Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2024-03-26 19:24:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Tue Mar 26 19:24:44 2024 rev:342 rq:1162273 version:4.18.1_02
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2024-03-03 20:19:52.671038480
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.1905/xen.changes 2024-03-26
19:25:36.845299673 +0100
@@ -1,0 +2,37 @@
+Mon Mar 25 15:30:00 CET 2024 - jbeul...@suse.com
+
+- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
+ Race Conditions (XSA-453)
+ 65f83951-x86-mm-use-block_lock_speculation-in.patch
+
+-------------------------------------------------------------------
+Fri Mar 15 10:11:56 MDT 2024 - carn...@suse.com
+
+- Update to Xen 4.18.1 bug fix release (bsc#1027519)
+ xen-4.18.1-testing-src.tar.bz2
+ * No upstream changelog found in sources or webpage
+- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
+ Sampling (XSA-452)
+- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
+ Race Conditions (XSA-453)
+- Dropped patches included in new tarball
+ 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
+ 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
+ 655b2ba9-fix-sched_move_domain.patch
+ 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
+ 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
+ 656ee5e1-x86emul-avoid-triggering-event-assertions.patch
+ 656ee602-cpupool-adding-offline-CPU.patch
+ 656ee6c3-domain_create-error-path.patch
+ 6571ca95-fix-sched_move_domain.patch
+ 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
+ 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
+ 65a7a0a4-x86-Intel-GPCC-setup.patch
+ 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
+ 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
+ 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
+ 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
+ 65b8f9ab-VT-d-else-vs-endif-misplacement.patch
+ xsa451.patch
+
+-------------------------------------------------------------------
Old:
----
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xen-4.18.0-testing-src.tar.bz2
xsa451.patch
New:
----
65f83951-x86-mm-use-block_lock_speculation-in.patch
xen-4.18.1-testing-src.tar.bz2
BETA DEBUG BEGIN:
Old:- Dropped patches included in new tarball
654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
Old: 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
Old: 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
Old: 655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
Old: 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
Old: 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
Old: 656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
Old: 656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
Old: 656ee6c3-domain_create-error-path.patch
6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
Old: 6571ca95-fix-sched_move_domain.patch
6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
Old: 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
Old: 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
Old: 65a7a0a4-x86-Intel-GPCC-setup.patch
65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
Old: 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
Old: 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
Old: 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
Old: 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xsa451.patch
Old: 65b8f9ab-VT-d-else-vs-endif-misplacement.patch
xsa451.patch
BETA DEBUG END:
BETA DEBUG BEGIN:
New: Race Conditions (XSA-453)
65f83951-x86-mm-use-block_lock_speculation-in.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.2znu4C/_old 2024-03-26 19:25:38.701367969 +0100
+++ /var/tmp/diff_new_pack.2znu4C/_new 2024-03-26 19:25:38.701367969 +0100
@@ -28,7 +28,7 @@
Name: xen
ExclusiveArch: %ix86 x86_64 aarch64
-%define xen_build_dir xen-4.18.0-testing
+%define xen_build_dir xen-4.18.1-testing
#
%define with_gdbsx 0
%define with_dom0_support 0
@@ -119,12 +119,12 @@
%endif
Provides: installhint(reboot-needed)
-Version: 4.18.0_06
+Version: 4.18.1_02
Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0-only
Group: System/Kernel
-Source0: xen-4.18.0-testing-src.tar.bz2
+Source0: xen-4.18.1-testing-src.tar.bz2
Source1: stubdom.tar.bz2
Source2: mini-os.tar.bz2
Source9: xen.changes
@@ -154,25 +154,8 @@
# For xen-libs
Source99: baselibs.conf
# Upstream patches
-Patch1: 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
-Patch2: 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
-Patch3: 655b2ba9-fix-sched_move_domain.patch
-Patch4: 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
-Patch5: 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
-Patch6: 656ee5e1-x86emul-avoid-triggering-event-assertions.patch
-Patch7: 656ee602-cpupool-adding-offline-CPU.patch
-Patch8: 656ee6c3-domain_create-error-path.patch
-Patch9: 6571ca95-fix-sched_move_domain.patch
-Patch10: 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
-Patch11: 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
-Patch12: 65a7a0a4-x86-Intel-GPCC-setup.patch
-Patch13: 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
-Patch14: 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
-Patch15: 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
-Patch16: 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
-Patch17: 65b8f9ab-VT-d-else-vs-endif-misplacement.patch
+Patch1: 65f83951-x86-mm-use-block_lock_speculation-in.patch
# EMBARGOED security fixes
-Patch100: xsa451.patch
# libxc
Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch
++++++ 65f83951-x86-mm-use-block_lock_speculation-in.patch ++++++
# Commit 62018f08708a5ff6ef8fc8ff2aaaac46e5a60430
# Date 2024-03-18 13:53:37 +0100
# Author Jan Beulich <jbeul...@suse.com>
# Committer Jan Beulich <jbeul...@suse.com>
x86/mm: use block_lock_speculation() in _mm_write_lock()
I can only guess that using block_speculation() there was a leftover
from, earlier on, SPECULATIVE_HARDEN_LOCK depending on
SPECULATIVE_HARDEN_BRANCH.
Fixes: 197ecd838a2a ("locking: attempt to ensure lock wrappers are always
inline")
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
--- a/xen/arch/x86/mm/mm-locks.h
+++ b/xen/arch/x86/mm/mm-locks.h
@@ -138,7 +138,7 @@ static always_inline void _mm_write_lock
_set_lock_level(_lock_level(d, level));
}
else
- block_speculation();
+ block_lock_speculation();
l->recurse_count++;
}
++++++ xen-4.18.0-testing-src.tar.bz2 -> xen-4.18.1-testing-src.tar.bz2 ++++++
++++ 5491 lines of diff (skipped)
++++++ xl-save-pc.patch ++++++
--- /var/tmp/diff_new_pack.2znu4C/_old 2024-03-26 19:25:41.805482189 +0100
+++ /var/tmp/diff_new_pack.2znu4C/_new 2024-03-26 19:25:41.809482336 +0100
@@ -21,7 +21,7 @@
--- a/tools/xl/Makefile
+++ b/tools/xl/Makefile
-@@ -26,6 +26,7 @@ XL_OBJS += xl_vmcontrol.o xl_saverestore
+@@ -25,6 +25,7 @@ XL_OBJS += xl_vmcontrol.o xl_saverestore
XL_OBJS += xl_vdispl.o xl_vsnd.o xl_vkb.o
$(XL_OBJS): CFLAGS += $(CFLAGS_libxentoollog)
@@ -29,7 +29,7 @@
$(XL_OBJS): CFLAGS += $(CFLAGS_XL)
$(XL_OBJS): CFLAGS += -include $(XEN_ROOT)/tools/config.h # libxl_json.h
needs it.
-@@ -33,7 +34,7 @@ $(XL_OBJS): CFLAGS += -include $(XEN_ROO
+@@ -32,7 +33,7 @@ $(XL_OBJS): CFLAGS += -include $(XEN_ROO
all: xl
xl: $(XL_OBJS)
