xen: for 4.10.0: XSA-253 / CVE-2018-5244 patch

Fix a memory leak with MSR emulation on x86.

Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

2 files changed, 28 insertions, 0 deletions

diff --git a/recipes-extended/xen/files/xsa253.patch b/recipes-extended/xen/files/xsa253.patch
new file mode 100644
index 00000000..19e42693
--- /dev/null
+++ b/recipes-extended/xen/files/xsa253.patch
@@ -0,0 +1,26 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/msr: Free msr_vcpu_policy during vcpu destruction
+
+c/s 4187f79dc7 "x86/msr: introduce struct msr_vcpu_policy" introduced a
+per-vcpu memory allocation, but failed to free it in the clean vcpu
+destruction case.
+
+This is XSA-253
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index b17468c..0ae715d 100644
+--- a/xen/arch/x86/domain.c
++++ b/xen/arch/x86/domain.c
+@@ -382,6 +382,9 @@ void vcpu_destroy(struct vcpu *v)
+ 
+     vcpu_destroy_fpu(v);
+ 
++    xfree(v->arch.msr);
++    v->arch.msr = NULL;
++
+     if ( !is_idle_domain(v->domain) )
+         vpmu_destroy(v);
+ 
diff --git a/recipes-extended/xen/xen_4.10.0.bb b/recipes-extended/xen/xen_4.10.0.bb
index 1e14c865..d314b9b6 100644
--- a/recipes-extended/xen/xen_4.10.0.bb
+++ b/recipes-extended/xen/xen_4.10.0.bb
@@ -1,7 +1,9 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 require xen.inc
 
 SRC_URI = " \
     https://downloads.xenproject.org/release/xen/${PV}/xen-${PV}.tar.gz \
+    file://xsa253.patch \
     "
 
 SRC_URI[md5sum] = "ab9d320d02cb40f6b40506aed1a38d58"