[meta-virtualization] [PATCH 5/5] xen: for 4.10.0: XSA-253 / CVE-2018-5244 patch

[christopher.w.clark at gmail.com]

From: Christopher Clark <christopher.w.clark at gmail.com>

Fix a memory leak with MSR emulation on x86.

Signed-off-by: Christopher Clark <christopher.clark6 at baesystems.com>
---

This patch is only required for Xen 4.10.0 and not for Xen 4.9.x.

 recipes-extended/xen/files/xsa253.patch | 26 ++++++++++++++++++++++++++
 recipes-extended/xen/xen_4.10.0.bb      |  2 ++
 2 files changed, 28 insertions(+)
 create mode 100644 recipes-extended/xen/files/xsa253.patch

diff --git a/recipes-extended/xen/files/xsa253.patch b/recipes-extended/xen/files/xsa253.patch
new file mode 100644
index 0000000..19e4269
--- /dev/null
+++ b/recipes-extended/xen/files/xsa253.patch
@@ -0,0 +1,26 @@
+From: Andrew Cooper <andrew.cooper3 at citrix.com>
+Subject: x86/msr: Free msr_vcpu_policy during vcpu destruction
+
+c/s 4187f79dc7 "x86/msr: introduce struct msr_vcpu_policy" introduced a
+per-vcpu memory allocation, but failed to free it in the clean vcpu
+destruction case.
+
+This is XSA-253
+
+Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+Reviewed-by: Jan Beulich <jbeulich at suse.com>
+
+diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
+index b17468c..0ae715d 100644
+--- a/xen/arch/x86/domain.c
++++ b/xen/arch/x86/domain.c
+@@ -382,6 +382,9 @@ void vcpu_destroy(struct vcpu *v)
+ 
+     vcpu_destroy_fpu(v);
+ 
++    xfree(v->arch.msr);
++    v->arch.msr = NULL;
++
+     if ( !is_idle_domain(v->domain) )
+         vpmu_destroy(v);
+ 
diff --git a/recipes-extended/xen/xen_4.10.0.bb b/recipes-extended/xen/xen_4.10.0.bb
index 1e14c86..d314b9b 100644
--- a/recipes-extended/xen/xen_4.10.0.bb
+++ b/recipes-extended/xen/xen_4.10.0.bb
@@ -1,7 +1,9 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 require xen.inc
 
 SRC_URI = " \
     https://downloads.xenproject.org/release/xen/${PV}/xen-${PV}.tar.gz \
+    file://xsa253.patch \
     "
 
 SRC_URI[md5sum] = "ab9d320d02cb40f6b40506aed1a38d58"
-- 
2.7.4