from upstream: fix the fix for CVE-2013-6885

makes the workaround for AMD CPU erratum 793 work not only on 64-bit hypervisors but also for 32bit bump PKGREV (compile tested only)
2014-02-20 17:37:25 +00:00 · 2014-02-20 17:37:25 +00:00 · 3f751c45de
commit 3f751c45de
parent 5b3909e9c1
3 changed files with 13 additions and 12 deletions
--- a/sysutils/xenkernel41/Makefile
+++ b/sysutils/xenkernel41/Makefile
@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.32 2014/01/25 10:30:22 wiz Exp $
+# $NetBSD: Makefile,v 1.33 2014/02/20 17:37:25 drochner Exp $

 VERSION=	4.1.6.1
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel41-${VERSION}
-PKGREVISION=	6
+PKGREVISION=	7
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/

--- a/sysutils/xenkernel41/distinfo
+++ b/sysutils/xenkernel41/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2014/01/24 17:07:35 drochner Exp $
+$NetBSD: distinfo,v 1.26 2014/02/20 17:37:25 drochner Exp $

 SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
@ -12,7 +12,7 @@ SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241
 SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15
 SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3
 SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1
-SHA1 (patch-CVE-2013-6885_1) = 6fc88c8c98393e90dd895c160108ff2ee17cee2e
+SHA1 (patch-CVE-2013-6885_1) = 18d155b2c76119988be32cfd43e3c4aa6a507b9d
 SHA1 (patch-CVE-2013-6885_2) = be3c99ba3e349492d45cd4f2fce0acc26ac1a96d
 SHA1 (patch-CVE-2014-1666) = acf27080799d4aae6a03b556caadb01081d5314e
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
--- a/sysutils/xenkernel41/patches/patch-CVE-2013-6885_1
+++ b/sysutils/xenkernel41/patches/patch-CVE-2013-6885_1
@ -1,12 +1,13 @@
-$NetBSD: patch-CVE-2013-6885_1,v 1.1 2013/12/04 10:35:01 drochner Exp $
+$NetBSD: patch-CVE-2013-6885_1,v 1.2 2014/02/20 17:37:25 drochner Exp $

 http://lists.xenproject.org/archives/html/xen-devel/2013-12/msg00235.html
+http://lists.xenproject.org/archives/html/xen-devel/2014-02/msg01800.html

 --- xen/arch/x86/cpu/amd.c.orig	2013-09-10 06:42:18.000000000 +0000
-+++ xen/arch/x86/cpu/amd.c	2013-12-03 16:43:52.000000000 +0000
-@@ -649,6 +649,20 @@ static void __devinit init_amd(struct cp
- 		       "*** Pass \"allow_unsafe\" if you're trusting"
- 		       " all your (PV) guest kernels. ***\n");
+++ xen/arch/x86/cpu/amd.c
+@@ -661,6 +661,20 @@ static void __devinit init_amd(struct cp
+ 	}
+ #endif
 
 +	if (c->x86 == 0x16 && c->x86_model <= 0xf) {
 +		rdmsrl(MSR_AMD64_LS_CFG, value);
@ -22,6 +23,6 @@ http://lists.xenproject.org/archives/html/xen-devel/2013-12/msg00235.html
 +		}
 +	}
 +
- 	/* AMD CPUs do not support SYSENTER outside of legacy mode. */
- 	clear_bit(X86_FEATURE_SEP, c->x86_capability);
- 
+ 	if (c->x86 == 0x10) {
+ 		/*
+ 		 * On family 10h BIOS may not have properly enabled WC+