Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
xen.19912
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch of Package xen.19912
# Commit 45f59ed8865318bb0356954bad067f329677ce9e # Date 2021-06-08 17:43:06 +0100 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> x86/spec-ctrl: Protect against Speculative Code Store Bypass Modern x86 processors have far-better-than-architecturally-guaranteed self modifying code detection. Typically, when a write hits an instruction in flight, a Machine Clear occurs to flush stale content in the frontend and backend. For self modifying code, before a write which hits an instruction in flight retires, the frontend can speculatively decode and execute the old instruction stream. Speculation of this form can suffer from type confusion in registers, and potentially leak data. Furthermore, updates are typically byte-wise, rather than atomic. Depending on timing, speculation can race ahead multiple times between individual writes, and execute the transiently-malformed instruction stream. Xen has stubs which are used in certain cases for emulation purposes. Inhibit speculation between updating the stub and executing it. This is XSA-375 / CVE-2021-0089. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -138,6 +138,8 @@ static io_emul_stub_t *io_emul_stub_setu /* Runtime confirmation that we haven't clobbered an adjacent stub. */ BUG_ON(STUB_BUF_SIZE / 2 < (p - ctxt->io_emul_stub)); + block_speculation(); /* SCSB */ + /* Handy function-typed pointer to the stub. */ return (void *)stub_va; --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -1256,6 +1256,7 @@ static inline int mkec(uint8_t e, int32_ # define invoke_stub(pre, post, constraints...) do { \ stub_exn.info = (union stub_exception_token) { .raw = ~0 }; \ stub_exn.line = __LINE__; /* Utility outweighs livepatching cost */ \ + block_speculation(); /* SCSB */ \ asm volatile ( pre "\n\tINDIRECT_CALL %[stub]\n\t" post "\n" \ ".Lret%=:\n\t" \ ".pushsection .fixup,\"ax\"\n" \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor