summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation')
-rw-r--r--app-emulation/xen-pvgrub/ChangeLog10
-rw-r--r--app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch788
-rw-r--r--app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch759
-rw-r--r--app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch1196
-rw-r--r--app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild50
-rw-r--r--app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild13
6 files changed, 44 insertions, 2772 deletions
diff --git a/app-emulation/xen-pvgrub/ChangeLog b/app-emulation/xen-pvgrub/ChangeLog
index e65259fdf0fc..490e8b9fbdf7 100644
--- a/app-emulation/xen-pvgrub/ChangeLog
+++ b/app-emulation/xen-pvgrub/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-emulation/xen-pvgrub
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.28 2013/06/26 16:16:38 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/ChangeLog,v 1.29 2013/06/27 05:32:10 idella4 Exp $
+
+ 27 Jun 2013; Ian Delaney <idella4@gentoo.org>
+ -files/xen-4.2-CVE-2013-11-XSA-55.patch,
+ -files/xen-4.2-CVE-2013-15-XSA-55.patch,
+ -files/xen-4.2-CVE-2013-8-XSA-55.patch, xen-pvgrub-4.2.1-r2.ebuild,
+ xen-pvgrub-4.2.1-r3.ebuild, xen-pvgrub-4.2.2-r1.ebuild,
+ xen-pvgrub-4.2.2.ebuild:
+ rm of re-located patches, rm white space
*xen-pvgrub-4.2.1-r3 (26 Jun 2013)
*xen-pvgrub-4.2.2-r1 (26 Jun 2013)
diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch
deleted file mode 100644
index 5ad78279b0db..000000000000
--- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-11-XSA-55.patch
+++ /dev/null
@@ -1,788 +0,0 @@
-From cc8761371aac432318530c2ddfe2c8234bc0621f Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:17 +0100
-Subject: [PATCH 11/23] libelf: check all pointer accesses
-
-We change the ELF_PTRVAL and ELF_HANDLE types and associated macros:
-
- * PTRVAL becomes a uintptr_t, for which we provide a typedef
- elf_ptrval. This means no arithmetic done on it can overflow so
- the compiler cannot do any malicious invalid pointer arithmetic
- "optimisations". It also means that any places where we
- dereference one of these pointers without using the appropriate
- macros or functions become a compilation error.
-
- So we can be sure that we won't miss any memory accesses.
-
- All the PTRVAL variables were previously void* or char*, so
- the actual address calculations are unchanged.
-
- * ELF_HANDLE becomes a union, one half of which keeps the pointer
- value and the other half of which is just there to record the
- type.
-
- The new type is not a pointer type so there can be no address
- calculations on it whose meaning would change. Every assignment or
- access has to go through one of our macros.
-
- * The distinction between const and non-const pointers and char*s
- and void*s in libelf goes away. This was not important (and
- anyway libelf tended to cast away const in various places).
-
- * The fields elf->image and elf->dest are renamed. That proves
- that we haven't missed any unchecked uses of these actual
- pointer values.
-
- * The caller may fill in elf->caller_xdest_base and _size to
- specify another range of memory which is safe for libelf to
- access, besides the input and output images.
-
- * When accesses fail due to being out of range, we mark the elf
- "broken". This will be checked and used for diagnostics in
- a following patch.
-
- We do not check for write accesses to the input image. This is
- because libelf actually does this in a number of places. So we
- simply permit that.
-
- * Each caller of libelf which used to set dest now sets
- dest_base and dest_size.
-
- * In xc_dom_load_elf_symtab we provide a new actual-pointer
- value hdr_ptr which we get from mapping the guest's kernel
- area and use (checking carefully) as the caller_xdest area.
-
- * The STAR(h) macro in libelf-dominfo.c now uses elf_access_unsigned.
-
- * elf-init uses the new elf_uval_3264 accessor to access the 32-bit
- fields, rather than an unchecked field access (ie, unchecked
- pointer access).
-
- * elf_uval has been reworked to use elf_uval_3264. Both of these
- macros are essentially new in this patch (although they are derived
- from the old elf_uval) and need careful review.
-
- * ELF_ADVANCE_DEST is now safe in the sense that you can use it to
- chop parts off the front of the dest area but if you chop more than
- is available, the dest area is simply set to be empty, preventing
- future accesses.
-
- * We introduce some #defines for memcpy, memset, memmove and strcpy:
- - We provide elf_memcpy_safe and elf_memset_safe which take
- PTRVALs and do checking on the supplied pointers.
- - Users inside libelf must all be changed to either
- elf_mem*_unchecked (which are just like mem*), or
- elf_mem*_safe (which take PTRVALs) and are checked. Any
- unchanged call sites become compilation errors.
-
- * We do _not_ at this time fix elf_access_unsigned so that it doesn't
- make unaligned accesses. We hope that unaligned accesses are OK on
- every supported architecture. But it does check the supplied
- pointer for validity.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/xc_dom_elfloader.c | 49 ++++++++--
- tools/libxc/xc_hvm_build_x86.c | 10 +-
- xen/arch/x86/domain_build.c | 3 +-
- xen/common/libelf/libelf-dominfo.c | 2 +-
- xen/common/libelf/libelf-loader.c | 16 ++--
- xen/common/libelf/libelf-private.h | 13 +++
- xen/common/libelf/libelf-tools.c | 106 ++++++++++++++++++-
- xen/include/xen/libelf.h | 198 +++++++++++++++++++++++++-----------
- 8 files changed, 312 insertions(+), 85 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index cc0f206..b82a08c 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -130,20 +130,30 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-
- if ( load )
- {
-- size_t allow_size; /* will be used in a forthcoming XSA-55 patch */
-+ char *hdr_ptr;
-+ size_t allow_size;
-+
- if ( !dom->bsd_symtab_start )
- return 0;
- size = dom->kernel_seg.vend - dom->bsd_symtab_start;
-- hdr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size);
-- *(int *)hdr = size - sizeof(int);
-+ hdr_ptr = xc_dom_vaddr_to_ptr(dom, dom->bsd_symtab_start, &allow_size);
-+ elf->caller_xdest_base = hdr_ptr;
-+ elf->caller_xdest_size = allow_size;
-+ hdr = ELF_REALPTR2PTRVAL(hdr_ptr);
-+ elf_store_val(elf, int, hdr, size - sizeof(int));
- }
- else
- {
-+ char *hdr_ptr;
-+
- size = sizeof(int) + elf_size(elf, elf->ehdr) +
- elf_shdr_count(elf) * elf_size(elf, shdr);
-- hdr = xc_dom_malloc(dom, size);
-- if ( hdr == NULL )
-+ hdr_ptr = xc_dom_malloc(dom, size);
-+ if ( hdr_ptr == NULL )
- return 0;
-+ elf->caller_xdest_base = hdr_ptr;
-+ elf->caller_xdest_size = size;
-+ hdr = ELF_REALPTR2PTRVAL(hdr_ptr);
- dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend);
- }
-
-@@ -171,9 +181,32 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- ehdr->e_shoff = elf_size(elf, elf->ehdr);
- ehdr->e_shstrndx = SHN_UNDEF;
- }
-- if ( elf_init(&syms, hdr + sizeof(int), size - sizeof(int)) )
-+ if ( elf->caller_xdest_size < sizeof(int) )
-+ {
-+ DOMPRINTF("%s/%s: header size %"PRIx64" too small",
-+ __FUNCTION__, load ? "load" : "parse",
-+ (uint64_t)elf->caller_xdest_size);
-+ return -1;
-+ }
-+ if ( elf_init(&syms, elf->caller_xdest_base + sizeof(int),
-+ elf->caller_xdest_size - sizeof(int)) )
- return -1;
-
-+ /*
-+ * The caller_xdest_{base,size} and dest_{base,size} need to
-+ * remain valid so long as each struct elf_image does. The
-+ * principle we adopt is that these values are set when the
-+ * memory is allocated or mapped, and cleared when (and if)
-+ * they are unmapped.
-+ *
-+ * Mappings of the guest are normally undone by xc_dom_unmap_all
-+ * (directly or via xc_dom_release). We do not explicitly clear
-+ * these because in fact that happens only at the end of
-+ * xc_dom_boot_image, at which time all of these ELF loading
-+ * functions have returned. No relevant struct elf_binary*
-+ * escapes this file.
-+ */
-+
- xc_elf_set_logfile(dom->xch, &syms, 1);
-
- symtab = dom->bsd_symtab_start + sizeof(int);
-@@ -312,8 +345,10 @@ static int xc_dom_load_elf_kernel(struct xc_dom_image *dom)
- {
- struct elf_binary *elf = dom->private_loader;
- int rc;
-+ xen_pfn_t pages;
-
-- elf->dest = xc_dom_seg_to_ptr(dom, &dom->kernel_seg);
-+ elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages);
-+ elf->dest_size = pages * XC_DOM_PAGE_SIZE(dom);
- rc = elf_load_binary(elf);
- if ( rc < 0 )
- {
-diff --git a/tools/libxc/xc_hvm_build_x86.c b/tools/libxc/xc_hvm_build_x86.c
-index 15b603d..ccfd8b5 100644
---- a/tools/libxc/xc_hvm_build_x86.c
-+++ b/tools/libxc/xc_hvm_build_x86.c
-@@ -104,11 +104,12 @@ static int loadelfimage(
- for ( i = 0; i < pages; i++ )
- entries[i].mfn = parray[(elf->pstart >> PAGE_SHIFT) + i];
-
-- elf->dest = xc_map_foreign_ranges(
-+ elf->dest_base = xc_map_foreign_ranges(
- xch, dom, pages << PAGE_SHIFT, PROT_READ | PROT_WRITE, 1 << PAGE_SHIFT,
- entries, pages);
-- if ( elf->dest == NULL )
-+ if ( elf->dest_base == NULL )
- goto err;
-+ elf->dest_size = pages * PAGE_SIZE;
-
- ELF_ADVANCE_DEST(elf, elf->pstart & (PAGE_SIZE - 1));
-
-@@ -117,8 +118,9 @@ static int loadelfimage(
- if ( rc < 0 )
- PERROR("Failed to load elf binary\n");
-
-- munmap(elf->dest, pages << PAGE_SHIFT);
-- elf->dest = NULL;
-+ munmap(elf->dest_base, pages << PAGE_SHIFT);
-+ elf->dest_base = NULL;
-+ elf->dest_size = 0;
-
- err:
- free(entries);
-diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
-index 469d363..a655b21 100644
---- a/xen/arch/x86/domain_build.c
-+++ b/xen/arch/x86/domain_build.c
-@@ -908,7 +908,8 @@ int __init construct_dom0(
- write_ptbase(v);
-
- /* Copy the OS image and free temporary buffer. */
-- elf.dest = (void*)vkern_start;
-+ elf.dest_base = (void*)vkern_start;
-+ elf.dest_size = vkern_end - vkern_start;
- rc = elf_load_binary(&elf);
- if ( rc < 0 )
- {
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index b217f8f..98c80dc 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -254,7 +254,7 @@ int elf_xen_parse_guest_info(struct elf_binary *elf,
- int len;
-
- h = parms->guest_info;
--#define STAR(h) (*(h))
-+#define STAR(h) (elf_access_unsigned(elf, (h), 0, 1))
- while ( STAR(h) )
- {
- elf_memset_unchecked(name, 0, sizeof(name));
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index 0fef84c..a3310e7 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -24,23 +24,25 @@
-
- /* ------------------------------------------------------------------------ */
-
--int elf_init(struct elf_binary *elf, const char *image, size_t size)
-+int elf_init(struct elf_binary *elf, const char *image_input, size_t size)
- {
- ELF_HANDLE_DECL(elf_shdr) shdr;
- uint64_t i, count, section, offset;
-
-- if ( !elf_is_elfbinary(image) )
-+ if ( !elf_is_elfbinary(image_input) )
- {
- elf_err(elf, "%s: not an ELF binary\n", __FUNCTION__);
- return -1;
- }
-
- elf_memset_unchecked(elf, 0, sizeof(*elf));
-- elf->image = image;
-+ elf->image_base = image_input;
- elf->size = size;
-- elf->ehdr = (elf_ehdr *)image;
-- elf->class = elf->ehdr->e32.e_ident[EI_CLASS];
-- elf->data = elf->ehdr->e32.e_ident[EI_DATA];
-+ elf->ehdr = ELF_MAKE_HANDLE(elf_ehdr, (elf_ptrval)image_input);
-+ elf->class = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_CLASS]);
-+ elf->data = elf_uval_3264(elf, elf->ehdr, e32.e_ident[EI_DATA]);
-+ elf->caller_xdest_base = NULL;
-+ elf->caller_xdest_size = 0;
-
- /* Sanity check phdr. */
- offset = elf_uval(elf, elf->ehdr, e_phoff) +
-@@ -300,7 +302,7 @@ int elf_load_binary(struct elf_binary *elf)
-
- ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr)
- {
-- return elf->dest + addr - elf->pstart;
-+ return ELF_REALPTR2PTRVAL(elf->dest_base) + addr - elf->pstart;
- }
-
- uint64_t elf_lookup_addr(struct elf_binary * elf, const char *symbol)
-diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h
-index 3ef753c..280dfd1 100644
---- a/xen/common/libelf/libelf-private.h
-+++ b/xen/common/libelf/libelf-private.h
-@@ -86,6 +86,19 @@ do { strncpy((d),(s),sizeof((d))-1); \
-
- #endif
-
-+#undef memcpy
-+#undef memset
-+#undef memmove
-+#undef strcpy
-+
-+#define memcpy MISTAKE_unspecified_memcpy
-+#define memset MISTAKE_unspecified_memset
-+#define memmove MISTAKE_unspecified_memmove
-+#define strcpy MISTAKE_unspecified_strcpy
-+ /* This prevents libelf from using these undecorated versions
-+ * of memcpy, memset, memmove and strcpy. Every call site
-+ * must either use elf_mem*_unchecked, or elf_mem*_safe. */
-+
- #endif /* __LIBELF_PRIVATE_H_ */
-
- /*
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 3a0cde1..46ca553 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -20,28 +20,100 @@
-
- /* ------------------------------------------------------------------------ */
-
--uint64_t elf_access_unsigned(struct elf_binary * elf, const void *ptr,
-- uint64_t offset, size_t size)
-+void elf_mark_broken(struct elf_binary *elf, const char *msg)
- {
-+ if ( elf->broken == NULL )
-+ elf->broken = msg;
-+}
-+
-+const char *elf_check_broken(const struct elf_binary *elf)
-+{
-+ return elf->broken;
-+}
-+
-+static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
-+ const void *region, uint64_t regionsize)
-+ /*
-+ * Returns true if the putative memory area [ptrval,ptrval+size>
-+ * is completely inside the region [region,region+regionsize>.
-+ *
-+ * ptrval and size are the untrusted inputs to be checked.
-+ * region and regionsize are trusted and must be correct and valid,
-+ * although it is OK for region to perhaps be maliciously NULL
-+ * (but not some other malicious value).
-+ */
-+{
-+ elf_ptrval regionp = (elf_ptrval)region;
-+
-+ if ( (region == NULL) ||
-+ (ptrval < regionp) || /* start is before region */
-+ (ptrval > regionp + regionsize) || /* start is after region */
-+ (size > regionsize - (ptrval - regionp)) ) /* too big */
-+ return 0;
-+ return 1;
-+}
-+
-+int elf_access_ok(struct elf_binary * elf,
-+ uint64_t ptrval, size_t size)
-+{
-+ if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) )
-+ return 1;
-+ if ( elf_ptrval_in_range(ptrval, size, elf->dest_base, elf->dest_size) )
-+ return 1;
-+ if ( elf_ptrval_in_range(ptrval, size,
-+ elf->caller_xdest_base, elf->caller_xdest_size) )
-+ return 1;
-+ elf_mark_broken(elf, "out of range access");
-+ return 0;
-+}
-+
-+void elf_memcpy_safe(struct elf_binary *elf, elf_ptrval dst,
-+ elf_ptrval src, size_t size)
-+{
-+ if ( elf_access_ok(elf, dst, size) &&
-+ elf_access_ok(elf, src, size) )
-+ {
-+ /* use memmove because these checks do not prove that the
-+ * regions don't overlap and overlapping regions grant
-+ * permission for compiler malice */
-+ elf_memmove_unchecked(ELF_UNSAFE_PTR(dst), ELF_UNSAFE_PTR(src), size);
-+ }
-+}
-+
-+void elf_memset_safe(struct elf_binary *elf, elf_ptrval dst, int c, size_t size)
-+{
-+ if ( elf_access_ok(elf, dst, size) )
-+ {
-+ elf_memset_unchecked(ELF_UNSAFE_PTR(dst), c, size);
-+ }
-+}
-+
-+uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base,
-+ uint64_t moreoffset, size_t size)
-+{
-+ elf_ptrval ptrval = base + moreoffset;
- int need_swap = elf_swap(elf);
- const uint8_t *u8;
- const uint16_t *u16;
- const uint32_t *u32;
- const uint64_t *u64;
-
-+ if ( !elf_access_ok(elf, ptrval, size) )
-+ return 0;
-+
- switch ( size )
- {
- case 1:
-- u8 = ptr + offset;
-+ u8 = (const void*)ptrval;
- return *u8;
- case 2:
-- u16 = ptr + offset;
-+ u16 = (const void*)ptrval;
- return need_swap ? bswap_16(*u16) : *u16;
- case 4:
-- u32 = ptr + offset;
-+ u32 = (const void*)ptrval;
- return need_swap ? bswap_32(*u32) : *u32;
- case 8:
-- u64 = ptr + offset;
-+ u64 = (const void*)ptrval;
- return need_swap ? bswap_64(*u64) : *u64;
- default:
- return 0;
-@@ -122,6 +194,28 @@ const char *elf_section_name(struct elf_binary *elf,
- return elf_strval(elf, elf->sec_strtab + elf_uval(elf, shdr, sh_name));
- }
-
-+const char *elf_strval(struct elf_binary *elf, elf_ptrval start)
-+{
-+ uint64_t length;
-+
-+ for ( length = 0; ; length++ ) {
-+ if ( !elf_access_ok(elf, start + length, 1) )
-+ return NULL;
-+ if ( !elf_access_unsigned(elf, start, length, 1) )
-+ /* ok */
-+ return ELF_UNSAFE_PTR(start);
-+ }
-+}
-+
-+const char *elf_strfmt(struct elf_binary *elf, elf_ptrval start)
-+{
-+ const char *str = elf_strval(elf, start);
-+
-+ if ( str == NULL )
-+ return "(invalid)";
-+ return str;
-+}
-+
- ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
- {
- return ELF_IMAGE_BASE(elf) + elf_uval(elf, shdr, sh_offset);
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index af5b5c5..ddc3ed7 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -57,8 +57,9 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
- * on this.
- * This replaces variables which were char*,void*
- * and their const versions, so we provide four
-- * different declaration macros:
-+ * different obsolete declaration macros:
- * ELF_PTRVAL_{,CONST}{VOID,CHAR}
-+ * New code can simply use the elf_ptrval typedef.
- * HANDLE A pointer to a struct. There is one of these types
- * for each pointer type - that is, for each "structname".
- * In the arguments to the various HANDLE macros, structname
-@@ -67,54 +68,66 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
- * pointers. In the current code attempts to do so will
- * compile, but in the next patch this will become a
- * compile error.
-- * We provide two declaration macros for const and
-- * non-const pointers.
-+ * We also provide a second declaration macro for
-+ * pointers which were to const; this is obsolete.
- */
-
--#define ELF_REALPTR2PTRVAL(realpointer) (realpointer)
-+typedef uintptr_t elf_ptrval;
-+
-+#define ELF_REALPTR2PTRVAL(realpointer) ((elf_ptrval)(realpointer))
- /* Converts an actual C pointer into a PTRVAL */
-
--#define ELF_HANDLE_DECL_NONCONST(structname) structname *
--#define ELF_HANDLE_DECL(structname) const structname *
-+#define ELF_HANDLE_DECL_NONCONST(structname) structname##_handle /*obsolete*/
-+#define ELF_HANDLE_DECL(structname) structname##_handle
- /* Provides a type declaration for a HANDLE. */
-- /* May only be used to declare ONE variable at a time */
-
--#define ELF_PTRVAL_VOID void *
--#define ELF_PTRVAL_CHAR char *
--#define ELF_PTRVAL_CONST_VOID const void *
--#define ELF_PTRVAL_CONST_CHAR const char *
-- /* Provides a type declaration for a PTRVAL. */
-- /* May only be used to declare ONE variable at a time */
-+#define ELF_PTRVAL_VOID elf_ptrval /*obsolete*/
-+#define ELF_PTRVAL_CHAR elf_ptrval /*obsolete*/
-+#define ELF_PTRVAL_CONST_VOID elf_ptrval /*obsolete*/
-+#define ELF_PTRVAL_CONST_CHAR elf_ptrval /*obsolete*/
-+
-+#ifdef __XEN__
-+# define ELF_PRPTRVAL "lu"
-+ /*
-+ * PRIuPTR is misdefined in xen/include/xen/inttypes.h, on 32-bit,
-+ * to "u", when in fact uintptr_t is an unsigned long.
-+ */
-+#else
-+# define ELF_PRPTRVAL PRIuPTR
-+#endif
-+ /* printf format a la PRId... for a PTRVAL */
-
--#define ELF_DEFINE_HANDLE(structname) /* empty */
-+#define ELF_DEFINE_HANDLE(structname) \
-+ typedef union { \
-+ elf_ptrval ptrval; \
-+ const structname *typeonly; /* for sizeof, offsetof, &c only */ \
-+ } structname##_handle;
- /*
- * This must be invoked for each HANDLE type to define
- * the actual C type used for that kind of HANDLE.
- */
-
--#define ELF_PRPTRVAL "p"
-- /* printf format a la PRId... for a PTRVAL */
--
--#define ELF_MAKE_HANDLE(structname, ptrval) (ptrval)
-+#define ELF_MAKE_HANDLE(structname, ptrval) ((structname##_handle){ ptrval })
- /* Converts a PTRVAL to a HANDLE */
-
--#define ELF_IMAGE_BASE(elf) ((elf)->image)
-+#define ELF_IMAGE_BASE(elf) ((elf_ptrval)(elf)->image_base)
- /* Returns the base of the image as a PTRVAL. */
-
--#define ELF_HANDLE_PTRVAL(handleval) ((void*)(handleval))
-+#define ELF_HANDLE_PTRVAL(handleval) ((handleval).ptrval)
- /* Converts a HANDLE to a PTRVAL. */
-
--#define ELF_OBSOLETE_VOIDP_CAST (void*)(uintptr_t)
-+#define ELF_OBSOLETE_VOIDP_CAST /*empty*/
- /*
-- * In some places the existing code needs to
-+ * In some places the old code used to need to
- * - cast away const (the existing code uses const a fair
- * bit but actually sometimes wants to write to its input)
- * from a PTRVAL.
- * - convert an integer representing a pointer to a PTRVAL
-- * This macro provides a suitable cast.
-+ * Nowadays all of these re uintptr_ts so there is no const problem
-+ * and no need for any casting.
- */
-
--#define ELF_UNSAFE_PTR(ptrval) ((void*)(uintptr_t)(ptrval))
-+#define ELF_UNSAFE_PTR(ptrval) ((void*)(elf_ptrval)(ptrval))
- /*
- * Turns a PTRVAL into an actual C pointer. Before this is done
- * the caller must have ensured that the PTRVAL does in fact point
-@@ -122,18 +135,21 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
- */
-
- /* PTRVALs can be INVALID (ie, NULL). */
--#define ELF_INVALID_PTRVAL (NULL) /* returns NULL PTRVAL */
-+#define ELF_INVALID_PTRVAL ((elf_ptrval)0) /* returns NULL PTRVAL */
- #define ELF_INVALID_HANDLE(structname) /* returns NULL handle */ \
- ELF_MAKE_HANDLE(structname, ELF_INVALID_PTRVAL)
--#define ELF_PTRVAL_VALID(ptrval) (ptrval) /* } */
--#define ELF_HANDLE_VALID(handleval) (handleval) /* } predicates */
--#define ELF_PTRVAL_INVALID(ptrval) ((ptrval) == NULL) /* } */
-+#define ELF_PTRVAL_VALID(ptrval) (!!(ptrval)) /* } */
-+#define ELF_HANDLE_VALID(handleval) (!!(handleval).ptrval) /* } predicates */
-+#define ELF_PTRVAL_INVALID(ptrval) (!ELF_PTRVAL_VALID((ptrval))) /* } */
-+
-+#define ELF_MAX_PTRVAL (~(elf_ptrval)0)
-+ /* PTRVAL value guaranteed to compare > to any valid PTRVAL */
-
- /* For internal use by other macros here */
- #define ELF__HANDLE_FIELD_TYPE(handleval, elm) \
-- typeof((handleval)->elm)
-+ typeof((handleval).typeonly->elm)
- #define ELF__HANDLE_FIELD_OFFSET(handleval, elm) \
-- offsetof(typeof(*(handleval)),elm)
-+ offsetof(typeof(*(handleval).typeonly),elm)
-
-
- /* ------------------------------------------------------------------------ */
-@@ -182,7 +198,7 @@ ELF_DEFINE_HANDLE(elf_note)
-
- struct elf_binary {
- /* elf binary */
-- const char *image;
-+ const void *image_base;
- size_t size;
- char class;
- char data;
-@@ -190,10 +206,16 @@ struct elf_binary {
- ELF_HANDLE_DECL(elf_ehdr) ehdr;
- ELF_PTRVAL_CONST_CHAR sec_strtab;
- ELF_HANDLE_DECL(elf_shdr) sym_tab;
-- ELF_PTRVAL_CONST_CHAR sym_strtab;
-+ uint64_t sym_strtab;
-
- /* loaded to */
-- char *dest;
-+ /*
-+ * dest_base and dest_size are trusted and must be correct;
-+ * whenever dest_size is not 0, both of these must be valid
-+ * so long as the struct elf_binary is in use.
-+ */
-+ char *dest_base;
-+ size_t dest_size;
- uint64_t pstart;
- uint64_t pend;
- uint64_t reloc_offset;
-@@ -201,12 +223,22 @@ struct elf_binary {
- uint64_t bsd_symtab_pstart;
- uint64_t bsd_symtab_pend;
-
-+ /*
-+ * caller's other acceptable destination
-+ *
-+ * Again, these are trusted and must be valid (or 0) so long
-+ * as the struct elf_binary is in use.
-+ */
-+ void *caller_xdest_base;
-+ uint64_t caller_xdest_size;
-+
- #ifndef __XEN__
- /* misc */
- elf_log_callback *log_callback;
- void *log_caller_data;
- #endif
- int verbose;
-+ const char *broken;
- };
-
- /* ------------------------------------------------------------------------ */
-@@ -224,22 +256,27 @@ struct elf_binary {
- #define elf_lsb(elf) (ELFDATA2LSB == (elf)->data)
- #define elf_swap(elf) (NATIVE_ELFDATA != (elf)->data)
-
--#define elf_uval(elf, str, elem) \
-- ((ELFCLASS64 == (elf)->class) \
-- ? elf_access_unsigned((elf), (str), \
-- offsetof(typeof(*(str)),e64.elem), \
-- sizeof((str)->e64.elem)) \
-- : elf_access_unsigned((elf), (str), \
-- offsetof(typeof(*(str)),e32.elem), \
-- sizeof((str)->e32.elem)))
-+#define elf_uval_3264(elf, handle, elem) \
-+ elf_access_unsigned((elf), (handle).ptrval, \
-+ offsetof(typeof(*(handle).typeonly),elem), \
-+ sizeof((handle).typeonly->elem))
-+
-+#define elf_uval(elf, handle, elem) \
-+ ((ELFCLASS64 == (elf)->class) \
-+ ? elf_uval_3264(elf, handle, e64.elem) \
-+ : elf_uval_3264(elf, handle, e32.elem))
- /*
- * Reads an unsigned field in a header structure in the ELF.
- * str is a HANDLE, and elem is the field name in it.
- */
-
--#define elf_size(elf, str) \
-+
-+#define elf_size(elf, handle_or_handletype) ({ \
-+ typeof(handle_or_handletype) elf_size__dummy; \
- ((ELFCLASS64 == (elf)->class) \
-- ? sizeof((str)->e64) : sizeof((str)->e32))
-+ ? sizeof(elf_size__dummy.typeonly->e64) \
-+ : sizeof(elf_size__dummy.typeonly->e32)); \
-+})
- /*
- * Returns the size of the substructure for the appropriate 32/64-bitness.
- * str should be a HANDLE.
-@@ -251,23 +288,37 @@ uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr,
-
- uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr);
-
-+const char *elf_strval(struct elf_binary *elf, elf_ptrval start);
-+ /* may return NULL if the string is out of range etc. */
-
--#define elf_strval(elf,x) ((const char*)(x)) /* may return NULL in the future */
--#define elf_strfmt(elf,x) ((const char*)(x)) /* will return (invalid) instead */
-+const char *elf_strfmt(struct elf_binary *elf, elf_ptrval start);
-+ /* like elf_strval but returns "(invalid)" instead of NULL */
-
--#define elf_memcpy_safe(elf, dst, src, sz) memcpy((dst),(src),(sz))
--#define elf_memset_safe(elf, dst, c, sz) memset((dst),(c),(sz))
-+void elf_memcpy_safe(struct elf_binary*, elf_ptrval dst, elf_ptrval src, size_t);
-+void elf_memset_safe(struct elf_binary*, elf_ptrval dst, int c, size_t);
- /*
-- * Versions of memcpy and memset which will (in the next patch)
-- * arrange never to write outside permitted areas.
-+ * Versions of memcpy and memset which arrange never to write
-+ * outside permitted areas.
- */
-
--#define elf_store_val(elf, type, ptr, val) (*(type*)(ptr) = (val))
-+int elf_access_ok(struct elf_binary * elf,
-+ uint64_t ptrval, size_t size);
-+
-+#define elf_store_val(elf, type, ptr, val) \
-+ ({ \
-+ typeof(type) elf_store__val = (val); \
-+ elf_ptrval elf_store__targ = ptr; \
-+ if (elf_access_ok((elf), elf_store__targ, \
-+ sizeof(elf_store__val))) { \
-+ elf_memcpy_unchecked((void*)elf_store__targ, &elf_store__val, \
-+ sizeof(elf_store__val)); \
-+ } \
-+ }) \
- /* Stores a value at a particular PTRVAL. */
-
--#define elf_store_field(elf, hdr, elm, val) \
-- (elf_store_val((elf), ELF__HANDLE_FIELD_TYPE(hdr, elm), \
-- &((hdr)->elm), \
-+#define elf_store_field(elf, hdr, elm, val) \
-+ (elf_store_val((elf), ELF__HANDLE_FIELD_TYPE(hdr, elm), \
-+ ELF_HANDLE_PTRVAL(hdr) + ELF__HANDLE_FIELD_OFFSET(hdr, elm), \
- (val)))
- /* Stores a 32/64-bit field. hdr is a HANDLE and elm is the field name. */
-
-@@ -306,6 +357,10 @@ int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- /* xc_libelf_loader.c */
-
- int elf_init(struct elf_binary *elf, const char *image, size_t size);
-+ /*
-+ * image and size must be correct. They will be recorded in
-+ * *elf, and must remain valid while the elf is in use.
-+ */
- #ifdef __XEN__
- void elf_set_verbose(struct elf_binary *elf);
- #else
-@@ -321,6 +376,9 @@ uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol);
-
- void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart); /* private */
-
-+void elf_mark_broken(struct elf_binary *elf, const char *msg);
-+const char *elf_check_broken(const struct elf_binary *elf); /* NULL means OK */
-+
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_relocate.c */
-
-@@ -395,16 +453,38 @@ int elf_xen_parse_guest_info(struct elf_binary *elf,
- int elf_xen_parse(struct elf_binary *elf,
- struct elf_dom_parms *parms);
-
--#define elf_memcpy_unchecked memcpy
--#define elf_memset_unchecked memset
-+static inline void *elf_memcpy_unchecked(void *dest, const void *src, size_t n)
-+ { return memcpy(dest, src, n); }
-+static inline void *elf_memmove_unchecked(void *dest, const void *src, size_t n)
-+ { return memmove(dest, src, n); }
-+static inline void *elf_memset_unchecked(void *s, int c, size_t n)
-+ { return memset(s, c, n); }
- /*
-- * Unsafe versions of memcpy and memset which take actual C
-- * pointers. These are just like real memcpy and memset.
-+ * Unsafe versions of memcpy, memmove memset which take actual C
-+ * pointers. These are just like the real functions.
-+ * We provide these so that in libelf-private.h we can #define
-+ * memcpy, memset and memmove to undefined MISTAKE things.
- */
-
-
--#define ELF_ADVANCE_DEST(elf, amount) elf->dest += (amount)
-- /* Advances past amount bytes of the current destination area. */
-+/* Advances past amount bytes of the current destination area. */
-+static inline void ELF_ADVANCE_DEST(struct elf_binary *elf, uint64_t amount)
-+{
-+ if ( elf->dest_base == NULL )
-+ {
-+ elf_mark_broken(elf, "advancing in null image");
-+ }
-+ else if ( elf->dest_size >= amount )
-+ {
-+ elf->dest_base += amount;
-+ elf->dest_size -= amount;
-+ }
-+ else
-+ {
-+ elf->dest_size = 0;
-+ elf_mark_broken(elf, "advancing past end (image very short?)");
-+ }
-+}
-
-
- #endif /* __XEN_LIBELF_H__ */
---
-1.7.2.5
-
diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch
deleted file mode 100644
index f55701dae332..000000000000
--- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-15-XSA-55.patch
+++ /dev/null
@@ -1,759 +0,0 @@
-From e673ca50127b6c1263727aa31de0b8bb966ca7a2 Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:18 +0100
-Subject: [PATCH 15/23] libelf: use only unsigned integers
-
-Signed integers have undesirable undefined behaviours on overflow.
-Malicious compilers can turn apparently-correct code into code with
-security vulnerabilities etc.
-
-So use only unsigned integers. Exceptions are booleans (which we have
-already changed) and error codes.
-
-We _do_ change all the chars which aren't fixed constants from our own
-text segment, but not the char*s. This is because it is safe to
-access an arbitrary byte through a char*, but not necessarily safe to
-convert an arbitrary value to a char.
-
-As a consequence we need to compile libelf with -Wno-pointer-sign.
-
-It is OK to change all the signed integers to unsigned because all the
-inequalities in libelf are in contexts where we don't "expect"
-negative numbers.
-
-In libelf-dominfo.c:elf_xen_parse we rename a variable "rc" to
-"more_notes" as it actually contains a note count derived from the
-input image. The "error" return value from elf_xen_parse_notes is
-changed from -1 to ~0U.
-
-grepping shows only one occurrence of "PRId" or "%d" or "%ld" in
-libelf and xc_dom_elfloader.c (a "%d" which becomes "%u").
-
-This is part of the fix to a security issue, XSA-55.
-
-For those concerned about unintentional functional changes, the
-following rune produces a version of the patch which is much smaller
-and eliminates only non-functional changes:
-
- GIT_EXTERNAL_DIFF=.../unsigned-differ git-diff <before>..<after>
-
-where <before> and <after> are git refs for the code before and after
-this patch, and unsigned-differ is this shell script:
-
- #!/bin/bash
- set -e
-
- seddery () {
- perl -pe 's/\b(?:elf_errorstatus|elf_negerrnoval)\b/int/g'
- }
-
- path="$1"
- in="$2"
- out="$5"
-
- set +e
- diff -pu --label "$path~" <(seddery <"$in") --label "$path" <(seddery <"$out")
- rc=$?
- set -e
- if [ $rc = 1 ]; then rc=0; fi
- exit $rc
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
----
- tools/libxc/Makefile | 9 +++++-
- tools/libxc/xc_dom.h | 7 +++--
- tools/libxc/xc_dom_elfloader.c | 42 ++++++++++++++++-------------
- tools/xcutils/readnotes.c | 15 +++++-----
- xen/common/libelf/Makefile | 2 +
- xen/common/libelf/libelf-dominfo.c | 52 ++++++++++++++++++-----------------
- xen/common/libelf/libelf-loader.c | 20 +++++++-------
- xen/common/libelf/libelf-tools.c | 24 ++++++++--------
- xen/include/xen/libelf.h | 21 ++++++++------
- 9 files changed, 105 insertions(+), 87 deletions(-)
-
-diff --git a/tools/libxc/Makefile b/tools/libxc/Makefile
-index d8c6a60..a3fd90c 100644
---- a/tools/libxc/Makefile
-+++ b/tools/libxc/Makefile
-@@ -52,8 +52,13 @@ endif
- vpath %.c ../../xen/common/libelf
- CFLAGS += -I../../xen/common/libelf
-
--GUEST_SRCS-y += libelf-tools.c libelf-loader.c
--GUEST_SRCS-y += libelf-dominfo.c
-+ELF_SRCS-y += libelf-tools.c libelf-loader.c
-+ELF_SRCS-y += libelf-dominfo.c
-+
-+GUEST_SRCS-y += $(ELF_SRCS-y)
-+
-+$(patsubst %.c,%.o,$(ELF_SRCS-y)): CFLAGS += -Wno-pointer-sign
-+$(patsubst %.c,%.opic,$(ELF_SRCS-y)): CFLAGS += -Wno-pointer-sign
-
- # new domain builder
- GUEST_SRCS-y += xc_dom_core.c xc_dom_boot.c
-diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h
-index 9f8037e..0161459 100644
---- a/tools/libxc/xc_dom.h
-+++ b/tools/libxc/xc_dom.h
-@@ -140,9 +140,10 @@ struct xc_dom_image {
-
- struct xc_dom_loader {
- char *name;
-- int (*probe) (struct xc_dom_image * dom);
-- int (*parser) (struct xc_dom_image * dom);
-- int (*loader) (struct xc_dom_image * dom);
-+ /* Sadly the error returns from these functions are not consistent: */
-+ elf_negerrnoval (*probe) (struct xc_dom_image * dom);
-+ elf_negerrnoval (*parser) (struct xc_dom_image * dom);
-+ elf_errorstatus (*loader) (struct xc_dom_image * dom);
-
- struct xc_dom_loader *next;
- };
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index 9ba64ae..62a0d3b 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -84,7 +84,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom,
- /* ------------------------------------------------------------------------ */
- /* parse elf binary */
-
--static int check_elf_kernel(struct xc_dom_image *dom, bool verbose)
-+static elf_negerrnoval check_elf_kernel(struct xc_dom_image *dom, bool verbose)
- {
- if ( dom->kernel_blob == NULL )
- {
-@@ -106,12 +106,12 @@ static int check_elf_kernel(struct xc_dom_image *dom, bool verbose)
- return 0;
- }
-
--static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom)
-+static elf_negerrnoval xc_dom_probe_elf_kernel(struct xc_dom_image *dom)
- {
- return check_elf_kernel(dom, 0);
- }
-
--static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-+static elf_errorstatus xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- struct elf_binary *elf, bool load)
- {
- struct elf_binary syms;
-@@ -119,7 +119,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- xen_vaddr_t symtab, maxaddr;
- ELF_PTRVAL_CHAR hdr;
- size_t size;
-- int h, count, type, i, tables = 0;
-+ unsigned h, count, type, i, tables = 0;
-
- if ( elf_swap(elf) )
- {
-@@ -140,13 +140,13 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- elf->caller_xdest_base = hdr_ptr;
- elf->caller_xdest_size = allow_size;
- hdr = ELF_REALPTR2PTRVAL(hdr_ptr);
-- elf_store_val(elf, int, hdr, size - sizeof(int));
-+ elf_store_val(elf, unsigned, hdr, size - sizeof(unsigned));
- }
- else
- {
- char *hdr_ptr;
-
-- size = sizeof(int) + elf_size(elf, elf->ehdr) +
-+ size = sizeof(unsigned) + elf_size(elf, elf->ehdr) +
- elf_shdr_count(elf) * elf_size(elf, shdr);
- hdr_ptr = xc_dom_malloc(dom, size);
- if ( hdr_ptr == NULL )
-@@ -157,15 +157,15 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend);
- }
-
-- elf_memcpy_safe(elf, hdr + sizeof(int),
-+ elf_memcpy_safe(elf, hdr + sizeof(unsigned),
- ELF_IMAGE_BASE(elf),
- elf_size(elf, elf->ehdr));
-- elf_memcpy_safe(elf, hdr + sizeof(int) + elf_size(elf, elf->ehdr),
-+ elf_memcpy_safe(elf, hdr + sizeof(unsigned) + elf_size(elf, elf->ehdr),
- ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff),
- elf_shdr_count(elf) * elf_size(elf, shdr));
- if ( elf_64bit(elf) )
- {
-- Elf64_Ehdr *ehdr = (Elf64_Ehdr *)(hdr + sizeof(int));
-+ Elf64_Ehdr *ehdr = (Elf64_Ehdr *)(hdr + sizeof(unsigned));
- ehdr->e_phoff = 0;
- ehdr->e_phentsize = 0;
- ehdr->e_phnum = 0;
-@@ -174,22 +174,22 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- }
- else
- {
-- Elf32_Ehdr *ehdr = (Elf32_Ehdr *)(hdr + sizeof(int));
-+ Elf32_Ehdr *ehdr = (Elf32_Ehdr *)(hdr + sizeof(unsigned));
- ehdr->e_phoff = 0;
- ehdr->e_phentsize = 0;
- ehdr->e_phnum = 0;
- ehdr->e_shoff = elf_size(elf, elf->ehdr);
- ehdr->e_shstrndx = SHN_UNDEF;
- }
-- if ( elf->caller_xdest_size < sizeof(int) )
-+ if ( elf->caller_xdest_size < sizeof(unsigned) )
- {
- DOMPRINTF("%s/%s: header size %"PRIx64" too small",
- __FUNCTION__, load ? "load" : "parse",
- (uint64_t)elf->caller_xdest_size);
- return -1;
- }
-- if ( elf_init(&syms, elf->caller_xdest_base + sizeof(int),
-- elf->caller_xdest_size - sizeof(int)) )
-+ if ( elf_init(&syms, elf->caller_xdest_base + sizeof(unsigned),
-+ elf->caller_xdest_size - sizeof(unsigned)) )
- return -1;
-
- /*
-@@ -209,7 +209,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-
- xc_elf_set_logfile(dom->xch, &syms, 1);
-
-- symtab = dom->bsd_symtab_start + sizeof(int);
-+ symtab = dom->bsd_symtab_start + sizeof(unsigned);
- maxaddr = elf_round_up(&syms, symtab + elf_size(&syms, syms.ehdr) +
- elf_shdr_count(&syms) * elf_size(&syms, shdr));
-
-@@ -255,7 +255,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- size = elf_uval(&syms, shdr, sh_size);
- maxaddr = elf_round_up(&syms, maxaddr + size);
- tables++;
-- DOMPRINTF("%s: h=%d %s, size=0x%zx, maxaddr=0x%" PRIx64 "",
-+ DOMPRINTF("%s: h=%u %s, size=0x%zx, maxaddr=0x%" PRIx64 "",
- __FUNCTION__, h,
- type == SHT_SYMTAB ? "symtab" : "strtab",
- size, maxaddr);
-@@ -294,10 +294,14 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- return 0;
- }
-
--static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom)
-+static elf_errorstatus xc_dom_parse_elf_kernel(struct xc_dom_image *dom)
-+ /*
-+ * This function sometimes returns -1 for error and sometimes
-+ * an errno value. ?!?!
-+ */
- {
- struct elf_binary *elf;
-- int rc;
-+ elf_errorstatus rc;
-
- rc = check_elf_kernel(dom, 1);
- if ( rc != 0 )
-@@ -358,10 +362,10 @@ out:
- return rc;
- }
-
--static int xc_dom_load_elf_kernel(struct xc_dom_image *dom)
-+static elf_errorstatus xc_dom_load_elf_kernel(struct xc_dom_image *dom)
- {
- struct elf_binary *elf = dom->private_loader;
-- int rc;
-+ elf_errorstatus rc;
- xen_pfn_t pages;
-
- elf->dest_base = xc_dom_seg_to_ptr_pages(dom, &dom->kernel_seg, &pages);
-diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c
-index d1f7a30..2ca7732 100644
---- a/tools/xcutils/readnotes.c
-+++ b/tools/xcutils/readnotes.c
-@@ -70,7 +70,7 @@ static void print_numeric_note(const char *prefix, struct elf_binary *elf,
- ELF_HANDLE_DECL(elf_note) note)
- {
- uint64_t value = elf_note_numeric(elf, note);
-- int descsz = elf_uval(elf, note, descsz);
-+ unsigned descsz = elf_uval(elf, note, descsz);
-
- printf("%s: %#*" PRIx64 " (%d bytes)\n",
- prefix, 2+2*descsz, value, descsz);
-@@ -79,7 +79,7 @@ static void print_numeric_note(const char *prefix, struct elf_binary *elf,
- static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf,
- ELF_HANDLE_DECL(elf_note) note)
- {
-- int descsz = elf_uval(elf, note, descsz);
-+ unsigned descsz = elf_uval(elf, note, descsz);
- ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
-
- /* XXX should be able to cope with a list of values. */
-@@ -99,10 +99,10 @@ static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf,
-
- }
-
--static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, ELF_HANDLE_DECL(elf_note) end)
-+static unsigned print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, ELF_HANDLE_DECL(elf_note) end)
- {
- ELF_HANDLE_DECL(elf_note) note;
-- int notes_found = 0;
-+ unsigned notes_found = 0;
- const char *this_note_name;
-
- for ( note = start; ELF_HANDLE_PTRVAL(note) < ELF_HANDLE_PTRVAL(end); note = elf_note_next(elf, note) )
-@@ -161,7 +161,7 @@ static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start,
- break;
- default:
- printf("unknown note type %#x\n",
-- (int)elf_uval(elf, note, type));
-+ (unsigned)elf_uval(elf, note, type));
- break;
- }
- }
-@@ -171,12 +171,13 @@ static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start,
- int main(int argc, char **argv)
- {
- const char *f;
-- int fd,h,size,usize,count;
-+ int fd;
-+ unsigned h,size,usize,count;
- void *image,*tmp;
- struct stat st;
- struct elf_binary elf;
- ELF_HANDLE_DECL(elf_shdr) shdr;
-- int notes_found = 0;
-+ unsigned notes_found = 0;
-
- struct setup_header *hdr;
- uint64_t payload_offset, payload_length;
-diff --git a/xen/common/libelf/Makefile b/xen/common/libelf/Makefile
-index 18dc8e2..5bf8f76 100644
---- a/xen/common/libelf/Makefile
-+++ b/xen/common/libelf/Makefile
-@@ -2,6 +2,8 @@ obj-bin-y := libelf.o
-
- SECTIONS := text data $(SPECIAL_DATA_SECTIONS)
-
-+CFLAGS += -Wno-pointer-sign
-+
- libelf.o: libelf-temp.o Makefile
- $(OBJCOPY) $(foreach s,$(SECTIONS),--rename-section .$(s)=.init.$(s)) $< $@
-
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index 12b6c2a..cdd0d31 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -29,15 +29,15 @@ static const char *const elf_xen_feature_names[] = {
- [XENFEAT_pae_pgdir_above_4gb] = "pae_pgdir_above_4gb",
- [XENFEAT_dom0] = "dom0"
- };
--static const int elf_xen_features =
-+static const unsigned elf_xen_features =
- sizeof(elf_xen_feature_names) / sizeof(elf_xen_feature_names[0]);
-
--int elf_xen_parse_features(const char *features,
-+elf_errorstatus elf_xen_parse_features(const char *features,
- uint32_t *supported,
- uint32_t *required)
- {
-- char feature[64];
-- int pos, len, i;
-+ unsigned char feature[64];
-+ unsigned pos, len, i;
-
- if ( features == NULL )
- return 0;
-@@ -94,7 +94,7 @@ int elf_xen_parse_features(const char *features,
- /* ------------------------------------------------------------------------ */
- /* xen elf notes */
-
--int elf_xen_parse_note(struct elf_binary *elf,
-+elf_errorstatus elf_xen_parse_note(struct elf_binary *elf,
- struct elf_dom_parms *parms,
- ELF_HANDLE_DECL(elf_note) note)
- {
-@@ -125,7 +125,7 @@ int elf_xen_parse_note(struct elf_binary *elf,
- const char *str = NULL;
- uint64_t val = 0;
- unsigned int i;
-- int type = elf_uval(elf, note, type);
-+ unsigned type = elf_uval(elf, note, type);
-
- if ( (type >= sizeof(note_desc) / sizeof(note_desc[0])) ||
- (note_desc[type].name == NULL) )
-@@ -216,12 +216,14 @@ int elf_xen_parse_note(struct elf_binary *elf,
- return 0;
- }
-
--static int elf_xen_parse_notes(struct elf_binary *elf,
-+#define ELF_NOTE_INVALID (~0U)
-+
-+static unsigned elf_xen_parse_notes(struct elf_binary *elf,
- struct elf_dom_parms *parms,
- ELF_PTRVAL_CONST_VOID start,
- ELF_PTRVAL_CONST_VOID end)
- {
-- int xen_elfnotes = 0;
-+ unsigned xen_elfnotes = 0;
- ELF_HANDLE_DECL(elf_note) note;
- const char *note_name;
-
-@@ -237,7 +239,7 @@ static int elf_xen_parse_notes(struct elf_binary *elf,
- if ( strcmp(note_name, "Xen") )
- continue;
- if ( elf_xen_parse_note(elf, parms, note) )
-- return -1;
-+ return ELF_NOTE_INVALID;
- xen_elfnotes++;
- }
- return xen_elfnotes;
-@@ -246,12 +248,12 @@ static int elf_xen_parse_notes(struct elf_binary *elf,
- /* ------------------------------------------------------------------------ */
- /* __xen_guest section */
-
--int elf_xen_parse_guest_info(struct elf_binary *elf,
-+elf_errorstatus elf_xen_parse_guest_info(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
- ELF_PTRVAL_CONST_CHAR h;
-- char name[32], value[128];
-- int len;
-+ unsigned char name[32], value[128];
-+ unsigned len;
-
- h = parms->guest_info;
- #define STAR(h) (elf_access_unsigned(elf, (h), 0, 1))
-@@ -334,13 +336,13 @@ int elf_xen_parse_guest_info(struct elf_binary *elf,
- /* ------------------------------------------------------------------------ */
- /* sanity checks */
-
--static int elf_xen_note_check(struct elf_binary *elf,
-+static elf_errorstatus elf_xen_note_check(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
- if ( (ELF_PTRVAL_INVALID(parms->elf_note_start)) &&
- (ELF_PTRVAL_INVALID(parms->guest_info)) )
- {
-- int machine = elf_uval(elf, elf->ehdr, e_machine);
-+ unsigned machine = elf_uval(elf, elf->ehdr, e_machine);
- if ( (machine == EM_386) || (machine == EM_X86_64) )
- {
- elf_err(elf, "%s: ERROR: Not a Xen-ELF image: "
-@@ -378,7 +380,7 @@ static int elf_xen_note_check(struct elf_binary *elf,
- return 0;
- }
-
--static int elf_xen_addr_calc_check(struct elf_binary *elf,
-+static elf_errorstatus elf_xen_addr_calc_check(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
- if ( (parms->elf_paddr_offset != UNSET_ADDR) &&
-@@ -464,13 +466,13 @@ static int elf_xen_addr_calc_check(struct elf_binary *elf,
- /* ------------------------------------------------------------------------ */
- /* glue it all together ... */
-
--int elf_xen_parse(struct elf_binary *elf,
-+elf_errorstatus elf_xen_parse(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
- ELF_HANDLE_DECL(elf_shdr) shdr;
- ELF_HANDLE_DECL(elf_phdr) phdr;
-- int xen_elfnotes = 0;
-- int i, count, rc;
-+ unsigned xen_elfnotes = 0;
-+ unsigned i, count, more_notes;
-
- elf_memset_unchecked(parms, 0, sizeof(*parms));
- parms->virt_base = UNSET_ADDR;
-@@ -495,13 +497,13 @@ int elf_xen_parse(struct elf_binary *elf,
- if (elf_uval(elf, phdr, p_offset) == 0)
- continue;
-
-- rc = elf_xen_parse_notes(elf, parms,
-+ more_notes = elf_xen_parse_notes(elf, parms,
- elf_segment_start(elf, phdr),
- elf_segment_end(elf, phdr));
-- if ( rc == -1 )
-+ if ( more_notes == ELF_NOTE_INVALID )
- return -1;
-
-- xen_elfnotes += rc;
-+ xen_elfnotes += more_notes;
- }
-
- /*
-@@ -518,17 +520,17 @@ int elf_xen_parse(struct elf_binary *elf,
- if ( elf_uval(elf, shdr, sh_type) != SHT_NOTE )
- continue;
-
-- rc = elf_xen_parse_notes(elf, parms,
-+ more_notes = elf_xen_parse_notes(elf, parms,
- elf_section_start(elf, shdr),
- elf_section_end(elf, shdr));
-
-- if ( rc == -1 )
-+ if ( more_notes == ELF_NOTE_INVALID )
- return -1;
-
-- if ( xen_elfnotes == 0 && rc > 0 )
-+ if ( xen_elfnotes == 0 && more_notes > 0 )
- elf_msg(elf, "%s: using notes from SHT_NOTE section\n", __FUNCTION__);
-
-- xen_elfnotes += rc;
-+ xen_elfnotes += more_notes;
- }
-
- }
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index 0dccd4d..c3a9e51 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -24,7 +24,7 @@
-
- /* ------------------------------------------------------------------------ */
-
--int elf_init(struct elf_binary *elf, const char *image_input, size_t size)
-+elf_errorstatus elf_init(struct elf_binary *elf, const char *image_input, size_t size)
- {
- ELF_HANDLE_DECL(elf_shdr) shdr;
- uint64_t i, count, section, offset;
-@@ -114,7 +114,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback,
- elf->verbose = verbose;
- }
-
--static int elf_load_image(struct elf_binary *elf,
-+static elf_errorstatus elf_load_image(struct elf_binary *elf,
- ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src,
- uint64_t filesz, uint64_t memsz)
- {
-@@ -129,9 +129,9 @@ void elf_set_verbose(struct elf_binary *elf)
- elf->verbose = 1;
- }
-
--static int elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz)
-+static elf_errorstatus elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz)
- {
-- int rc;
-+ elf_errorstatus rc;
- if ( filesz > ULONG_MAX || memsz > ULONG_MAX )
- return -1;
- /* We trust the dom0 kernel image completely, so we don't care
-@@ -151,7 +151,7 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart)
- {
- uint64_t sz;
- ELF_HANDLE_DECL(elf_shdr) shdr;
-- int i, type;
-+ unsigned i, type;
-
- if ( !ELF_HANDLE_VALID(elf->sym_tab) )
- return;
-@@ -187,7 +187,7 @@ static void elf_load_bsdsyms(struct elf_binary *elf)
- ELF_PTRVAL_VOID symbase;
- ELF_PTRVAL_VOID symtab_addr;
- ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr;
-- int i, type;
-+ unsigned i, type;
-
- if ( !elf->bsd_symtab_pstart )
- return;
-@@ -220,7 +220,7 @@ do { \
- elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(shdr),
- ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff),
- sz);
-- maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz);
-+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz);
-
- for ( i = 0; i < elf_shdr_count(elf); i++ )
- {
-@@ -233,10 +233,10 @@ do { \
- elf_memcpy_safe(elf, maxva, elf_section_start(elf, shdr), sz);
- /* Mangled to be based on ELF header location. */
- elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr);
-- maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz);
-+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (unsigned long)maxva + sz);
- }
- shdr = ELF_MAKE_HANDLE(elf_shdr, ELF_HANDLE_PTRVAL(shdr) +
-- (long)elf_uval(elf, elf->ehdr, e_shentsize));
-+ (unsigned long)elf_uval(elf, elf->ehdr, e_shentsize));
- }
-
- /* Write down the actual sym size. */
-@@ -273,7 +273,7 @@ void elf_parse_binary(struct elf_binary *elf)
- __FUNCTION__, elf->pstart, elf->pend);
- }
-
--int elf_load_binary(struct elf_binary *elf)
-+elf_errorstatus elf_load_binary(struct elf_binary *elf)
- {
- ELF_HANDLE_DECL(elf_phdr) phdr;
- uint64_t i, count, paddr, offset, filesz, memsz;
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index fa58f76..46d4ab1 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -122,19 +122,19 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base,
-
- uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr)
- {
-- int elf_round = (elf_64bit(elf) ? 8 : 4) - 1;
-+ uint64_t elf_round = (elf_64bit(elf) ? 8 : 4) - 1;
-
- return (addr + elf_round) & ~elf_round;
- }
-
- /* ------------------------------------------------------------------------ */
-
--int elf_shdr_count(struct elf_binary *elf)
-+unsigned elf_shdr_count(struct elf_binary *elf)
- {
- return elf_uval(elf, elf->ehdr, e_shnum);
- }
-
--int elf_phdr_count(struct elf_binary *elf)
-+unsigned elf_phdr_count(struct elf_binary *elf)
- {
- return elf_uval(elf, elf->ehdr, e_phnum);
- }
-@@ -144,7 +144,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n
- uint64_t count = elf_shdr_count(elf);
- ELF_HANDLE_DECL(elf_shdr) shdr;
- const char *sname;
-- int i;
-+ unsigned i;
-
- for ( i = 0; i < count; i++ )
- {
-@@ -156,7 +156,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *n
- return ELF_INVALID_HANDLE(elf_shdr);
- }
-
--ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index)
-+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned index)
- {
- uint64_t count = elf_shdr_count(elf);
- ELF_PTRVAL_CONST_VOID ptr;
-@@ -170,7 +170,7 @@ ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index)
- return ELF_MAKE_HANDLE(elf_shdr, ptr);
- }
-
--ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index)
-+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index)
- {
- uint64_t count = elf_uval(elf, elf->ehdr, e_phnum);
- ELF_PTRVAL_CONST_VOID ptr;
-@@ -264,7 +264,7 @@ ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *sym
- return ELF_INVALID_HANDLE(elf_sym);
- }
-
--ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index)
-+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index)
- {
- ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab);
- ELF_HANDLE_DECL(elf_sym) sym;
-@@ -280,7 +280,7 @@ const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note
-
- ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
-- int namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
-+ unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
-
- return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz;
- }
-@@ -288,7 +288,7 @@ ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_
- uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
- ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
-- int descsz = elf_uval(elf, note, descsz);
-+ unsigned descsz = elf_uval(elf, note, descsz);
-
- switch (descsz)
- {
-@@ -306,7 +306,7 @@ uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note
- unsigned int unitsz, unsigned int idx)
- {
- ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
-- int descsz = elf_uval(elf, note, descsz);
-+ unsigned descsz = elf_uval(elf, note, descsz);
-
- if ( descsz % unitsz || idx >= descsz / unitsz )
- return 0;
-@@ -324,8 +324,8 @@ uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note
-
- ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
-- int namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
-- int descsz = (elf_uval(elf, note, descsz) + 3) & ~3;
-+ unsigned namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
-+ unsigned descsz = (elf_uval(elf, note, descsz) + 3) & ~3;
-
- return ELF_MAKE_HANDLE(elf_note, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz + descsz);
- }
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index 951430f..87e126a 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -31,6 +31,9 @@
-
- #include <stdbool.h>
-
-+typedef int elf_errorstatus; /* 0: ok; -ve (normally -1): error */
-+typedef int elf_negerrnoval; /* 0: ok; -EFOO: error */
-+
- #undef ELFSIZE
- #include "elfstructs.h"
- #ifdef __XEN__
-@@ -328,12 +331,12 @@ bool elf_access_ok(struct elf_binary * elf,
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_tools.c */
-
--int elf_shdr_count(struct elf_binary *elf);
--int elf_phdr_count(struct elf_binary *elf);
-+unsigned elf_shdr_count(struct elf_binary *elf);
-+unsigned elf_phdr_count(struct elf_binary *elf);
-
- ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *name);
--ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index);
--ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index);
-+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, unsigned index);
-+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, unsigned index);
-
- const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr); /* might return NULL if inputs are invalid */
- ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-@@ -343,7 +346,7 @@ ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(
- ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-
- ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol);
--ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index);
-+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, unsigned index);
-
- const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note); /* may return NULL */
- ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-@@ -360,7 +363,7 @@ bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_loader.c */
-
--int elf_init(struct elf_binary *elf, const char *image, size_t size);
-+elf_errorstatus elf_init(struct elf_binary *elf, const char *image, size_t size);
- /*
- * image and size must be correct. They will be recorded in
- * *elf, and must remain valid while the elf is in use.
-@@ -373,7 +376,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback*,
- #endif
-
- void elf_parse_binary(struct elf_binary *elf);
--int elf_load_binary(struct elf_binary *elf);
-+elf_errorstatus elf_load_binary(struct elf_binary *elf);
-
- ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr);
- uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol);
-@@ -386,7 +389,7 @@ const char *elf_check_broken(const struct elf_binary *elf); /* NULL means OK */
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_relocate.c */
-
--int elf_reloc(struct elf_binary *elf);
-+elf_errorstatus elf_reloc(struct elf_binary *elf);
-
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_dominfo.c */
-@@ -420,7 +423,7 @@ struct elf_dom_parms {
- char guest_ver[16];
- char xen_ver[16];
- char loader[16];
-- int pae;
-+ int pae; /* some kind of enum apparently */
- bool bsd_symtab;
- uint64_t virt_base;
- uint64_t virt_entry;
---
-1.7.2.5
-
diff --git a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch b/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch
deleted file mode 100644
index a9256b54444f..000000000000
--- a/app-emulation/xen-pvgrub/files/xen-4.2-CVE-2013-8-XSA-55.patch
+++ /dev/null
@@ -1,1196 +0,0 @@
-From 40020ab55a1e9a1674ddecdb70299fab4fe8579d Mon Sep 17 00:00:00 2001
-From: Ian Jackson <ian.jackson@eu.citrix.com>
-Date: Fri, 14 Jun 2013 16:43:17 +0100
-Subject: [PATCH 08/23] libelf: introduce macros for memory access and pointer handling
-
-We introduce a collection of macros which abstract away all the
-pointer arithmetic and dereferences used for accessing the input ELF
-and the output area(s). We use the new macros everywhere.
-
-For now, these macros are semantically identical to the code they
-replace, so this patch has no functional change.
-
-elf_is_elfbinary is an exception: since it doesn't take an elf*, we
-need to handle it differently. In a future patch we will change it to
-take, and check, a length parameter. For now we just mark it with a
-fixme.
-
-That this patch has no functional change can be verified as follows:
-
- 0. Copy the scripts "comparison-generate" and "function-filter"
- out of this commit message.
- 1. Check out the tree before this patch.
- 2. Run the script ../comparison-generate .... ../before
- 3. Check out the tree after this patch.
- 4. Run the script ../comparison-generate .... ../after
- 5. diff --exclude=\*.[soi] -ruN before/ after/ |less
-
-Expect these differences:
- * stubdom/zlib-x86_64/ztest*.s2
- The filename of this test file apparently contains the pid.
- * xen/common/version.s2
- The xen build timestamp appears in two diff hunks.
-
-Verification that this is all that's needed:
- In a completely built xen.git,
- find * -name .*.d -type f | xargs grep -l libelf\.h
- Expect results in:
- xen/arch/x86: Checked above.
- tools/libxc: Checked above.
- tools/xcutils/readnotes: Checked above.
- tools/xenstore: Checked above.
- xen/common/libelf:
- This is the build for the hypervisor; checked in B above.
- stubdom:
- We have one stubdom which reads ELFs using our libelf,
- pvgrub, which is checked above.
-
-I have not done this verification for ARM.
-
-This is part of the fix to a security issue, XSA-55.
-
-Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-
--8<- comparison-generate -8<-
- #!/bin/bash
- # usage:
- # cd xen.git
- # .../comparison-generate OUR-CONFIG BUILD-RUNE-PREFIX ../before|../after
- # eg:
- # .../comparison-generate ~/work/.config 'schroot -pc64 --' ../before
- set -ex
-
- test $# = 3 || need-exactly-three-arguments
-
- our_config=$1
- build_rune_prefix=$2
- result_dir=$3
-
- git clean -x -d -f
-
- cp "$our_config" .
-
- cat <<END >>.config
- debug_symbols=n
- CFLAGS += -save-temps
- END
-
- perl -i~ -pe 's/ -g / -g0 / if m/^CFLAGS/' xen/Rules.mk
-
- if [ -f ./configure ]; then
- $build_rune_prefix ./configure
- fi
-
- $build_rune_prefix make -C xen
- $build_rune_prefix make -C tools/include
- $build_rune_prefix make -C stubdom grub
- $build_rune_prefix make -C tools/libxc
- $build_rune_prefix make -C tools/xenstore
- $build_rune_prefix make -C tools/xcutils
-
- rm -rf "$result_dir"
- mkdir "$result_dir"
-
- set +x
- for f in `find xen tools stubdom -name \*.[soi]`; do
- mkdir -p "$result_dir"/`dirname $f`
- cp $f "$result_dir"/${f}
- case $f in
- *.s)
- ../function-filter <$f >"$result_dir"/${f}2
- ;;
- esac
- done
-
- echo ok.
--8<-
-
--8<- function-filter -8<-
- #!/usr/bin/perl -w
- # function-filter
- # script for massaging gcc-generated labels to be consistent
- use strict;
- our @lines;
- my $sedderybody = "sub seddery () {\n";
- while (<>) {
- push @lines, $_;
- if (m/^(__FUNCTION__|__func__)\.(\d+)\:/) {
- $sedderybody .= " s/\\b$1\\.$2\\b/__XSA55MANGLED__$1.$./g;\n";
- }
- }
- $sedderybody .= "}\n1;\n";
- eval $sedderybody or die $@;
- foreach (@lines) {
- seddery();
- print or die $!;
- }
--8<-
----
- tools/libxc/xc_dom_elfloader.c | 30 +++---
- tools/libxc/xc_hvm_build_x86.c | 2 +-
- tools/xcutils/readnotes.c | 26 +++---
- xen/common/libelf/libelf-dominfo.c | 51 +++++-----
- xen/common/libelf/libelf-loader.c | 84 +++++++++--------
- xen/common/libelf/libelf-tools.c | 94 +++++++++---------
- xen/include/xen/libelf.h | 188 +++++++++++++++++++++++++++++++-----
- 7 files changed, 312 insertions(+), 163 deletions(-)
-
-diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c
-index e82f6e9..cc0f206 100644
---- a/tools/libxc/xc_dom_elfloader.c
-+++ b/tools/libxc/xc_dom_elfloader.c
-@@ -115,9 +115,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- struct elf_binary *elf, int load)
- {
- struct elf_binary syms;
-- const elf_shdr *shdr, *shdr2;
-+ ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2;
- xen_vaddr_t symtab, maxaddr;
-- char *hdr;
-+ ELF_PTRVAL_CHAR hdr;
- size_t size;
- int h, count, type, i, tables = 0;
-
-@@ -147,11 +147,11 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- dom->bsd_symtab_start = elf_round_up(elf, dom->kernel_seg.vend);
- }
-
-- memcpy(hdr + sizeof(int),
-- elf->image,
-+ elf_memcpy_safe(elf, hdr + sizeof(int),
-+ ELF_IMAGE_BASE(elf),
- elf_size(elf, elf->ehdr));
-- memcpy(hdr + sizeof(int) + elf_size(elf, elf->ehdr),
-- elf->image + elf_uval(elf, elf->ehdr, e_shoff),
-+ elf_memcpy_safe(elf, hdr + sizeof(int) + elf_size(elf, elf->ehdr),
-+ ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff),
- elf_shdr_count(elf) * elf_size(elf, shdr));
- if ( elf_64bit(elf) )
- {
-@@ -189,7 +189,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- count = elf_shdr_count(&syms);
- for ( h = 0; h < count; h++ )
- {
-- shdr = elf_shdr_by_index(&syms, h);
-+ shdr = ELF_OBSOLETE_VOIDP_CAST elf_shdr_by_index(&syms, h);
- type = elf_uval(&syms, shdr, sh_type);
- if ( type == SHT_STRTAB )
- {
-@@ -205,9 +205,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- if ( i == count )
- {
- if ( elf_64bit(&syms) )
-- *(Elf64_Off*)(&shdr->e64.sh_offset) = 0;
-+ elf_store_field(elf, shdr, e64.sh_offset, 0);
- else
-- *(Elf32_Off*)(&shdr->e32.sh_offset) = 0;
-+ elf_store_field(elf, shdr, e32.sh_offset, 0);
- continue;
- }
- }
-@@ -216,9 +216,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- {
- /* Mangled to be based on ELF header location. */
- if ( elf_64bit(&syms) )
-- *(Elf64_Off*)(&shdr->e64.sh_offset) = maxaddr - symtab;
-+ elf_store_field(elf, shdr, e64.sh_offset, maxaddr - symtab);
- else
-- *(Elf32_Off*)(&shdr->e32.sh_offset) = maxaddr - symtab;
-+ elf_store_field(elf, shdr, e32.sh_offset, maxaddr - symtab);
- size = elf_uval(&syms, shdr, sh_size);
- maxaddr = elf_round_up(&syms, maxaddr + size);
- tables++;
-@@ -230,7 +230,7 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
- if ( load )
- {
- shdr2 = elf_shdr_by_index(elf, h);
-- memcpy((void*)elf_section_start(&syms, shdr),
-+ elf_memcpy_safe(elf, ELF_OBSOLETE_VOIDP_CAST elf_section_start(&syms, shdr),
- elf_section_start(elf, shdr2),
- size);
- }
-@@ -238,9 +238,9 @@ static int xc_dom_load_elf_symtab(struct xc_dom_image *dom,
-
- /* Name is NULL. */
- if ( elf_64bit(&syms) )
-- *(Elf64_Word*)(&shdr->e64.sh_name) = 0;
-+ elf_store_field(elf, shdr, e64.sh_name, 0);
- else
-- *(Elf32_Word*)(&shdr->e32.sh_name) = 0;
-+ elf_store_field(elf, shdr, e32.sh_name, 0);
- }
-
- if ( tables == 0 )
-@@ -275,7 +275,7 @@ static int xc_dom_parse_elf_kernel(struct xc_dom_image *dom)
- }
-
- /* Find the section-header strings table. */
-- if ( elf->sec_strtab == NULL )
-+ if ( ELF_PTRVAL_INVALID(elf->sec_strtab) )
- {
- xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: ELF image"
- " has no shstrtab", __FUNCTION__);
-diff --git a/tools/libxc/xc_hvm_build_x86.c b/tools/libxc/xc_hvm_build_x86.c
-index cf5d7fb..15b603d 100644
---- a/tools/libxc/xc_hvm_build_x86.c
-+++ b/tools/libxc/xc_hvm_build_x86.c
-@@ -110,7 +110,7 @@ static int loadelfimage(
- if ( elf->dest == NULL )
- goto err;
-
-- elf->dest += elf->pstart & (PAGE_SIZE - 1);
-+ ELF_ADVANCE_DEST(elf, elf->pstart & (PAGE_SIZE - 1));
-
- /* Load the initial elf image. */
- rc = elf_load_binary(elf);
-diff --git a/tools/xcutils/readnotes.c b/tools/xcutils/readnotes.c
-index c926186..2af047d 100644
---- a/tools/xcutils/readnotes.c
-+++ b/tools/xcutils/readnotes.c
-@@ -61,13 +61,13 @@ struct setup_header {
- } __attribute__((packed));
-
- static void print_string_note(const char *prefix, struct elf_binary *elf,
-- const elf_note *note)
-+ ELF_HANDLE_DECL(elf_note) note)
- {
- printf("%s: %s\n", prefix, (char*)elf_note_desc(elf, note));
- }
-
- static void print_numeric_note(const char *prefix, struct elf_binary *elf,
-- const elf_note *note)
-+ ELF_HANDLE_DECL(elf_note) note)
- {
- uint64_t value = elf_note_numeric(elf, note);
- int descsz = elf_uval(elf, note, descsz);
-@@ -98,12 +98,12 @@ static void print_l1_mfn_valid_note(const char *prefix, struct elf_binary *elf,
-
- }
-
--static int print_notes(struct elf_binary *elf, const elf_note *start, const elf_note *end)
-+static int print_notes(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) start, ELF_HANDLE_DECL(elf_note) end)
- {
-- const elf_note *note;
-+ ELF_HANDLE_DECL(elf_note) note;
- int notes_found = 0;
-
-- for ( note = start; note < end; note = elf_note_next(elf, note) )
-+ for ( note = start; ELF_HANDLE_PTRVAL(note) < ELF_HANDLE_PTRVAL(end); note = elf_note_next(elf, note) )
- {
- if (0 != strcmp(elf_note_name(elf, note), "Xen"))
- continue;
-@@ -170,7 +170,7 @@ int main(int argc, char **argv)
- void *image,*tmp;
- struct stat st;
- struct elf_binary elf;
-- const elf_shdr *shdr;
-+ ELF_HANDLE_DECL(elf_shdr) shdr;
- int notes_found = 0;
-
- struct setup_header *hdr;
-@@ -257,7 +257,7 @@ int main(int argc, char **argv)
- count = elf_phdr_count(&elf);
- for ( h=0; h < count; h++)
- {
-- const elf_phdr *phdr;
-+ ELF_HANDLE_DECL(elf_phdr) phdr;
- phdr = elf_phdr_by_index(&elf, h);
- if (elf_uval(&elf, phdr, p_type) != PT_NOTE)
- continue;
-@@ -269,8 +269,8 @@ int main(int argc, char **argv)
- continue;
-
- notes_found = print_notes(&elf,
-- elf_segment_start(&elf, phdr),
-- elf_segment_end(&elf, phdr));
-+ ELF_MAKE_HANDLE(elf_note, elf_segment_start(&elf, phdr)),
-+ ELF_MAKE_HANDLE(elf_note, elf_segment_end(&elf, phdr)));
- }
-
- if ( notes_found == 0 )
-@@ -278,13 +278,13 @@ int main(int argc, char **argv)
- count = elf_shdr_count(&elf);
- for ( h=0; h < count; h++)
- {
-- const elf_shdr *shdr;
-+ ELF_HANDLE_DECL(elf_shdr) shdr;
- shdr = elf_shdr_by_index(&elf, h);
- if (elf_uval(&elf, shdr, sh_type) != SHT_NOTE)
- continue;
- notes_found = print_notes(&elf,
-- elf_section_start(&elf, shdr),
-- elf_section_end(&elf, shdr));
-+ ELF_MAKE_HANDLE(elf_note, elf_section_start(&elf, shdr)),
-+ ELF_MAKE_HANDLE(elf_note, elf_section_end(&elf, shdr)));
- if ( notes_found )
- fprintf(stderr, "using notes from SHT_NOTE section\n");
-
-@@ -292,7 +292,7 @@ int main(int argc, char **argv)
- }
-
- shdr = elf_shdr_by_name(&elf, "__xen_guest");
-- if (shdr)
-+ if (ELF_HANDLE_VALID(shdr))
- printf("__xen_guest: %s\n", (char*)elf_section_start(&elf, shdr));
-
- return 0;
-diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c
-index 523837f..7140d59 100644
---- a/xen/common/libelf/libelf-dominfo.c
-+++ b/xen/common/libelf/libelf-dominfo.c
-@@ -44,7 +44,7 @@ int elf_xen_parse_features(const char *features,
-
- for ( pos = 0; features[pos] != '\0'; pos += len )
- {
-- memset(feature, 0, sizeof(feature));
-+ elf_memset_unchecked(feature, 0, sizeof(feature));
- for ( len = 0;; len++ )
- {
- if ( len >= sizeof(feature)-1 )
-@@ -96,7 +96,7 @@ int elf_xen_parse_features(const char *features,
-
- int elf_xen_parse_note(struct elf_binary *elf,
- struct elf_dom_parms *parms,
-- const elf_note *note)
-+ ELF_HANDLE_DECL(elf_note) note)
- {
- /* *INDENT-OFF* */
- static const struct {
-@@ -215,15 +215,16 @@ int elf_xen_parse_note(struct elf_binary *elf,
-
- static int elf_xen_parse_notes(struct elf_binary *elf,
- struct elf_dom_parms *parms,
-- const void *start, const void *end)
-+ ELF_PTRVAL_CONST_VOID start,
-+ ELF_PTRVAL_CONST_VOID end)
- {
- int xen_elfnotes = 0;
-- const elf_note *note;
-+ ELF_HANDLE_DECL(elf_note) note;
-
- parms->elf_note_start = start;
- parms->elf_note_end = end;
-- for ( note = parms->elf_note_start;
-- (void *)note < parms->elf_note_end;
-+ for ( note = ELF_MAKE_HANDLE(elf_note, parms->elf_note_start);
-+ ELF_HANDLE_PTRVAL(note) < parms->elf_note_end;
- note = elf_note_next(elf, note) )
- {
- if ( strcmp(elf_note_name(elf, note), "Xen") )
-@@ -241,45 +242,46 @@ static int elf_xen_parse_notes(struct elf_binary *elf,
- int elf_xen_parse_guest_info(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
-- const char *h;
-+ ELF_PTRVAL_CONST_CHAR h;
- char name[32], value[128];
- int len;
-
- h = parms->guest_info;
-- while ( *h )
-+#define STAR(h) (*(h))
-+ while ( STAR(h) )
- {
-- memset(name, 0, sizeof(name));
-- memset(value, 0, sizeof(value));
-+ elf_memset_unchecked(name, 0, sizeof(name));
-+ elf_memset_unchecked(value, 0, sizeof(value));
- for ( len = 0;; len++, h++ )
- {
- if ( len >= sizeof(name)-1 )
- break;
-- if ( *h == '\0' )
-+ if ( STAR(h) == '\0' )
- break;
-- if ( *h == ',' )
-+ if ( STAR(h) == ',' )
- {
- h++;
- break;
- }
-- if ( *h == '=' )
-+ if ( STAR(h) == '=' )
- {
- h++;
- for ( len = 0;; len++, h++ )
- {
- if ( len >= sizeof(value)-1 )
- break;
-- if ( *h == '\0' )
-+ if ( STAR(h) == '\0' )
- break;
-- if ( *h == ',' )
-+ if ( STAR(h) == ',' )
- {
- h++;
- break;
- }
-- value[len] = *h;
-+ value[len] = STAR(h);
- }
- break;
- }
-- name[len] = *h;
-+ name[len] = STAR(h);
- }
- elf_msg(elf, "%s: %s=\"%s\"\n", __FUNCTION__, name, value);
-
-@@ -328,7 +330,8 @@ int elf_xen_parse_guest_info(struct elf_binary *elf,
- static int elf_xen_note_check(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
-- if ( (parms->elf_note_start == NULL) && (parms->guest_info == NULL) )
-+ if ( (ELF_PTRVAL_INVALID(parms->elf_note_start)) &&
-+ (ELF_PTRVAL_INVALID(parms->guest_info)) )
- {
- int machine = elf_uval(elf, elf->ehdr, e_machine);
- if ( (machine == EM_386) || (machine == EM_X86_64) )
-@@ -457,12 +460,12 @@ static int elf_xen_addr_calc_check(struct elf_binary *elf,
- int elf_xen_parse(struct elf_binary *elf,
- struct elf_dom_parms *parms)
- {
-- const elf_shdr *shdr;
-- const elf_phdr *phdr;
-+ ELF_HANDLE_DECL(elf_shdr) shdr;
-+ ELF_HANDLE_DECL(elf_phdr) phdr;
- int xen_elfnotes = 0;
- int i, count, rc;
-
-- memset(parms, 0, sizeof(*parms));
-+ elf_memset_unchecked(parms, 0, sizeof(*parms));
- parms->virt_base = UNSET_ADDR;
- parms->virt_entry = UNSET_ADDR;
- parms->virt_hypercall = UNSET_ADDR;
-@@ -532,11 +535,11 @@ int elf_xen_parse(struct elf_binary *elf,
- for ( i = 0; i < count; i++ )
- {
- shdr = elf_shdr_by_name(elf, "__xen_guest");
-- if ( shdr )
-+ if ( ELF_HANDLE_VALID(shdr) )
- {
- parms->guest_info = elf_section_start(elf, shdr);
-- parms->elf_note_start = NULL;
-- parms->elf_note_end = NULL;
-+ parms->elf_note_start = ELF_INVALID_PTRVAL;
-+ parms->elf_note_end = ELF_INVALID_PTRVAL;
- elf_msg(elf, "%s: __xen_guest: \"%s\"\n", __FUNCTION__,
- parms->guest_info);
- elf_xen_parse_guest_info(elf, parms);
-diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c
-index ec0706b..0fef84c 100644
---- a/xen/common/libelf/libelf-loader.c
-+++ b/xen/common/libelf/libelf-loader.c
-@@ -26,7 +26,7 @@
-
- int elf_init(struct elf_binary *elf, const char *image, size_t size)
- {
-- const elf_shdr *shdr;
-+ ELF_HANDLE_DECL(elf_shdr) shdr;
- uint64_t i, count, section, offset;
-
- if ( !elf_is_elfbinary(image) )
-@@ -35,7 +35,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size)
- return -1;
- }
-
-- memset(elf, 0, sizeof(*elf));
-+ elf_memset_unchecked(elf, 0, sizeof(*elf));
- elf->image = image;
- elf->size = size;
- elf->ehdr = (elf_ehdr *)image;
-@@ -65,7 +65,7 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size)
- /* Find section string table. */
- section = elf_uval(elf, elf->ehdr, e_shstrndx);
- shdr = elf_shdr_by_index(elf, section);
-- if ( shdr != NULL )
-+ if ( ELF_HANDLE_VALID(shdr) )
- elf->sec_strtab = elf_section_start(elf, shdr);
-
- /* Find symbol table and symbol string table. */
-@@ -77,9 +77,9 @@ int elf_init(struct elf_binary *elf, const char *image, size_t size)
- continue;
- elf->sym_tab = shdr;
- shdr = elf_shdr_by_index(elf, elf_uval(elf, shdr, sh_link));
-- if ( shdr == NULL )
-+ if ( !ELF_HANDLE_VALID(shdr) )
- {
-- elf->sym_tab = NULL;
-+ elf->sym_tab = ELF_INVALID_HANDLE(elf_shdr);
- continue;
- }
- elf->sym_strtab = elf_section_start(elf, shdr);
-@@ -113,10 +113,11 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback,
- }
-
- static int elf_load_image(struct elf_binary *elf,
-- void *dst, const void *src, uint64_t filesz, uint64_t memsz)
-+ ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src,
-+ uint64_t filesz, uint64_t memsz)
- {
-- memcpy(dst, src, filesz);
-- memset(dst + filesz, 0, memsz - filesz);
-+ elf_memcpy_safe(elf, dst, src, filesz);
-+ elf_memset_safe(elf, dst + filesz, 0, memsz - filesz);
- return 0;
- }
- #else
-@@ -126,16 +127,17 @@ void elf_set_verbose(struct elf_binary *elf)
- elf->verbose = 1;
- }
-
--static int elf_load_image(struct elf_binary *elf,
-- void *dst, const void *src, uint64_t filesz, uint64_t memsz)
-+static int elf_load_image(struct elf_binary *elf, ELF_PTRVAL_VOID dst, ELF_PTRVAL_CONST_VOID src, uint64_t filesz, uint64_t memsz)
- {
- int rc;
- if ( filesz > ULONG_MAX || memsz > ULONG_MAX )
- return -1;
-- rc = raw_copy_to_guest(dst, src, filesz);
-+ /* We trust the dom0 kernel image completely, so we don't care
-+ * about overruns etc. here. */
-+ rc = raw_copy_to_guest(ELF_UNSAFE_PTR(dst), ELF_UNSAFE_PTR(src), filesz);
- if ( rc != 0 )
- return -1;
-- rc = raw_clear_guest(dst + filesz, memsz - filesz);
-+ rc = raw_clear_guest(ELF_UNSAFE_PTR(dst + filesz), memsz - filesz);
- if ( rc != 0 )
- return -1;
- return 0;
-@@ -146,10 +148,10 @@ static int elf_load_image(struct elf_binary *elf,
- void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart)
- {
- uint64_t sz;
-- const elf_shdr *shdr;
-+ ELF_HANDLE_DECL(elf_shdr) shdr;
- int i, type;
-
-- if ( !elf->sym_tab )
-+ if ( !ELF_HANDLE_VALID(elf->sym_tab) )
- return;
-
- pstart = elf_round_up(elf, pstart);
-@@ -166,7 +168,7 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart)
- for ( i = 0; i < elf_shdr_count(elf); i++ )
- {
- shdr = elf_shdr_by_index(elf, i);
-- type = elf_uval(elf, (elf_shdr *)shdr, sh_type);
-+ type = elf_uval(elf, shdr, sh_type);
- if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) )
- sz = elf_round_up(elf, sz + elf_uval(elf, shdr, sh_size));
- }
-@@ -177,10 +179,12 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart)
-
- static void elf_load_bsdsyms(struct elf_binary *elf)
- {
-- elf_ehdr *sym_ehdr;
-+ ELF_HANDLE_DECL_NONCONST(elf_ehdr) sym_ehdr;
- unsigned long sz;
-- char *maxva, *symbase, *symtab_addr;
-- elf_shdr *shdr;
-+ ELF_PTRVAL_VOID maxva;
-+ ELF_PTRVAL_VOID symbase;
-+ ELF_PTRVAL_VOID symtab_addr;
-+ ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr;
- int i, type;
-
- if ( !elf->bsd_symtab_pstart )
-@@ -189,18 +193,18 @@ static void elf_load_bsdsyms(struct elf_binary *elf)
- #define elf_hdr_elm(_elf, _hdr, _elm, _val) \
- do { \
- if ( elf_64bit(_elf) ) \
-- (_hdr)->e64._elm = _val; \
-+ elf_store_field(_elf, _hdr, e64._elm, _val); \
- else \
-- (_hdr)->e32._elm = _val; \
-+ elf_store_field(_elf, _hdr, e32._elm, _val); \
- } while ( 0 )
-
- symbase = elf_get_ptr(elf, elf->bsd_symtab_pstart);
- symtab_addr = maxva = symbase + sizeof(uint32_t);
-
- /* Set up Elf header. */
-- sym_ehdr = (elf_ehdr *)symtab_addr;
-+ sym_ehdr = ELF_MAKE_HANDLE(elf_ehdr, symtab_addr);
- sz = elf_uval(elf, elf->ehdr, e_ehsize);
-- memcpy(sym_ehdr, elf->ehdr, sz);
-+ elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(sym_ehdr), ELF_HANDLE_PTRVAL(elf->ehdr), sz);
- maxva += sz; /* no round up */
-
- elf_hdr_elm(elf, sym_ehdr, e_phoff, 0);
-@@ -209,37 +213,39 @@ do { \
- elf_hdr_elm(elf, sym_ehdr, e_phnum, 0);
-
- /* Copy Elf section headers. */
-- shdr = (elf_shdr *)maxva;
-+ shdr = ELF_MAKE_HANDLE(elf_shdr, maxva);
- sz = elf_shdr_count(elf) * elf_uval(elf, elf->ehdr, e_shentsize);
-- memcpy(shdr, elf->image + elf_uval(elf, elf->ehdr, e_shoff), sz);
-- maxva = (char *)(long)elf_round_up(elf, (long)maxva + sz);
-+ elf_memcpy_safe(elf, ELF_HANDLE_PTRVAL(shdr),
-+ ELF_IMAGE_BASE(elf) + elf_uval(elf, elf->ehdr, e_shoff),
-+ sz);
-+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz);
-
- for ( i = 0; i < elf_shdr_count(elf); i++ )
- {
- type = elf_uval(elf, shdr, sh_type);
- if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) )
- {
-- elf_msg(elf, "%s: shdr %i at 0x%p -> 0x%p\n", __func__, i,
-+ elf_msg(elf, "%s: shdr %i at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n", __func__, i,
- elf_section_start(elf, shdr), maxva);
- sz = elf_uval(elf, shdr, sh_size);
-- memcpy(maxva, elf_section_start(elf, shdr), sz);
-+ elf_memcpy_safe(elf, maxva, elf_section_start(elf, shdr), sz);
- /* Mangled to be based on ELF header location. */
- elf_hdr_elm(elf, shdr, sh_offset, maxva - symtab_addr);
-- maxva = (char *)(long)elf_round_up(elf, (long)maxva + sz);
-+ maxva = ELF_OBSOLETE_VOIDP_CAST elf_round_up(elf, (long)maxva + sz);
- }
-- shdr = (elf_shdr *)((long)shdr +
-+ shdr = ELF_MAKE_HANDLE(elf_shdr, ELF_HANDLE_PTRVAL(shdr) +
- (long)elf_uval(elf, elf->ehdr, e_shentsize));
- }
-
- /* Write down the actual sym size. */
-- *(uint32_t *)symbase = maxva - symtab_addr;
-+ elf_store_val(elf, uint32_t, symbase, maxva - symtab_addr);
-
- #undef elf_ehdr_elm
- }
-
- void elf_parse_binary(struct elf_binary *elf)
- {
-- const elf_phdr *phdr;
-+ ELF_HANDLE_DECL(elf_phdr) phdr;
- uint64_t low = -1;
- uint64_t high = 0;
- uint64_t i, count, paddr, memsz;
-@@ -267,9 +273,9 @@ void elf_parse_binary(struct elf_binary *elf)
-
- int elf_load_binary(struct elf_binary *elf)
- {
-- const elf_phdr *phdr;
-+ ELF_HANDLE_DECL(elf_phdr) phdr;
- uint64_t i, count, paddr, offset, filesz, memsz;
-- char *dest;
-+ ELF_PTRVAL_VOID dest;
-
- count = elf_uval(elf, elf->ehdr, e_phnum);
- for ( i = 0; i < count; i++ )
-@@ -282,9 +288,9 @@ int elf_load_binary(struct elf_binary *elf)
- filesz = elf_uval(elf, phdr, p_filesz);
- memsz = elf_uval(elf, phdr, p_memsz);
- dest = elf_get_ptr(elf, paddr);
-- elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%p -> 0x%p\n",
-- __func__, i, dest, dest + filesz);
-- if ( elf_load_image(elf, dest, elf->image + offset, filesz, memsz) != 0 )
-+ elf_msg(elf, "%s: phdr %" PRIu64 " at 0x%"ELF_PRPTRVAL" -> 0x%"ELF_PRPTRVAL"\n",
-+ __func__, i, dest, (ELF_PTRVAL_VOID)(dest + filesz));
-+ if ( elf_load_image(elf, dest, ELF_IMAGE_BASE(elf) + offset, filesz, memsz) != 0 )
- return -1;
- }
-
-@@ -292,18 +298,18 @@ int elf_load_binary(struct elf_binary *elf)
- return 0;
- }
-
--void *elf_get_ptr(struct elf_binary *elf, unsigned long addr)
-+ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr)
- {
- return elf->dest + addr - elf->pstart;
- }
-
- uint64_t elf_lookup_addr(struct elf_binary * elf, const char *symbol)
- {
-- const elf_sym *sym;
-+ ELF_HANDLE_DECL(elf_sym) sym;
- uint64_t value;
-
- sym = elf_sym_by_name(elf, symbol);
-- if ( sym == NULL )
-+ if ( !ELF_HANDLE_VALID(sym) )
- {
- elf_err(elf, "%s: not found: %s\n", __FUNCTION__, symbol);
- return -1;
-diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c
-index 2f54142..f1fd886 100644
---- a/xen/common/libelf/libelf-tools.c
-+++ b/xen/common/libelf/libelf-tools.c
-@@ -67,10 +67,10 @@ int elf_phdr_count(struct elf_binary *elf)
- return elf_uval(elf, elf->ehdr, e_phnum);
- }
-
--const elf_shdr *elf_shdr_by_name(struct elf_binary *elf, const char *name)
-+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *name)
- {
- uint64_t count = elf_shdr_count(elf);
-- const elf_shdr *shdr;
-+ ELF_HANDLE_DECL(elf_shdr) shdr;
- const char *sname;
- int i;
-
-@@ -81,76 +81,80 @@ const elf_shdr *elf_shdr_by_name(struct elf_binary *elf, const char *name)
- if ( sname && !strcmp(sname, name) )
- return shdr;
- }
-- return NULL;
-+ return ELF_INVALID_HANDLE(elf_shdr);
- }
-
--const elf_shdr *elf_shdr_by_index(struct elf_binary *elf, int index)
-+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index)
- {
- uint64_t count = elf_shdr_count(elf);
-- const void *ptr;
-+ ELF_PTRVAL_CONST_VOID ptr;
-
- if ( index >= count )
-- return NULL;
-+ return ELF_INVALID_HANDLE(elf_shdr);
-
-- ptr = (elf->image
-+ ptr = (ELF_IMAGE_BASE(elf)
- + elf_uval(elf, elf->ehdr, e_shoff)
- + elf_uval(elf, elf->ehdr, e_shentsize) * index);
-- return ptr;
-+ return ELF_MAKE_HANDLE(elf_shdr, ptr);
- }
-
--const elf_phdr *elf_phdr_by_index(struct elf_binary *elf, int index)
-+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index)
- {
- uint64_t count = elf_uval(elf, elf->ehdr, e_phnum);
-- const void *ptr;
-+ ELF_PTRVAL_CONST_VOID ptr;
-
- if ( index >= count )
-- return NULL;
-+ return ELF_INVALID_HANDLE(elf_phdr);
-
-- ptr = (elf->image
-+ ptr = (ELF_IMAGE_BASE(elf)
- + elf_uval(elf, elf->ehdr, e_phoff)
- + elf_uval(elf, elf->ehdr, e_phentsize) * index);
-- return ptr;
-+ return ELF_MAKE_HANDLE(elf_phdr, ptr);
- }
-
--const char *elf_section_name(struct elf_binary *elf, const elf_shdr * shdr)
-+
-+const char *elf_section_name(struct elf_binary *elf,
-+ ELF_HANDLE_DECL(elf_shdr) shdr)
- {
-- if ( elf->sec_strtab == NULL )
-+ if ( ELF_PTRVAL_INVALID(elf->sec_strtab) )
- return "unknown";
-+
- return elf->sec_strtab + elf_uval(elf, shdr, sh_name);
- }
-
--const void *elf_section_start(struct elf_binary *elf, const elf_shdr * shdr)
-+ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
- {
-- return elf->image + elf_uval(elf, shdr, sh_offset);
-+ return ELF_IMAGE_BASE(elf) + elf_uval(elf, shdr, sh_offset);
- }
-
--const void *elf_section_end(struct elf_binary *elf, const elf_shdr * shdr)
-+ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr)
- {
-- return elf->image
-+ return ELF_IMAGE_BASE(elf)
- + elf_uval(elf, shdr, sh_offset) + elf_uval(elf, shdr, sh_size);
- }
-
--const void *elf_segment_start(struct elf_binary *elf, const elf_phdr * phdr)
-+ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
-- return elf->image + elf_uval(elf, phdr, p_offset);
-+ return ELF_IMAGE_BASE(elf)
-+ + elf_uval(elf, phdr, p_offset);
- }
-
--const void *elf_segment_end(struct elf_binary *elf, const elf_phdr * phdr)
-+ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
-- return elf->image
-+ return ELF_IMAGE_BASE(elf)
- + elf_uval(elf, phdr, p_offset) + elf_uval(elf, phdr, p_filesz);
- }
-
--const elf_sym *elf_sym_by_name(struct elf_binary *elf, const char *symbol)
-+ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol)
- {
-- const void *ptr = elf_section_start(elf, elf->sym_tab);
-- const void *end = elf_section_end(elf, elf->sym_tab);
-- const elf_sym *sym;
-+ ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab);
-+ ELF_PTRVAL_CONST_VOID end = elf_section_end(elf, elf->sym_tab);
-+ ELF_HANDLE_DECL(elf_sym) sym;
- uint64_t info, name;
-
- for ( ; ptr < end; ptr += elf_size(elf, sym) )
- {
-- sym = ptr;
-+ sym = ELF_MAKE_HANDLE(elf_sym, ptr);
- info = elf_uval(elf, sym, st_info);
- name = elf_uval(elf, sym, st_name);
- if ( ELF32_ST_BIND(info) != STB_GLOBAL )
-@@ -159,33 +163,33 @@ const elf_sym *elf_sym_by_name(struct elf_binary *elf, const char *symbol)
- continue;
- return sym;
- }
-- return NULL;
-+ return ELF_INVALID_HANDLE(elf_sym);
- }
-
--const elf_sym *elf_sym_by_index(struct elf_binary *elf, int index)
-+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index)
- {
-- const void *ptr = elf_section_start(elf, elf->sym_tab);
-- const elf_sym *sym;
-+ ELF_PTRVAL_CONST_VOID ptr = elf_section_start(elf, elf->sym_tab);
-+ ELF_HANDLE_DECL(elf_sym) sym;
-
-- sym = ptr + index * elf_size(elf, sym);
-+ sym = ELF_MAKE_HANDLE(elf_sym, ptr + index * elf_size(elf, sym));
- return sym;
- }
-
--const char *elf_note_name(struct elf_binary *elf, const elf_note * note)
-+const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
-- return (void *)note + elf_size(elf, note);
-+ return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note);
- }
-
--const void *elf_note_desc(struct elf_binary *elf, const elf_note * note)
-+ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
- int namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
-
-- return (void *)note + elf_size(elf, note) + namesz;
-+ return ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz;
- }
-
--uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note)
-+uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
-- const void *desc = elf_note_desc(elf, note);
-+ ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
- int descsz = elf_uval(elf, note, descsz);
-
- switch (descsz)
-@@ -200,10 +204,10 @@ uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note)
- }
- }
-
--uint64_t elf_note_numeric_array(struct elf_binary *elf, const elf_note *note,
-+uint64_t elf_note_numeric_array(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note,
- unsigned int unitsz, unsigned int idx)
- {
-- const void *desc = elf_note_desc(elf, note);
-+ ELF_PTRVAL_CONST_VOID desc = elf_note_desc(elf, note);
- int descsz = elf_uval(elf, note, descsz);
-
- if ( descsz % unitsz || idx >= descsz / unitsz )
-@@ -220,12 +224,12 @@ uint64_t elf_note_numeric_array(struct elf_binary *elf, const elf_note *note,
- }
- }
-
--const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * note)
-+ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note)
- {
- int namesz = (elf_uval(elf, note, namesz) + 3) & ~3;
- int descsz = (elf_uval(elf, note, descsz) + 3) & ~3;
-
-- return (void *)note + elf_size(elf, note) + namesz + descsz;
-+ return ELF_MAKE_HANDLE(elf_note, ELF_HANDLE_PTRVAL(note) + elf_size(elf, note) + namesz + descsz);
- }
-
- /* ------------------------------------------------------------------------ */
-@@ -234,10 +238,10 @@ int elf_is_elfbinary(const void *image)
- {
- const Elf32_Ehdr *ehdr = image;
-
-- return IS_ELF(*ehdr);
-+ return IS_ELF(*ehdr); /* fixme unchecked */
- }
-
--int elf_phdr_is_loadable(struct elf_binary *elf, const elf_phdr * phdr)
-+int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr)
- {
- uint64_t p_type = elf_uval(elf, phdr, p_type);
- uint64_t p_flags = elf_uval(elf, phdr, p_flags);
-diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
-index 38e490c..cefd3d3 100644
---- a/xen/include/xen/libelf.h
-+++ b/xen/include/xen/libelf.h
-@@ -48,6 +48,97 @@ typedef void elf_log_callback(struct elf_binary*, void *caller_data,
-
- /* ------------------------------------------------------------------------ */
-
-+/* Macros for accessing the input image and output area. */
-+
-+/*
-+ * We abstract away the pointerness of these pointers, replacing
-+ * various void*, char* and struct* with the following:
-+ * PTRVAL A pointer to a byte; one can do pointer arithmetic
-+ * on this.
-+ * This replaces variables which were char*,void*
-+ * and their const versions, so we provide four
-+ * different declaration macros:
-+ * ELF_PTRVAL_{,CONST}{VOID,CHAR}
-+ * HANDLE A pointer to a struct. There is one of these types
-+ * for each pointer type - that is, for each "structname".
-+ * In the arguments to the various HANDLE macros, structname
-+ * must be a single identifier which is a typedef.
-+ * It is not permitted to do arithmetic on these
-+ * pointers. In the current code attempts to do so will
-+ * compile, but in the next patch this will become a
-+ * compile error.
-+ * We provide two declaration macros for const and
-+ * non-const pointers.
-+ */
-+
-+#define ELF_REALPTR2PTRVAL(realpointer) (realpointer)
-+ /* Converts an actual C pointer into a PTRVAL */
-+
-+#define ELF_HANDLE_DECL_NONCONST(structname) structname *
-+#define ELF_HANDLE_DECL(structname) const structname *
-+ /* Provides a type declaration for a HANDLE. */
-+ /* May only be used to declare ONE variable at a time */
-+
-+#define ELF_PTRVAL_VOID void *
-+#define ELF_PTRVAL_CHAR char *
-+#define ELF_PTRVAL_CONST_VOID const void *
-+#define ELF_PTRVAL_CONST_CHAR const char *
-+ /* Provides a type declaration for a PTRVAL. */
-+ /* May only be used to declare ONE variable at a time */
-+
-+#define ELF_DEFINE_HANDLE(structname) /* empty */
-+ /*
-+ * This must be invoked for each HANDLE type to define
-+ * the actual C type used for that kind of HANDLE.
-+ */
-+
-+#define ELF_PRPTRVAL "p"
-+ /* printf format a la PRId... for a PTRVAL */
-+
-+#define ELF_MAKE_HANDLE(structname, ptrval) (ptrval)
-+ /* Converts a PTRVAL to a HANDLE */
-+
-+#define ELF_IMAGE_BASE(elf) ((elf)->image)
-+ /* Returns the base of the image as a PTRVAL. */
-+
-+#define ELF_HANDLE_PTRVAL(handleval) ((void*)(handleval))
-+ /* Converts a HANDLE to a PTRVAL. */
-+
-+#define ELF_OBSOLETE_VOIDP_CAST (void*)(uintptr_t)
-+ /*
-+ * In some places the existing code needs to
-+ * - cast away const (the existing code uses const a fair
-+ * bit but actually sometimes wants to write to its input)
-+ * from a PTRVAL.
-+ * - convert an integer representing a pointer to a PTRVAL
-+ * This macro provides a suitable cast.
-+ */
-+
-+#define ELF_UNSAFE_PTR(ptrval) ((void*)(uintptr_t)(ptrval))
-+ /*
-+ * Turns a PTRVAL into an actual C pointer. Before this is done
-+ * the caller must have ensured that the PTRVAL does in fact point
-+ * to a permissible location.
-+ */
-+
-+/* PTRVALs can be INVALID (ie, NULL). */
-+#define ELF_INVALID_PTRVAL (NULL) /* returns NULL PTRVAL */
-+#define ELF_INVALID_HANDLE(structname) /* returns NULL handle */ \
-+ ELF_MAKE_HANDLE(structname, ELF_INVALID_PTRVAL)
-+#define ELF_PTRVAL_VALID(ptrval) (ptrval) /* } */
-+#define ELF_HANDLE_VALID(handleval) (handleval) /* } predicates */
-+#define ELF_PTRVAL_INVALID(ptrval) ((ptrval) == NULL) /* } */
-+
-+/* For internal use by other macros here */
-+#define ELF__HANDLE_FIELD_TYPE(handleval, elm) \
-+ typeof((handleval)->elm)
-+#define ELF__HANDLE_FIELD_OFFSET(handleval, elm) \
-+ offsetof(typeof(*(handleval)),elm)
-+
-+
-+/* ------------------------------------------------------------------------ */
-+
-+
- typedef union {
- Elf32_Ehdr e32;
- Elf64_Ehdr e64;
-@@ -83,6 +174,12 @@ typedef union {
- Elf64_Note e64;
- } elf_note;
-
-+ELF_DEFINE_HANDLE(elf_ehdr)
-+ELF_DEFINE_HANDLE(elf_shdr)
-+ELF_DEFINE_HANDLE(elf_phdr)
-+ELF_DEFINE_HANDLE(elf_sym)
-+ELF_DEFINE_HANDLE(elf_note)
-+
- struct elf_binary {
- /* elf binary */
- const char *image;
-@@ -90,10 +187,10 @@ struct elf_binary {
- char class;
- char data;
-
-- const elf_ehdr *ehdr;
-- const char *sec_strtab;
-- const elf_shdr *sym_tab;
-- const char *sym_strtab;
-+ ELF_HANDLE_DECL(elf_ehdr) ehdr;
-+ ELF_PTRVAL_CONST_CHAR sec_strtab;
-+ ELF_HANDLE_DECL(elf_shdr) sym_tab;
-+ ELF_PTRVAL_CONST_CHAR sym_strtab;
-
- /* loaded to */
- char *dest;
-@@ -135,45 +232,72 @@ struct elf_binary {
- : elf_access_unsigned((elf), (str), \
- offsetof(typeof(*(str)),e32.elem), \
- sizeof((str)->e32.elem)))
-+ /*
-+ * Reads an unsigned field in a header structure in the ELF.
-+ * str is a HANDLE, and elem is the field name in it.
-+ */
-
- #define elf_size(elf, str) \
- ((ELFCLASS64 == (elf)->class) \
- ? sizeof((str)->e64) : sizeof((str)->e32))
-+ /*
-+ * Returns the size of the substructure for the appropriate 32/64-bitness.
-+ * str should be a HANDLE.
-+ */
-
--uint64_t elf_access_unsigned(struct elf_binary *elf, const void *ptr,
-+uint64_t elf_access_unsigned(struct elf_binary *elf, ELF_PTRVAL_CONST_VOID ptr,
- uint64_t offset, size_t size);
-+ /* Reads a field at arbitrary offset and alignemnt */
-
- uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr);
-
-+
-+#define elf_memcpy_safe(elf, dst, src, sz) memcpy((dst),(src),(sz))
-+#define elf_memset_safe(elf, dst, c, sz) memset((dst),(c),(sz))
-+ /*
-+ * Versions of memcpy and memset which will (in the next patch)
-+ * arrange never to write outside permitted areas.
-+ */
-+
-+#define elf_store_val(elf, type, ptr, val) (*(type*)(ptr) = (val))
-+ /* Stores a value at a particular PTRVAL. */
-+
-+#define elf_store_field(elf, hdr, elm, val) \
-+ (elf_store_val((elf), ELF__HANDLE_FIELD_TYPE(hdr, elm), \
-+ &((hdr)->elm), \
-+ (val)))
-+ /* Stores a 32/64-bit field. hdr is a HANDLE and elm is the field name. */
-+
-+
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_tools.c */
-
- int elf_shdr_count(struct elf_binary *elf);
- int elf_phdr_count(struct elf_binary *elf);
-
--const elf_shdr *elf_shdr_by_name(struct elf_binary *elf, const char *name);
--const elf_shdr *elf_shdr_by_index(struct elf_binary *elf, int index);
--const elf_phdr *elf_phdr_by_index(struct elf_binary *elf, int index);
-+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_name(struct elf_binary *elf, const char *name);
-+ELF_HANDLE_DECL(elf_shdr) elf_shdr_by_index(struct elf_binary *elf, int index);
-+ELF_HANDLE_DECL(elf_phdr) elf_phdr_by_index(struct elf_binary *elf, int index);
-
--const char *elf_section_name(struct elf_binary *elf, const elf_shdr * shdr);
--const void *elf_section_start(struct elf_binary *elf, const elf_shdr * shdr);
--const void *elf_section_end(struct elf_binary *elf, const elf_shdr * shdr);
-+const char *elf_section_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-+ELF_PTRVAL_CONST_VOID elf_section_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-+ELF_PTRVAL_CONST_VOID elf_section_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_shdr) shdr);
-
--const void *elf_segment_start(struct elf_binary *elf, const elf_phdr * phdr);
--const void *elf_segment_end(struct elf_binary *elf, const elf_phdr * phdr);
-+ELF_PTRVAL_CONST_VOID elf_segment_start(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-+ELF_PTRVAL_CONST_VOID elf_segment_end(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-
--const elf_sym *elf_sym_by_name(struct elf_binary *elf, const char *symbol);
--const elf_sym *elf_sym_by_index(struct elf_binary *elf, int index);
-+ELF_HANDLE_DECL(elf_sym) elf_sym_by_name(struct elf_binary *elf, const char *symbol);
-+ELF_HANDLE_DECL(elf_sym) elf_sym_by_index(struct elf_binary *elf, int index);
-
--const char *elf_note_name(struct elf_binary *elf, const elf_note * note);
--const void *elf_note_desc(struct elf_binary *elf, const elf_note * note);
--uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note);
--uint64_t elf_note_numeric_array(struct elf_binary *, const elf_note *,
-+const char *elf_note_name(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-+ELF_PTRVAL_CONST_VOID elf_note_desc(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-+uint64_t elf_note_numeric(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-+uint64_t elf_note_numeric_array(struct elf_binary *, ELF_HANDLE_DECL(elf_note),
- unsigned int unitsz, unsigned int idx);
--const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * note);
-+ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL(elf_note) note);
-
- int elf_is_elfbinary(const void *image);
--int elf_phdr_is_loadable(struct elf_binary *elf, const elf_phdr * phdr);
-+int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr);
-
- /* ------------------------------------------------------------------------ */
- /* xc_libelf_loader.c */
-@@ -189,7 +313,7 @@ void elf_set_log(struct elf_binary *elf, elf_log_callback*,
- void elf_parse_binary(struct elf_binary *elf);
- int elf_load_binary(struct elf_binary *elf);
-
--void *elf_get_ptr(struct elf_binary *elf, unsigned long addr);
-+ELF_PTRVAL_VOID elf_get_ptr(struct elf_binary *elf, unsigned long addr);
- uint64_t elf_lookup_addr(struct elf_binary *elf, const char *symbol);
-
- void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t pstart); /* private */
-@@ -221,9 +345,9 @@ struct xen_elfnote {
-
- struct elf_dom_parms {
- /* raw */
-- const char *guest_info;
-- const void *elf_note_start;
-- const void *elf_note_end;
-+ ELF_PTRVAL_CONST_CHAR guest_info;
-+ ELF_PTRVAL_CONST_VOID elf_note_start;
-+ ELF_PTRVAL_CONST_VOID elf_note_end;
- struct xen_elfnote elf_notes[XEN_ELFNOTE_MAX + 1];
-
- /* parsed */
-@@ -262,10 +386,22 @@ int elf_xen_parse_features(const char *features,
- uint32_t *required);
- int elf_xen_parse_note(struct elf_binary *elf,
- struct elf_dom_parms *parms,
-- const elf_note *note);
-+ ELF_HANDLE_DECL(elf_note) note);
- int elf_xen_parse_guest_info(struct elf_binary *elf,
- struct elf_dom_parms *parms);
- int elf_xen_parse(struct elf_binary *elf,
- struct elf_dom_parms *parms);
-
-+#define elf_memcpy_unchecked memcpy
-+#define elf_memset_unchecked memset
-+ /*
-+ * Unsafe versions of memcpy and memset which take actual C
-+ * pointers. These are just like real memcpy and memset.
-+ */
-+
-+
-+#define ELF_ADVANCE_DEST(elf, amount) elf->dest += (amount)
-+ /* Advances past amount bytes of the current destination area. */
-+
-+
- #endif /* __XEN_LIBELF_H__ */
---
-1.7.2.5
-
diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild
index 8e924d4aec81..1d8fd861019c 100644
--- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild
+++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild,v 1.1 2013/06/26 16:16:38 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.1-r3.ebuild,v 1.2 2013/06/27 05:32:10 idella4 Exp $
EAPI=4
PYTHON_DEPEND="2:2.6"
@@ -10,13 +10,16 @@ inherit flag-o-matic eutils multilib python toolchain-funcs
XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles"
LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci
GRUB_URL=mirror://gnu-alpha/grub
+XSAPATCHES="http://dev.gentoo.org/~idella4/"
SRC_URI="
http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
$GRUB_URL/grub-0.97.tar.gz
$XEN_EXTFILES_URL/zlib-1.2.3.tar.gz
$LIBPCI_URL/pciutils-2.2.9.tar.bz2
$XEN_EXTFILES_URL/lwip-1.3.0.tar.gz
- $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz"
+ $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz
+ $XSAPATCHES/patches/XSA-55patches.tar.gz
+ "
S="${WORKDIR}/xen-${PV}"
@@ -85,28 +88,29 @@ src_prepare() {
#Sec patch
epatch "${FILESDIR}"/${PN/-pvgrub/}-4-CVE-2012-6075-XSA-41.patch \
- "${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \
- "${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \
- "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
- "${FILESDIR}"/xen-4-CVE-2013-1952-XSA_49.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-8-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-11-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-15-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch
-
- #Substitute for internal downloading. pciutils copied only due to the only .bz2
+ "${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \
+ "${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \
+ "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
+ "${FILESDIR}"/xen-4-CVE-2013-1952-XSA_49.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \
+ "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \
+ "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \
+ "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \
+ "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch
+
+ # Substitute for internal downloading. pciutils copied only due to the only .bz2
cp $DISTDIR/pciutils-2.2.9.tar.bz2 ./stubdom/ || die "pciutils not copied to stubdom"
+
retar-externals || die "re-tar procedure failed"
}
diff --git a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild
index a76dcfd40883..a7ddcaf295b4 100644
--- a/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild
+++ b/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.1 2013/06/26 16:16:38 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-pvgrub/xen-pvgrub-4.2.2-r1.ebuild,v 1.2 2013/06/27 05:32:10 idella4 Exp $
EAPI=4
PYTHON_DEPEND="2:2.6"
@@ -10,13 +10,16 @@ inherit flag-o-matic eutils multilib python toolchain-funcs
XEN_EXTFILES_URL="http://xenbits.xensource.com/xen-extfiles"
LIBPCI_URL=ftp://atrey.karlin.mff.cuni.cz/pub/linux/pci
GRUB_URL=mirror://gnu-alpha/grub
+XSAPATCHES="http://dev.gentoo.org/~idella4/"
SRC_URI="
http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
$GRUB_URL/grub-0.97.tar.gz
$XEN_EXTFILES_URL/zlib-1.2.3.tar.gz
$LIBPCI_URL/pciutils-2.2.9.tar.bz2
$XEN_EXTFILES_URL/lwip-1.3.0.tar.gz
- $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz"
+ $XEN_EXTFILES_URL/newlib/newlib-1.16.0.tar.gz
+ $XSAPATCHES/patches/XSA-55patches.tar.gz
+ "
S="${WORKDIR}/xen-${PV}"
@@ -92,12 +95,12 @@ src_prepare() {
"${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-8-XSA-55.patch \
+ "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-11-XSA-55.patch \
+ "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \
- "${FILESDIR}"/xen-4.2-CVE-2013-15-XSA-55.patch \
+ "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \
"${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \