50810d133a
CVE-2015-8339 and CVE-2015-8340 aka XSA-159 XSA-166 CVE-2015-8550 aka XSA-155 CVE-2015-8554 aka XSA-164 Bump pkgrevision
42 lines
1.5 KiB
Text
42 lines
1.5 KiB
Text
$NetBSD: patch-XSA-166,v 1.1 2016/01/07 17:55:55 bouyer Exp $
|
|
|
|
Patch for XSA-166, based on
|
|
http://xenbits.xenproject.org/xsa/xsa166-4.3.patch
|
|
|
|
--- xen/arch/x86/hvm/hvm.c.orig
|
|
+++ xen/arch/x86/hvm/hvm.c
|
|
@@ -342,6 +342,7 @@ void hvm_migrate_pirqs(struct vcpu *v)
|
|
void hvm_do_resume(struct vcpu *v)
|
|
{
|
|
ioreq_t *p;
|
|
+ unsigned int state;
|
|
|
|
pt_restore_timer(v);
|
|
|
|
@@ -349,9 +350,10 @@ void hvm_do_resume(struct vcpu *v)
|
|
|
|
/* NB. Optimised for common case (p->state == STATE_IOREQ_NONE). */
|
|
p = get_ioreq(v);
|
|
- while ( p->state != STATE_IOREQ_NONE )
|
|
+ while ( (state = p->state) != STATE_IOREQ_NONE )
|
|
{
|
|
- switch ( p->state )
|
|
+ rmb();
|
|
+ switch ( state )
|
|
{
|
|
case STATE_IORESP_READY: /* IORESP_READY -> NONE */
|
|
hvm_io_assist();
|
|
@@ -359,11 +361,10 @@ void hvm_do_resume(struct vcpu *v)
|
|
case STATE_IOREQ_READY: /* IOREQ_{READY,INPROCESS} -> IORESP_READY */
|
|
case STATE_IOREQ_INPROCESS:
|
|
wait_on_xen_event_channel(v->arch.hvm_vcpu.xen_port,
|
|
- (p->state != STATE_IOREQ_READY) &&
|
|
- (p->state != STATE_IOREQ_INPROCESS));
|
|
+ p->state != state);
|
|
break;
|
|
default:
|
|
- gdprintk(XENLOG_ERR, "Weird HVM iorequest state %d.\n", p->state);
|
|
+ gdprintk(XENLOG_ERR, "Weird HVM iorequest state %u\n", state);
|
|
domain_crash(v->domain);
|
|
return; /* bail */
|
|
}
|