From dc3e72a8f487f917aaec853228f42dcd2b0a4e5b Mon Sep 17 00:00:00 2001 From: Christopher Clark Date: Mon, 8 Jan 2018 23:12:48 -0800 Subject: xen: for 4.10.0: XSA-253 / CVE-2018-5244 patch Fix a memory leak with MSR emulation on x86. Signed-off-by: Christopher Clark Signed-off-by: Bruce Ashfield --- recipes-extended/xen/files/xsa253.patch | 26 ++++++++++++++++++++++++++ recipes-extended/xen/xen_4.10.0.bb | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 recipes-extended/xen/files/xsa253.patch diff --git a/recipes-extended/xen/files/xsa253.patch b/recipes-extended/xen/files/xsa253.patch new file mode 100644 index 00000000..19e42693 --- /dev/null +++ b/recipes-extended/xen/files/xsa253.patch @@ -0,0 +1,26 @@ +From: Andrew Cooper +Subject: x86/msr: Free msr_vcpu_policy during vcpu destruction + +c/s 4187f79dc7 "x86/msr: introduce struct msr_vcpu_policy" introduced a +per-vcpu memory allocation, but failed to free it in the clean vcpu +destruction case. + +This is XSA-253 + +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich + +diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c +index b17468c..0ae715d 100644 +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -382,6 +382,9 @@ void vcpu_destroy(struct vcpu *v) + + vcpu_destroy_fpu(v); + ++ xfree(v->arch.msr); ++ v->arch.msr = NULL; ++ + if ( !is_idle_domain(v->domain) ) + vpmu_destroy(v); + diff --git a/recipes-extended/xen/xen_4.10.0.bb b/recipes-extended/xen/xen_4.10.0.bb index 1e14c865..d314b9b6 100644 --- a/recipes-extended/xen/xen_4.10.0.bb +++ b/recipes-extended/xen/xen_4.10.0.bb @@ -1,7 +1,9 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" require xen.inc SRC_URI = " \ https://downloads.xenproject.org/release/xen/${PV}/xen-${PV}.tar.gz \ + file://xsa253.patch \ " SRC_URI[md5sum] = "ab9d320d02cb40f6b40506aed1a38d58" -- cgit v1.2.3-54-g00ecf