diff options
Diffstat (limited to 'app-emulation/xen-pvgrub')
-rw-r--r-- | app-emulation/xen-pvgrub/ChangeLog | 10 | ||||
-rw-r--r-- | app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch | 788 | ||||
-rw-r--r-- | app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch | 759 | ||||
-rw-r--r-- | app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch | 1196 | ||||
-rw-r--r-- | app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild | 50 | ||||
-rw-r--r-- | app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild | 13 |
6 files changed, 44 insertions, 2772 deletions
diff --git a/app-emulation/xen-pvgrub/ChangeLog b/app-emulation/xen-pvgrub/ChangeLog index e65259fdf0fc..490e8b9fbdf7 100644 --- a/app-emulation/xen-pvgrub/ChangeLog +++ b/app-emulation/xen-pvgrub/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-emulation/xen-pvgrub # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.28 2013/06/26 16:16:38 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.29 2013/06/27 05:32:10 idella4 Exp $ + + 27 Jun 2013; Ian Delaney <idella4@gentoo.org> + -files/xen-4.2-CVE-2013-11-XSA-55.patch, + -files/xen-4.2-CVE-2013-15-XSA-55.patch, + -files/xen-4.2-CVE-2013-8-XSA-55.patch, xen-pvgrub-4.2.1-r2.ebuild, + xen-pvgrub-4.2.1-r3.ebuild, xen-pvgrub-4.2.2-r1.ebuild, + xen-pvgrub-4.2.2.ebuild: + rm of re-located patches, rm white space *xen-pvgrub-4.2.1-r3 (26 Jun 2013) *xen-pvgrub-4.2.2-r1 (26 Jun 2013) diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch deleted file mode 100644 index 5ad78279b0db..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch +++ /dev/null @@ -1,788 +0,0 @@ -From cc8761371aac432318530c2ddfe2c8234bc0621f Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:17 +0100 -Subject: [PATCH 11/23] libelf: check all pointer accesses - -We change the ELF_PTRVAL and ELF_HANDLE types and associated macros: - - * PTRVAL becomes a uintptr_t, for which we provide a typedef - elf_ptrval. This means no arithmetic done on it can overflow so - the compiler cannot do any malicious invalid pointer arithmetic - "optimisations". It also means that any places where we - dereference one of these pointers without using the appropriate - macros or functions become a compilation error. - - So we can be sure that we won't miss any memory accesses. - - All the PTRVAL variables were previously void* or char*, so - the actual address calculations are unchanged. - - * ELF_HANDLE becomes a union, one half of which keeps the pointer - value and the other half of which is just there to record the - type. - - The new type is not a pointer type so there can be no address - calculations on it whose meaning would change. Every assignment or - access has to go through one of our macros. - - * The distinction between const and non-const pointers and char*s - and void*s in libelf goes away. This was not important (and - anyway libelf tended to cast away const in various places). - - * The fields elf->image and elf->dest are renamed. That proves - that we haven't missed any unchecked uses of these actual - pointer values. - - * The caller may fill in elf->caller_xdest_base and _size to - specify another range of memory which is safe for libelf to - access, besides the input and output images. - - * When accesses fail due to being out of range, we mark the elf - "broken". This will be checked and used for diagnostics in - a following patch. - - We do not check for write accesses to the input image. This is - because libelf actually does this in a number of places. So we - simply permit that. - - * Each caller of libelf which used to set dest now sets - dest_base and dest_size. - - * In xc_dom_load_elf_symtab we provide a new actual-pointer - value hdr_ptr which we get from mapping the guest's kernel - area and use (checking carefully) as the caller_xdest area. - - * The STAR(h) macro in libelf-dominfo.c now uses elf_access_unsigned. - - * elf-init uses the new elf_uval_3264 accessor to access the 32-bit - fields, rather than an unchecked field access (ie, unchecked - pointer access). - - * elf_uval has been reworked to use elf_uval_3264. Both of these - macros are essentially new in this patch (although they are derived - from the old elf_uval) and need careful review. - - * ELF_ADVANCE_DEST is now safe in the sense that you can use it to - chop parts off the front of the dest area but if you chop more than - is available, the dest area is simply set to be empty, preventing - future accesses. - - * We introduce some #defines for memcpy, memset, memmove and strcpy: - - We provide elf_memcpy_safe and elf_memset_safe which take - PTRVALs and do checking on the supplied pointers. - - Users inside libelf must all be changed to either - elf_mem*_unchecked (which are just like mem*), or - elf_mem*_safe (which take PTRVALs) and are checked. Any - unchanged call sites become compilation errors. - - * We do _not_ at this time fix elf_access_unsigned so that it doesn't - make unaligned accesses. We hope that unaligned accesses are OK on - every supported architecture. But it does check the supplied - pointer for validity. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/xc_dom_elfloader.c | 49 ++++++++-- - tools/libxc/xc_hvm_build_x86.c | 10 +- - xen/arch/x86/domain_build.c | 3 +- - xen/common/libelf/libelf-dominfo.c | 2 +- - xen/common/libelf/libelf-loader.c | 16 ++-- - xen/common/libelf/libelf-private.h | 13 +++ - xen/common/libelf/libelf-tools.c | 106 ++++++++++++++++++- - xen/include/xen/libelf.h | 198 +++++++++++++++++++++++++----------- - 8 files changed, 312 insertions(+), 85 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index cc0f206..b82a08c 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -130,20 +130,30 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - - if ( load ) - { -- size_t allow_size; /* will be used in a forthcoming XSA-55 patch */ -+ char *hdr_ptr; -+ size_t allow_size; -+ - if ( !dom->bsd_symtab_start ) - return 0; - size = dom->kernel_seg.vend - dom->bsd_symtab_start; -- hdr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size); -- *(int *)hdr = size - sizeof(int); -+ hdr_ptr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size); -+ elf->caller_xdest_base = hdr_ptr; -+ elf->caller_xdest_size = allow_size; -+ hdr = ELF_REALPTR2PTRVAL(hdr_ptr); -+ elf_store_val(elf, int, hdr, size - sizeof(int)); - } - else - { -+ char *hdr_ptr; -+ - size = sizeof(int) + elf_size(elf, elf->ehdr) + - elf_shdr_count(elf) * elf_size(elf, shdr); -- hdr = xc_dom_malloc(dom, size); -- if ( hdr == NULL ) -+ hdr_ptr = xc_dom_malloc(dom, size); -+ if ( hdr_ptr == NULL ) - return 0; -+ elf->caller_xdest_base = hdr_ptr; -+ elf->caller_xdest_size = size; -+ hdr = ELF_REALPTR2PTRVAL(hdr_ptr); - dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend); - } - -@@ -171,9 +181,32 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - ehdr->e_shoff = elf_size(elf, elf->ehdr); - ehdr->e_shstrndx = SHN_UNDEF; - } -- if ( elf_init(&syms, hdr + sizeof(int), size - sizeof(int)) ) -+ if ( elf->caller_xdest_size < sizeof(int) ) -+ { -+ DOMPRINTF("%s/%s: header size %"PRIx64" too small", -+ __FUNCTION__, load ? "load" : "parse", -+ (uint64_t)elf->caller_xdest_size); -+ return -1; -+ } -+ if ( elf_init(&syms, elf->caller_xdest_base + sizeof(int), -+ elf->caller_xdest_size - sizeof(int)) ) - return -1; - -+ /* -+ * The caller_xdest_{base,size} and dest_{base,size} need to -+ * remain valid so long as each struct elf_image does. The -+ * principle we adopt is that these values are set when the -+ * memory is allocated or mapped, and cleared when (and if) -+ * they are unmapped. -+ * -+ * Mappings of the guest are normally undone by xc_dom_unmap_all -+ * (directly or via xc_dom_release). We do not explicitly clear -+ * these because in fact that happens only at the end of -+ * xc_dom_boot_image, at which time all of these ELF loading -+ * functions have returned. No relevant struct elf_binary* -+ * escapes this file. -+ */ -+ - xc_elf_set_logfile(dom->xch, &syms, 1); - - symtab = dom->bsd_symtab_start + sizeof(int); -@@ -312,8 +345,10 @@ static int xc_dom_load_elf_kernel(struct xc_dom_image *dom) - { - struct elf_binary *elf = dom->private_loader; - int rc; -+ xen_pfn_t pages; - -- elf->dest = xc_dom_seg_to_ptr(dom, &dom->kernel_seg); -+ elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages); -+ elf->dest_size = pages * XC_DOM_PAGE_SIZE(dom); - rc = elf_load_binary(elf); - if ( rc < 0 ) - { -diff --git a/tools/libxc/xc_hvm_build_x86.c b/tools/libxc/xc_hvm_build_x86.c -index 15b603d..ccfd8b5 100644 ---- a/tools/libxc/xc_hvm_build_x86.c -+++ b/tools/libxc/xc_hvm_build_x86.c -@@ -104,11 +104,12 @@ static int loadelfimage( - for ( i = 0; i < pages; i++ ) - entries[i].mfn = parray[(elf->pstart >> PAGE_SHIFT) + i]; - -- elf->dest = xc_map_foreign_ranges( -+ elf->dest_base = xc_map_foreign_ranges( - xch, dom, pages << PAGE_SHIFT, PROT_READ | PROT_WRITE, 1 << PAGE_SHIFT, - entries, pages); -- if ( elf->dest == NULL ) -+ if ( elf->dest_base == NULL ) - goto err; -+ elf->dest_size = pages * PAGE_SIZE; - - ELF_ADVANCE_DEST(elf, elf->pstart & (PAGE_SIZE - 1)); - -@@ -117,8 +118,9 @@ static int loadelfimage( - if ( rc < 0 ) - PERROR("Failed to load elf binary\n"); - -- munmap(elf->dest, pages << PAGE_SHIFT); -- elf->dest = NULL; -+ munmap(elf->dest_base, pages << PAGE_SHIFT); -+ elf->dest_base = NULL; -+ elf->dest_size = 0; - - err: - free(entries); -diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c -index 469d363..a655b21 100644 ---- a/xen/arch/x86/domain_build.c -+++ b/xen/arch/x86/domain_build.c -@@ -908,7 +908,8 @@ int __init construct_dom0( - write_ptbase(v); - - /* Copy the OS image and free temporary buffer. */ -- elf.dest = (void*)vkern_start; -+ elf.dest_base = (void*)vkern_start; -+ elf.dest_size = vkern_end - vkern_start; - rc = elf_load_binary(&elf); - if ( rc < 0 ) - { -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index b217f8f..98c80dc 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -254,7 +254,7 @@ int elf_xen_parse_guest_info(struct elf_binary *elf, - int len; - - h = parms->guest_info; --#define STAR(h) (*(h)) -+#define STAR(h) (elf_access_unsigned(elf, (h), 0, 1)) - while ( STAR(h) ) - { - elf_memset_unchecked(name, 0, sizeof(name)); -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index 0fef84c..a3310e7 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -24,23 +24,25 @@ - - /* ------------------------------------------------------------------------ */ - --int elf_init(struct elf_binary *elf, const char *image, size_t size) -+int elf_init(struct elf_binary *elf, const char *image_input, size_t size) - { - ELF_HANDLE_DECL(elf_shdr) shdr; - uint64_t i, count, section, offset; - -- if ( !elf_is_elfbinary(image) ) -+ if ( !elf_is_elfbinary(image_input) ) - { - elf_err(elf, "%s: not an ELF binary\n", __FUNCTION__); - return -1; - } - - elf_memset_unchecked(elf, 0, sizeof(*elf)); -- elf->image = image; -+ elf->image_base = image_input; - elf->size = size; -- elf->ehdr = (elf_ehdr *)image; -- elf->class = elf->ehdr->e32.e_ident[EI_CLASS]; -- elf->data = elf->ehdr->e32.e_ident[EI_DATA]; -+ elf->ehdr = ELF_MAKE_HANDLE(elf_ehdr, (elf_ptrval)image_input); -+ elf->class = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_CLASS]); -+ elf->data = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_DATA]); -+ elf->caller_xdest_base = NULL; -+ elf->caller_xdest_size = 0; - - /* Sanity check phdr. */ - offset = elf_uval(elf, elf->ehdr, e_phoff) + -@@ -300,7 +302,7 @@ int elf_load_binary(struct elf_binary *elf) - - ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr) - { -- return elf->dest + addr - elf->pstart; -+ return ELF_REALPTR2PTRVAL(elf->dest_base) + addr - elf->pstart; - } - - uint64_t elf_lookup_addr(struct elf_binary * elf, const char *symbol) -diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h -index 3ef753c..280dfd1 100644 ---- a/xen/common/libelf/libelf-private.h -+++ b/xen/common/libelf/libelf-private.h -@@ -86,6 +86,19 @@ do { strncpy((d),(s),sizeof((d))-1); \ - - #endif - -+#undef memcpy -+#undef memset -+#undef memmove -+#undef strcpy -+ -+#define memcpy MISTAKE_unspecified_memcpy -+#define memset MISTAKE_unspecified_memset -+#define memmove MISTAKE_unspecified_memmove -+#define strcpy MISTAKE_unspecified_strcpy -+ /* This prevents libelf from using these undecorated versions -+ * of memcpy, memset, memmove and strcpy. Every call site -+ * must either use elf_mem*_unchecked, or elf_mem*_safe. */ -+ - #endif /* __LIBELF_PRIVATE_H_ */ - - /* -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 3a0cde1..46ca553 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -20,28 +20,100 @@ - - /* ------------------------------------------------------------------------ */ - --uint64_t elf_access_unsigned(struct elf_binary * elf, const void *ptr, -- uint64_t offset, size_t size) -+void elf_mark_broken(struct elf_binary *elf, const char *msg) - { -+ if ( elf->broken == NULL ) -+ elf->broken = msg; -+} -+ -+const char *elf_check_broken(const struct elf_binary *elf) -+{ -+ return elf->broken; -+} -+ -+static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, -+ const void *region, uint64_t regionsize) -+ /* -+ * Returns true if the putative memory area [ptrval,ptrval+size> -+ * is completely inside the region [region,region+regionsize>. -+ * -+ * ptrval and size are the untrusted inputs to be checked. -+ * region and regionsize are trusted and must be correct and valid, -+ * although it is OK for region to perhaps be maliciously NULL -+ * (but not some other malicious value). -+ */ -+{ -+ elf_ptrval regionp = (elf_ptrval)region; -+ -+ if ( (region == NULL) || -+ (ptrval < regionp) || /* start is before region */ -+ (ptrval > regionp + regionsize) || /* start is after region */ -+ (size > regionsize - (ptrval - regionp)) ) /* too big */ -+ return 0; -+ return 1; -+} -+ -+int elf_access_ok(struct elf_binary * elf, -+ uint64_t ptrval, size_t size) -+{ -+ if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) ) -+ return 1; -+ if ( elf_ptrval_in_range(ptrval, size, elf->dest_base, elf->dest_size) ) -+ return 1; -+ if ( elf_ptrval_in_range(ptrval, size, -+ elf->caller_xdest_base, elf->caller_xdest_size) ) -+ return 1; -+ elf_mark_broken(elf, "out of range access"); -+ return 0; -+} -+ -+void elf_memcpy_safe(struct elf_binary *elf, elf_ptrval dst, -+ elf_ptrval src, size_t size) -+{ -+ if ( elf_access_ok(elf, dst, size) && -+ elf_access_ok(elf, src, size) ) -+ { -+ /* use memmove because these checks do not prove that the -+ * regions don't overlap and overlapping regions grant -+ * permission for compiler malice */ -+ elf_memmove_unchecked(ELF_UNSAFE_PTR(dst), ELF_UNSAFE_PTR(src), size); -+ } -+} -+ -+void elf_memset_safe(struct elf_binary *elf, elf_ptrval dst, int c, size_t size) -+{ -+ if ( elf_access_ok(elf, dst, size) ) -+ { -+ elf_memset_unchecked(ELF_UNSAFE_PTR(dst), c, size); -+ } -+} -+ -+uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base, -+ uint64_t moreoffset, size_t size) -+{ -+ elf_ptrval ptrval = base + moreoffset; - int need_swap = elf_swap(elf); - const uint8_t *u8; - const uint16_t *u16; - const uint32_t *u32; - const uint64_t *u64; - -+ if ( !elf_access_ok(elf, ptrval, size) ) -+ return 0; -+ - switch ( size ) - { - case 1: -- u8 = ptr + offset; -+ u8 = (const void*)ptrval; - return *u8; - case 2: -- u16 = ptr + offset; -+ u16 = (const void*)ptrval; - return need_swap ? bswap_16(*u16) : *u16; - case 4: -- u32 = ptr + offset; -+ u32 = (const void*)ptrval; - return need_swap ? bswap_32(*u32) : *u32; - case 8: -- u64 = ptr + offset; -+ u64 = (const void*)ptrval; - return need_swap ? bswap_64(*u64) : *u64; - default: - return 0; -@@ -122,6 +194,28 @@ const char *elf_section_name(struct elf_binary *elf, - return elf_strval(elf, elf->sec_strtab + elf_uval(elf, shdr, sh_name)); - } - -+const char *elf_strval(struct elf_binary *elf, elf_ptrval start) -+{ -+ uint64_t length; -+ -+ for ( length = 0; ; length++ ) { -+ if ( !elf_access_ok(elf, start + length, 1) ) -+ return NULL; -+ if ( !elf_access_unsigned(elf, start, length, 1) ) -+ /* ok */ -+ return ELF_UNSAFE_PTR(start); -+ } -+} -+ -+const char *elf_strfmt(struct elf_binary *elf, elf_ptrval start) -+{ -+ const char *str = elf_strval(elf, start); -+ -+ if ( str == NULL ) -+ return "(invalid)"; -+ return str; -+} -+ - ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) - { - return ELF_IMAGE_BASE(elf) + elf_uval(elf, shdr, sh_offset); -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index af5b5c5..ddc3ed7 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -57,8 +57,9 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - * on this. - * This replaces variables which were char*,void* - * and their const versions, so we provide four -- * different declaration macros: -+ * different obsolete declaration macros: - * ELF_PTRVAL_{,CONST}{VOID,CHAR} -+ * New code can simply use the elf_ptrval typedef. - * HANDLE A pointer to a struct. There is one of these types - * for each pointer type - that is, for each "structname". - * In the arguments to the various HANDLE macros, structname -@@ -67,54 +68,66 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - * pointers. In the current code attempts to do so will - * compile, but in the next patch this will become a - * compile error. -- * We provide two declaration macros for const and -- * non-const pointers. -+ * We also provide a second declaration macro for -+ * pointers which were to const; this is obsolete. - */ - --#define ELF_REALPTR2PTRVAL(realpointer) (realpointer) -+typedef uintptr_t elf_ptrval; -+ -+#define ELF_REALPTR2PTRVAL(realpointer) ((elf_ptrval)(realpointer)) - /* Converts an actual C pointer into a PTRVAL */ - --#define ELF_HANDLE_DECL_NONCONST(structname) structname * --#define ELF_HANDLE_DECL(structname) const structname * -+#define ELF_HANDLE_DECL_NONCONST(structname) structname##_handle /*obsolete*/ -+#define ELF_HANDLE_DECL(structname) structname##_handle - /* Provides a type declaration for a HANDLE. */ -- /* May only be used to declare ONE variable at a time */ - --#define ELF_PTRVAL_VOID void * --#define ELF_PTRVAL_CHAR char * --#define ELF_PTRVAL_CONST_VOID const void * --#define ELF_PTRVAL_CONST_CHAR const char * -- /* Provides a type declaration for a PTRVAL. */ -- /* May only be used to declare ONE variable at a time */ -+#define ELF_PTRVAL_VOID elf_ptrval /*obsolete*/ -+#define ELF_PTRVAL_CHAR elf_ptrval /*obsolete*/ -+#define ELF_PTRVAL_CONST_VOID elf_ptrval /*obsolete*/ -+#define ELF_PTRVAL_CONST_CHAR elf_ptrval /*obsolete*/ -+ -+#ifdef __XEN__ -+# define ELF_PRPTRVAL "lu" -+ /* -+ * PRIuPTR is misdefined in xen/include/xen/inttypes.h, on 32-bit, -+ * to "u", when in fact uintptr_t is an unsigned long. -+ */ -+#else -+# define ELF_PRPTRVAL PRIuPTR -+#endif -+ /* printf format a la PRId... for a PTRVAL */ - --#define ELF_DEFINE_HANDLE(structname) /* empty */ -+#define ELF_DEFINE_HANDLE(structname) \ -+ typedef union { \ -+ elf_ptrval ptrval; \ -+ const structname *typeonly; /* for sizeof, offsetof, &c only */ \ -+ } structname##_handle; - /* - * This must be invoked for each HANDLE type to define - * the actual C type used for that kind of HANDLE. - */ - --#define ELF_PRPTRVAL "p" -- /* printf format a la PRId... for a PTRVAL */ -- --#define ELF_MAKE_HANDLE(structname, ptrval) (ptrval) -+#define ELF_MAKE_HANDLE(structname, ptrval) ((structname##_handle){ ptrval }) - /* Converts a PTRVAL to a HANDLE */ - --#define ELF_IMAGE_BASE(elf) ((elf)->image) -+#define ELF_IMAGE_BASE(elf) ((elf_ptrval)(elf)->image_base) - /* Returns the base of the image as a PTRVAL. */ - --#define ELF_HANDLE_PTRVAL(handleval) ((void*)(handleval)) -+#define ELF_HANDLE_PTRVAL(handleval) ((handleval).ptrval) - /* Converts a HANDLE to a PTRVAL. */ - --#define ELF_OBSOLETE_VOIDP_CAST (void*)(uintptr_t) -+#define ELF_OBSOLETE_VOIDP_CAST /*empty*/ - /* -- * In some places the existing code needs to -+ * In some places the old code used to need to - * - cast away const (the existing code uses const a fair - * bit but actually sometimes wants to write to its input) - * from a PTRVAL. - * - convert an integer representing a pointer to a PTRVAL -- * This macro provides a suitable cast. -+ * Nowadays all of these re uintptr_ts so there is no const problem -+ * and no need for any casting. - */ - --#define ELF_UNSAFE_PTR(ptrval) ((void*)(uintptr_t)(ptrval)) -+#define ELF_UNSAFE_PTR(ptrval) ((void*)(elf_ptrval)(ptrval)) - /* - * Turns a PTRVAL into an actual C pointer. Before this is done - * the caller must have ensured that the PTRVAL does in fact point -@@ -122,18 +135,21 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - */ - - /* PTRVALs can be INVALID (ie, NULL). */ --#define ELF_INVALID_PTRVAL (NULL) /* returns NULL PTRVAL */ -+#define ELF_INVALID_PTRVAL ((elf_ptrval)0) /* returns NULL PTRVAL */ - #define ELF_INVALID_HANDLE(structname) /* returns NULL handle */ \ - ELF_MAKE_HANDLE(structname, ELF_INVALID_PTRVAL) --#define ELF_PTRVAL_VALID(ptrval) (ptrval) /* } */ --#define ELF_HANDLE_VALID(handleval) (handleval) /* } predicates */ --#define ELF_PTRVAL_INVALID(ptrval) ((ptrval) == NULL) /* } */ -+#define ELF_PTRVAL_VALID(ptrval) (!!(ptrval)) /* } */ -+#define ELF_HANDLE_VALID(handleval) (!!(handleval).ptrval) /* } predicates */ -+#define ELF_PTRVAL_INVALID(ptrval) (!ELF_PTRVAL_VALID((ptrval))) /* } */ -+ -+#define ELF_MAX_PTRVAL (~(elf_ptrval)0) -+ /* PTRVAL value guaranteed to compare > to any valid PTRVAL */ - - /* For internal use by other macros here */ - #define ELF__HANDLE_FIELD_TYPE(handleval, elm) \ -- typeof((handleval)->elm) -+ typeof((handleval).typeonly->elm) - #define ELF__HANDLE_FIELD_OFFSET(handleval, elm) \ -- offsetof(typeof(*(handleval)),elm) -+ offsetof(typeof(*(handleval).typeonly),elm) - - - /* ------------------------------------------------------------------------ */ -@@ -182,7 +198,7 @@ ELF_DEFINE_HANDLE(elf_note) - - struct elf_binary { - /* elf binary */ -- const char *image; -+ const void *image_base; - size_t size; - char class; - char data; -@@ -190,10 +206,16 @@ struct elf_binary { - ELF_HANDLE_DECL(elf_ehdr) ehdr; - ELF_PTRVAL_CONST_CHAR sec_strtab; - ELF_HANDLE_DECL(elf_shdr) sym_tab; -- ELF_PTRVAL_CONST_CHAR sym_strtab; -+ uint64_t sym_strtab; - - /* loaded to */ -- char *dest; -+ /* -+ * dest_base and dest_size are trusted and must be correct; -+ * whenever dest_size is not 0, both of these must be valid -+ * so long as the struct elf_binary is in use. -+ */ -+ char *dest_base; -+ size_t dest_size; - uint64_t pstart; - uint64_t pend; - uint64_t reloc_offset; -@@ -201,12 +223,22 @@ struct elf_binary { - uint64_t bsd_symtab_pstart; - uint64_t bsd_symtab_pend; - -+ /* -+ * caller's other acceptable destination -+ * -+ * Again, these are trusted and must be valid (or 0) so long -+ * as the struct elf_binary is in use. -+ */ -+ void *caller_xdest_base; -+ uint64_t caller_xdest_size; -+ - #ifndef __XEN__ - /* misc */ - elf_log_callback *log_callback; - void *log_caller_data; - #endif - int verbose; -+ const char *broken; - }; - - /* ------------------------------------------------------------------------ */ -@@ -224,22 +256,27 @@ struct elf_binary { - #define elf_lsb(elf) (ELFDATA2LSB == (elf)->data) - #define elf_swap(elf) (NATIVE_ELFDATA != (elf)->data) - --#define elf_uval(elf, str, elem) \ -- ((ELFCLASS64 == (elf)->class) \ -- ? elf_access_unsigned((elf), (str), \ -- offsetof(typeof(*(str)),e64.elem), \ -- sizeof((str)->e64.elem)) \ -- : elf_access_unsigned((elf), (str), \ -- offsetof(typeof(*(str)),e32.elem), \ -- sizeof((str)->e32.elem))) -+#define elf_uval_3264(elf, handle, elem) \ -+ elf_access_unsigned((elf), (handle).ptrval, \ -+ offsetof(typeof(*(handle).typeonly),elem), \ -+ sizeof((handle).typeonly->elem)) -+ -+#define elf_uval(elf, handle, elem) \ -+ ((ELFCLASS64 == (elf)->class) \ -+ ? elf_uval_3264(elf, handle, e64.elem) \ -+ : elf_uval_3264(elf, handle, e32.elem)) - /* - * Reads an unsigned field in a header structure in the ELF. - * str is a HANDLE, and elem is the field name in it. - */ - --#define elf_size(elf, str) \ -+ -+#define elf_size(elf, handle_or_handletype) ({ \ -+ typeof(handle_or_handletype) elf_size__dummy; \ - ((ELFCLASS64 == (elf)->class) \ -- ? sizeof((str)->e64) : sizeof((str)->e32)) -+ ? sizeof(elf_size__dummy.typeonly->e64) \ -+ : sizeof(elf_size__dummy.typeonly->e32)); \ -+}) - /* - * Returns the size of the substructure for the appropriate 32/64-bitness. - * str should be a HANDLE. -@@ -251,23 +288,37 @@ uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr, - - uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr); - -+const char *elf_strval(struct elf_binary *elf, elf_ptrval start); -+ /* may return NULL if the string is out of range etc. */ - --#define elf_strval(elf,x) ((const char*)(x)) /* may return NULL in the future */ --#define elf_strfmt(elf,x) ((const char*)(x)) /* will return (invalid) instead */ -+const char *elf_strfmt(struct elf_binary *elf, elf_ptrval start); -+ /* like elf_strval but returns "(invalid)" instead of NULL */ - --#define elf_memcpy_safe(elf, dst, src, sz) memcpy((dst),(src),(sz)) --#define elf_memset_safe(elf, dst, c, sz) memset((dst),(c),(sz)) -+void elf_memcpy_safe(struct elf_binary*, elf_ptrval dst, elf_ptrval src, size_t); -+void elf_memset_safe(struct elf_binary*, elf_ptrval dst, int c, size_t); - /* -- * Versions of memcpy and memset which will (in the next patch) -- * arrange never to write outside permitted areas. -+ * Versions of memcpy and memset which arrange never to write -+ * outside permitted areas. - */ - --#define elf_store_val(elf, type, ptr, val) (*(type*)(ptr) = (val)) -+int elf_access_ok(struct elf_binary * elf, -+ uint64_t ptrval, size_t size); -+ -+#define elf_store_val(elf, type, ptr, val) \ -+ ({ \ -+ typeof(type) elf_store__val = (val); \ -+ elf_ptrval elf_store__targ = ptr; \ -+ if (elf_access_ok((elf), elf_store__targ, \ -+ sizeof(elf_store__val))) { \ -+ elf_memcpy_unchecked((void*)elf_store__targ, &elf_store__val, \ -+ sizeof(elf_store__val)); \ -+ } \ -+ }) \ - /* Stores a value at a particular PTRVAL. */ - --#define elf_store_field(elf, hdr, elm, val) \ -- (elf_store_val((elf), ELF__HANDLE_FIELD_TYPE(hdr, elm), \ -- &((hdr)->elm), \ -+#define elf_store_field(elf, hdr, elm, val) \ -+ (elf_store_val((elf), ELF__HANDLE_FIELD_TYPE(hdr, elm), \ -+ ELF_HANDLE_PTRVAL(hdr) + ELF__HANDLE_FIELD_OFFSET(hdr, elm), \ - (val))) - /* Stores a 32/64-bit field. hdr is a HANDLE and elm is the field name. */ - -@@ -306,6 +357,10 @@ int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - /* xc_libelf_loader.c */ - - int elf_init(struct elf_binary *elf, const char *image, size_t size); -+ /* -+ * image and size must be correct. They will be recorded in -+ * *elf, and must remain valid while the elf is in use. -+ */ - #ifdef __XEN__ - void elf_set_verbose(struct elf_binary *elf); - #else -@@ -321,6 +376,9 @@ uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol); - - void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart); /* private */ - -+void elf_mark_broken(struct elf_binary *elf, const char *msg); -+const char *elf_check_broken(const struct elf_binary *elf); /* NULL means OK */ -+ - /* ------------------------------------------------------------------------ */ - /* xc_libelf_relocate.c */ - -@@ -395,16 +453,38 @@ int elf_xen_parse_guest_info(struct elf_binary *elf, - int elf_xen_parse(struct elf_binary *elf, - struct elf_dom_parms *parms); - --#define elf_memcpy_unchecked memcpy --#define elf_memset_unchecked memset -+static inline void *elf_memcpy_unchecked(void *dest, const void *src, size_t n) -+ { return memcpy(dest, src, n); } -+static inline void *elf_memmove_unchecked(void *dest, const void *src, size_t n) -+ { return memmove(dest, src, n); } -+static inline void *elf_memset_unchecked(void *s, int c, size_t n) -+ { return memset(s, c, n); } - /* -- * Unsafe versions of memcpy and memset which take actual C -- * pointers. These are just like real memcpy and memset. -+ * Unsafe versions of memcpy, memmove memset which take actual C -+ * pointers. These are just like the real functions. -+ * We provide these so that in libelf-private.h we can #define -+ * memcpy, memset and memmove to undefined MISTAKE things. - */ - - --#define ELF_ADVANCE_DEST(elf, amount) elf->dest += (amount) -- /* Advances past amount bytes of the current destination area. */ -+/* Advances past amount bytes of the current destination area. */ -+static inline void ELF_ADVANCE_DEST(struct elf_binary *elf, uint64_t amount) -+{ -+ if ( elf->dest_base == NULL ) -+ { -+ elf_mark_broken(elf, "advancing in null image"); -+ } -+ else if ( elf->dest_size >= amount ) -+ { -+ elf->dest_base += amount; -+ elf->dest_size -= amount; -+ } -+ else -+ { -+ elf->dest_size = 0; -+ elf_mark_broken(elf, "advancing past end (image very short?)"); -+ } -+} - - - #endif /* __XEN_LIBELF_H__ */ --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch deleted file mode 100644 index f55701dae332..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch +++ /dev/null @@ -1,759 +0,0 @@ -From e673ca50127b6c1263727aa31de0b8bb966ca7a2 Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:18 +0100 -Subject: [PATCH 15/23] libelf: use only unsigned integers - -Signed integers have undesirable undefined behaviours on overflow. -Malicious compilers can turn apparently-correct code into code with -security vulnerabilities etc. - -So use only unsigned integers. Exceptions are booleans (which we have -already changed) and error codes. - -We _do_ change all the chars which aren't fixed constants from our own -text segment, but not the char*s. This is because it is safe to -access an arbitrary byte through a char*, but not necessarily safe to -convert an arbitrary value to a char. - -As a consequence we need to compile libelf with -Wno-pointer-sign. - -It is OK to change all the signed integers to unsigned because all the -inequalities in libelf are in contexts where we don't "expect" -negative numbers. - -In libelf-dominfo.c:elf_xen_parse we rename a variable "rc" to -"more_notes" as it actually contains a note count derived from the -input image. The "error" return value from elf_xen_parse_notes is -changed from -1 to ~0U. - -grepping shows only one occurrence of "PRId" or "%d" or "%ld" in -libelf and xc_dom_elfloader.c (a "%d" which becomes "%u"). - -This is part of the fix to a security issue, XSA-55. - -For those concerned about unintentional functional changes, the -following rune produces a version of the patch which is much smaller -and eliminates only non-functional changes: - - GIT_EXTERNAL_DIFF=.../unsigned-differ git-diff <before>..<after> - -where <before> and <after> are git refs for the code before and after -this patch, and unsigned-differ is this shell script: - - #!/bin/bash - set -e - - seddery () { - perl -pe 's/\b(?:elf_errorstatus|elf_negerrnoval)\b/int/g' - } - - path="$1" - in="$2" - out="$5" - - set +e - diff -pu --label "$path~" <(seddery <"$in") --label "$path" <(seddery <"$out") - rc=$? - set -e - if [ $rc = 1 ]; then rc=0; fi - exit $rc - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> ---- - tools/libxc/Makefile | 9 +++++- - tools/libxc/xc_dom.h | 7 +++-- - tools/libxc/xc_dom_elfloader.c | 42 ++++++++++++++++------------- - tools/xcutils/readnotes.c | 15 +++++----- - xen/common/libelf/Makefile | 2 + - xen/common/libelf/libelf-dominfo.c | 52 ++++++++++++++++++----------------- - xen/common/libelf/libelf-loader.c | 20 +++++++------- - xen/common/libelf/libelf-tools.c | 24 ++++++++-------- - xen/include/xen/libelf.h | 21 ++++++++------ - 9 files changed, 105 insertions(+), 87 deletions(-) - -diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile -index d8c6a60..a3fd90c 100644 ---- a/tools/libxc/Makefile -+++ b/tools/libxc/Makefile -@@ -52,8 +52,13 @@ endif - vpath %.c ../../xen/common/libelf - CFLAGS += -I../../xen/common/libelf - --GUEST_SRCS-y += libelf-tools.c libelf-loader.c --GUEST_SRCS-y += libelf-dominfo.c -+ELF_SRCS-y += libelf-tools.c libelf-loader.c -+ELF_SRCS-y += libelf-dominfo.c -+ -+GUEST_SRCS-y += $(ELF_SRCS-y) -+ -+$(patsubst %.c,%.o,$(ELF_SRCS-y)): CFLAGS += -Wno-pointer-sign -+$(patsubst %.c,%.opic,$(ELF_SRCS-y)): CFLAGS += -Wno-pointer-sign - - # new domain builder - GUEST_SRCS-y += xc_dom_core.c xc_dom_boot.c -diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h -index 9f8037e..0161459 100644 ---- a/tools/libxc/xc_dom.h -+++ b/tools/libxc/xc_dom.h -@@ -140,9 +140,10 @@ struct xc_dom_image { - - struct xc_dom_loader { - char *name; -- int (*probe) (struct xc_dom_image * dom); -- int (*parser) (struct xc_dom_image * dom); -- int (*loader) (struct xc_dom_image * dom); -+ /* Sadly the error returns from these functions are not consistent: */ -+ elf_negerrnoval (*probe) (struct xc_dom_image * dom); -+ elf_negerrnoval (*parser) (struct xc_dom_image * dom); -+ elf_errorstatus (*loader) (struct xc_dom_image * dom); - - struct xc_dom_loader *next; - }; -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index 9ba64ae..62a0d3b 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -84,7 +84,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom, - /* ------------------------------------------------------------------------ */ - /* parse elf binary */ - --static int check_elf_kernel(struct xc_dom_image *dom, bool verbose) -+static elf_negerrnoval check_elf_kernel(struct xc_dom_image *dom, bool verbose) - { - if ( dom->kernel_blob == NULL ) - { -@@ -106,12 +106,12 @@ static int check_elf_kernel(struct xc_dom_image *dom, bool verbose) - return 0; - } - --static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom) -+static elf_negerrnoval xc_dom_probe_elf_kernel(struct xc_dom_image *dom) - { - return check_elf_kernel(dom, 0); - } - --static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, -+static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom, - struct elf_binary *elf, bool load) - { - struct elf_binary syms; -@@ -119,7 +119,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - xen_vaddr_t symtab, maxaddr; - ELF_PTRVAL_CHAR hdr; - size_t size; -- int h, count, type, i, tables = 0; -+ unsigned h, count, type, i, tables = 0; - - if ( elf_swap(elf) ) - { -@@ -140,13 +140,13 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - elf->caller_xdest_base = hdr_ptr; - elf->caller_xdest_size = allow_size; - hdr = ELF_REALPTR2PTRVAL(hdr_ptr); -- elf_store_val(elf, int, hdr, size - sizeof(int)); -+ elf_store_val(elf, unsigned, hdr, size - sizeof(unsigned)); - } - else - { - char *hdr_ptr; - -- size = sizeof(int) + elf_size(elf, elf->ehdr) + -+ size = sizeof(unsigned) + elf_size(elf, elf->ehdr) + - elf_shdr_count(elf) * elf_size(elf, shdr); - hdr_ptr = xc_dom_malloc(dom, size); - if ( hdr_ptr == NULL ) -@@ -157,15 +157,15 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend); - } - -- elf_memcpy_safe(elf, hdr + sizeof(int), -+ elf_memcpy_safe(elf, hdr + sizeof(unsigned), - ELF_IMAGE_BASE(elf), - elf_size(elf, elf->ehdr)); -- elf_memcpy_safe(elf, hdr + sizeof(int) + elf_size(elf, elf->ehdr), -+ elf_memcpy_safe(elf, hdr + sizeof(unsigned) + elf_size(elf, elf->ehdr), - ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff), - elf_shdr_count(elf) * elf_size(elf, shdr)); - if ( elf_64bit(elf) ) - { -- Elf64_Ehdr *ehdr = (Elf64_Ehdr *)(hdr + sizeof(int)); -+ Elf64_Ehdr *ehdr = (Elf64_Ehdr *)(hdr + sizeof(unsigned)); - ehdr->e_phoff = 0; - ehdr->e_phentsize = 0; - ehdr->e_phnum = 0; -@@ -174,22 +174,22 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - } - else - { -- Elf32_Ehdr *ehdr = (Elf32_Ehdr *)(hdr + sizeof(int)); -+ Elf32_Ehdr *ehdr = (Elf32_Ehdr *)(hdr + sizeof(unsigned)); - ehdr->e_phoff = 0; - ehdr->e_phentsize = 0; - ehdr->e_phnum = 0; - ehdr->e_shoff = elf_size(elf, elf->ehdr); - ehdr->e_shstrndx = SHN_UNDEF; - } -- if ( elf->caller_xdest_size < sizeof(int) ) -+ if ( elf->caller_xdest_size < sizeof(unsigned) ) - { - DOMPRINTF("%s/%s: header size %"PRIx64" too small", - __FUNCTION__, load ? "load" : "parse", - (uint64_t)elf->caller_xdest_size); - return -1; - } -- if ( elf_init(&syms, elf->caller_xdest_base + sizeof(int), -- elf->caller_xdest_size - sizeof(int)) ) -+ if ( elf_init(&syms, elf->caller_xdest_base + sizeof(unsigned), -+ elf->caller_xdest_size - sizeof(unsigned)) ) - return -1; - - /* -@@ -209,7 +209,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - - xc_elf_set_logfile(dom->xch, &syms, 1); - -- symtab = dom->bsd_symtab_start + sizeof(int); -+ symtab = dom->bsd_symtab_start + sizeof(unsigned); - maxaddr = elf_round_up(&syms, symtab + elf_size(&syms, syms.ehdr) + - elf_shdr_count(&syms) * elf_size(&syms, shdr)); - -@@ -255,7 +255,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - size = elf_uval(&syms, shdr, sh_size); - maxaddr = elf_round_up(&syms, maxaddr + size); - tables++; -- DOMPRINTF("%s: h=%d %s, size=0x%zx, maxaddr=0x%" PRIx64 "", -+ DOMPRINTF("%s: h=%u %s, size=0x%zx, maxaddr=0x%" PRIx64 "", - __FUNCTION__, h, - type == SHT_SYMTAB ? "symtab" : "strtab", - size, maxaddr); -@@ -294,10 +294,14 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - return 0; - } - --static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom) -+static elf_errorstatus xc_dom_parse_elf_kernel(struct xc_dom_image *dom) -+ /* -+ * This function sometimes returns -1 for error and sometimes -+ * an errno value. ?!?! -+ */ - { - struct elf_binary *elf; -- int rc; -+ elf_errorstatus rc; - - rc = check_elf_kernel(dom, 1); - if ( rc != 0 ) -@@ -358,10 +362,10 @@ out: - return rc; - } - --static int xc_dom_load_elf_kernel(struct xc_dom_image *dom) -+static elf_errorstatus xc_dom_load_elf_kernel(struct xc_dom_image *dom) - { - struct elf_binary *elf = dom->private_loader; -- int rc; -+ elf_errorstatus rc; - xen_pfn_t pages; - - elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages); -diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c -index d1f7a30..2ca7732 100644 ---- a/tools/xcutils/readnotes.c -+++ b/tools/xcutils/readnotes.c -@@ -70,7 +70,7 @@ static void print_numeric_note(const char *prefix, struct elf_binary *elf, - ELF_HANDLE_DECL(elf_note) note) - { - uint64_t value = elf_note_numeric(elf, note); -- int descsz = elf_uval(elf, note, descsz); -+ unsigned descsz = elf_uval(elf, note, descsz); - - printf("%s: %#*" PRIx64 " (%d bytes)\n", - prefix, 2+2*descsz, value, descsz); -@@ -79,7 +79,7 @@ static void print_numeric_note(const char *prefix, struct elf_binary *elf, - static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf, - ELF_HANDLE_DECL(elf_note) note) - { -- int descsz = elf_uval(elf, note, descsz); -+ unsigned descsz = elf_uval(elf, note, descsz); - ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); - - /* XXX should be able to cope with a list of values. */ -@@ -99,10 +99,10 @@ static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf, - - } - --static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, ELF_HANDLE_DECL(elf_note) end) -+static unsigned print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, ELF_HANDLE_DECL(elf_note) end) - { - ELF_HANDLE_DECL(elf_note) note; -- int notes_found = 0; -+ unsigned notes_found = 0; - const char *this_note_name; - - for ( note = start; ELF_HANDLE_PTRVAL(note) < ELF_HANDLE_PTRVAL(end); note = elf_note_next(elf, note) ) -@@ -161,7 +161,7 @@ static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, - break; - default: - printf("unknown note type %#x\n", -- (int)elf_uval(elf, note, type)); -+ (unsigned)elf_uval(elf, note, type)); - break; - } - } -@@ -171,12 +171,13 @@ static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, - int main(int argc, char **argv) - { - const char *f; -- int fd,h,size,usize,count; -+ int fd; -+ unsigned h,size,usize,count; - void *image,*tmp; - struct stat st; - struct elf_binary elf; - ELF_HANDLE_DECL(elf_shdr) shdr; -- int notes_found = 0; -+ unsigned notes_found = 0; - - struct setup_header *hdr; - uint64_t payload_offset, payload_length; -diff --git a/xen/common/libelf/Makefile b/xen/common/libelf/Makefile -index 18dc8e2..5bf8f76 100644 ---- a/xen/common/libelf/Makefile -+++ b/xen/common/libelf/Makefile -@@ -2,6 +2,8 @@ obj-bin-y := libelf.o - - SECTIONS := text data $(SPECIAL_DATA_SECTIONS) - -+CFLAGS += -Wno-pointer-sign -+ - libelf.o: libelf-temp.o Makefile - $(OBJCOPY) $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) $< $@ - -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 12b6c2a..cdd0d31 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -29,15 +29,15 @@ static const char *const elf_xen_feature_names[] = { - [XENFEAT_pae_pgdir_above_4gb] = "pae_pgdir_above_4gb", - [XENFEAT_dom0] = "dom0" - }; --static const int elf_xen_features = -+static const unsigned elf_xen_features = - sizeof(elf_xen_feature_names) / sizeof(elf_xen_feature_names[0]); - --int elf_xen_parse_features(const char *features, -+elf_errorstatus elf_xen_parse_features(const char *features, - uint32_t *supported, - uint32_t *required) - { -- char feature[64]; -- int pos, len, i; -+ unsigned char feature[64]; -+ unsigned pos, len, i; - - if ( features == NULL ) - return 0; -@@ -94,7 +94,7 @@ int elf_xen_parse_features(const char *features, - /* ------------------------------------------------------------------------ */ - /* xen elf notes */ - --int elf_xen_parse_note(struct elf_binary *elf, -+elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, - struct elf_dom_parms *parms, - ELF_HANDLE_DECL(elf_note) note) - { -@@ -125,7 +125,7 @@ int elf_xen_parse_note(struct elf_binary *elf, - const char *str = NULL; - uint64_t val = 0; - unsigned int i; -- int type = elf_uval(elf, note, type); -+ unsigned type = elf_uval(elf, note, type); - - if ( (type >= sizeof(note_desc) / sizeof(note_desc[0])) || - (note_desc[type].name == NULL) ) -@@ -216,12 +216,14 @@ int elf_xen_parse_note(struct elf_binary *elf, - return 0; - } - --static int elf_xen_parse_notes(struct elf_binary *elf, -+#define ELF_NOTE_INVALID (~0U) -+ -+static unsigned elf_xen_parse_notes(struct elf_binary *elf, - struct elf_dom_parms *parms, - ELF_PTRVAL_CONST_VOID start, - ELF_PTRVAL_CONST_VOID end) - { -- int xen_elfnotes = 0; -+ unsigned xen_elfnotes = 0; - ELF_HANDLE_DECL(elf_note) note; - const char *note_name; - -@@ -237,7 +239,7 @@ static int elf_xen_parse_notes(struct elf_binary *elf, - if ( strcmp(note_name, "Xen") ) - continue; - if ( elf_xen_parse_note(elf, parms, note) ) -- return -1; -+ return ELF_NOTE_INVALID; - xen_elfnotes++; - } - return xen_elfnotes; -@@ -246,12 +248,12 @@ static int elf_xen_parse_notes(struct elf_binary *elf, - /* ------------------------------------------------------------------------ */ - /* __xen_guest section */ - --int elf_xen_parse_guest_info(struct elf_binary *elf, -+elf_errorstatus elf_xen_parse_guest_info(struct elf_binary *elf, - struct elf_dom_parms *parms) - { - ELF_PTRVAL_CONST_CHAR h; -- char name[32], value[128]; -- int len; -+ unsigned char name[32], value[128]; -+ unsigned len; - - h = parms->guest_info; - #define STAR(h) (elf_access_unsigned(elf, (h), 0, 1)) -@@ -334,13 +336,13 @@ int elf_xen_parse_guest_info(struct elf_binary *elf, - /* ------------------------------------------------------------------------ */ - /* sanity checks */ - --static int elf_xen_note_check(struct elf_binary *elf, -+static elf_errorstatus elf_xen_note_check(struct elf_binary *elf, - struct elf_dom_parms *parms) - { - if ( (ELF_PTRVAL_INVALID(parms->elf_note_start)) && - (ELF_PTRVAL_INVALID(parms->guest_info)) ) - { -- int machine = elf_uval(elf, elf->ehdr, e_machine); -+ unsigned machine = elf_uval(elf, elf->ehdr, e_machine); - if ( (machine == EM_386) || (machine == EM_X86_64) ) - { - elf_err(elf, "%s: ERROR: Not a Xen-ELF image: " -@@ -378,7 +380,7 @@ static int elf_xen_note_check(struct elf_binary *elf, - return 0; - } - --static int elf_xen_addr_calc_check(struct elf_binary *elf, -+static elf_errorstatus elf_xen_addr_calc_check(struct elf_binary *elf, - struct elf_dom_parms *parms) - { - if ( (parms->elf_paddr_offset != UNSET_ADDR) && -@@ -464,13 +466,13 @@ static int elf_xen_addr_calc_check(struct elf_binary *elf, - /* ------------------------------------------------------------------------ */ - /* glue it all together ... */ - --int elf_xen_parse(struct elf_binary *elf, -+elf_errorstatus elf_xen_parse(struct elf_binary *elf, - struct elf_dom_parms *parms) - { - ELF_HANDLE_DECL(elf_shdr) shdr; - ELF_HANDLE_DECL(elf_phdr) phdr; -- int xen_elfnotes = 0; -- int i, count, rc; -+ unsigned xen_elfnotes = 0; -+ unsigned i, count, more_notes; - - elf_memset_unchecked(parms, 0, sizeof(*parms)); - parms->virt_base = UNSET_ADDR; -@@ -495,13 +497,13 @@ int elf_xen_parse(struct elf_binary *elf, - if (elf_uval(elf, phdr, p_offset) == 0) - continue; - -- rc = elf_xen_parse_notes(elf, parms, -+ more_notes = elf_xen_parse_notes(elf, parms, - elf_segment_start(elf, phdr), - elf_segment_end(elf, phdr)); -- if ( rc == -1 ) -+ if ( more_notes == ELF_NOTE_INVALID ) - return -1; - -- xen_elfnotes += rc; -+ xen_elfnotes += more_notes; - } - - /* -@@ -518,17 +520,17 @@ int elf_xen_parse(struct elf_binary *elf, - if ( elf_uval(elf, shdr, sh_type) != SHT_NOTE ) - continue; - -- rc = elf_xen_parse_notes(elf, parms, -+ more_notes = elf_xen_parse_notes(elf, parms, - elf_section_start(elf, shdr), - elf_section_end(elf, shdr)); - -- if ( rc == -1 ) -+ if ( more_notes == ELF_NOTE_INVALID ) - return -1; - -- if ( xen_elfnotes == 0 && rc > 0 ) -+ if ( xen_elfnotes == 0 && more_notes > 0 ) - elf_msg(elf, "%s: using notes from SHT_NOTE section\n", __FUNCTION__); - -- xen_elfnotes += rc; -+ xen_elfnotes += more_notes; - } - - } -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index 0dccd4d..c3a9e51 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -24,7 +24,7 @@ - - /* ------------------------------------------------------------------------ */ - --int elf_init(struct elf_binary *elf, const char *image_input, size_t size) -+elf_errorstatus elf_init(struct elf_binary *elf, const char *image_input, size_t size) - { - ELF_HANDLE_DECL(elf_shdr) shdr; - uint64_t i, count, section, offset; -@@ -114,7 +114,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, - elf->verbose = verbose; - } - --static int elf_load_image(struct elf_binary *elf, -+static elf_errorstatus elf_load_image(struct elf_binary *elf, - ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, - uint64_t filesz, uint64_t memsz) - { -@@ -129,9 +129,9 @@ void elf_set_verbose(struct elf_binary *elf) - elf->verbose = 1; - } - --static int elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz) -+static elf_errorstatus elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz) - { -- int rc; -+ elf_errorstatus rc; - if ( filesz > ULONG_MAX || memsz > ULONG_MAX ) - return -1; - /* We trust the dom0 kernel image completely, so we don't care -@@ -151,7 +151,7 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart) - { - uint64_t sz; - ELF_HANDLE_DECL(elf_shdr) shdr; -- int i, type; -+ unsigned i, type; - - if ( !ELF_HANDLE_VALID(elf->sym_tab) ) - return; -@@ -187,7 +187,7 @@ static void elf_load_bsdsyms(struct elf_binary *elf) - ELF_PTRVAL_VOID symbase; - ELF_PTRVAL_VOID symtab_addr; - ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; -- int i, type; -+ unsigned i, type; - - if ( !elf->bsd_symtab_pstart ) - return; -@@ -220,7 +220,7 @@ do { \ - elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(shdr), - ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff), - sz); -- maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz); -+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz); - - for ( i = 0; i < elf_shdr_count(elf); i++ ) - { -@@ -233,10 +233,10 @@ do { \ - elf_memcpy_safe(elf, maxva, elf_section_start(elf, shdr), sz); - /* Mangled to be based on ELF header location. */ - elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr); -- maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz); -+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz); - } - shdr = ELF_MAKE_HANDLE(elf_shdr, ELF_HANDLE_PTRVAL(shdr) + -- (long)elf_uval(elf, elf->ehdr, e_shentsize)); -+ (unsigned long)elf_uval(elf, elf->ehdr, e_shentsize)); - } - - /* Write down the actual sym size. */ -@@ -273,7 +273,7 @@ void elf_parse_binary(struct elf_binary *elf) - __FUNCTION__, elf->pstart, elf->pend); - } - --int elf_load_binary(struct elf_binary *elf) -+elf_errorstatus elf_load_binary(struct elf_binary *elf) - { - ELF_HANDLE_DECL(elf_phdr) phdr; - uint64_t i, count, paddr, offset, filesz, memsz; -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index fa58f76..46d4ab1 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -122,19 +122,19 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base, - - uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr) - { -- int elf_round = (elf_64bit(elf) ? 8 : 4) - 1; -+ uint64_t elf_round = (elf_64bit(elf) ? 8 : 4) - 1; - - return (addr + elf_round) & ~elf_round; - } - - /* ------------------------------------------------------------------------ */ - --int elf_shdr_count(struct elf_binary *elf) -+unsigned elf_shdr_count(struct elf_binary *elf) - { - return elf_uval(elf, elf->ehdr, e_shnum); - } - --int elf_phdr_count(struct elf_binary *elf) -+unsigned elf_phdr_count(struct elf_binary *elf) - { - return elf_uval(elf, elf->ehdr, e_phnum); - } -@@ -144,7 +144,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n - uint64_t count = elf_shdr_count(elf); - ELF_HANDLE_DECL(elf_shdr) shdr; - const char *sname; -- int i; -+ unsigned i; - - for ( i = 0; i < count; i++ ) - { -@@ -156,7 +156,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n - return ELF_INVALID_HANDLE(elf_shdr); - } - --ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index) -+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned index) - { - uint64_t count = elf_shdr_count(elf); - ELF_PTRVAL_CONST_VOID ptr; -@@ -170,7 +170,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index) - return ELF_MAKE_HANDLE(elf_shdr, ptr); - } - --ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index) -+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index) - { - uint64_t count = elf_uval(elf, elf->ehdr, e_phnum); - ELF_PTRVAL_CONST_VOID ptr; -@@ -264,7 +264,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym - return ELF_INVALID_HANDLE(elf_sym); - } - --ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index) -+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index) - { - ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab); - ELF_HANDLE_DECL(elf_sym) sym; -@@ -280,7 +280,7 @@ const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note - - ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { -- int namesz = (elf_uval(elf, note, namesz) + 3) & ~3; -+ unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3; - - return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz; - } -@@ -288,7 +288,7 @@ ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_ - uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { - ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); -- int descsz = elf_uval(elf, note, descsz); -+ unsigned descsz = elf_uval(elf, note, descsz); - - switch (descsz) - { -@@ -306,7 +306,7 @@ uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note - unsigned int unitsz, unsigned int idx) - { - ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); -- int descsz = elf_uval(elf, note, descsz); -+ unsigned descsz = elf_uval(elf, note, descsz); - - if ( descsz % unitsz || idx >= descsz / unitsz ) - return 0; -@@ -324,8 +324,8 @@ uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note - - ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { -- int namesz = (elf_uval(elf, note, namesz) + 3) & ~3; -- int descsz = (elf_uval(elf, note, descsz) + 3) & ~3; -+ unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3; -+ unsigned descsz = (elf_uval(elf, note, descsz) + 3) & ~3; - - return ELF_MAKE_HANDLE(elf_note, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz + descsz); - } -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index 951430f..87e126a 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -31,6 +31,9 @@ - - #include <stdbool.h> - -+typedef int elf_errorstatus; /* 0: ok; -ve (normally -1): error */ -+typedef int elf_negerrnoval; /* 0: ok; -EFOO: error */ -+ - #undef ELFSIZE - #include "elfstructs.h" - #ifdef __XEN__ -@@ -328,12 +331,12 @@ bool elf_access_ok(struct elf_binary * elf, - /* ------------------------------------------------------------------------ */ - /* xc_libelf_tools.c */ - --int elf_shdr_count(struct elf_binary *elf); --int elf_phdr_count(struct elf_binary *elf); -+unsigned elf_shdr_count(struct elf_binary *elf); -+unsigned elf_phdr_count(struct elf_binary *elf); - - ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *name); --ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index); --ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index); -+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned index); -+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index); - - const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); /* might return NULL if inputs are invalid */ - ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); -@@ -343,7 +346,7 @@ ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL( - ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - - ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol); --ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index); -+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index); - - const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); /* may return NULL */ - ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); -@@ -360,7 +363,7 @@ bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr - /* ------------------------------------------------------------------------ */ - /* xc_libelf_loader.c */ - --int elf_init(struct elf_binary *elf, const char *image, size_t size); -+elf_errorstatus elf_init(struct elf_binary *elf, const char *image, size_t size); - /* - * image and size must be correct. They will be recorded in - * *elf, and must remain valid while the elf is in use. -@@ -373,7 +376,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback*, - #endif - - void elf_parse_binary(struct elf_binary *elf); --int elf_load_binary(struct elf_binary *elf); -+elf_errorstatus elf_load_binary(struct elf_binary *elf); - - ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr); - uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol); -@@ -386,7 +389,7 @@ const char *elf_check_broken(const struct elf_binary *elf); /* NULL means OK */ - /* ------------------------------------------------------------------------ */ - /* xc_libelf_relocate.c */ - --int elf_reloc(struct elf_binary *elf); -+elf_errorstatus elf_reloc(struct elf_binary *elf); - - /* ------------------------------------------------------------------------ */ - /* xc_libelf_dominfo.c */ -@@ -420,7 +423,7 @@ struct elf_dom_parms { - char guest_ver[16]; - char xen_ver[16]; - char loader[16]; -- int pae; -+ int pae; /* some kind of enum apparently */ - bool bsd_symtab; - uint64_t virt_base; - uint64_t virt_entry; --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch deleted file mode 100644 index a9256b54444f..000000000000 --- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch +++ /dev/null @@ -1,1196 +0,0 @@ -From 40020ab55a1e9a1674ddecdb70299fab4fe8579d Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Fri, 14 Jun 2013 16:43:17 +0100 -Subject: [PATCH 08/23] libelf: introduce macros for memory access and pointer handling - -We introduce a collection of macros which abstract away all the -pointer arithmetic and dereferences used for accessing the input ELF -and the output area(s). We use the new macros everywhere. - -For now, these macros are semantically identical to the code they -replace, so this patch has no functional change. - -elf_is_elfbinary is an exception: since it doesn't take an elf*, we -need to handle it differently. In a future patch we will change it to -take, and check, a length parameter. For now we just mark it with a -fixme. - -That this patch has no functional change can be verified as follows: - - 0. Copy the scripts "comparison-generate" and "function-filter" - out of this commit message. - 1. Check out the tree before this patch. - 2. Run the script ../comparison-generate .... ../before - 3. Check out the tree after this patch. - 4. Run the script ../comparison-generate .... ../after - 5. diff --exclude=\*.[soi] -ruN before/ after/ |less - -Expect these differences: - * stubdom/zlib-x86_64/ztest*.s2 - The filename of this test file apparently contains the pid. - * xen/common/version.s2 - The xen build timestamp appears in two diff hunks. - -Verification that this is all that's needed: - In a completely built xen.git, - find * -name .*.d -type f | xargs grep -l libelf\.h - Expect results in: - xen/arch/x86: Checked above. - tools/libxc: Checked above. - tools/xcutils/readnotes: Checked above. - tools/xenstore: Checked above. - xen/common/libelf: - This is the build for the hypervisor; checked in B above. - stubdom: - We have one stubdom which reads ELFs using our libelf, - pvgrub, which is checked above. - -I have not done this verification for ARM. - -This is part of the fix to a security issue, XSA-55. - -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> - --8<- comparison-generate -8<- - #!/bin/bash - # usage: - # cd xen.git - # .../comparison-generate OUR-CONFIG BUILD-RUNE-PREFIX ../before|../after - # eg: - # .../comparison-generate ~/work/.config 'schroot -pc64 --' ../before - set -ex - - test $# = 3 || need-exactly-three-arguments - - our_config=$1 - build_rune_prefix=$2 - result_dir=$3 - - git clean -x -d -f - - cp "$our_config" . - - cat <<END >>.config - debug_symbols=n - CFLAGS += -save-temps - END - - perl -i~ -pe 's/ -g / -g0 / if m/^CFLAGS/' xen/Rules.mk - - if [ -f ./configure ]; then - $build_rune_prefix ./configure - fi - - $build_rune_prefix make -C xen - $build_rune_prefix make -C tools/include - $build_rune_prefix make -C stubdom grub - $build_rune_prefix make -C tools/libxc - $build_rune_prefix make -C tools/xenstore - $build_rune_prefix make -C tools/xcutils - - rm -rf "$result_dir" - mkdir "$result_dir" - - set +x - for f in `find xen tools stubdom -name \*.[soi]`; do - mkdir -p "$result_dir"/`dirname $f` - cp $f "$result_dir"/${f} - case $f in - *.s) - ../function-filter <$f >"$result_dir"/${f}2 - ;; - esac - done - - echo ok. --8<- - --8<- function-filter -8<- - #!/usr/bin/perl -w - # function-filter - # script for massaging gcc-generated labels to be consistent - use strict; - our @lines; - my $sedderybody = "sub seddery () {\n"; - while (<>) { - push @lines, $_; - if (m/^(__FUNCTION__|__func__)\.(\d+)\:/) { - $sedderybody .= " s/\\b$1\\.$2\\b/__XSA55MANGLED__$1.$./g;\n"; - } - } - $sedderybody .= "}\n1;\n"; - eval $sedderybody or die $@; - foreach (@lines) { - seddery(); - print or die $!; - } --8<- ---- - tools/libxc/xc_dom_elfloader.c | 30 +++--- - tools/libxc/xc_hvm_build_x86.c | 2 +- - tools/xcutils/readnotes.c | 26 +++--- - xen/common/libelf/libelf-dominfo.c | 51 +++++----- - xen/common/libelf/libelf-loader.c | 84 +++++++++-------- - xen/common/libelf/libelf-tools.c | 94 +++++++++--------- - xen/include/xen/libelf.h | 188 +++++++++++++++++++++++++++++++----- - 7 files changed, 312 insertions(+), 163 deletions(-) - -diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c -index e82f6e9..cc0f206 100644 ---- a/tools/libxc/xc_dom_elfloader.c -+++ b/tools/libxc/xc_dom_elfloader.c -@@ -115,9 +115,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - struct elf_binary *elf, int load) - { - struct elf_binary syms; -- const elf_shdr *shdr, *shdr2; -+ ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2; - xen_vaddr_t symtab, maxaddr; -- char *hdr; -+ ELF_PTRVAL_CHAR hdr; - size_t size; - int h, count, type, i, tables = 0; - -@@ -147,11 +147,11 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend); - } - -- memcpy(hdr + sizeof(int), -- elf->image, -+ elf_memcpy_safe(elf, hdr + sizeof(int), -+ ELF_IMAGE_BASE(elf), - elf_size(elf, elf->ehdr)); -- memcpy(hdr + sizeof(int) + elf_size(elf, elf->ehdr), -- elf->image + elf_uval(elf, elf->ehdr, e_shoff), -+ elf_memcpy_safe(elf, hdr + sizeof(int) + elf_size(elf, elf->ehdr), -+ ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff), - elf_shdr_count(elf) * elf_size(elf, shdr)); - if ( elf_64bit(elf) ) - { -@@ -189,7 +189,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - count = elf_shdr_count(&syms); - for ( h = 0; h < count; h++ ) - { -- shdr = elf_shdr_by_index(&syms, h); -+ shdr = ELF_OBSOLETE_VOIDP_CAST elf_shdr_by_index(&syms, h); - type = elf_uval(&syms, shdr, sh_type); - if ( type == SHT_STRTAB ) - { -@@ -205,9 +205,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - if ( i == count ) - { - if ( elf_64bit(&syms) ) -- *(Elf64_Off*)(&shdr->e64.sh_offset) = 0; -+ elf_store_field(elf, shdr, e64.sh_offset, 0); - else -- *(Elf32_Off*)(&shdr->e32.sh_offset) = 0; -+ elf_store_field(elf, shdr, e32.sh_offset, 0); - continue; - } - } -@@ -216,9 +216,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - { - /* Mangled to be based on ELF header location. */ - if ( elf_64bit(&syms) ) -- *(Elf64_Off*)(&shdr->e64.sh_offset) = maxaddr - symtab; -+ elf_store_field(elf, shdr, e64.sh_offset, maxaddr - symtab); - else -- *(Elf32_Off*)(&shdr->e32.sh_offset) = maxaddr - symtab; -+ elf_store_field(elf, shdr, e32.sh_offset, maxaddr - symtab); - size = elf_uval(&syms, shdr, sh_size); - maxaddr = elf_round_up(&syms, maxaddr + size); - tables++; -@@ -230,7 +230,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - if ( load ) - { - shdr2 = elf_shdr_by_index(elf, h); -- memcpy((void*)elf_section_start(&syms, shdr), -+ elf_memcpy_safe(elf, ELF_OBSOLETE_VOIDP_CAST elf_section_start(&syms, shdr), - elf_section_start(elf, shdr2), - size); - } -@@ -238,9 +238,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - - /* Name is NULL. */ - if ( elf_64bit(&syms) ) -- *(Elf64_Word*)(&shdr->e64.sh_name) = 0; -+ elf_store_field(elf, shdr, e64.sh_name, 0); - else -- *(Elf32_Word*)(&shdr->e32.sh_name) = 0; -+ elf_store_field(elf, shdr, e32.sh_name, 0); - } - - if ( tables == 0 ) -@@ -275,7 +275,7 @@ static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom) - } - - /* Find the section-header strings table. */ -- if ( elf->sec_strtab == NULL ) -+ if ( ELF_PTRVAL_INVALID(elf->sec_strtab) ) - { - xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: ELF image" - " has no shstrtab", __FUNCTION__); -diff --git a/tools/libxc/xc_hvm_build_x86.c b/tools/libxc/xc_hvm_build_x86.c -index cf5d7fb..15b603d 100644 ---- a/tools/libxc/xc_hvm_build_x86.c -+++ b/tools/libxc/xc_hvm_build_x86.c -@@ -110,7 +110,7 @@ static int loadelfimage( - if ( elf->dest == NULL ) - goto err; - -- elf->dest += elf->pstart & (PAGE_SIZE - 1); -+ ELF_ADVANCE_DEST(elf, elf->pstart & (PAGE_SIZE - 1)); - - /* Load the initial elf image. */ - rc = elf_load_binary(elf); -diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c -index c926186..2af047d 100644 ---- a/tools/xcutils/readnotes.c -+++ b/tools/xcutils/readnotes.c -@@ -61,13 +61,13 @@ struct setup_header { - } __attribute__((packed)); - - static void print_string_note(const char *prefix, struct elf_binary *elf, -- const elf_note *note) -+ ELF_HANDLE_DECL(elf_note) note) - { - printf("%s: %s\n", prefix, (char*)elf_note_desc(elf, note)); - } - - static void print_numeric_note(const char *prefix, struct elf_binary *elf, -- const elf_note *note) -+ ELF_HANDLE_DECL(elf_note) note) - { - uint64_t value = elf_note_numeric(elf, note); - int descsz = elf_uval(elf, note, descsz); -@@ -98,12 +98,12 @@ static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf, - - } - --static int print_notes(struct elf_binary *elf, const elf_note *start, const elf_note *end) -+static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, ELF_HANDLE_DECL(elf_note) end) - { -- const elf_note *note; -+ ELF_HANDLE_DECL(elf_note) note; - int notes_found = 0; - -- for ( note = start; note < end; note = elf_note_next(elf, note) ) -+ for ( note = start; ELF_HANDLE_PTRVAL(note) < ELF_HANDLE_PTRVAL(end); note = elf_note_next(elf, note) ) - { - if (0 != strcmp(elf_note_name(elf, note), "Xen")) - continue; -@@ -170,7 +170,7 @@ int main(int argc, char **argv) - void *image,*tmp; - struct stat st; - struct elf_binary elf; -- const elf_shdr *shdr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; - int notes_found = 0; - - struct setup_header *hdr; -@@ -257,7 +257,7 @@ int main(int argc, char **argv) - count = elf_phdr_count(&elf); - for ( h=0; h < count; h++) - { -- const elf_phdr *phdr; -+ ELF_HANDLE_DECL(elf_phdr) phdr; - phdr = elf_phdr_by_index(&elf, h); - if (elf_uval(&elf, phdr, p_type) != PT_NOTE) - continue; -@@ -269,8 +269,8 @@ int main(int argc, char **argv) - continue; - - notes_found = print_notes(&elf, -- elf_segment_start(&elf, phdr), -- elf_segment_end(&elf, phdr)); -+ ELF_MAKE_HANDLE(elf_note, elf_segment_start(&elf, phdr)), -+ ELF_MAKE_HANDLE(elf_note, elf_segment_end(&elf, phdr))); - } - - if ( notes_found == 0 ) -@@ -278,13 +278,13 @@ int main(int argc, char **argv) - count = elf_shdr_count(&elf); - for ( h=0; h < count; h++) - { -- const elf_shdr *shdr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; - shdr = elf_shdr_by_index(&elf, h); - if (elf_uval(&elf, shdr, sh_type) != SHT_NOTE) - continue; - notes_found = print_notes(&elf, -- elf_section_start(&elf, shdr), -- elf_section_end(&elf, shdr)); -+ ELF_MAKE_HANDLE(elf_note, elf_section_start(&elf, shdr)), -+ ELF_MAKE_HANDLE(elf_note, elf_section_end(&elf, shdr))); - if ( notes_found ) - fprintf(stderr, "using notes from SHT_NOTE section\n"); - -@@ -292,7 +292,7 @@ int main(int argc, char **argv) - } - - shdr = elf_shdr_by_name(&elf, "__xen_guest"); -- if (shdr) -+ if (ELF_HANDLE_VALID(shdr)) - printf("__xen_guest: %s\n", (char*)elf_section_start(&elf, shdr)); - - return 0; -diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c -index 523837f..7140d59 100644 ---- a/xen/common/libelf/libelf-dominfo.c -+++ b/xen/common/libelf/libelf-dominfo.c -@@ -44,7 +44,7 @@ int elf_xen_parse_features(const char *features, - - for ( pos = 0; features[pos] != '\0'; pos += len ) - { -- memset(feature, 0, sizeof(feature)); -+ elf_memset_unchecked(feature, 0, sizeof(feature)); - for ( len = 0;; len++ ) - { - if ( len >= sizeof(feature)-1 ) -@@ -96,7 +96,7 @@ int elf_xen_parse_features(const char *features, - - int elf_xen_parse_note(struct elf_binary *elf, - struct elf_dom_parms *parms, -- const elf_note *note) -+ ELF_HANDLE_DECL(elf_note) note) - { - /* *INDENT-OFF* */ - static const struct { -@@ -215,15 +215,16 @@ int elf_xen_parse_note(struct elf_binary *elf, - - static int elf_xen_parse_notes(struct elf_binary *elf, - struct elf_dom_parms *parms, -- const void *start, const void *end) -+ ELF_PTRVAL_CONST_VOID start, -+ ELF_PTRVAL_CONST_VOID end) - { - int xen_elfnotes = 0; -- const elf_note *note; -+ ELF_HANDLE_DECL(elf_note) note; - - parms->elf_note_start = start; - parms->elf_note_end = end; -- for ( note = parms->elf_note_start; -- (void *)note < parms->elf_note_end; -+ for ( note = ELF_MAKE_HANDLE(elf_note, parms->elf_note_start); -+ ELF_HANDLE_PTRVAL(note) < parms->elf_note_end; - note = elf_note_next(elf, note) ) - { - if ( strcmp(elf_note_name(elf, note), "Xen") ) -@@ -241,45 +242,46 @@ static int elf_xen_parse_notes(struct elf_binary *elf, - int elf_xen_parse_guest_info(struct elf_binary *elf, - struct elf_dom_parms *parms) - { -- const char *h; -+ ELF_PTRVAL_CONST_CHAR h; - char name[32], value[128]; - int len; - - h = parms->guest_info; -- while ( *h ) -+#define STAR(h) (*(h)) -+ while ( STAR(h) ) - { -- memset(name, 0, sizeof(name)); -- memset(value, 0, sizeof(value)); -+ elf_memset_unchecked(name, 0, sizeof(name)); -+ elf_memset_unchecked(value, 0, sizeof(value)); - for ( len = 0;; len++, h++ ) - { - if ( len >= sizeof(name)-1 ) - break; -- if ( *h == '\0' ) -+ if ( STAR(h) == '\0' ) - break; -- if ( *h == ',' ) -+ if ( STAR(h) == ',' ) - { - h++; - break; - } -- if ( *h == '=' ) -+ if ( STAR(h) == '=' ) - { - h++; - for ( len = 0;; len++, h++ ) - { - if ( len >= sizeof(value)-1 ) - break; -- if ( *h == '\0' ) -+ if ( STAR(h) == '\0' ) - break; -- if ( *h == ',' ) -+ if ( STAR(h) == ',' ) - { - h++; - break; - } -- value[len] = *h; -+ value[len] = STAR(h); - } - break; - } -- name[len] = *h; -+ name[len] = STAR(h); - } - elf_msg(elf, "%s: %s=\"%s\"\n", __FUNCTION__, name, value); - -@@ -328,7 +330,8 @@ int elf_xen_parse_guest_info(struct elf_binary *elf, - static int elf_xen_note_check(struct elf_binary *elf, - struct elf_dom_parms *parms) - { -- if ( (parms->elf_note_start == NULL) && (parms->guest_info == NULL) ) -+ if ( (ELF_PTRVAL_INVALID(parms->elf_note_start)) && -+ (ELF_PTRVAL_INVALID(parms->guest_info)) ) - { - int machine = elf_uval(elf, elf->ehdr, e_machine); - if ( (machine == EM_386) || (machine == EM_X86_64) ) -@@ -457,12 +460,12 @@ static int elf_xen_addr_calc_check(struct elf_binary *elf, - int elf_xen_parse(struct elf_binary *elf, - struct elf_dom_parms *parms) - { -- const elf_shdr *shdr; -- const elf_phdr *phdr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; -+ ELF_HANDLE_DECL(elf_phdr) phdr; - int xen_elfnotes = 0; - int i, count, rc; - -- memset(parms, 0, sizeof(*parms)); -+ elf_memset_unchecked(parms, 0, sizeof(*parms)); - parms->virt_base = UNSET_ADDR; - parms->virt_entry = UNSET_ADDR; - parms->virt_hypercall = UNSET_ADDR; -@@ -532,11 +535,11 @@ int elf_xen_parse(struct elf_binary *elf, - for ( i = 0; i < count; i++ ) - { - shdr = elf_shdr_by_name(elf, "__xen_guest"); -- if ( shdr ) -+ if ( ELF_HANDLE_VALID(shdr) ) - { - parms->guest_info = elf_section_start(elf, shdr); -- parms->elf_note_start = NULL; -- parms->elf_note_end = NULL; -+ parms->elf_note_start = ELF_INVALID_PTRVAL; -+ parms->elf_note_end = ELF_INVALID_PTRVAL; - elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__, - parms->guest_info); - elf_xen_parse_guest_info(elf, parms); -diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c -index ec0706b..0fef84c 100644 ---- a/xen/common/libelf/libelf-loader.c -+++ b/xen/common/libelf/libelf-loader.c -@@ -26,7 +26,7 @@ - - int elf_init(struct elf_binary *elf, const char *image, size_t size) - { -- const elf_shdr *shdr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; - uint64_t i, count, section, offset; - - if ( !elf_is_elfbinary(image) ) -@@ -35,7 +35,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size) - return -1; - } - -- memset(elf, 0, sizeof(*elf)); -+ elf_memset_unchecked(elf, 0, sizeof(*elf)); - elf->image = image; - elf->size = size; - elf->ehdr = (elf_ehdr *)image; -@@ -65,7 +65,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size) - /* Find section string table. */ - section = elf_uval(elf, elf->ehdr, e_shstrndx); - shdr = elf_shdr_by_index(elf, section); -- if ( shdr != NULL ) -+ if ( ELF_HANDLE_VALID(shdr) ) - elf->sec_strtab = elf_section_start(elf, shdr); - - /* Find symbol table and symbol string table. */ -@@ -77,9 +77,9 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size) - continue; - elf->sym_tab = shdr; - shdr = elf_shdr_by_index(elf, elf_uval(elf, shdr, sh_link)); -- if ( shdr == NULL ) -+ if ( !ELF_HANDLE_VALID(shdr) ) - { -- elf->sym_tab = NULL; -+ elf->sym_tab = ELF_INVALID_HANDLE(elf_shdr); - continue; - } - elf->sym_strtab = elf_section_start(elf, shdr); -@@ -113,10 +113,11 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, - } - - static int elf_load_image(struct elf_binary *elf, -- void *dst, const void *src, uint64_t filesz, uint64_t memsz) -+ ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, -+ uint64_t filesz, uint64_t memsz) - { -- memcpy(dst, src, filesz); -- memset(dst + filesz, 0, memsz - filesz); -+ elf_memcpy_safe(elf, dst, src, filesz); -+ elf_memset_safe(elf, dst + filesz, 0, memsz - filesz); - return 0; - } - #else -@@ -126,16 +127,17 @@ void elf_set_verbose(struct elf_binary *elf) - elf->verbose = 1; - } - --static int elf_load_image(struct elf_binary *elf, -- void *dst, const void *src, uint64_t filesz, uint64_t memsz) -+static int elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz) - { - int rc; - if ( filesz > ULONG_MAX || memsz > ULONG_MAX ) - return -1; -- rc = raw_copy_to_guest(dst, src, filesz); -+ /* We trust the dom0 kernel image completely, so we don't care -+ * about overruns etc. here. */ -+ rc = raw_copy_to_guest(ELF_UNSAFE_PTR(dst), ELF_UNSAFE_PTR(src), filesz); - if ( rc != 0 ) - return -1; -- rc = raw_clear_guest(dst + filesz, memsz - filesz); -+ rc = raw_clear_guest(ELF_UNSAFE_PTR(dst + filesz), memsz - filesz); - if ( rc != 0 ) - return -1; - return 0; -@@ -146,10 +148,10 @@ static int elf_load_image(struct elf_binary *elf, - void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart) - { - uint64_t sz; -- const elf_shdr *shdr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; - int i, type; - -- if ( !elf->sym_tab ) -+ if ( !ELF_HANDLE_VALID(elf->sym_tab) ) - return; - - pstart = elf_round_up(elf, pstart); -@@ -166,7 +168,7 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart) - for ( i = 0; i < elf_shdr_count(elf); i++ ) - { - shdr = elf_shdr_by_index(elf, i); -- type = elf_uval(elf, (elf_shdr *)shdr, sh_type); -+ type = elf_uval(elf, shdr, sh_type); - if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) ) - sz = elf_round_up(elf, sz + elf_uval(elf, shdr, sh_size)); - } -@@ -177,10 +179,12 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart) - - static void elf_load_bsdsyms(struct elf_binary *elf) - { -- elf_ehdr *sym_ehdr; -+ ELF_HANDLE_DECL_NONCONST(elf_ehdr) sym_ehdr; - unsigned long sz; -- char *maxva, *symbase, *symtab_addr; -- elf_shdr *shdr; -+ ELF_PTRVAL_VOID maxva; -+ ELF_PTRVAL_VOID symbase; -+ ELF_PTRVAL_VOID symtab_addr; -+ ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; - int i, type; - - if ( !elf->bsd_symtab_pstart ) -@@ -189,18 +193,18 @@ static void elf_load_bsdsyms(struct elf_binary *elf) - #define elf_hdr_elm(_elf, _hdr, _elm, _val) \ - do { \ - if ( elf_64bit(_elf) ) \ -- (_hdr)->e64._elm = _val; \ -+ elf_store_field(_elf, _hdr, e64._elm, _val); \ - else \ -- (_hdr)->e32._elm = _val; \ -+ elf_store_field(_elf, _hdr, e32._elm, _val); \ - } while ( 0 ) - - symbase = elf_get_ptr(elf, elf->bsd_symtab_pstart); - symtab_addr = maxva = symbase + sizeof(uint32_t); - - /* Set up Elf header. */ -- sym_ehdr = (elf_ehdr *)symtab_addr; -+ sym_ehdr = ELF_MAKE_HANDLE(elf_ehdr, symtab_addr); - sz = elf_uval(elf, elf->ehdr, e_ehsize); -- memcpy(sym_ehdr, elf->ehdr, sz); -+ elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(sym_ehdr), ELF_HANDLE_PTRVAL(elf->ehdr), sz); - maxva += sz; /* no round up */ - - elf_hdr_elm(elf, sym_ehdr, e_phoff, 0); -@@ -209,37 +213,39 @@ do { \ - elf_hdr_elm(elf, sym_ehdr, e_phnum, 0); - - /* Copy Elf section headers. */ -- shdr = (elf_shdr *)maxva; -+ shdr = ELF_MAKE_HANDLE(elf_shdr, maxva); - sz = elf_shdr_count(elf) * elf_uval(elf, elf->ehdr, e_shentsize); -- memcpy(shdr, elf->image + elf_uval(elf, elf->ehdr, e_shoff), sz); -- maxva = (char *)(long)elf_round_up(elf, (long)maxva + sz); -+ elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(shdr), -+ ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff), -+ sz); -+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz); - - for ( i = 0; i < elf_shdr_count(elf); i++ ) - { - type = elf_uval(elf, shdr, sh_type); - if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) ) - { -- elf_msg(elf, "%s: shdr %i at 0x%p -> 0x%p\n", __func__, i, -+ elf_msg(elf, "%s: shdr %i at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n", __func__, i, - elf_section_start(elf, shdr), maxva); - sz = elf_uval(elf, shdr, sh_size); -- memcpy(maxva, elf_section_start(elf, shdr), sz); -+ elf_memcpy_safe(elf, maxva, elf_section_start(elf, shdr), sz); - /* Mangled to be based on ELF header location. */ - elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr); -- maxva = (char *)(long)elf_round_up(elf, (long)maxva + sz); -+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz); - } -- shdr = (elf_shdr *)((long)shdr + -+ shdr = ELF_MAKE_HANDLE(elf_shdr, ELF_HANDLE_PTRVAL(shdr) + - (long)elf_uval(elf, elf->ehdr, e_shentsize)); - } - - /* Write down the actual sym size. */ -- *(uint32_t *)symbase = maxva - symtab_addr; -+ elf_store_val(elf, uint32_t, symbase, maxva - symtab_addr); - - #undef elf_ehdr_elm - } - - void elf_parse_binary(struct elf_binary *elf) - { -- const elf_phdr *phdr; -+ ELF_HANDLE_DECL(elf_phdr) phdr; - uint64_t low = -1; - uint64_t high = 0; - uint64_t i, count, paddr, memsz; -@@ -267,9 +273,9 @@ void elf_parse_binary(struct elf_binary *elf) - - int elf_load_binary(struct elf_binary *elf) - { -- const elf_phdr *phdr; -+ ELF_HANDLE_DECL(elf_phdr) phdr; - uint64_t i, count, paddr, offset, filesz, memsz; -- char *dest; -+ ELF_PTRVAL_VOID dest; - - count = elf_uval(elf, elf->ehdr, e_phnum); - for ( i = 0; i < count; i++ ) -@@ -282,9 +288,9 @@ int elf_load_binary(struct elf_binary *elf) - filesz = elf_uval(elf, phdr, p_filesz); - memsz = elf_uval(elf, phdr, p_memsz); - dest = elf_get_ptr(elf, paddr); -- elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%p -> 0x%p\n", -- __func__, i, dest, dest + filesz); -- if ( elf_load_image(elf, dest, elf->image + offset, filesz, memsz) != 0 ) -+ elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n", -+ __func__, i, dest, (ELF_PTRVAL_VOID)(dest + filesz)); -+ if ( elf_load_image(elf, dest, ELF_IMAGE_BASE(elf) + offset, filesz, memsz) != 0 ) - return -1; - } - -@@ -292,18 +298,18 @@ int elf_load_binary(struct elf_binary *elf) - return 0; - } - --void *elf_get_ptr(struct elf_binary *elf, unsigned long addr) -+ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr) - { - return elf->dest + addr - elf->pstart; - } - - uint64_t elf_lookup_addr(struct elf_binary * elf, const char *symbol) - { -- const elf_sym *sym; -+ ELF_HANDLE_DECL(elf_sym) sym; - uint64_t value; - - sym = elf_sym_by_name(elf, symbol); -- if ( sym == NULL ) -+ if ( !ELF_HANDLE_VALID(sym) ) - { - elf_err(elf, "%s: not found: %s\n", __FUNCTION__, symbol); - return -1; -diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c -index 2f54142..f1fd886 100644 ---- a/xen/common/libelf/libelf-tools.c -+++ b/xen/common/libelf/libelf-tools.c -@@ -67,10 +67,10 @@ int elf_phdr_count(struct elf_binary *elf) - return elf_uval(elf, elf->ehdr, e_phnum); - } - --const elf_shdr *elf_shdr_by_name(struct elf_binary *elf, const char *name) -+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *name) - { - uint64_t count = elf_shdr_count(elf); -- const elf_shdr *shdr; -+ ELF_HANDLE_DECL(elf_shdr) shdr; - const char *sname; - int i; - -@@ -81,76 +81,80 @@ const elf_shdr *elf_shdr_by_name(struct elf_binary *elf, const char *name) - if ( sname && !strcmp(sname, name) ) - return shdr; - } -- return NULL; -+ return ELF_INVALID_HANDLE(elf_shdr); - } - --const elf_shdr *elf_shdr_by_index(struct elf_binary *elf, int index) -+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index) - { - uint64_t count = elf_shdr_count(elf); -- const void *ptr; -+ ELF_PTRVAL_CONST_VOID ptr; - - if ( index >= count ) -- return NULL; -+ return ELF_INVALID_HANDLE(elf_shdr); - -- ptr = (elf->image -+ ptr = (ELF_IMAGE_BASE(elf) - + elf_uval(elf, elf->ehdr, e_shoff) - + elf_uval(elf, elf->ehdr, e_shentsize) * index); -- return ptr; -+ return ELF_MAKE_HANDLE(elf_shdr, ptr); - } - --const elf_phdr *elf_phdr_by_index(struct elf_binary *elf, int index) -+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index) - { - uint64_t count = elf_uval(elf, elf->ehdr, e_phnum); -- const void *ptr; -+ ELF_PTRVAL_CONST_VOID ptr; - - if ( index >= count ) -- return NULL; -+ return ELF_INVALID_HANDLE(elf_phdr); - -- ptr = (elf->image -+ ptr = (ELF_IMAGE_BASE(elf) - + elf_uval(elf, elf->ehdr, e_phoff) - + elf_uval(elf, elf->ehdr, e_phentsize) * index); -- return ptr; -+ return ELF_MAKE_HANDLE(elf_phdr, ptr); - } - --const char *elf_section_name(struct elf_binary *elf, const elf_shdr * shdr) -+ -+const char *elf_section_name(struct elf_binary *elf, -+ ELF_HANDLE_DECL(elf_shdr) shdr) - { -- if ( elf->sec_strtab == NULL ) -+ if ( ELF_PTRVAL_INVALID(elf->sec_strtab) ) - return "unknown"; -+ - return elf->sec_strtab + elf_uval(elf, shdr, sh_name); - } - --const void *elf_section_start(struct elf_binary *elf, const elf_shdr * shdr) -+ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) - { -- return elf->image + elf_uval(elf, shdr, sh_offset); -+ return ELF_IMAGE_BASE(elf) + elf_uval(elf, shdr, sh_offset); - } - --const void *elf_section_end(struct elf_binary *elf, const elf_shdr * shdr) -+ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr) - { -- return elf->image -+ return ELF_IMAGE_BASE(elf) - + elf_uval(elf, shdr, sh_offset) + elf_uval(elf, shdr, sh_size); - } - --const void *elf_segment_start(struct elf_binary *elf, const elf_phdr * phdr) -+ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { -- return elf->image + elf_uval(elf, phdr, p_offset); -+ return ELF_IMAGE_BASE(elf) -+ + elf_uval(elf, phdr, p_offset); - } - --const void *elf_segment_end(struct elf_binary *elf, const elf_phdr * phdr) -+ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { -- return elf->image -+ return ELF_IMAGE_BASE(elf) - + elf_uval(elf, phdr, p_offset) + elf_uval(elf, phdr, p_filesz); - } - --const elf_sym *elf_sym_by_name(struct elf_binary *elf, const char *symbol) -+ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol) - { -- const void *ptr = elf_section_start(elf, elf->sym_tab); -- const void *end = elf_section_end(elf, elf->sym_tab); -- const elf_sym *sym; -+ ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab); -+ ELF_PTRVAL_CONST_VOID end = elf_section_end(elf, elf->sym_tab); -+ ELF_HANDLE_DECL(elf_sym) sym; - uint64_t info, name; - - for ( ; ptr < end; ptr += elf_size(elf, sym) ) - { -- sym = ptr; -+ sym = ELF_MAKE_HANDLE(elf_sym, ptr); - info = elf_uval(elf, sym, st_info); - name = elf_uval(elf, sym, st_name); - if ( ELF32_ST_BIND(info) != STB_GLOBAL ) -@@ -159,33 +163,33 @@ const elf_sym *elf_sym_by_name(struct elf_binary *elf, const char *symbol) - continue; - return sym; - } -- return NULL; -+ return ELF_INVALID_HANDLE(elf_sym); - } - --const elf_sym *elf_sym_by_index(struct elf_binary *elf, int index) -+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index) - { -- const void *ptr = elf_section_start(elf, elf->sym_tab); -- const elf_sym *sym; -+ ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab); -+ ELF_HANDLE_DECL(elf_sym) sym; - -- sym = ptr + index * elf_size(elf, sym); -+ sym = ELF_MAKE_HANDLE(elf_sym, ptr + index * elf_size(elf, sym)); - return sym; - } - --const char *elf_note_name(struct elf_binary *elf, const elf_note * note) -+const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { -- return (void *)note + elf_size(elf, note); -+ return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note); - } - --const void *elf_note_desc(struct elf_binary *elf, const elf_note * note) -+ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { - int namesz = (elf_uval(elf, note, namesz) + 3) & ~3; - -- return (void *)note + elf_size(elf, note) + namesz; -+ return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz; - } - --uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note) -+uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { -- const void *desc = elf_note_desc(elf, note); -+ ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); - int descsz = elf_uval(elf, note, descsz); - - switch (descsz) -@@ -200,10 +204,10 @@ uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note) - } - } - --uint64_t elf_note_numeric_array(struct elf_binary *elf, const elf_note *note, -+uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note, - unsigned int unitsz, unsigned int idx) - { -- const void *desc = elf_note_desc(elf, note); -+ ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note); - int descsz = elf_uval(elf, note, descsz); - - if ( descsz % unitsz || idx >= descsz / unitsz ) -@@ -220,12 +224,12 @@ uint64_t elf_note_numeric_array(struct elf_binary *elf, const elf_note *note, - } - } - --const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * note) -+ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note) - { - int namesz = (elf_uval(elf, note, namesz) + 3) & ~3; - int descsz = (elf_uval(elf, note, descsz) + 3) & ~3; - -- return (void *)note + elf_size(elf, note) + namesz + descsz; -+ return ELF_MAKE_HANDLE(elf_note, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz + descsz); - } - - /* ------------------------------------------------------------------------ */ -@@ -234,10 +238,10 @@ int elf_is_elfbinary(const void *image) - { - const Elf32_Ehdr *ehdr = image; - -- return IS_ELF(*ehdr); -+ return IS_ELF(*ehdr); /* fixme unchecked */ - } - --int elf_phdr_is_loadable(struct elf_binary *elf, const elf_phdr * phdr) -+int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) - { - uint64_t p_type = elf_uval(elf, phdr, p_type); - uint64_t p_flags = elf_uval(elf, phdr, p_flags); -diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h -index 38e490c..cefd3d3 100644 ---- a/xen/include/xen/libelf.h -+++ b/xen/include/xen/libelf.h -@@ -48,6 +48,97 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data, - - /* ------------------------------------------------------------------------ */ - -+/* Macros for accessing the input image and output area. */ -+ -+/* -+ * We abstract away the pointerness of these pointers, replacing -+ * various void*, char* and struct* with the following: -+ * PTRVAL A pointer to a byte; one can do pointer arithmetic -+ * on this. -+ * This replaces variables which were char*,void* -+ * and their const versions, so we provide four -+ * different declaration macros: -+ * ELF_PTRVAL_{,CONST}{VOID,CHAR} -+ * HANDLE A pointer to a struct. There is one of these types -+ * for each pointer type - that is, for each "structname". -+ * In the arguments to the various HANDLE macros, structname -+ * must be a single identifier which is a typedef. -+ * It is not permitted to do arithmetic on these -+ * pointers. In the current code attempts to do so will -+ * compile, but in the next patch this will become a -+ * compile error. -+ * We provide two declaration macros for const and -+ * non-const pointers. -+ */ -+ -+#define ELF_REALPTR2PTRVAL(realpointer) (realpointer) -+ /* Converts an actual C pointer into a PTRVAL */ -+ -+#define ELF_HANDLE_DECL_NONCONST(structname) structname * -+#define ELF_HANDLE_DECL(structname) const structname * -+ /* Provides a type declaration for a HANDLE. */ -+ /* May only be used to declare ONE variable at a time */ -+ -+#define ELF_PTRVAL_VOID void * -+#define ELF_PTRVAL_CHAR char * -+#define ELF_PTRVAL_CONST_VOID const void * -+#define ELF_PTRVAL_CONST_CHAR const char * -+ /* Provides a type declaration for a PTRVAL. */ -+ /* May only be used to declare ONE variable at a time */ -+ -+#define ELF_DEFINE_HANDLE(structname) /* empty */ -+ /* -+ * This must be invoked for each HANDLE type to define -+ * the actual C type used for that kind of HANDLE. -+ */ -+ -+#define ELF_PRPTRVAL "p" -+ /* printf format a la PRId... for a PTRVAL */ -+ -+#define ELF_MAKE_HANDLE(structname, ptrval) (ptrval) -+ /* Converts a PTRVAL to a HANDLE */ -+ -+#define ELF_IMAGE_BASE(elf) ((elf)->image) -+ /* Returns the base of the image as a PTRVAL. */ -+ -+#define ELF_HANDLE_PTRVAL(handleval) ((void*)(handleval)) -+ /* Converts a HANDLE to a PTRVAL. */ -+ -+#define ELF_OBSOLETE_VOIDP_CAST (void*)(uintptr_t) -+ /* -+ * In some places the existing code needs to -+ * - cast away const (the existing code uses const a fair -+ * bit but actually sometimes wants to write to its input) -+ * from a PTRVAL. -+ * - convert an integer representing a pointer to a PTRVAL -+ * This macro provides a suitable cast. -+ */ -+ -+#define ELF_UNSAFE_PTR(ptrval) ((void*)(uintptr_t)(ptrval)) -+ /* -+ * Turns a PTRVAL into an actual C pointer. Before this is done -+ * the caller must have ensured that the PTRVAL does in fact point -+ * to a permissible location. -+ */ -+ -+/* PTRVALs can be INVALID (ie, NULL). */ -+#define ELF_INVALID_PTRVAL (NULL) /* returns NULL PTRVAL */ -+#define ELF_INVALID_HANDLE(structname) /* returns NULL handle */ \ -+ ELF_MAKE_HANDLE(structname, ELF_INVALID_PTRVAL) -+#define ELF_PTRVAL_VALID(ptrval) (ptrval) /* } */ -+#define ELF_HANDLE_VALID(handleval) (handleval) /* } predicates */ -+#define ELF_PTRVAL_INVALID(ptrval) ((ptrval) == NULL) /* } */ -+ -+/* For internal use by other macros here */ -+#define ELF__HANDLE_FIELD_TYPE(handleval, elm) \ -+ typeof((handleval)->elm) -+#define ELF__HANDLE_FIELD_OFFSET(handleval, elm) \ -+ offsetof(typeof(*(handleval)),elm) -+ -+ -+/* ------------------------------------------------------------------------ */ -+ -+ - typedef union { - Elf32_Ehdr e32; - Elf64_Ehdr e64; -@@ -83,6 +174,12 @@ typedef union { - Elf64_Note e64; - } elf_note; - -+ELF_DEFINE_HANDLE(elf_ehdr) -+ELF_DEFINE_HANDLE(elf_shdr) -+ELF_DEFINE_HANDLE(elf_phdr) -+ELF_DEFINE_HANDLE(elf_sym) -+ELF_DEFINE_HANDLE(elf_note) -+ - struct elf_binary { - /* elf binary */ - const char *image; -@@ -90,10 +187,10 @@ struct elf_binary { - char class; - char data; - -- const elf_ehdr *ehdr; -- const char *sec_strtab; -- const elf_shdr *sym_tab; -- const char *sym_strtab; -+ ELF_HANDLE_DECL(elf_ehdr) ehdr; -+ ELF_PTRVAL_CONST_CHAR sec_strtab; -+ ELF_HANDLE_DECL(elf_shdr) sym_tab; -+ ELF_PTRVAL_CONST_CHAR sym_strtab; - - /* loaded to */ - char *dest; -@@ -135,45 +232,72 @@ struct elf_binary { - : elf_access_unsigned((elf), (str), \ - offsetof(typeof(*(str)),e32.elem), \ - sizeof((str)->e32.elem))) -+ /* -+ * Reads an unsigned field in a header structure in the ELF. -+ * str is a HANDLE, and elem is the field name in it. -+ */ - - #define elf_size(elf, str) \ - ((ELFCLASS64 == (elf)->class) \ - ? sizeof((str)->e64) : sizeof((str)->e32)) -+ /* -+ * Returns the size of the substructure for the appropriate 32/64-bitness. -+ * str should be a HANDLE. -+ */ - --uint64_t elf_access_unsigned(struct elf_binary *elf, const void *ptr, -+uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr, - uint64_t offset, size_t size); -+ /* Reads a field at arbitrary offset and alignemnt */ - - uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr); - -+ -+#define elf_memcpy_safe(elf, dst, src, sz) memcpy((dst),(src),(sz)) -+#define elf_memset_safe(elf, dst, c, sz) memset((dst),(c),(sz)) -+ /* -+ * Versions of memcpy and memset which will (in the next patch) -+ * arrange never to write outside permitted areas. -+ */ -+ -+#define elf_store_val(elf, type, ptr, val) (*(type*)(ptr) = (val)) -+ /* Stores a value at a particular PTRVAL. */ -+ -+#define elf_store_field(elf, hdr, elm, val) \ -+ (elf_store_val((elf), ELF__HANDLE_FIELD_TYPE(hdr, elm), \ -+ &((hdr)->elm), \ -+ (val))) -+ /* Stores a 32/64-bit field. hdr is a HANDLE and elm is the field name. */ -+ -+ - /* ------------------------------------------------------------------------ */ - /* xc_libelf_tools.c */ - - int elf_shdr_count(struct elf_binary *elf); - int elf_phdr_count(struct elf_binary *elf); - --const elf_shdr *elf_shdr_by_name(struct elf_binary *elf, const char *name); --const elf_shdr *elf_shdr_by_index(struct elf_binary *elf, int index); --const elf_phdr *elf_phdr_by_index(struct elf_binary *elf, int index); -+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *name); -+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index); -+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index); - --const char *elf_section_name(struct elf_binary *elf, const elf_shdr * shdr); --const void *elf_section_start(struct elf_binary *elf, const elf_shdr * shdr); --const void *elf_section_end(struct elf_binary *elf, const elf_shdr * shdr); -+const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); -+ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); -+ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); - --const void *elf_segment_start(struct elf_binary *elf, const elf_phdr * phdr); --const void *elf_segment_end(struct elf_binary *elf, const elf_phdr * phdr); -+ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); -+ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - --const elf_sym *elf_sym_by_name(struct elf_binary *elf, const char *symbol); --const elf_sym *elf_sym_by_index(struct elf_binary *elf, int index); -+ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol); -+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index); - --const char *elf_note_name(struct elf_binary *elf, const elf_note * note); --const void *elf_note_desc(struct elf_binary *elf, const elf_note * note); --uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note); --uint64_t elf_note_numeric_array(struct elf_binary *, const elf_note *, -+const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); -+ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); -+uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); -+uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note), - unsigned int unitsz, unsigned int idx); --const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * note); -+ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); - - int elf_is_elfbinary(const void *image); --int elf_phdr_is_loadable(struct elf_binary *elf, const elf_phdr * phdr); -+int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr); - - /* ------------------------------------------------------------------------ */ - /* xc_libelf_loader.c */ -@@ -189,7 +313,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback*, - void elf_parse_binary(struct elf_binary *elf); - int elf_load_binary(struct elf_binary *elf); - --void *elf_get_ptr(struct elf_binary *elf, unsigned long addr); -+ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr); - uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol); - - void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart); /* private */ -@@ -221,9 +345,9 @@ struct xen_elfnote { - - struct elf_dom_parms { - /* raw */ -- const char *guest_info; -- const void *elf_note_start; -- const void *elf_note_end; -+ ELF_PTRVAL_CONST_CHAR guest_info; -+ ELF_PTRVAL_CONST_VOID elf_note_start; -+ ELF_PTRVAL_CONST_VOID elf_note_end; - struct xen_elfnote elf_notes[XEN_ELFNOTE_MAX + 1]; - - /* parsed */ -@@ -262,10 +386,22 @@ int elf_xen_parse_features(const char *features, - uint32_t *required); - int elf_xen_parse_note(struct elf_binary *elf, - struct elf_dom_parms *parms, -- const elf_note *note); -+ ELF_HANDLE_DECL(elf_note) note); - int elf_xen_parse_guest_info(struct elf_binary *elf, - struct elf_dom_parms *parms); - int elf_xen_parse(struct elf_binary *elf, - struct elf_dom_parms *parms); - -+#define elf_memcpy_unchecked memcpy -+#define elf_memset_unchecked memset -+ /* -+ * Unsafe versions of memcpy and memset which take actual C -+ * pointers. These are just like real memcpy and memset. -+ */ -+ -+ -+#define ELF_ADVANCE_DEST(elf, amount) elf->dest += (amount) -+ /* Advances past amount bytes of the current destination area. */ -+ -+ - #endif /* __XEN_LIBELF_H__ */ --- -1.7.2.5 - diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild index 8e924d4aec81..1d8fd861019c 100644 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild +++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild,v 1.1 2013/06/26 16:16:38 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild,v 1.2 2013/06/27 05:32:10 idella4 Exp $ EAPI=4 PYTHON_DEPEND="2:2.6" @@ -10,13 +10,16 @@ inherit flag-o-matic eutils multilib python toolchain-funcs XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles" LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci GRUB_URL=mirror://gnu-alpha/grub +XSAPATCHES="http://dev.gentoo.org/~idella4/" SRC_URI=" http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz $GRUB_URL/grub-0.97.tar.gz $XEN_EXTFILES_URL/zlib-1.2.3.tar.gz $LIBPCI_URL/pciutils-2.2.9.tar.bz2 $XEN_EXTFILES_URL/lwip-1.3.0.tar.gz - $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz" + $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz + $XSAPATCHES/patches/XSA-55patches.tar.gz + " S="${WORKDIR}/xen-${PV}" @@ -85,28 +88,29 @@ src_prepare() { #Sec patch epatch "${FILESDIR}"/${PN/-pvgrub/}-4-CVE-2012-6075-XSA-41.patch \ - "${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1952-XSA_49.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-8-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-11-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-15-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch - - #Substitute for internal downloading. pciutils copied only due to the only .bz2 + "${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \ + "${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \ + "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \ + "${FILESDIR}"/xen-4-CVE-2013-1952-XSA_49.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \ + "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \ + "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \ + "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \ + "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch + + # Substitute for internal downloading. pciutils copied only due to the only .bz2 cp $DISTDIR/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom" + retar-externals || die "re-tar procedure failed" } diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild index a76dcfd40883..a7ddcaf295b4 100644 --- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild +++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.1 2013/06/26 16:16:38 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.2 2013/06/27 05:32:10 idella4 Exp $ EAPI=4 PYTHON_DEPEND="2:2.6" @@ -10,13 +10,16 @@ inherit flag-o-matic eutils multilib python toolchain-funcs XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles" LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci GRUB_URL=mirror://gnu-alpha/grub +XSAPATCHES="http://dev.gentoo.org/~idella4/" SRC_URI=" http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz $GRUB_URL/grub-0.97.tar.gz $XEN_EXTFILES_URL/zlib-1.2.3.tar.gz $LIBPCI_URL/pciutils-2.2.9.tar.bz2 $XEN_EXTFILES_URL/lwip-1.3.0.tar.gz - $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz" + $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz + $XSAPATCHES/patches/XSA-55patches.tar.gz + " S="${WORKDIR}/xen-${PV}" @@ -92,12 +95,12 @@ src_prepare() { "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-8-XSA-55.patch \ + "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-11-XSA-55.patch \ + "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-15-XSA-55.patch \ + "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \ "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \ |