head 1.2; access; symbols pkgsrc-2020Q2:1.1.0.24 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.20 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.22 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.18 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.16 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.14 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.12 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.10 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.8 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.6 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.4 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2020.08.19.10.39.25; author bouyer; state dead; branches; next 1.1; commitid DGAMglRf0Jde6FkC; 1.1 date 2017.10.17.10.57.34; author bouyer; state Exp; branches 1.1.2.1; next ; commitid Op7VCttvsVltwobA; 1.1.2.1 date 2017.10.17.10.57.34; author bsiegert; state dead; branches; next 1.1.2.2; commitid hV2F1sd8zeL8jrbA; 1.1.2.2 date 2017.10.17.19.17.50; author bsiegert; state Exp; branches; next ; commitid hV2F1sd8zeL8jrbA; desc @@ 1.2 log @Remove xenkernel and xentools packages older than 4.11. They're not maintained anymore upstream, and don't build on supported NetBSD releases. @ text @$NetBSD: patch-XSA233,v 1.1 2017/10/17 10:57:34 bouyer Exp $ From: Juergen Gross Subject: tools/xenstore: dont unlink connection object twice A connection object of a domain with associated stubdom has two parents: the domain and the stubdom. When cleaning up the list of active domains in domain_cleanup() make sure not to unlink the connection twice from the same domain. This could happen when the domain and its stubdom are being destroyed at the same time leading to the domain loop being entered twice. Additionally don't use talloc_free() in this case as it will remove a random parent link, leading eventually to a memory leak. Use talloc_unlink() instead specifying the context from which the connection object should be removed. This is XSA-233. Reported-by: Eric Chanudet Signed-off-by: Juergen Gross Reviewed-by: Ian Jackson --- xenstore/xenstored_domain.c.orig +++ xenstore/xenstored_domain.c @@@@ -221,10 +221,11 @@@@ static int destroy_domain(void *_domain) static void domain_cleanup(void) { xc_dominfo_t dominfo; - struct domain *domain, *tmp; + struct domain *domain; int notify = 0; - list_for_each_entry_safe(domain, tmp, &domains, list) { + again: + list_for_each_entry(domain, &domains, list) { if (xc_domain_getinfo(*xc_handle, domain->domid, 1, &dominfo) == 1 && dominfo.domid == domain->domid) { @@@@ -236,8 +237,12 @@@@ static void domain_cleanup(void) if (!dominfo.dying) continue; } - talloc_free(domain->conn); - notify = 0; /* destroy_domain() fires the watch */ + if (domain->conn) { + talloc_unlink(talloc_autofree_context(), domain->conn); + domain->conn = NULL; + notify = 0; /* destroy_domain() fires the watch */ + goto again; + } } if (notify) @ 1.1 log @Update xen*46 to 4.6.6, including fixes up to XSA244. changes since Xen 4.6.5: mostly bug fixes, including security fixes for XSA206, XSA211 to XSA244. PKGREVISION set to 1 to account for the fact that it's not a stock Xen 4.6.6. Note that, unlike upstream, pv-linear-pt defaults to true, so that NetBSD PV guests (including dom0) will continue to boot without changes to boot.cfg @ text @d1 1 a1 1 $NetBSD: $ @ 1.1.2.1 log @file patch-XSA233 was added on branch pkgsrc-2017Q3 on 2017-10-17 19:17:50 +0000 @ text @d1 54 @ 1.1.2.2 log @Pullup ticket #5580 - requested by bouyer sysutils/xenkernel46, sysutils/xentools46: security fix Revisions pulled up: - sysutils/xenkernel46/MESSAGE 1.2 - sysutils/xenkernel46/Makefile 1.14 - sysutils/xenkernel46/distinfo 1.10 - sysutils/xenkernel46/patches/patch-XSA-212 deleted - sysutils/xenkernel46/patches/patch-XSA226 1.1 - sysutils/xenkernel46/patches/patch-XSA227 1.1 - sysutils/xenkernel46/patches/patch-XSA228 1.1 - sysutils/xenkernel46/patches/patch-XSA230 1.1 - sysutils/xenkernel46/patches/patch-XSA231 1.1 - sysutils/xenkernel46/patches/patch-XSA232 1.1 - sysutils/xenkernel46/patches/patch-XSA234 1.1 - sysutils/xenkernel46/patches/patch-XSA237 1.1 - sysutils/xenkernel46/patches/patch-XSA238 1.1 - sysutils/xenkernel46/patches/patch-XSA239 1.1 - sysutils/xenkernel46/patches/patch-XSA240 1.1 - sysutils/xenkernel46/patches/patch-XSA241 1.1 - sysutils/xenkernel46/patches/patch-XSA242 1.1 - sysutils/xenkernel46/patches/patch-XSA243 1.1 - sysutils/xenkernel46/patches/patch-XSA244 1.1 - sysutils/xentools46/Makefile 1.21 - sysutils/xentools46/distinfo 1.9 - sysutils/xentools46/patches/patch-XSA-211-1 deleted - sysutils/xentools46/patches/patch-XSA-211-2 deleted - sysutils/xentools46/patches/patch-XSA228 1.1 - sysutils/xentools46/patches/patch-XSA233 1.1 - sysutils/xentools46/patches/patch-XSA240 1.1 - sysutils/xentools46/version.mk 1.3 --- Module Name: pkgsrc Committed By: bouyer Date: Tue Oct 17 10:57:35 UTC 2017 Modified Files: pkgsrc/sysutils/xenkernel46: MESSAGE Makefile distinfo pkgsrc/sysutils/xentools46: Makefile distinfo version.mk Added Files: pkgsrc/sysutils/xenkernel46/patches: patch-XSA226 patch-XSA227 patch-XSA228 patch-XSA230 patch-XSA231 patch-XSA232 patch-XSA234 patch-XSA237 patch-XSA238 patch-XSA239 patch-XSA240 patch-XSA241 patch-XSA242 patch-XSA243 patch-XSA244 pkgsrc/sysutils/xentools46/patches: patch-XSA228 patch-XSA233 patch-XSA240 Removed Files: pkgsrc/sysutils/xenkernel46/patches: patch-XSA-212 pkgsrc/sysutils/xentools46/patches: patch-XSA-211-1 patch-XSA-211-2 Log Message: Update xen*46 to 4.6.6, including fixes up to XSA244. changes since Xen 4.6.5: mostly bug fixes, including security fixes for XSA206, XSA211 to XSA244. PKGREVISION set to 1 to account for the fact that it's not a stock Xen 4.6.6. Note that, unlike upstream, pv-linear-pt defaults to true, so that NetBSD PV guests (including dom0) will continue to boot without changes to boot.cfg @ text @a0 54 $NetBSD: patch-XSA233,v 1.1 2017/10/17 10:57:34 bouyer Exp $ From: Juergen Gross Subject: tools/xenstore: dont unlink connection object twice A connection object of a domain with associated stubdom has two parents: the domain and the stubdom. When cleaning up the list of active domains in domain_cleanup() make sure not to unlink the connection twice from the same domain. This could happen when the domain and its stubdom are being destroyed at the same time leading to the domain loop being entered twice. Additionally don't use talloc_free() in this case as it will remove a random parent link, leading eventually to a memory leak. Use talloc_unlink() instead specifying the context from which the connection object should be removed. This is XSA-233. Reported-by: Eric Chanudet Signed-off-by: Juergen Gross Reviewed-by: Ian Jackson --- xenstore/xenstored_domain.c.orig +++ xenstore/xenstored_domain.c @@@@ -221,10 +221,11 @@@@ static int destroy_domain(void *_domain) static void domain_cleanup(void) { xc_dominfo_t dominfo; - struct domain *domain, *tmp; + struct domain *domain; int notify = 0; - list_for_each_entry_safe(domain, tmp, &domains, list) { + again: + list_for_each_entry(domain, &domains, list) { if (xc_domain_getinfo(*xc_handle, domain->domid, 1, &dominfo) == 1 && dominfo.domid == domain->domid) { @@@@ -236,8 +237,12 @@@@ static void domain_cleanup(void) if (!dominfo.dying) continue; } - talloc_free(domain->conn); - notify = 0; /* destroy_domain() fires the watch */ + if (domain->conn) { + talloc_unlink(talloc_autofree_context(), domain->conn); + domain->conn = NULL; + notify = 0; /* destroy_domain() fires the watch */ + goto again; + } } if (notify) @