Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen.10697
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch of Package xen.10697
Subject: x86/HVM: don't load LDTR with VM86 mode attrs during task switch From: Jan Beulich jbeulich@suse.com Tue Nov 22 14:28:12 2016 +0100 Date: Tue Nov 22 14:28:12 2016 +0100: Git: b679cfaed68935e8a11dc4121ea2e116595636b8 Just like TR, LDTR is purely a protected mode facility and hence needs to be loaded accordingly. Also move its loading to where it architecurally belongs. This is CVE-2016-9382 / XSA-192. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> master commit: 93aa42b85ae0084ba7b749d0e990c94fbf0c17e3 master date: 2016-11-22 13:45:44 +0100 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -2337,16 +2337,15 @@ static void hvm_unmap_entry(void *p) } static int hvm_load_segment_selector( - enum x86_segment seg, uint16_t sel) + enum x86_segment seg, uint16_t sel, unsigned int eflags) { struct segment_register desctab, cs, segr; struct desc_struct *pdesc, desc; u8 dpl, rpl, cpl; int fault_type = TRAP_invalid_tss; - struct cpu_user_regs *regs = guest_cpu_user_regs(); struct vcpu *v = current; - if ( regs->eflags & X86_EFLAGS_VM ) + if ( eflags & X86_EFLAGS_VM ) { segr.sel = sel; segr.base = (uint32_t)sel << 4; @@ -2594,6 +2593,8 @@ void hvm_task_switch( if ( rc != HVMCOPY_okay ) goto out; + if ( hvm_load_segment_selector(x86_seg_ldtr, tss.ldt, 0) ) + goto out; if ( hvm_set_cr3(tss.cr3) ) goto out; @@ -2616,13 +2617,12 @@ void hvm_task_switch( } exn_raised = 0; - if ( hvm_load_segment_selector(x86_seg_ldtr, tss.ldt) || - hvm_load_segment_selector(x86_seg_es, tss.es) || - hvm_load_segment_selector(x86_seg_cs, tss.cs) || - hvm_load_segment_selector(x86_seg_ss, tss.ss) || - hvm_load_segment_selector(x86_seg_ds, tss.ds) || - hvm_load_segment_selector(x86_seg_fs, tss.fs) || - hvm_load_segment_selector(x86_seg_gs, tss.gs) ) + if ( hvm_load_segment_selector(x86_seg_es, tss.es, tss.eflags) || + hvm_load_segment_selector(x86_seg_cs, tss.cs, tss.eflags) || + hvm_load_segment_selector(x86_seg_ss, tss.ss, tss.eflags) || + hvm_load_segment_selector(x86_seg_ds, tss.ds, tss.eflags) || + hvm_load_segment_selector(x86_seg_fs, tss.fs, tss.eflags) || + hvm_load_segment_selector(x86_seg_gs, tss.gs, tss.eflags) ) exn_raised = 1; rc = hvm_copy_to_guest_virt(
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor