[PR PATCH] xen: patch for XSA 360.

[PR PATCH] xen: patch for XSA 360.

[CMB]

[-- Attachment #1: Type: text/plain, Size: 1547 bytes --]

There is a new pull request by CMB against master on the void-packages repository

https://github.com/CMB/void-packages xen
https://github.com/void-linux/void-packages/pull/28084

xen: patch for XSA 360.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/28084.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-xen-28084.patch --]
[-- Type: text/x-diff, Size: 4884 bytes --]

From f8429d4bacf5fa0398156e71c90ac17448296123 Mon Sep 17 00:00:00 2001
From: Christopher Brannon <chris@the-brannons.com>
Date: Thu, 21 Jan 2021 07:25:45 -0800
Subject: [PATCH] xen: patch for XSA 360.

---
 srcpkgs/xen/patches/xsa360-4.14.patch | 97 +++++++++++++++++++++++++++
 srcpkgs/xen/template                  |  4 +-
 2 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/xen/patches/xsa360-4.14.patch

diff --git a/srcpkgs/xen/patches/xsa360-4.14.patch b/srcpkgs/xen/patches/xsa360-4.14.patch
new file mode 100644
index 00000000000..1bc185b110d
--- /dev/null
+++ b/srcpkgs/xen/patches/xsa360-4.14.patch
@@ -0,0 +1,97 @@
+From: Roger Pau Monne <roger.pau@citrix.com>
+Subject: x86/dpci: do not remove pirqs from domain tree on unbind
+
+A fix for a previous issue removed the pirqs from the domain tree when
+they are unbound in order to prevent shared pirqs from triggering a
+BUG_ON in __pirq_guest_unbind if they are unbound multiple times. That
+caused free_domain_pirqs to no longer unmap the pirqs because they
+are gone from the domain pirq tree, thus leaving stale unbound pirqs
+after domain destruction if the domain had mapped dpci pirqs after
+shutdown.
+
+Take a different approach to fix the original issue, instead of
+removing the pirq from d->pirq_tree clear the flags of the dpci pirq
+struct to signal that the pirq is now unbound. This prevents calling
+pirq_guest_unbind multiple times for the same pirq without having to
+remove it from the domain pirq tree.
+
+This is XSA-360.
+
+Fixes: 5b58dad089 ('x86/pass-through: avoid double IRQ unbind during domain cleanup')
+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/irq.c
++++ b/xen/arch/x86/irq.c
+@@ -1331,7 +1331,7 @@ void (pirq_cleanup_check)(struct pirq *p
+     }
+ 
+     if ( radix_tree_delete(&d->pirq_tree, pirq->pirq) != pirq )
+-        BUG_ON(!d->is_dying);
++        BUG();
+ }
+ 
+ /* Flush all ready EOIs from the top of this CPU's pending-EOI stack. */
+--- a/xen/drivers/passthrough/pci.c
++++ b/xen/drivers/passthrough/pci.c
+@@ -862,6 +862,10 @@ static int pci_clean_dpci_irq(struct dom
+ {
+     struct dev_intx_gsi_link *digl, *tmp;
+ 
++    if ( !pirq_dpci->flags )
++        /* Already processed. */
++        return 0;
++
+     pirq_guest_unbind(d, dpci_pirq(pirq_dpci));
+ 
+     if ( pt_irq_need_timer(pirq_dpci->flags) )
+@@ -872,15 +876,10 @@ static int pci_clean_dpci_irq(struct dom
+         list_del(&digl->list);
+         xfree(digl);
+     }
++    /* Note the pirq is now unbound. */
++    pirq_dpci->flags = 0;
+ 
+-    radix_tree_delete(&d->pirq_tree, dpci_pirq(pirq_dpci)->pirq);
+-
+-    if ( !pt_pirq_softirq_active(pirq_dpci) )
+-        return 0;
+-
+-    domain_get_irq_dpci(d)->pending_pirq_dpci = pirq_dpci;
+-
+-    return -ERESTART;
++    return pt_pirq_softirq_active(pirq_dpci) ? -ERESTART : 0;
+ }
+ 
+ static int pci_clean_dpci_irqs(struct domain *d)
+@@ -897,18 +896,8 @@ static int pci_clean_dpci_irqs(struct do
+     hvm_irq_dpci = domain_get_irq_dpci(d);
+     if ( hvm_irq_dpci != NULL )
+     {
+-        int ret = 0;
+-
+-        if ( hvm_irq_dpci->pending_pirq_dpci )
+-        {
+-            if ( pt_pirq_softirq_active(hvm_irq_dpci->pending_pirq_dpci) )
+-                 ret = -ERESTART;
+-            else
+-                 hvm_irq_dpci->pending_pirq_dpci = NULL;
+-        }
++        int ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL);
+ 
+-        if ( !ret )
+-            ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL);
+         if ( ret )
+         {
+             spin_unlock(&d->event_lock);
+--- a/xen/include/asm-x86/hvm/irq.h
++++ b/xen/include/asm-x86/hvm/irq.h
+@@ -160,8 +160,6 @@ struct hvm_irq_dpci {
+     DECLARE_BITMAP(isairq_map, NR_ISAIRQS);
+     /* Record of mapped Links */
+     uint8_t link_cnt[NR_LINK];
+-    /* Clean up: Entry with a softirq invocation pending / in progress. */
+-    struct hvm_pirq_dpci *pending_pirq_dpci;
+ };
+ 
+ /* Machine IRQ to guest device/intx mapping. */
diff --git a/srcpkgs/xen/template b/srcpkgs/xen/template
index 8b6649410d0..bc00c7cc8e0 100644
--- a/srcpkgs/xen/template
+++ b/srcpkgs/xen/template
@@ -1,7 +1,7 @@
 # Template file for 'xen'
 pkgname=xen
 version=4.14.1
-revision=1
+revision=2
 # grep -R IPXE_GIT_TAG src/xen-*/tools/firmware/etherboot
 _git_tag_ipxe=4bd064de239dab2426b31c9789a1f4d78087dc63
 # TODO: arm / aarch64
@@ -17,7 +17,7 @@ makedepends="SDL-devel dev86 dtc-devel e2fsprogs-devel gnutls-devel libaio-devel
  netpbm pciutils-devel pixman-devel python3-devel seabios yajl-devel"
 depends="bridge-utils perl xen-hypervisor"
 short_desc="Xen hypervisor utilities"
-maintainer="Orphaned <orphan@voidlinux.org>"
+maintainer="Chris Brannon <chris@the-brannons.com>"
 license="GPL-2.0-or-later"
 homepage="https://www.xenproject.org/"
 distfiles="

Re: [PR PATCH] [Merged]: xen: patch for XSA 360.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 1408 bytes --]

There's a merged pull request on the void-packages repository

xen: patch for XSA 360.
https://github.com/void-linux/void-packages/pull/28084

Description:
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->