1 files changed, 0 insertions, 132 deletions

diff --git a/system/xen/xsa/xsa313-2.patch b/system/xen/xsa/xsa313-2.patch
deleted file mode 100644
index d81b8232d2df0..0000000000000
--- a/system/xen/xsa/xsa313-2.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: xenoprof: limit consumption of shared buffer data
-
-Since a shared buffer can be written to by the guest, we may only read
-the head and tail pointers from there (all other fields should only ever
-be written to). Furthermore, for any particular operation the two values
-must be read exactly once, with both checks and consumption happening
-with the thus read values. (The backtrace related xenoprof_buf_space()
-use in xenoprof_log_event() is an exception: The values used there get
-re-checked by every subsequent xenoprof_add_sample().)
-
-Since that code needed touching, also fix the double increment of the
-lost samples count in case the backtrace related xenoprof_add_sample()
-invocation in xenoprof_log_event() fails.
-
-Where code is being touched anyway, add const as appropriate, but take
-the opportunity to entirely drop the now unused domain parameter of
-xenoprof_buf_space().
-
-This is part of XSA-313.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Wei Liu <wl@xen.org>
-
---- a/xen/common/xenoprof.c
-+++ b/xen/common/xenoprof.c
-@@ -479,25 +479,22 @@ static int add_passive_list(XEN_GUEST_HA
- 
- 
- /* Get space in the buffer */
--static int xenoprof_buf_space(struct domain *d, xenoprof_buf_t * buf, int size)
-+static int xenoprof_buf_space(int head, int tail, int size)
- {
--    int head, tail;
--
--    head = xenoprof_buf(d, buf, event_head);
--    tail = xenoprof_buf(d, buf, event_tail);
--
-     return ((tail > head) ? 0 : size) + tail - head - 1;
- }
- 
- /* Check for space and add a sample. Return 1 if successful, 0 otherwise. */
--static int xenoprof_add_sample(struct domain *d, xenoprof_buf_t *buf,
-+static int xenoprof_add_sample(const struct domain *d,
-+                               const struct xenoprof_vcpu *v,
-                                uint64_t eip, int mode, int event)
- {
-+    xenoprof_buf_t *buf = v->buffer;
-     int head, tail, size;
- 
-     head = xenoprof_buf(d, buf, event_head);
-     tail = xenoprof_buf(d, buf, event_tail);
--    size = xenoprof_buf(d, buf, event_size);
-+    size = v->event_size;
-     
-     /* make sure indexes in shared buffer are sane */
-     if ( (head < 0) || (head >= size) || (tail < 0) || (tail >= size) )
-@@ -506,7 +503,7 @@ static int xenoprof_add_sample(struct do
-         return 0;
-     }
- 
--    if ( xenoprof_buf_space(d, buf, size) > 0 )
-+    if ( xenoprof_buf_space(head, tail, size) > 0 )
-     {
-         xenoprof_buf(d, buf, event_log[head].eip) = eip;
-         xenoprof_buf(d, buf, event_log[head].mode) = mode;
-@@ -530,7 +527,6 @@ static int xenoprof_add_sample(struct do
- int xenoprof_add_trace(struct vcpu *vcpu, uint64_t pc, int mode)
- {
-     struct domain *d = vcpu->domain;
--    xenoprof_buf_t *buf = d->xenoprof->vcpu[vcpu->vcpu_id].buffer;
- 
-     /* Do not accidentally write an escape code due to a broken frame. */
-     if ( pc == XENOPROF_ESCAPE_CODE )
-@@ -539,7 +535,8 @@ int xenoprof_add_trace(struct vcpu *vcpu
-         return 0;
-     }
- 
--    return xenoprof_add_sample(d, buf, pc, mode, 0);
-+    return xenoprof_add_sample(d, &d->xenoprof->vcpu[vcpu->vcpu_id],
-+                               pc, mode, 0);
- }
- 
- void xenoprof_log_event(struct vcpu *vcpu, const struct cpu_user_regs *regs,
-@@ -570,17 +567,22 @@ void xenoprof_log_event(struct vcpu *vcp
-     /* Provide backtrace if requested. */
-     if ( backtrace_depth > 0 )
-     {
--        if ( (xenoprof_buf_space(d, buf, v->event_size) < 2) ||
--             !xenoprof_add_sample(d, buf, XENOPROF_ESCAPE_CODE, mode, 
--                                  XENOPROF_TRACE_BEGIN) )
-+        if ( xenoprof_buf_space(xenoprof_buf(d, buf, event_head),
-+                                xenoprof_buf(d, buf, event_tail),
-+                                v->event_size) < 2 )
-         {
-             xenoprof_buf(d, buf, lost_samples)++;
-             lost_samples++;
-             return;
-         }
-+
-+        /* xenoprof_add_sample() will increment lost_samples on failure */
-+        if ( !xenoprof_add_sample(d, v, XENOPROF_ESCAPE_CODE, mode,
-+                                  XENOPROF_TRACE_BEGIN) )
-+            return;
-     }
- 
--    if ( xenoprof_add_sample(d, buf, pc, mode, event) )
-+    if ( xenoprof_add_sample(d, v, pc, mode, event) )
-     {
-         if ( is_active(vcpu->domain) )
-             active_samples++;
---- a/xen/include/xen/xenoprof.h
-+++ b/xen/include/xen/xenoprof.h
-@@ -61,12 +61,12 @@ struct xenoprof {
- 
- #ifndef CONFIG_COMPAT
- #define XENOPROF_COMPAT(x) 0
--#define xenoprof_buf(d, b, field) ((b)->field)
-+#define xenoprof_buf(d, b, field) ACCESS_ONCE((b)->field)
- #else
- #define XENOPROF_COMPAT(x) ((x)->is_compat)
--#define xenoprof_buf(d, b, field) (*(!(d)->xenoprof->is_compat ? \
--                                       &(b)->native.field : \
--                                       &(b)->compat.field))
-+#define xenoprof_buf(d, b, field) ACCESS_ONCE(*(!(d)->xenoprof->is_compat \
-+                                                ? &(b)->native.field \
-+                                                : &(b)->compat.field))
- #endif
- 
- struct domain;