Module Name: src
Committed By: snj
Date: Fri Jan 8 21:05:14 UTC 2016
Modified Files:
src/sys/arch/xen/include/xen-public/io [netbsd-7]: ring.h
src/sys/arch/xen/xen [netbsd-7]: pciback.c xbdback_xenbus.c
xennetback_xenbus.c
Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1071):
sys/arch/xen/include/xen-public/io/ring.h: revision 1.3 via patch
sys/arch/xen/xen/pciback.c: revision 1.10 via patch
sys/arch/xen/xen/xbdback_xenbus.c: revision 1.62 via patch
sys/arch/xen/xen/xennetback_xenbus.c: revision 1.54 via patch
Apply patch from xsa155: make sure that the backend won't read parts of the
request again (possibly because of compiler optimisations), by using
copies and barrier.
>From XSA155:
The compiler can emit optimizations in the PV backend drivers which
can lead to double fetch vulnerabilities. Specifically the shared
memory between the frontend and backend can be fetched twice (during
which time the frontend can alter the contents) possibly leading to
arbitrary code execution in backend.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.24.1 src/sys/arch/xen/include/xen-public/io/ring.h
cvs rdiff -u -r1.9 -r1.9.4.1 src/sys/arch/xen/xen/pciback.c
cvs rdiff -u -r1.59.4.2 -r1.59.4.3 src/sys/arch/xen/xen/xbdback_xenbus.c
cvs rdiff -u -r1.52 -r1.52.4.1 src/sys/arch/xen/xen/xennetback_xenbus.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
