5KHhlbm5l dF9oYW5kbGVfdHgoZGV2X2lkLCAmZW9pZmxhZykpKQorCQl4ZW5faXJxX2xh dGVlb2koaXJxLCBlb2lmbGFnKTsKKwogCXJldHVybiBJUlFfSEFORExFRDsK IH0KIAotc3RhdGljIGlycXJldHVybl90IHhlbm5ldF9yeF9pbnRlcnJ1cHQo aW50IGlycSwgdm9pZCAqZGV2X2lkKQorc3RhdGljIGJvb2wgeGVubmV0X2hh bmRsZV9yeChzdHJ1Y3QgbmV0ZnJvbnRfcXVldWUgKnF1ZXVlLCB1bnNpZ25l ZCBpbnQgKmVvaSkKIHsKLQlzdHJ1Y3QgbmV0ZnJvbnRfcXVldWUgKnF1ZXVl ID0gZGV2X2lkOwotCXN0cnVjdCBuZXRfZGV2aWNlICpkZXYgPSBxdWV1ZS0+ aW5mby0+bmV0ZGV2OworCXVuc2lnbmVkIGludCB3b3JrX3F1ZXVlZDsKKwl1 bnNpZ25lZCBsb25nIGZsYWdzOwogCi0JaWYgKHF1ZXVlLT5pbmZvLT5icm9r ZW4pCi0JCXJldHVybiBJUlFfSEFORExFRDsKKwlpZiAodW5saWtlbHkocXVl dWUtPmluZm8tPmJyb2tlbikpCisJCXJldHVybiBmYWxzZTsKKworCXNwaW5f bG9ja19pcnFzYXZlKCZxdWV1ZS0+cnhfY29uc19sb2NrLCBmbGFncyk7CisJ d29ya19xdWV1ZWQgPSBSSU5HX0hBU19VTkNPTlNVTUVEX1JFU1BPTlNFUygm cXVldWUtPnJ4KTsKKwlpZiAod29ya19xdWV1ZWQgPiBxdWV1ZS0+cnhfcnNw X3VuY29uc3VtZWQpIHsKKwkJcXVldWUtPnJ4X3JzcF91bmNvbnN1bWVkID0g d29ya19xdWV1ZWQ7CisJCSplb2kgPSAwOworCX0gZWxzZSBpZiAodW5saWtl bHkod29ya19xdWV1ZWQgPCBxdWV1ZS0+cnhfcnNwX3VuY29uc3VtZWQpKSB7 CisJCWNvbnN0IHN0cnVjdCBkZXZpY2UgKmRldiA9ICZxdWV1ZS0+aW5mby0+ bmV0ZGV2LT5kZXY7CisKKwkJc3Bpbl91bmxvY2tfaXJxcmVzdG9yZSgmcXVl dWUtPnJ4X2NvbnNfbG9jaywgZmxhZ3MpOworCQlkZXZfYWxlcnQoZGV2LCAi UlggcHJvZHVjZXIgaW5kZXggZ29pbmcgYmFja3dhcmRzXG4iKTsKKwkJZGV2 X2FsZXJ0KGRldiwgIkRpc2FibGVkIGZvciBmdXJ0aGVyIHVzZVxuIik7CisJ CXF1ZXVlLT5pbmZvLT5icm9rZW4gPSB0cnVlOworCQlyZXR1cm4gZmFsc2U7 CisJfQorCXNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJnF1ZXVlLT5yeF9jb25z X2xvY2ssIGZsYWdzKTsKIAotCWlmIChsaWtlbHkobmV0aWZfY2Fycmllcl9v ayhkZXYpICYmCi0JCSAgIFJJTkdfSEFTX1VOQ09OU1VNRURfUkVTUE9OU0VT KCZxdWV1ZS0+cngpKSkKKwlpZiAobGlrZWx5KG5ldGlmX2NhcnJpZXJfb2so cXVldWUtPmluZm8tPm5ldGRldikgJiYgd29ya19xdWV1ZWQpKQogCQluYXBp X3NjaGVkdWxlKCZxdWV1ZS0+bmFwaSk7CiAKKwlyZXR1cm4gdHJ1ZTsKK30K Kworc3RhdGljIGlycXJldHVybl90IHhlbm5ldF9yeF9pbnRlcnJ1cHQoaW50 IGlycSwgdm9pZCAqZGV2X2lkKQoreworCXVuc2lnbmVkIGludCBlb2lmbGFn ID0gWEVOX0VPSV9GTEFHX1NQVVJJT1VTOworCisJaWYgKGxpa2VseSh4ZW5u ZXRfaGFuZGxlX3J4KGRldl9pZCwgJmVvaWZsYWcpKSkKKwkJeGVuX2lycV9s YXRlZW9pKGlycSwgZW9pZmxhZyk7CisKIAlyZXR1cm4gSVJRX0hBTkRMRUQ7 CiB9CiAKIHN0YXRpYyBpcnFyZXR1cm5fdCB4ZW5uZXRfaW50ZXJydXB0KGlu dCBpcnEsIHZvaWQgKmRldl9pZCkKIHsKLQl4ZW5uZXRfdHhfaW50ZXJydXB0 KGlycSwgZGV2X2lkKTsKLQl4ZW5uZXRfcnhfaW50ZXJydXB0KGlycSwgZGV2 X2lkKTsKKwl1bnNpZ25lZCBpbnQgZW9pZmxhZyA9IFhFTl9FT0lfRkxBR19T UFVSSU9VUzsKKworCWlmICh4ZW5uZXRfaGFuZGxlX3R4KGRldl9pZCwgJmVv aWZsYWcpICYmCisJICAgIHhlbm5ldF9oYW5kbGVfcngoZGV2X2lkLCAmZW9p ZmxhZykpCisJCXhlbl9pcnFfbGF0ZWVvaShpcnEsIGVvaWZsYWcpOworCiAJ cmV0dXJuIElSUV9IQU5ETEVEOwogfQogCkBAIC0xNzY4LDkgKzE4MjksMTAg QEAgc3RhdGljIGludCBzZXR1cF9uZXRmcm9udF9zaW5nbGUoc3RydWN0IG5l dGZyb250X3F1ZXVlICpxdWV1ZSkKIAlpZiAoZXJyIDwgMCkKIAkJZ290byBm YWlsOwogCi0JZXJyID0gYmluZF9ldnRjaG5fdG9faXJxaGFuZGxlcihxdWV1 ZS0+dHhfZXZ0Y2huLAotCQkJCQl4ZW5uZXRfaW50ZXJydXB0LAotCQkJCQkw LCBxdWV1ZS0+aW5mby0+bmV0ZGV2LT5uYW1lLCBxdWV1ZSk7CisJZXJyID0g YmluZF9ldnRjaG5fdG9faXJxaGFuZGxlcl9sYXRlZW9pKHF1ZXVlLT50eF9l dnRjaG4sCisJCQkJCQl4ZW5uZXRfaW50ZXJydXB0LCAwLAorCQkJCQkJcXVl dWUtPmluZm8tPm5ldGRldi0+bmFtZSwKKwkJCQkJCXF1ZXVlKTsKIAlpZiAo ZXJyIDwgMCkKIAkJZ290byBiaW5kX2ZhaWw7CiAJcXVldWUtPnJ4X2V2dGNo biA9IHF1ZXVlLT50eF9ldnRjaG47CkBAIC0xNzk4LDE4ICsxODYwLDE4IEBA IHN0YXRpYyBpbnQgc2V0dXBfbmV0ZnJvbnRfc3BsaXQoc3RydWN0IG5ldGZy b250X3F1ZXVlICpxdWV1ZSkKIAogCXNucHJpbnRmKHF1ZXVlLT50eF9pcnFf bmFtZSwgc2l6ZW9mKHF1ZXVlLT50eF9pcnFfbmFtZSksCiAJCSAiJXMtdHgi LCBxdWV1ZS0+bmFtZSk7Ci0JZXJyID0gYmluZF9ldnRjaG5fdG9faXJxaGFu ZGxlcihxdWV1ZS0+dHhfZXZ0Y2huLAotCQkJCQl4ZW5uZXRfdHhfaW50ZXJy dXB0LAotCQkJCQkwLCBxdWV1ZS0+dHhfaXJxX25hbWUsIHF1ZXVlKTsKKwll cnIgPSBiaW5kX2V2dGNobl90b19pcnFoYW5kbGVyX2xhdGVlb2kocXVldWUt PnR4X2V2dGNobiwKKwkJCQkJCXhlbm5ldF90eF9pbnRlcnJ1cHQsIDAsCisJ CQkJCQlxdWV1ZS0+dHhfaXJxX25hbWUsIHF1ZXVlKTsKIAlpZiAoZXJyIDwg MCkKIAkJZ290byBiaW5kX3R4X2ZhaWw7CiAJcXVldWUtPnR4X2lycSA9IGVy cjsKIAogCXNucHJpbnRmKHF1ZXVlLT5yeF9pcnFfbmFtZSwgc2l6ZW9mKHF1 ZXVlLT5yeF9pcnFfbmFtZSksCiAJCSAiJXMtcngiLCBxdWV1ZS0+bmFtZSk7 Ci0JZXJyID0gYmluZF9ldnRjaG5fdG9faXJxaGFuZGxlcihxdWV1ZS0+cnhf ZXZ0Y2huLAotCQkJCQl4ZW5uZXRfcnhfaW50ZXJydXB0LAotCQkJCQkwLCBx dWV1ZS0+cnhfaXJxX25hbWUsIHF1ZXVlKTsKKwllcnIgPSBiaW5kX2V2dGNo bl90b19pcnFoYW5kbGVyX2xhdGVlb2kocXVldWUtPnJ4X2V2dGNobiwKKwkJ CQkJCXhlbm5ldF9yeF9pbnRlcnJ1cHQsIDAsCisJCQkJCQlxdWV1ZS0+cnhf aXJxX25hbWUsIHF1ZXVlKTsKIAlpZiAoZXJyIDwgMCkKIAkJZ290byBiaW5k X3J4X2ZhaWw7CiAJcXVldWUtPnJ4X2lycSA9IGVycjsKQEAgLTE5MTEsNiAr MTk3Myw3IEBAIHN0YXRpYyBpbnQgeGVubmV0X2luaXRfcXVldWUoc3RydWN0 IG5ldGZyb250X3F1ZXVlICpxdWV1ZSkKIAogCXNwaW5fbG9ja19pbml0KCZx dWV1ZS0+dHhfbG9jayk7CiAJc3Bpbl9sb2NrX2luaXQoJnF1ZXVlLT5yeF9s b2NrKTsKKwlzcGluX2xvY2tfaW5pdCgmcXVldWUtPnJ4X2NvbnNfbG9jayk7 CiAKIAl0aW1lcl9zZXR1cCgmcXVldWUtPnJ4X3JlZmlsbF90aW1lciwgcnhf cmVmaWxsX3RpbWVvdXQsIDApOwogCi0tIAoyLjI2LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa391-linux-3.patch" Content-Disposition: attachment; filename="xsa391-linux-3.patch" Content-Transfer-Encoding: base64 RnJvbSBhOTNkYmQwM2U4YTNlMmZhMGUxMDM5ZGVlMTIyZTQ3ODE5NzA4NzU5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFdlZCwgMSBEZWMgMjAyMSAxMzow MDowNCArMDEwMApTdWJqZWN0OiBbUEFUQ0ggMy8zXSB4ZW4vY29uc29sZTog aGFyZGVuIGh2Y194ZW4gYWdhaW5zdCBldmVudCBjaGFubmVsCiBzdG9ybXMK ClRoZSBYZW4gY29uc29sZSBkcml2ZXIgaXMgc3RpbGwgdnVsbmVyYWJsZSBm b3IgYW4gYXR0YWNrIHZpYSBleGNlc3NpdmUKbnVtYmVyIG9mIGV2ZW50cyBz ZW50IGJ5IHRoZSBiYWNrZW5kLiBGaXggdGhhdCBieSB1c2luZyBhIGxhdGVl b2kgZXZlbnQKY2hhbm5lbC4KCkZvciB0aGUgbm9ybWFsIGRvbVUgaW5pdGlh bCBjb25zb2xlIHRoaXMgcmVxdWlyZXMgdGhlIGludHJvZHVjdGlvbiBvZgpi aW5kX2V2dGNobl90b19pcnFfbGF0ZWVvaSgpIGFzIHRoZXJlIGlzIG5vIHhl bmJ1cyBkZXZpY2UgYXZhaWxhYmxlCmF0IHRoZSB0aW1lIHRoZSBldmVudCBj aGFubmVsIGlzIGJvdW5kIHRvIHRoZSBpcnEuCgpBcyB0aGUgZGVjaXNpb24g d2hldGhlciBhbiBpbnRlcnJ1cHQgd2FzIHNwdXJpb3VzIG9yIG5vdCByZXF1 aXJlcyB0bwp0ZXN0IGZvciBieXRlcyBoYXZpbmcgYmVlbiByZWFkIGZyb20g dGhlIGJhY2tlbmQsIG1vdmUgc2VuZGluZyB0aGUKZXZlbnQgaW50byB0aGUg aWYgc3RhdGVtZW50LCBhcyBzZW5kaW5nIGFuIGV2ZW50IHdpdGhvdXQgaGF2 aW5nIGZvdW5kCmFueSBieXRlcyB0byBiZSByZWFkIGlzIG1ha2luZyBubyBz ZW5zZSBhdCBhbGwuCgpUaGlzIGlzIENWRS0yMDIxLTI4NzEzLCBwYXJ0IG9m IFhTQS0zOTEKClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9z c0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KLS0tCiBkcml2ZXJzL3R0eS9odmMvaHZjX3hlbi5jICAg ICAgICB8IDMwICsrKysrKysrKysrKysrKysrKysrKysrKysrKy0tLQogZHJp dmVycy94ZW4vZXZlbnRzL2V2ZW50c19iYXNlLmMgfCAgNiArKysrKysKIGlu Y2x1ZGUveGVuL2V2ZW50cy5oICAgICAgICAgICAgIHwgIDEgKwogMyBmaWxl cyBjaGFuZ2VkLCAzNCBpbnNlcnRpb25zKCspLCAzIGRlbGV0aW9ucygtKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMvdHR5L2h2Yy9odmNfeGVuLmMgYi9kcml2 ZXJzL3R0eS9odmMvaHZjX3hlbi5jCmluZGV4IDcxZTBkZDJjMGNlNS4uZWJh Zjc1MDBmNDhmIDEwMDY0NAotLS0gYS9kcml2ZXJzL3R0eS9odmMvaHZjX3hl bi5jCisrKyBiL2RyaXZlcnMvdHR5L2h2Yy9odmNfeGVuLmMKQEAgLTM3LDYg KzM3LDggQEAgc3RydWN0IHhlbmNvbnNfaW5mbyB7CiAJc3RydWN0IHhlbmJ1 c19kZXZpY2UgKnhiZGV2OwogCXN0cnVjdCB4ZW5jb25zX2ludGVyZmFjZSAq aW50ZjsKIAl1bnNpZ25lZCBpbnQgZXZ0Y2huOworCVhFTkNPTlNfUklOR19J RFggb3V0X2NvbnM7CisJdW5zaWduZWQgaW50IG91dF9jb25zX3NhbWU7CiAJ c3RydWN0IGh2Y19zdHJ1Y3QgKmh2YzsKIAlpbnQgaXJxOwogCWludCB2dGVy bW5vOwpAQCAtMTM4LDYgKzE0MCw4IEBAIHN0YXRpYyBpbnQgZG9tVV9yZWFk X2NvbnNvbGUodWludDMyX3QgdnRlcm1ubywgY2hhciAqYnVmLCBpbnQgbGVu KQogCVhFTkNPTlNfUklOR19JRFggY29ucywgcHJvZDsKIAlpbnQgcmVjdiA9 IDA7CiAJc3RydWN0IHhlbmNvbnNfaW5mbyAqeGVuY29ucyA9IHZ0ZXJtbm9f dG9feGVuY29ucyh2dGVybW5vKTsKKwl1bnNpZ25lZCBpbnQgZW9pZmxhZyA9 IDA7CisKIAlpZiAoeGVuY29ucyA9PSBOVUxMKQogCQlyZXR1cm4gLUVJTlZB TDsKIAlpbnRmID0geGVuY29ucy0+aW50ZjsKQEAgLTE1Nyw3ICsxNjEsMjcg QEAgc3RhdGljIGludCBkb21VX3JlYWRfY29uc29sZSh1aW50MzJfdCB2dGVy bW5vLCBjaGFyICpidWYsIGludCBsZW4pCiAJbWIoKTsJCQkvKiByZWFkIHJp bmcgYmVmb3JlIGNvbnN1bWluZyAqLwogCWludGYtPmluX2NvbnMgPSBjb25z OwogCi0Jbm90aWZ5X2RhZW1vbih4ZW5jb25zKTsKKwkvKgorCSAqIFdoZW4g dG8gbWFyayBpbnRlcnJ1cHQgaGF2aW5nIGJlZW4gc3B1cmlvdXM6CisJICog LSB0aGVyZSB3YXMgbm8gbmV3IGRhdGEgdG8gYmUgcmVhZCwgYW5kCisJICog LSB0aGUgYmFja2VuZCBkaWQgbm90IGNvbnN1bWUgc29tZSBvdXRwdXQgYnl0 ZXMsIGFuZAorCSAqIC0gdGhlIHByZXZpb3VzIHJvdW5kIHdpdGggbm8gcmVh ZCBkYXRhIGRpZG4ndCBzZWUgY29uc3VtZWQgYnl0ZXMKKwkgKiAgICh3ZSBt aWdodCBoYXZlIGEgcmFjZSB3aXRoIGFuIGludGVycnVwdCBiZWluZyBpbiBm bGlnaHQgd2hpbGUKKwkgKiAgIHVwZGF0aW5nIHhlbmNvbnMtPm91dF9jb25z LCBzbyBhY2NvdW50IGZvciB0aGF0IGJ5IGFsbG93aW5nIG9uZQorCSAqICAg cm91bmQgd2l0aG91dCBhbnkgdmlzaWJsZSByZWFzb24pCisJICovCisJaWYg KGludGYtPm91dF9jb25zICE9IHhlbmNvbnMtPm91dF9jb25zKSB7CisJCXhl bmNvbnMtPm91dF9jb25zID0gaW50Zi0+b3V0X2NvbnM7CisJCXhlbmNvbnMt Pm91dF9jb25zX3NhbWUgPSAwOworCX0KKwlpZiAocmVjdikgeworCQlub3Rp ZnlfZGFlbW9uKHhlbmNvbnMpOworCX0gZWxzZSBpZiAoeGVuY29ucy0+b3V0 X2NvbnNfc2FtZSsrID4gMSkgeworCQllb2lmbGFnID0gWEVOX0VPSV9GTEFH X1NQVVJJT1VTOworCX0KKworCXhlbl9pcnFfbGF0ZWVvaSh4ZW5jb25zLT5p cnEsIGVvaWZsYWcpOworCiAJcmV0dXJuIHJlY3Y7CiB9CiAKQEAgLTM4Niw3 ICs0MTAsNyBAQCBzdGF0aWMgaW50IHhlbmNvbnNfY29ubmVjdF9iYWNrZW5k KHN0cnVjdCB4ZW5idXNfZGV2aWNlICpkZXYsCiAJaWYgKHJldCkKIAkJcmV0 dXJuIHJldDsKIAlpbmZvLT5ldnRjaG4gPSBldnRjaG47Ci0JaXJxID0gYmlu ZF9ldnRjaG5fdG9faXJxKGV2dGNobik7CisJaXJxID0gYmluZF9pbnRlcmRv bWFpbl9ldnRjaG5fdG9faXJxX2xhdGVlb2koZGV2LCBldnRjaG4pOwogCWlm IChpcnEgPCAwKQogCQlyZXR1cm4gaXJxOwogCWluZm8tPmlycSA9IGlycTsK QEAgLTU1MSw3ICs1NzUsNyBAQCBzdGF0aWMgaW50IF9faW5pdCB4ZW5faHZj X2luaXQodm9pZCkKIAkJCXJldHVybiByOwogCiAJCWluZm8gPSB2dGVybW5v X3RvX3hlbmNvbnMoSFZDX0NPT0tJRSk7Ci0JCWluZm8tPmlycSA9IGJpbmRf ZXZ0Y2huX3RvX2lycShpbmZvLT5ldnRjaG4pOworCQlpbmZvLT5pcnEgPSBi aW5kX2V2dGNobl90b19pcnFfbGF0ZWVvaShpbmZvLT5ldnRjaG4pOwogCX0K IAlpZiAoaW5mby0+aXJxIDwgMCkKIAkJaW5mby0+aXJxID0gMDsgLyogTk9f SVJRICovCmRpZmYgLS1naXQgYS9kcml2ZXJzL3hlbi9ldmVudHMvZXZlbnRz X2Jhc2UuYyBiL2RyaXZlcnMveGVuL2V2ZW50cy9ldmVudHNfYmFzZS5jCmlu ZGV4IGE3ODcwNGFlMzYxOC4uNDZkOTI5NWQ5YTZlIDEwMDY0NAotLS0gYS9k cml2ZXJzL3hlbi9ldmVudHMvZXZlbnRzX2Jhc2UuYworKysgYi9kcml2ZXJz L3hlbi9ldmVudHMvZXZlbnRzX2Jhc2UuYwpAQCAtMTI1MSw2ICsxMjUxLDEy IEBAIGludCBiaW5kX2V2dGNobl90b19pcnEoZXZ0Y2huX3BvcnRfdCBldnRj aG4pCiB9CiBFWFBPUlRfU1lNQk9MX0dQTChiaW5kX2V2dGNobl90b19pcnEp OwogCitpbnQgYmluZF9ldnRjaG5fdG9faXJxX2xhdGVlb2koZXZ0Y2huX3Bv cnRfdCBldnRjaG4pCit7CisJcmV0dXJuIGJpbmRfZXZ0Y2huX3RvX2lycV9j aGlwKGV2dGNobiwgJnhlbl9sYXRlZW9pX2NoaXAsIE5VTEwpOworfQorRVhQ T1JUX1NZTUJPTF9HUEwoYmluZF9ldnRjaG5fdG9faXJxX2xhdGVlb2kpOwor CiBzdGF0aWMgaW50IGJpbmRfaXBpX3RvX2lycSh1bnNpZ25lZCBpbnQgaXBp LCB1bnNpZ25lZCBpbnQgY3B1KQogewogCXN0cnVjdCBldnRjaG5fYmluZF9p cGkgYmluZF9pcGk7CmRpZmYgLS1naXQgYS9pbmNsdWRlL3hlbi9ldmVudHMu aCBiL2luY2x1ZGUveGVuL2V2ZW50cy5oCmluZGV4IGMyMDQyNjJkOWZjMi4u MzQ0MDgxZTcxNTg0IDEwMDY0NAotLS0gYS9pbmNsdWRlL3hlbi9ldmVudHMu aAorKysgYi9pbmNsdWRlL3hlbi9ldmVudHMuaApAQCAtMTcsNiArMTcsNyBA QCBzdHJ1Y3QgeGVuYnVzX2RldmljZTsKIHVuc2lnbmVkIHhlbl9ldnRjaG5f bnJfY2hhbm5lbHModm9pZCk7CiAKIGludCBiaW5kX2V2dGNobl90b19pcnEo ZXZ0Y2huX3BvcnRfdCBldnRjaG4pOworaW50IGJpbmRfZXZ0Y2huX3RvX2ly cV9sYXRlZW9pKGV2dGNobl9wb3J0X3QgZXZ0Y2huKTsKIGludCBiaW5kX2V2 dGNobl90b19pcnFoYW5kbGVyKGV2dGNobl9wb3J0X3QgZXZ0Y2huLAogCQkJ ICAgICAgaXJxX2hhbmRsZXJfdCBoYW5kbGVyLAogCQkJICAgICAgdW5zaWdu ZWQgbG9uZyBpcnFmbGFncywgY29uc3QgY2hhciAqZGV2bmFtZSwKLS0gCjIu MjYuMgoK --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Dec 20 12:03:30 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 20 Dec 2021 12:03:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.249612.430077 (Exim 4.92) (envelope-from ) id 1mzHNz-00035O-12; Mon, 20 Dec 2021 12:03:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 249612.430077; Mon, 20 Dec 2021 12:03:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHNy-00035D-Rk; Mon, 20 Dec 2021 12:03:22 +0000 Received: by outflank-mailman (input) for mailman id 249612; Mon, 20 Dec 2021 12:03:21 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHNw-0001n7-Uj for xen-announce@lists.xen.org; Mon, 20 Dec 2021 12:03:21 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d19f504e-618c-11ec-85d3-df6b77346a89; Mon, 20 Dec 2021 13:03:20 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHNl-0003vK-1Z; Mon, 20 Dec 2021 12:03:09 +0000 Received: from julieng by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mzHNl-0002XV-04; Mon, 20 Dec 2021 12:03:09 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: d19f504e-618c-11ec-85d3-df6b77346a89 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=6Hw5fE7cUwe2ArMj2R1FdsYTBEwKvx7jgxqt04XTWtc=; b=aGUxZCr2r6wBmy6x4WMy8Vs9ST zKHtMdDRqXWhFDaFW6meUtNig+mbivEN1SHjLSoE7EZz+Z1xn5DUnKtJP/eAnUktZ9X+H0aQFH0Lj lLY/FUKUhB170rFZ5dayr+1UMky9X0XwXgj4qdOiVpwZk5iNesZxpbWqGwKGM80w8X0I=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 392 v4 (CVE-2021-28714,CVE-2021-28715) - Guest can force Linux netback driver to hog large amounts of kernel memory Message-Id: Date: Mon, 20 Dec 2021 12:03:09 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28714,CVE-2021-28715 / XSA-392 version 4 Guest can force Linux netback driver to hog large amounts of kernel memory UPDATES IN VERSION 4 ==================== Public release ISSUE DESCRIPTION ================= Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) IMPACT ====== The Linux kernel's xen-netback backend driver can be forced by guests to queue arbitrary amounts of network data, finally causing an out of memory situation in the domain the backend is running in (usually dom0). VULNERABLE SYSTEMS ================== All systems using the Linux kernel based network backend xen-netback are vulnerable. MITIGATION ========== Using another PV network backend (e.g. the qemu based "qnic" backend) will mitigate the problem. Using a dedicated network driver domain per guest will mitigate the problem. RESOLUTION ========== Applying the attached patches resolves this issue. xsa392-linux-1.patch Linux 5.15 xsa392-linux-2.patch Linux 5.15 $ sha256sum xsa392* 9cf75e9919415267266a7f69ca0f3dbbafc1c55d4243cff1cb26072e28bb6e26 xsa392-linux-1.patch f390da9723ed03948855bfc3b112fc11bcc794fc59502d4fc5e8e358321e8684 xsa392-linux-2.patch $ CREDITS ======= This issue was discovered by Jürgen Groß of SUSE. DEPLOYMENT DURING EMBARGO ========================= Deployment of the *patches* is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Deployment of the *mitigations* (switching to driver domains or using a qemu based backend) is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment of the mitigations on public cloud systems is NOT permitted. This is because the mitigations will result in discoverable changes of Xenstore entries for the guest. Deployment of the mitigations is permitted only AFTER the embargo ends. Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmG8sr8MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZQGsH/igyavZ/s8jbiANP/jVW9/4wegsqqaeaQBEyhP0o P2wEwX30taFmT+kC/7Rf+62O2vdOJKow4C+JouCKcigDH2+nvkki/gd65cpKLkk4 BKBuSnkTkagdokTPqpQ57zKTe9R5OP4Iw8B01YCI0k08aKE782xbxLr+pac3dw2C 3tB24fdFibrzlXeMbYXM2Aw8aeSWkVjJ40XrW+Xo6k8GdgTZY9SDgTqGAv71g+bJ liCQheGkQIQPDjFUf6S/ykRCwaQVtnHqThASPoWOwzYto3uvjyMJm74Rr9n6TLzz WvJLQPDgObyU9RUlUXU3fgCaYgvh2ufuNreQt1d1NY01s04= =54ve -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa392-linux-1.patch" Content-Disposition: attachment; filename="xsa392-linux-1.patch" Content-Transfer-Encoding: base64 RnJvbSA4YjAxZWMyNmI2OWRmYjhmYzAzMzYwMDQ1NmM3NTIyNzc3YzhlMTgz IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IEZyaSwgMjYgTm92IDIwMjEgMTA6 MzY6NTcgKzAxMDAKU3ViamVjdDogW1BBVENIIDEvMl0geGVuL25ldGJhY2s6 IGZpeCByeCBxdWV1ZSBzdGFsbCBkZXRlY3Rpb24KCkNvbW1pdCAxZDVkNDg1 MjM5MDBhNGIgKCJ4ZW4tbmV0YmFjazogcmVxdWlyZSBmZXdlciBndWVzdCBS eCBzbG90cyB3aGVuCm5vdCB1c2luZyBHU08iKSBpbnRyb2R1Y2VkIGEgc2Vj dXJpdHkgcHJvYmxlbSBpbiBuZXRiYWNrLCBhcyBhbgppbnRlcmZhY2Ugd291 bGQgb25seSBiZSByZWdhcmRlZCB0byBiZSBzdGFsbGVkIGlmIG5vIHNsb3Qg aXMgYXZhaWxhYmxlCmluIHRoZSByeCBxdWV1ZSByaW5nIHBhZ2UuIEluIGNh c2UgdGhlIFNLQiBhdCB0aGUgaGVhZCBvZiB0aGUgcXVldWVkCnJlcXVlc3Rz IHdpbGwgbmVlZCBtb3JlIHRoYW4gb25lIHJ4IHNsb3QgYW5kIG9ubHkgb25l IHNsb3QgaXMgZnJlZSB0aGUKc3RhbGwgZGV0ZWN0aW9uIGxvZ2ljIHdpbGwg bmV2ZXIgdHJpZ2dlciwgYXMgdGhlIHRlc3QgZm9yIHRoYXQgaXMgb25seQps b29raW5nIGZvciBhdCBsZWFzdCBvbmUgc2xvdCB0byBiZSBmcmVlLgoKRml4 IHRoYXQgYnkgdGVzdGluZyBmb3IgdGhlIG5lZWRlZCBudW1iZXIgb2Ygc2xv dHMgaW5zdGVhZCBvZiBvbmx5IG9uZQpzbG90IGJlaW5nIGF2YWlsYWJsZS4K CkluIG9yZGVyIHRvIG5vdCBoYXZlIHRvIHRha2UgdGhlIHJ4IHF1ZXVlIGxv Y2sgdGhhdCBvZnRlbiwgc3RvcmUgdGhlCm51bWJlciBvZiBuZWVkZWQgc2xv dHMgaW4gdGhlIHF1ZXVlIGRhdGEuIEFzIGFsbCBTS0IgZGVxdWV1ZSBvcGVy YXRpb25zCmhhcHBlbiBpbiB0aGUgcnggcXVldWUga2VybmVsIHRocmVhZCB0 aGlzIGlzIHNhZmUsIGFzIGxvbmcgYXMgdGhlCm51bWJlciBvZiBuZWVkZWQg c2xvdHMgaXMgYWNjZXNzZWQgdmlhIFJFQUQvV1JJVEVfT05DRSgpIG9ubHkg YW5kCnVwZGF0ZXMgYXJlIGFsd2F5cyBkb25lIHdpdGggdGhlIHJ4IHF1ZXVl IGxvY2sgaGVsZC4KCkFkZCBhIHNtYWxsIGhlbHBlciBmb3Igb2J0YWluaW5n IHRoZSBudW1iZXIgb2YgZnJlZSBzbG90cy4KClRoaXMgaXMgQ1ZFLTIwMjEt Mjg3MTQsIHBhcnQgb2YgWFNBLTM5MgoKRml4ZXM6IDFkNWQ0ODUyMzkwMGE0 YiAoInhlbi1uZXRiYWNrOiByZXF1aXJlIGZld2VyIGd1ZXN0IFJ4IHNsb3Rz IHdoZW4gbm90IHVzaW5nIEdTTyIpClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4g R3Jvc3MgPGpncm9zc0BzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVs aWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCiBkcml2ZXJzL25ldC94ZW4t bmV0YmFjay9jb21tb24uaCB8ICAxICsKIGRyaXZlcnMvbmV0L3hlbi1uZXRi YWNrL3J4LmMgICAgIHwgNjUgKysrKysrKysrKysrKysrKysrKystLS0tLS0t LS0tLS0KIDIgZmlsZXMgY2hhbmdlZCwgNDIgaW5zZXJ0aW9ucygrKSwgMjQg ZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQveGVuLW5l dGJhY2svY29tbW9uLmggYi9kcml2ZXJzL25ldC94ZW4tbmV0YmFjay9jb21t b24uaAppbmRleCA0YTE2ZDZlMzNjMDkuLmQ5ZGVhNDgyOWM4NiAxMDA2NDQK LS0tIGEvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svY29tbW9uLmgKKysrIGIv ZHJpdmVycy9uZXQveGVuLW5ldGJhY2svY29tbW9uLmgKQEAgLTIwMyw2ICsy MDMsNyBAQCBzdHJ1Y3QgeGVudmlmX3F1ZXVlIHsgLyogUGVyLXF1ZXVlIGRh dGEgZm9yIHhlbnZpZiAqLwogCXVuc2lnbmVkIGludCByeF9xdWV1ZV9tYXg7 CiAJdW5zaWduZWQgaW50IHJ4X3F1ZXVlX2xlbjsKIAl1bnNpZ25lZCBsb25n IGxhc3RfcnhfdGltZTsKKwl1bnNpZ25lZCBpbnQgcnhfc2xvdHNfbmVlZGVk OwogCWJvb2wgc3RhbGxlZDsKIAogCXN0cnVjdCB4ZW52aWZfY29weV9zdGF0 ZSByeF9jb3B5OwpkaWZmIC0tZ2l0IGEvZHJpdmVycy9uZXQveGVuLW5ldGJh Y2svcnguYyBiL2RyaXZlcnMvbmV0L3hlbi1uZXRiYWNrL3J4LmMKaW5kZXgg YWNjYzk5MWQxNTNmLi5hODUxMWUyN2Q2YzEgMTAwNjQ0Ci0tLSBhL2RyaXZl cnMvbmV0L3hlbi1uZXRiYWNrL3J4LmMKKysrIGIvZHJpdmVycy9uZXQveGVu LW5ldGJhY2svcnguYwpAQCAtMzMsMjggKzMzLDM2IEBACiAjaW5jbHVkZSA8 eGVuL3hlbi5oPgogI2luY2x1ZGUgPHhlbi9ldmVudHMuaD4KIAotc3RhdGlj IGJvb2wgeGVudmlmX3J4X3Jpbmdfc2xvdHNfYXZhaWxhYmxlKHN0cnVjdCB4 ZW52aWZfcXVldWUgKnF1ZXVlKQorLyoKKyAqIFVwZGF0ZSB0aGUgbmVlZGVk IHJpbmcgcGFnZSBzbG90cyBmb3IgdGhlIGZpcnN0IFNLQiBxdWV1ZWQuCisg KiBOb3RlIHRoYXQgYW55IGNhbGwgc2VxdWVuY2Ugb3V0c2lkZSB0aGUgUlgg dGhyZWFkIGNhbGxpbmcgdGhpcyBmdW5jdGlvbgorICogbmVlZHMgdG8gd2Fr ZSB1cCB0aGUgUlggdGhyZWFkIHZpYSBhIGNhbGwgb2YgeGVudmlmX2tpY2tf dGhyZWFkKCkKKyAqIGFmdGVyd2FyZHMgaW4gb3JkZXIgdG8gYXZvaWQgYSBy YWNlIHdpdGggcHV0dGluZyB0aGUgdGhyZWFkIHRvIHNsZWVwLgorICovCitz dGF0aWMgdm9pZCB4ZW52aWZfdXBkYXRlX25lZWRlZF9zbG90cyhzdHJ1Y3Qg eGVudmlmX3F1ZXVlICpxdWV1ZSwKKwkJCQkgICAgICAgY29uc3Qgc3RydWN0 IHNrX2J1ZmYgKnNrYikKIHsKLQlSSU5HX0lEWCBwcm9kLCBjb25zOwotCXN0 cnVjdCBza19idWZmICpza2I7Ci0JaW50IG5lZWRlZDsKLQl1bnNpZ25lZCBs b25nIGZsYWdzOwotCi0Jc3Bpbl9sb2NrX2lycXNhdmUoJnF1ZXVlLT5yeF9x dWV1ZS5sb2NrLCBmbGFncyk7CisJdW5zaWduZWQgaW50IG5lZWRlZCA9IDA7 CiAKLQlza2IgPSBza2JfcGVlaygmcXVldWUtPnJ4X3F1ZXVlKTsKLQlpZiAo IXNrYikgewotCQlzcGluX3VubG9ja19pcnFyZXN0b3JlKCZxdWV1ZS0+cnhf cXVldWUubG9jaywgZmxhZ3MpOwotCQlyZXR1cm4gZmFsc2U7CisJaWYgKHNr YikgeworCQluZWVkZWQgPSBESVZfUk9VTkRfVVAoc2tiLT5sZW4sIFhFTl9Q QUdFX1NJWkUpOworCQlpZiAoc2tiX2lzX2dzbyhza2IpKQorCQkJbmVlZGVk Kys7CisJCWlmIChza2ItPnN3X2hhc2gpCisJCQluZWVkZWQrKzsKIAl9CiAK LQluZWVkZWQgPSBESVZfUk9VTkRfVVAoc2tiLT5sZW4sIFhFTl9QQUdFX1NJ WkUpOwotCWlmIChza2JfaXNfZ3NvKHNrYikpCi0JCW5lZWRlZCsrOwotCWlm IChza2ItPnN3X2hhc2gpCi0JCW5lZWRlZCsrOworCVdSSVRFX09OQ0UocXVl dWUtPnJ4X3Nsb3RzX25lZWRlZCwgbmVlZGVkKTsKK30KIAotCXNwaW5fdW5s b2NrX2lycXJlc3RvcmUoJnF1ZXVlLT5yeF9xdWV1ZS5sb2NrLCBmbGFncyk7 CitzdGF0aWMgYm9vbCB4ZW52aWZfcnhfcmluZ19zbG90c19hdmFpbGFibGUo c3RydWN0IHhlbnZpZl9xdWV1ZSAqcXVldWUpCit7CisJUklOR19JRFggcHJv ZCwgY29uczsKKwl1bnNpZ25lZCBpbnQgbmVlZGVkOworCisJbmVlZGVkID0g UkVBRF9PTkNFKHF1ZXVlLT5yeF9zbG90c19uZWVkZWQpOworCWlmICghbmVl ZGVkKQorCQlyZXR1cm4gZmFsc2U7CiAKIAlkbyB7CiAJCXByb2QgPSBxdWV1 ZS0+cnguc3JpbmctPnJlcV9wcm9kOwpAQCAtODAsNiArODgsOSBAQCB2b2lk IHhlbnZpZl9yeF9xdWV1ZV90YWlsKHN0cnVjdCB4ZW52aWZfcXVldWUgKnF1 ZXVlLCBzdHJ1Y3Qgc2tfYnVmZiAqc2tiKQogCiAJc3Bpbl9sb2NrX2lycXNh dmUoJnF1ZXVlLT5yeF9xdWV1ZS5sb2NrLCBmbGFncyk7CiAKKwlpZiAoc2ti X3F1ZXVlX2VtcHR5KCZxdWV1ZS0+cnhfcXVldWUpKQorCQl4ZW52aWZfdXBk YXRlX25lZWRlZF9zbG90cyhxdWV1ZSwgc2tiKTsKKwogCV9fc2tiX3F1ZXVl X3RhaWwoJnF1ZXVlLT5yeF9xdWV1ZSwgc2tiKTsKIAogCXF1ZXVlLT5yeF9x dWV1ZV9sZW4gKz0gc2tiLT5sZW47CkBAIC0xMDAsNiArMTExLDggQEAgc3Rh dGljIHN0cnVjdCBza19idWZmICp4ZW52aWZfcnhfZGVxdWV1ZShzdHJ1Y3Qg eGVudmlmX3F1ZXVlICpxdWV1ZSkKIAogCXNrYiA9IF9fc2tiX2RlcXVldWUo JnF1ZXVlLT5yeF9xdWV1ZSk7CiAJaWYgKHNrYikgeworCQl4ZW52aWZfdXBk YXRlX25lZWRlZF9zbG90cyhxdWV1ZSwgc2tiX3BlZWsoJnF1ZXVlLT5yeF9x dWV1ZSkpOworCiAJCXF1ZXVlLT5yeF9xdWV1ZV9sZW4gLT0gc2tiLT5sZW47 CiAJCWlmIChxdWV1ZS0+cnhfcXVldWVfbGVuIDwgcXVldWUtPnJ4X3F1ZXVl X21heCkgewogCQkJc3RydWN0IG5ldGRldl9xdWV1ZSAqdHhxOwpAQCAtNDg3 LDI3ICs1MDAsMzEgQEAgdm9pZCB4ZW52aWZfcnhfYWN0aW9uKHN0cnVjdCB4 ZW52aWZfcXVldWUgKnF1ZXVlKQogCXhlbnZpZl9yeF9jb3B5X2ZsdXNoKHF1 ZXVlKTsKIH0KIAotc3RhdGljIGJvb2wgeGVudmlmX3J4X3F1ZXVlX3N0YWxs ZWQoc3RydWN0IHhlbnZpZl9xdWV1ZSAqcXVldWUpCitzdGF0aWMgUklOR19J RFggeGVudmlmX3J4X3F1ZXVlX3Nsb3RzKGNvbnN0IHN0cnVjdCB4ZW52aWZf cXVldWUgKnF1ZXVlKQogewogCVJJTkdfSURYIHByb2QsIGNvbnM7CiAKIAlw cm9kID0gcXVldWUtPnJ4LnNyaW5nLT5yZXFfcHJvZDsKIAljb25zID0gcXVl dWUtPnJ4LnJlcV9jb25zOwogCisJcmV0dXJuIHByb2QgLSBjb25zOworfQor CitzdGF0aWMgYm9vbCB4ZW52aWZfcnhfcXVldWVfc3RhbGxlZChjb25zdCBz dHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSkKK3sKKwl1bnNpZ25lZCBpbnQg bmVlZGVkID0gUkVBRF9PTkNFKHF1ZXVlLT5yeF9zbG90c19uZWVkZWQpOwor CiAJcmV0dXJuICFxdWV1ZS0+c3RhbGxlZCAmJgotCQlwcm9kIC0gY29ucyA8 IDEgJiYKKwkJeGVudmlmX3J4X3F1ZXVlX3Nsb3RzKHF1ZXVlKSA8IG5lZWRl ZCAmJgogCQl0aW1lX2FmdGVyKGppZmZpZXMsCiAJCQkgICBxdWV1ZS0+bGFz dF9yeF90aW1lICsgcXVldWUtPnZpZi0+c3RhbGxfdGltZW91dCk7CiB9CiAK IHN0YXRpYyBib29sIHhlbnZpZl9yeF9xdWV1ZV9yZWFkeShzdHJ1Y3QgeGVu dmlmX3F1ZXVlICpxdWV1ZSkKIHsKLQlSSU5HX0lEWCBwcm9kLCBjb25zOwot Ci0JcHJvZCA9IHF1ZXVlLT5yeC5zcmluZy0+cmVxX3Byb2Q7Ci0JY29ucyA9 IHF1ZXVlLT5yeC5yZXFfY29uczsKKwl1bnNpZ25lZCBpbnQgbmVlZGVkID0g UkVBRF9PTkNFKHF1ZXVlLT5yeF9zbG90c19uZWVkZWQpOwogCi0JcmV0dXJu IHF1ZXVlLT5zdGFsbGVkICYmIHByb2QgLSBjb25zID49IDE7CisJcmV0dXJu IHF1ZXVlLT5zdGFsbGVkICYmIHhlbnZpZl9yeF9xdWV1ZV9zbG90cyhxdWV1 ZSkgPj0gbmVlZGVkOwogfQogCiBib29sIHhlbnZpZl9oYXZlX3J4X3dvcmso c3RydWN0IHhlbnZpZl9xdWV1ZSAqcXVldWUsIGJvb2wgdGVzdF9rdGhyZWFk KQotLSAKMi4yNi4yCgo= --=separator Content-Type: application/octet-stream; name="xsa392-linux-2.patch" Content-Disposition: attachment; filename="xsa392-linux-2.patch" Content-Transfer-Encoding: base64 RnJvbSA3MTQ5MmYxZjEyZGI5NTZhOWViNDllNzI3ZDEyYjIyNWRhZDc0MjA1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IEZyaSwgMjYgTm92IDIwMjEgMTA6 MzY6NTcgKzAxMDAKU3ViamVjdDogW1BBVENIIDIvMl0geGVuL25ldGJhY2s6 IGRvbid0IHF1ZXVlIHVubGltaXRlZCBudW1iZXIgb2YgcGFja2FnZXMKCklu IGNhc2UgYSBndWVzdCBpc24ndCBjb25zdW1pbmcgaW5jb21pbmcgbmV0d29y ayB0cmFmZmljIGFzIGZhc3QgYXMgaXQKaXMgY29taW5nIGluLCB4ZW4tbmV0 YmFjayBpcyBidWZmZXJpbmcgbmV0d29yayBwYWNrYWdlcyBpbiB1bmxpbWl0 ZWQKbnVtYmVycyB0b2RheS4gVGhpcyBjYW4gcmVzdWx0IGluIGhvc3QgT09N IHNpdHVhdGlvbnMuCgpDb21taXQgZjQ4ZGE4YjE0ZDA0Y2E4ICgieGVuLW5l dGJhY2s6IGZpeCB1bmxpbWl0ZWQgZ3Vlc3QgUnggaW50ZXJuYWwKcXVldWUg YW5kIGNhcnJpZXIgZmxhcHBpbmciKSBtZWFudCB0byBpbnRyb2R1Y2UgYSBt ZWNoYW5pc20gdG8gbGltaXQKdGhlIGFtb3VudCBvZiBidWZmZXJlZCBkYXRh IGJ5IHN0b3BwaW5nIHRoZSBUeCBxdWV1ZSB3aGVuIHJlYWNoaW5nIHRoZQpk YXRhIGxpbWl0LCBidXQgdGhpcyBkb2Vzbid0IHdvcmsgZm9yIGNhc2VzIGxp a2UgVURQLgoKV2hlbiBoaXR0aW5nIHRoZSBsaW1pdCBkb24ndCBxdWV1ZSBm dXJ0aGVyIFNLQnMsIGJ1dCBkcm9wIHRoZW0gaW5zdGVhZC4KSW4gb3JkZXIg dG8gYmUgYWJsZSB0byB0ZWxsIFJ4IHBhY2thZ2VzIGhhdmUgYmVlbiBkcm9w cGVkIGluY3JlbWVudCB0aGUKcnhfZHJvcHBlZCBzdGF0aXN0aWNzIGNvdW50 ZXIgaW4gdGhpcyBjYXNlLgoKSXQgc2hvdWxkIGJlIG5vdGVkIHRoYXQgdGhl IG9sZCBzb2x1dGlvbiB0byBjb250aW51ZSBxdWV1ZWluZyBTS0JzIGhhZAp0 aGUgYWRkaXRpb25hbCBwcm9ibGVtIG9mIGFuIG92ZXJmbG93IG9mIHRoZSAz Mi1iaXQgcnhfcXVldWVfbGVuIHZhbHVlCndvdWxkIHJlc3VsdCBpbiBpbnRl cm1pdHRlbnQgVHggcXVldWUgZW5hYmxpbmcuCgpUaGlzIGlzIENWRS0yMDIx LTI4NzE1LCBwYXJ0IG9mIFhTQS0zOTIKCkZpeGVzOiBmNDhkYThiMTRkMDRj YTggKCJ4ZW4tbmV0YmFjazogZml4IHVubGltaXRlZCBndWVzdCBSeCBpbnRl cm5hbCBxdWV1ZSBhbmQgY2FycmllciBmbGFwcGluZyIpClNpZ25lZC1vZmYt Ynk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT4KUmV2aWV3ZWQt Ynk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCiBkcml2 ZXJzL25ldC94ZW4tbmV0YmFjay9yeC5jIHwgMTggKysrKysrKysrKystLS0t LS0tCiAxIGZpbGUgY2hhbmdlZCwgMTEgaW5zZXJ0aW9ucygrKSwgNyBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kcml2ZXJzL25ldC94ZW4tbmV0YmFj ay9yeC5jIGIvZHJpdmVycy9uZXQveGVuLW5ldGJhY2svcnguYwppbmRleCBh ODUxMWUyN2Q2YzEuLmRiYWM0YzAzZDIxYSAxMDA2NDQKLS0tIGEvZHJpdmVy cy9uZXQveGVuLW5ldGJhY2svcnguYworKysgYi9kcml2ZXJzL25ldC94ZW4t bmV0YmFjay9yeC5jCkBAIC04OCwxNiArODgsMTkgQEAgdm9pZCB4ZW52aWZf cnhfcXVldWVfdGFpbChzdHJ1Y3QgeGVudmlmX3F1ZXVlICpxdWV1ZSwgc3Ry dWN0IHNrX2J1ZmYgKnNrYikKIAogCXNwaW5fbG9ja19pcnFzYXZlKCZxdWV1 ZS0+cnhfcXVldWUubG9jaywgZmxhZ3MpOwogCi0JaWYgKHNrYl9xdWV1ZV9l bXB0eSgmcXVldWUtPnJ4X3F1ZXVlKSkKLQkJeGVudmlmX3VwZGF0ZV9uZWVk ZWRfc2xvdHMocXVldWUsIHNrYik7Ci0KLQlfX3NrYl9xdWV1ZV90YWlsKCZx dWV1ZS0+cnhfcXVldWUsIHNrYik7Ci0KLQlxdWV1ZS0+cnhfcXVldWVfbGVu ICs9IHNrYi0+bGVuOwotCWlmIChxdWV1ZS0+cnhfcXVldWVfbGVuID4gcXVl dWUtPnJ4X3F1ZXVlX21heCkgeworCWlmIChxdWV1ZS0+cnhfcXVldWVfbGVu ID49IHF1ZXVlLT5yeF9xdWV1ZV9tYXgpIHsKIAkJc3RydWN0IG5ldF9kZXZp Y2UgKmRldiA9IHF1ZXVlLT52aWYtPmRldjsKIAogCQluZXRpZl90eF9zdG9w X3F1ZXVlKG5ldGRldl9nZXRfdHhfcXVldWUoZGV2LCBxdWV1ZS0+aWQpKTsK KwkJa2ZyZWVfc2tiKHNrYik7CisJCXF1ZXVlLT52aWYtPmRldi0+c3RhdHMu cnhfZHJvcHBlZCsrOworCX0gZWxzZSB7CisJCWlmIChza2JfcXVldWVfZW1w dHkoJnF1ZXVlLT5yeF9xdWV1ZSkpCisJCQl4ZW52aWZfdXBkYXRlX25lZWRl ZF9zbG90cyhxdWV1ZSwgc2tiKTsKKworCQlfX3NrYl9xdWV1ZV90YWlsKCZx dWV1ZS0+cnhfcXVldWUsIHNrYik7CisKKwkJcXVldWUtPnJ4X3F1ZXVlX2xl biArPSBza2ItPmxlbjsKIAl9CiAKIAlzcGluX3VubG9ja19pcnFyZXN0b3Jl KCZxdWV1ZS0+cnhfcXVldWUubG9jaywgZmxhZ3MpOwpAQCAtMTQ3LDYgKzE1 MCw3IEBAIHN0YXRpYyB2b2lkIHhlbnZpZl9yeF9xdWV1ZV9kcm9wX2V4cGly ZWQoc3RydWN0IHhlbnZpZl9xdWV1ZSAqcXVldWUpCiAJCQlicmVhazsKIAkJ eGVudmlmX3J4X2RlcXVldWUocXVldWUpOwogCQlrZnJlZV9za2Ioc2tiKTsK KwkJcXVldWUtPnZpZi0+ZGV2LT5zdGF0cy5yeF9kcm9wcGVkKys7CiAJfQog fQogCi0tIAoyLjI2LjIKCg== --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Dec 20 12:10:29 2021 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 20 Dec 2021 12:10:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.249728.430152 (Exim 4.92) (envelope-from ) id 1mzHUV-0000vG-1O; Mon, 20 Dec 2021 12:10:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 249728.430152; Mon, 20 Dec 2021 12:10:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHUU-0000v4-RC; Mon, 20 Dec 2021 12:10:06 +0000 Received: by outflank-mailman (input) for mailman id 249728; Mon, 20 Dec 2021 12:10:06 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHP4-0001n7-T7 for xen-announce@lists.xen.org; Mon, 20 Dec 2021 12:04:31 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id fbb55bba-618c-11ec-85d3-df6b77346a89; Mon, 20 Dec 2021 13:04:29 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mzHOv-0003yB-SM; Mon, 20 Dec 2021 12:04:21 +0000 Received: from julieng by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1mzHOv-0005Fc-RG; Mon, 20 Dec 2021 12:04:21 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: fbb55bba-618c-11ec-85d3-df6b77346a89 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:CC:From:To:MIME-Version: Content-Transfer-Encoding:Content-Type; bh=BOtpR7DrIJgh8IGhaIB9OInkz3uQZEba6oQe/UkxA5c=; b=0a7UZPGnpK3+cPCZ1MDGZNIONu dFsiIB0MUBQOax8OkYxTHDrSWB2jmsaaE85qnfoWeBFFijMaMUBP+2+6gK8zoPVj6mI+M76czKtPE s9qSzgcSiVERzE1nna4MTa/ashVlhEjECNy/KUMNax25IrdYj6N4bUVZbZNwNrd8Vmdc=; Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 376 v1 - frontends vulnerable to backends Message-Id: Date: Mon, 20 Dec 2021 12:04:21 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-376 frontends vulnerable to backends ISSUE DESCRIPTION ================= Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via the PV protocol. Many PV frontends are hardened against misbehaving PV backends, but a few of them are not and might be susceptible to Denial of Service attacks and metadata manipulation triggered by malicious PV backends. IMPACT ====== Potentially malicious PV backends can cause guest DoS due to unhardened frontends in the guests, even though this ought to have been prevented by containing them within a driver domain. VULNERABLE SYSTEMS ================== All guests with non-hardened frontends being serviced by potentially malicious backends are vulnerable, even if those backends are running in a less privileged environment. The vulnerability is not affecting the host, but the guests using non-hardened frontends. The console, block and net frontends have been hardened in the Linux kernel 5.16, so guests running Linux with kernel 5.16 or newer are not currently known to be vulnerable to potentially malicious console, block or net backends. MITIGATION ========== In case of running potentially malicious backends, using only hardened frontend counterparts in guests will mitigate the problem. NOTE REGARDING LACK OF EMBARGO ============================== This issue was discussed in public already. RESOLUTION ========== The related patch is just a clarification of the security statement, so it will NOT mitigate anything. As there is no urgent need for this patch to go into the Xen tree it will be posted on the xen-devel mailing list after disclosure of this advisory. xsa376.patch xen-unstable $ sha256sum xsa376* b18551f7800d5a232bbe6953b1222ecb2c5a2058285c6fbc8d64f9b7dea2415f xsa376.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmG8rFMMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZSP4H/RcD4WLHi3TuSeNspsv/+dNb906LIueHFn/3U5Pg 5Jv8EHjv16apUhzgwTfTtx0pcCCDY2aEq0rdCziGpnTKiYzEarhTuVvc5igy9U0p jqazRTyUkU1pV6HwFIGi/kHXTUpO60amWgKoFzyM9ZMl6WKDejb2rTu6TJC5FyiE cxpe79GC98ECw8d131EfQgRx2/TIZuVQmKZlx3vVNG1lBlMZpFX2iioR7ajCQmdu XWt14kDYdLvmZ1UzlrOH9+jhMRIyFZ1jBZXtXEUN0zSC+aTje6nPO3WSf/gXbmNF COUrd7JPIMEO8PvnjzM3l1PS3XltIf2wTaVr5LjmkyBoMyM= =J4gx -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa376.patch" Content-Disposition: attachment; filename="xsa376.patch" Content-Transfer-Encoding: base64 RnJvbSAwMmQzYTU3ZDY0NjYzNjNiMzE2YjYwZmZiYmE0MTRhNGEyY2I5MGM1 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgMjUgTm92IDIwMjEgMTM6 Mzg6MjkgKzAxMDAKU3ViamVjdDogW1BBVENIXSBTVVBQT1JULm1kOiBsaW1p dCBzdXBwb3J0IHN0YXRlbWVudCBmb3IgTGludXggYW5kIFdpbmRvd3MKIGZy b250ZW5kcwoKQ2hhbmdlIHRoZSBzdXBwb3J0IHN0YXRlIG9mIExpbnV4IGFu ZCBXaW5kb3dzIHB2IGZyb250ZW5kcyBmcm9tCiJzdXBwb3J0ZWQiIHRvICJz dXBwb3J0ZWQgd2l0aCBjYXZlYXRzIiBpbiBvcmRlciB0byByZWZsZWN0IHRo YXQgdGhlCmZyb250ZW5kcyBjYW4gcHJvYmFibHkgYmUgaGFybWVkIGJ5IHRo ZWlyIHJlc3BlY3RpdmUgYmFja2VuZHMuCgpTb21lIG9mIHRoZSBMaW51eCBm cm9udGVuZHMgaGF2ZSBiZWVuIGhhcmRlbmVkIGFscmVhZHkuCgpUaGlzIGlz IFhTQS0zNzYKClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9z c0BzdXNlLmNvbT4KLS0tCiBTVVBQT1JULm1kIHwgNTcgKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tCiAx IGZpbGUgY2hhbmdlZCwgNDggaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlvbnMo LSkKCmRpZmYgLS1naXQgYS9TVVBQT1JULm1kIGIvU1VQUE9SVC5tZAppbmRl eCAzYTM0OTMzYzg5Li42ZTNlMzA1YjAxIDEwMDY0NAotLS0gYS9TVVBQT1JU Lm1kCisrKyBiL1NVUFBPUlQubWQKQEAgLTQxMSw3ICs0MTEsMTEgQEAgR3Vl c3Qtc2lkZSBkcml2ZXIgY2FwYWJsZSBvZiBzcGVha2luZyB0aGUgWGVuIFBW IGJsb2NrIHByb3RvY29sCiAgICAgU3RhdHVzLCBGcmVlQlNEOiBTdXBwb3J0 ZWQsIFNlY3VyaXR5IHN1cHBvcnQgZXh0ZXJuYWwKICAgICBTdGF0dXMsIE5l dEJTRDogU3VwcG9ydGVkLCBTZWN1cml0eSBzdXBwb3J0IGV4dGVybmFsCiAg ICAgU3RhdHVzLCBPcGVuQlNEOiBTdXBwb3J0ZWQsIFNlY3VyaXR5IHN1cHBv cnQgZXh0ZXJuYWwKLSAgICBTdGF0dXMsIFdpbmRvd3M6IFN1cHBvcnRlZAor ICAgIFN0YXR1cywgV2luZG93czogU3VwcG9ydGVkLCB3aXRoIGNhdmVhdHMK KworV2luZG93cyBmcm9udGVuZCBjdXJyZW50bHkgdHJ1c3RzIHRoZSBiYWNr ZW5kOworYnVncyBpbiB0aGUgZnJvbnRlbmQgd2hpY2ggYWxsb3cgYmFja2Vu ZCB0byBjYXVzZSBtaXNjaGllZiB3aWxsIG5vdCBiZQorY29uc2lkZXJlZCBz ZWN1cml0eSB2dWxuZXJhYmlsaXRpZXMuCiAKICMjIyBOZXRmcm9udAogCkBA IC00MjEsMjAgKzQyNSwzMiBAQCBHdWVzdC1zaWRlIGRyaXZlciBjYXBhYmxl IG9mIHNwZWFraW5nIHRoZSBYZW4gUFYgbmV0d29ya2luZyBwcm90b2NvbAog ICAgIFN0YXR1cywgRnJlZUJTRDogU3VwcG9ydGVkLCBTZWN1cml0eSBzdXBw b3J0IGV4dGVybmFsCiAgICAgU3RhdHVzLCBOZXRCU0Q6IFN1cHBvcnRlZCwg U2VjdXJpdHkgc3VwcG9ydCBleHRlcm5hbAogICAgIFN0YXR1cywgT3BlbkJT RDogU3VwcG9ydGVkLCBTZWN1cml0eSBzdXBwb3J0IGV4dGVybmFsCi0gICAg U3RhdHVzLCBXaW5kb3dzOiBTdXBwb3J0ZWQKKyAgICBTdGF0dXMsIFdpbmRv d3M6IFN1cHBvcnRlZCwgd2l0aCBjYXZlYXRzCisKK1dpbmRvd3MgZnJvbnRl bmQgY3VycmVudGx5IHRydXN0cyB0aGUgYmFja2VuZDsKK2J1Z3MgaW4gdGhl IGZyb250ZW5kIHdoaWNoIGFsbG93IGJhY2tlbmQgdG8gY2F1c2UgbWlzY2hp ZWYgd2lsbCBub3QgYmUKK2NvbnNpZGVyZWQgc2VjdXJpdHkgdnVsbmVyYWJp bGl0aWVzLgogCiAjIyMgUFYgRnJhbWVidWZmZXIgKGZyb250ZW5kKQogCiBH dWVzdC1zaWRlIGRyaXZlciBjYXBhYmxlIG9mIHNwZWFraW5nIHRoZSBYZW4g UFYgRnJhbWVidWZmZXIgcHJvdG9jb2wKIAotICAgIFN0YXR1cywgTGludXgg KHhlbi1mYmZyb250KTogU3VwcG9ydGVkCisgICAgU3RhdHVzLCBMaW51eCAo eGVuLWZiZnJvbnQpOiBTdXBwb3J0ZWQsIHdpdGggY2F2ZWF0cworCitMaW51 eCBmcm9udGVuZCBjdXJyZW50bHkgdHJ1c3RzIHRoZSBiYWNrZW5kOworYnVn cyBpbiB0aGUgZnJvbnRlbmQgd2hpY2ggYWxsb3cgYmFja2VuZCB0byBjYXVz ZSBtaXNjaGllZiB3aWxsIG5vdCBiZQorY29uc2lkZXJlZCBzZWN1cml0eSB2 dWxuZXJhYmlsaXRpZXMuCiAKICMjIyBQViBkaXNwbGF5IChmcm9udGVuZCkK IAogR3Vlc3Qtc2lkZSBkcml2ZXIgY2FwYWJsZSBvZiBzcGVha2luZyB0aGUg WGVuIFBWIGRpc3BsYXkgcHJvdG9jb2wKIAotICAgIFN0YXR1cywgTGludXg6 IFN1cHBvcnRlZCAob3V0c2lkZSBvZiAiYmFja2VuZCBhbGxvY2F0aW9uIiBt b2RlKQotICAgIFN0YXR1cywgTGludXg6IEV4cGVyaW1lbnRhbCAoaW4gImJh Y2tlbmQgYWxsb2NhdGlvbiIgbW9kZSkKKyAgICBTdGF0dXMsIExpbnV4LCBv dXRzaWRlIG9mICJiYWNrZW5kIGFsbG9jYXRpb24iIG1vZGU6IFN1cHBvcnRl ZCwgd2l0aCBjYXZlYXRzCisgICAgU3RhdHVzLCBMaW51eCwgImJhY2tlbmQg YWxsb2NhdGlvbiIgbW9kZTogRXhwZXJpbWVudGFsCisKK0xpbnV4IGZyb250 ZW5kIGN1cnJlbnRseSB0cnVzdHMgdGhlIGJhY2tlbmQ7CitidWdzIGluIHRo ZSBmcm9udGVuZCB3aGljaCBhbGxvdyBiYWNrZW5kIHRvIGNhdXNlIG1pc2No aWVmIHdpbGwgbm90IGJlCitjb25zaWRlcmVkIHNlY3VyaXR5IHZ1bG5lcmFi aWxpdGllcy4KIAogIyMjIFBWIENvbnNvbGUgKGZyb250ZW5kKQogCkBAIC00 NDMsNyArNDU5LDExIEBAIEd1ZXN0LXNpZGUgZHJpdmVyIGNhcGFibGUgb2Yg c3BlYWtpbmcgdGhlIFhlbiBQViBjb25zb2xlIHByb3RvY29sCiAgICAgU3Rh dHVzLCBMaW51eCAoaHZjX3hlbik6IFN1cHBvcnRlZAogICAgIFN0YXR1cywg RnJlZUJTRDogU3VwcG9ydGVkLCBTZWN1cml0eSBzdXBwb3J0IGV4dGVybmFs CiAgICAgU3RhdHVzLCBOZXRCU0Q6IFN1cHBvcnRlZCwgU2VjdXJpdHkgc3Vw cG9ydCBleHRlcm5hbAotICAgIFN0YXR1cywgV2luZG93czogU3VwcG9ydGVk CisgICAgU3RhdHVzLCBXaW5kb3dzOiBTdXBwb3J0ZWQsIHdpdGggY2F2ZWF0 cworCitXaW5kb3dzIGZyb250ZW5kIGN1cnJlbnRseSB0cnVzdHMgdGhlIGJh Y2tlbmQ7CitidWdzIGluIHRoZSBmcm9udGVuZCB3aGljaCBhbGxvdyBiYWNr ZW5kIHRvIGNhdXNlIG1pc2NoaWVmIHdpbGwgbm90IGJlCitjb25zaWRlcmVk IHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy4KIAogIyMjIFBWIGtleWJvYXJk IChmcm9udGVuZCkKIApAQCAtNDUxLDExICs0NzEsMTkgQEAgR3Vlc3Qtc2lk ZSBkcml2ZXIgY2FwYWJsZSBvZiBzcGVha2luZyB0aGUgWGVuIFBWIGtleWJv YXJkIHByb3RvY29sLgogTm90ZSB0aGF0IHRoZSAia2V5Ym9hcmQgcHJvdG9j b2wiIGluY2x1ZGVzIG1vdXNlIC8gcG9pbnRlciAvCiBtdWx0aS10b3VjaCBz dXBwb3J0IGFzIHdlbGwuCiAKLSAgICBTdGF0dXMsIExpbnV4ICh4ZW4ta2Jk ZnJvbnQpOiBTdXBwb3J0ZWQKKyAgICBTdGF0dXMsIExpbnV4ICh4ZW4ta2Jk ZnJvbnQpOiBTdXBwb3J0ZWQsIHdpdGggY2F2ZWF0cworCitMaW51eCBmcm9u dGVuZCBjdXJyZW50bHkgdHJ1c3RzIHRoZSBiYWNrZW5kOworYnVncyBpbiB0 aGUgZnJvbnRlbmQgd2hpY2ggYWxsb3cgYmFja2VuZCB0byBjYXVzZSBtaXNj aGllZiB3aWxsIG5vdCBiZQorY29uc2lkZXJlZCBzZWN1cml0eSB2dWxuZXJh YmlsaXRpZXMuCiAKICMjIyBQViBVU0IgKGZyb250ZW5kKQogCi0gICAgU3Rh dHVzLCBMaW51eDogU3VwcG9ydGVkCisgICAgU3RhdHVzLCBMaW51eDogU3Vw cG9ydGVkLCB3aXRoIGNhdmVhdHMKKworTGludXggZnJvbnRlbmQgY3VycmVu dGx5IHRydXN0cyB0aGUgYmFja2VuZDsKK2J1Z3MgaW4gdGhlIGZyb250ZW5k IHdoaWNoIGFsbG93IGJhY2tlbmQgdG8gY2F1c2UgbWlzY2hpZWYgd2lsbCBu b3QgYmUKK2NvbnNpZGVyZWQgc2VjdXJpdHkgdnVsbmVyYWJpbGl0aWVzLgog CiAjIyMgUFYgU0NTSSBwcm90b2NvbCAoZnJvbnRlbmQpCiAKQEAgLTQ2NCw2 ICs0OTIsMTAgQEAgbXVsdGktdG91Y2ggc3VwcG9ydCBhcyB3ZWxsLgogTkIg dGhhdCB3aGlsZSB0aGUgUFYgU0NTSSBmcm9udGVuZCBpcyBpbiBMaW51eCBh bmQgdGVzdGVkIHJlZ3VsYXJseSwKIHRoZXJlIGlzIGN1cnJlbnRseSBubyB4 bCBzdXBwb3J0LgogCitMaW51eCBmcm9udGVuZCBjdXJyZW50bHkgdHJ1c3Rz IHRoZSBiYWNrZW5kOworYnVncyBpbiB0aGUgZnJvbnRlbmQgd2hpY2ggYWxs b3cgYmFja2VuZCB0byBjYXVzZSBtaXNjaGllZiB3aWxsIG5vdCBiZQorY29u c2lkZXJlZCBzZWN1cml0eSB2dWxuZXJhYmlsaXRpZXMuCisKICMjIyBQViBU UE0gKGZyb250ZW5kKQogCiBHdWVzdC1zaWRlIGRyaXZlciBjYXBhYmxlIG9m IHNwZWFraW5nIHRoZSBYZW4gUFYgVFBNIHByb3RvY29sCkBAIC00ODYsNyAr NTE4LDExIEBAIEd1ZXN0LXNpZGUgZHJpdmVyIGNhcGFibGUgb2YgbWFraW5n IHB2IHN5c3RlbSBjYWxscwogCiBHdWVzdC1zaWRlIGRyaXZlciBjYXBhYmxl IG9mIHNwZWFraW5nIHRoZSBYZW4gUFYgc291bmQgcHJvdG9jb2wKIAotICAg IFN0YXR1cywgTGludXg6IFN1cHBvcnRlZAorICAgIFN0YXR1cywgTGludXg6 IFN1cHBvcnRlZCwgd2l0aCBjYXZlYXRzCisKK0xpbnV4IGZyb250ZW5kIGN1 cnJlbnRseSB0cnVzdHMgdGhlIGJhY2tlbmQ7CitidWdzIGluIHRoZSBmcm9u dGVuZCB3aGljaCBhbGxvdyBiYWNrZW5kIHRvIGNhdXNlIG1pc2NoaWVmIHdp bGwgbm90IGJlCitjb25zaWRlcmVkIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGll cy4KIAogIyMgVmlydHVhbCBkZXZpY2Ugc3VwcG9ydCwgaG9zdCBzaWRlCiAK QEAgLTk4Nyw2ICsxMDIzLDkgQEAgYXJlIGdpdmVuIHRoZSBmb2xsb3dpbmcg bGFiZWxzOgogCiAgICAgVGhpcyBmZWF0dXJlIGlzIHNlY3VyaXR5IHN1cHBv cnRlZAogICAgIGJ5IGEgZGlmZmVyZW50IG9yZ2FuaXphdGlvbiAobm90IHRo ZSBYZW5Qcm9qZWN0KS4KKyAgICBUaGUgZXh0ZW50IG9mIHN1cHBvcnQgaXMg ZGVmaW5lZCBieSB0aGF0IG9yZ2FuaXphdGlvbi4KKyAgICBJdCBtaWdodCBi ZSBsaW1pdGVkLCBlLmcuIGxpa2UgZGVzY3JpYmVkIGluICoqU3VwcG9ydGVk LCB3aXRoIGNhdmVhdHMqKgorICAgIGJlbG93LgogICAgIFNlZSAqKkV4dGVy bmFsIHNlY3VyaXR5IHN1cHBvcnQqKiBiZWxvdy4KIAogICAqICoqU3VwcG9y dGVkLCB3aXRoIGNhdmVhdHMqKgotLSAKMi4yNi4yCgo= --=separator--