1 files changed, 0 insertions, 70 deletions

diff --git a/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch b/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch
deleted file mode 100644
index f074fa6..0000000
--- a/app-emulation/xen/files/xen-4-CVE-2013-0151-XSA-34_35.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-commit 66141b2e068fa39f28bdda6be05882e323663687
-Author: Michael Young 
-Date:   Tue Jan 22 22:22:10 2013 +0000
-
-    Security fix from nested virtualization CVE-2013-0151,
-    restore status option to xend which is used by libvirt
-#diff --git a/xsa34-4.2.patch b/xsa34-4.2.patch
-#new file mode 100644
-#index 0000000..f5328ef
-#--- /dev/null
-#+++ xsa34-4.2.patch
-#@@ -0,0 +1,30 @@
-#+x86_32: don't allow use of nested HVM
-#+
-#+There are (indirect) uses of map_domain_page() in the nested HVM code
-#+that are unsafe when not just using the 1:1 mapping.
-#+
-#+This is XSA-34 / CVE-2013-0151.
-#+
-#+Signed-off-by: Jan Beulich 
-#+
-#diff --git a/xsa35-4.2-with-xsa34.patch b/xsa35-4.2-with-xsa34.patch
-#new file mode 100644
-#index 0000000..28c6171
-#--- /dev/null
-#+++ xsa35-4.2-with-xsa34.patch
-#@@ -0,0 +1,24 @@
-#+xen: Do not allow guests to enable nested HVM on themselves
-#+
-#+There is no reason for this and doing so exposes a memory leak to
-#+guests. Only toolstacks need write access to this HVM param.
-#+
-#+This is XSA-35 / CVE-2013-0152.
-#+
-#+Signed-off-by: Ian Campbell 
-#+Acked-by: Jan Beulich 
-#+
---- xen/arch/x86/hvm/hvm.c
-+++ xen/arch/x86/hvm/hvm.c
-@@ -3858,6 +3858,11 @@
-                     rc = -EINVAL;
-                 break;
-             case HVM_PARAM_NESTEDHVM:
-+                if ( !IS_PRIV(current->domain) )
-+                {
-+                    rc = -EPERM;
-+                    break;
-+                }
-                 if ( a.value > 1 )
-                     rc = -EINVAL;
-                 if ( !is_hvm_domain(d) )
-@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
-                     rc = -EINVAL;
-                 break;
-             case HVM_PARAM_NESTEDHVM:
-+#ifdef __i386__
-+                if ( a.value )
-+                    rc = -EINVAL;
-+#else
-                 if ( a.value > 1 )
-                     rc = -EINVAL;
-                 if ( !is_hvm_domain(d) )
-@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
-                     for_each_vcpu(d, v)
-                         if ( rc == 0 )
-                             rc = nestedhvm_vcpu_initialise(v);
-+#endif
-                 break;
-             case HVM_PARAM_BUFIOREQ_EVTCHN:
-                 rc = -EINVAL;