Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5854
xsa244.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa244.patch of Package xen.5854
From: Andrew Cooper <andrew.cooper3@citrix.com> Subject: x86/cpu: fix IST handling during PCPU bringup Clear IST references in newly allocated IDTs. Nothing good will come of having them set before the TSS is suitably constructed (although the chances of the CPU surviving such an IST interrupt/exception is extremely slim). Uniformly set the IST references after the TSS is in place. This fixes an issue on AMD hardware, where onlining a PCPU while PCPU0 is in HVM context will cause IST_NONE to be copied into the new IDT, making that PCPU vulnerable to privilege escalation from PV guests until it subsequently schedules an HVM guest. This is XSA-244. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Index: xen-4.4.4-testing/xen/arch/x86/cpu/common.c =================================================================== --- xen-4.4.4-testing.orig/xen/arch/x86/cpu/common.c +++ xen-4.4.4-testing/xen/arch/x86/cpu/common.c @@ -577,6 +577,10 @@ void __cpuinit cpu_init(void) load_TR(); asm volatile ( "lldt %%ax" : : "a" (0) ); + set_ist(&idt_tables[cpu][TRAP_double_fault], IST_DF); + set_ist(&idt_tables[cpu][TRAP_nmi], IST_NMI); + set_ist(&idt_tables[cpu][TRAP_machine_check], IST_MCE); + /* Clear all 6 debug registers: */ #define CD(register) asm volatile ( "mov %0,%%db" #register : : "r"(0UL) ); CD(0); CD(1); CD(2); CD(3); /* no db4 and db5 */; CD(6); CD(7); Index: xen-4.4.4-testing/xen/arch/x86/smpboot.c =================================================================== --- xen-4.4.4-testing.orig/xen/arch/x86/smpboot.c +++ xen-4.4.4-testing/xen/arch/x86/smpboot.c @@ -682,6 +682,9 @@ static int cpu_smpboot_alloc(unsigned in if ( idt_tables[cpu] == NULL ) goto oom; memcpy(idt_tables[cpu], idt_table, IDT_ENTRIES * sizeof(idt_entry_t)); + set_ist(&idt_tables[cpu][TRAP_double_fault], IST_NONE); + set_ist(&idt_tables[cpu][TRAP_nmi], IST_NONE); + set_ist(&idt_tables[cpu][TRAP_machine_check], IST_NONE); if ( zalloc_cpumask_var(&per_cpu(cpu_sibling_mask, cpu)) && zalloc_cpumask_var(&per_cpu(cpu_core_mask, cpu)) )
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor