Xen project Mailing List

Re: [Xen-devel] xen-CVE-2013-1442-XSA-62.patch

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 2 Oct 2013 19:53:06 +0100

Cc: IAN DELANEY <della5@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Wed, 02 Oct 2013 18:58:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 02/10/13 19:39, AL13N wrote: > Op woensdag 2 oktober 2013 17:59:05 schreef Andrew Cooper: >> On 02/10/13 17:47, IAN DELANEY wrote: >>> I am confused. >>> >>> http://xenbits.xen.org/xsa/advisory-62.html says >>> >>> "Applying the attached patch resolves this issue. >>> >>> xsa62.patch Xen 4.2.x, 4.3.x, and unstable >>> " >>> >>> #Security patches >>> epatch "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \ >>> >>> "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch \ >>> "${FILESDIR}"/${PN}-4.2-CVE-2013-1432-XSA-58.patch \ >>> "${FILESDIR}"/${PN}-CVE-2013-4355-XSA-63.patch \ >>> "${FILESDIR}"/${PN}-CVE-2013-4361-XSA-66.patch \ >>> "${FILESDIR}"/${PN}-CVE-2013-1442-XSA-62.patch >>> >>> in the ebuild yields >>> >>> * Applying >>> >>> xen-4.2-2013-2076-XSA-52to54.patch ... >>> [ ok ] >>> >>> * Applying >>> >>> xen-4.2-CVE-2013-1432-XSA-58.patch ... >>> [ ok ] >>> >>> * Applying >>> >>> xen-CVE-2013-4355-XSA-63.patch ... >>> [ ok ] >>> >>> * Applying >>> >>> xen-CVE-2013-4361-XSA-66.patch ... >>> [ ok ] >>> >>> * Applying xen-CVE-2013-1442-XSA-62.patch ... >>> >>> * Failed Patch: xen-CVE-2013-1442-XSA-62.patch ! >>> * >>> >>> ( >>> /home/testuser/cvsPortage/gentoo-x86/app-emulation/xen/files/xen-CVE-2 >>> 013-1442-XSA-62.patch ) >>> >>> * >>> * Include in your bugreport the contents of: >>> * >>> * >>> /mnt/gen2/TmpDir/portage/app-emulation/xen-4.2.2-r2/temp/xen-CVE-2013-14 >>> 42-XSA-62.patch.out >>> >>> * ERROR: app-emulation/xen-4.2.2-r2::gentoo failed (prepare phase): >>> * Failed Patch: xen-CVE-2013-1442-XSA-62.patch! >>> >>> and int handle_xsetbv does not appear in >>> xen-4.2.2/xen/arch/x86/xstate.c >>> >>> Does it really apply to 4.2.x???? >>> >>> -- kind regards >>> >>> Ian Delaney >> It applies to 4.2-stable/staging. It does however have functional and >> textural dependencies on several of the recent backports into that tree, >> so if your base tree is not very up to date, you have some extra >> backports to do. (Which is a good thing really, as xsave was >> functionally broken before) > I have the same issue, i have the released 4.2.1 in our stable Mageia 3 > release, and i keep this up2date with security releases, however, this is the > only patch that fails to apply... skipping this patch makes all the others > work, however, i now have a security issues since XSA 62 doesn't apply... > > any idea? You have a few options 1) Unconditionally force xsave off. It is at the very least buggy if you are missing the patches causing your patch application problems. 2) Backport the xsave patches as well. http://xenbits.xen.org/gitweb/?p=xen.git;a=history;f=xen/arch/x86/xstate.c;hb=12b0ee04a16194f064d5b895a844fcdc6414bfc0 should give you a good idea of the patches. http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=0bda88abe18029c2bbe9dc5d07cc706bd775c9b7 is probably the main patch needed. 3) Rework the security patch yourself using 0bda88abe18029c2bbe9dc5d07cc706bd775c9b7 as a reference of where and how to patch in arch/x86/traps.c I highly recommend option 2. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.