Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5854
573b116a-x86-mm-fully-honor-PS-bits-in-guest-pa...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 573b116a-x86-mm-fully-honor-PS-bits-in-guest-page-table-walks.patch of Package xen.5854
References: bsc#978295 CVE-2016-4480 XSA-176 # Commit 46699c7393bd991234b5642763c5c24b6b39a6c4 # Date 2016-05-17 14:41:14 +0200 # Author Jan Beulich <jbeulich@suse.com> # Committer Jan Beulich <jbeulich@suse.com> x86/mm: fully honor PS bits in guest page table walks In L4 entries it is currently unconditionally reserved (and hence should, when set, always result in a reserved bit page fault), and is reserved on hardware not supporting 1Gb pages (and hence should, when set, similarly cause a reserved bit page fault on such hardware). This is CVE-2016-4480 / XSA-176. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> --- a/xen/arch/x86/mm/guest_walk.c +++ b/xen/arch/x86/mm/guest_walk.c @@ -186,6 +186,11 @@ guest_walk_tables(struct vcpu *v, struct rc |= _PAGE_PRESENT; goto out; } + if ( gflags & _PAGE_PSE ) + { + rc |= _PAGE_PSE | _PAGE_INVALID_BIT; + goto out; + } rc |= ((gflags & mflags) ^ mflags); /* Map the l3 table */ @@ -206,7 +211,7 @@ guest_walk_tables(struct vcpu *v, struct } rc |= ((gflags & mflags) ^ mflags); - pse1G = (gflags & _PAGE_PSE) && guest_supports_1G_superpages(v); + pse1G = !!(gflags & _PAGE_PSE); if ( pse1G ) { @@ -226,6 +231,8 @@ guest_walk_tables(struct vcpu *v, struct /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */ flags &= ~_PAGE_PAT; + if ( !guest_supports_1G_superpages(v) ) + rc |= _PAGE_PSE | _PAGE_INVALID_BIT; if ( gfn_x(start) & GUEST_L3_GFN_MASK & ~0x1 ) rc |= _PAGE_INVALID_BITS;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor