diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-01-07 15:02:05 -0200 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-01-07 15:02:05 -0200 |
commit | c3173338df6eecc9dc6bf780cbfe7ab57e5d46b7 (patch) | |
tree | 6e1976eadea766349a14d195fbd7aceca2a364ac /kernels/xen/xsa75-4.3-unstable.patch | |
parent | 8ed713ab896f4eff72c669c4d27986b6d99d2004 (diff) | |
download | abslibre-c3173338df6eecc9dc6bf780cbfe7ab57e5d46b7.tar.gz abslibre-c3173338df6eecc9dc6bf780cbfe7ab57e5d46b7.tar.bz2 abslibre-c3173338df6eecc9dc6bf780cbfe7ab57e5d46b7.zip |
xen-4.3.1-2: updating version
Diffstat (limited to 'kernels/xen/xsa75-4.3-unstable.patch')
-rw-r--r-- | kernels/xen/xsa75-4.3-unstable.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/kernels/xen/xsa75-4.3-unstable.patch b/kernels/xen/xsa75-4.3-unstable.patch new file mode 100644 index 000000000..6c0c5bca1 --- /dev/null +++ b/kernels/xen/xsa75-4.3-unstable.patch @@ -0,0 +1,55 @@ +nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing + +Otherwise uninitialized data may be used, leading to crashes. + +This is XSA-75. + +Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@McAfee.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/hvm/vmx/vvmx.c ++++ b/xen/arch/x86/hvm/vmx/vvmx.c +@@ -1508,15 +1508,10 @@ static void clear_vvmcs_launched(struct + } + } + +-int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) ++static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) + { + struct nestedvmx *nvmx = &vcpu_2_nvmx(v); + struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); +- int rc; +- +- rc = vmx_inst_check_privilege(regs, 0); +- if ( rc != X86EMUL_OKAY ) +- return rc; + + /* check VMCS is valid and IO BITMAP is set */ + if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) && +@@ -1535,6 +1530,10 @@ int nvmx_handle_vmresume(struct cpu_user + struct vcpu *v = current; + struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); + struct nestedvmx *nvmx = &vcpu_2_nvmx(v); ++ int rc = vmx_inst_check_privilege(regs, 0); ++ ++ if ( rc != X86EMUL_OKAY ) ++ return rc; + + if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) + { +@@ -1554,10 +1553,13 @@ int nvmx_handle_vmresume(struct cpu_user + int nvmx_handle_vmlaunch(struct cpu_user_regs *regs) + { + bool_t launched; +- int rc; + struct vcpu *v = current; + struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); + struct nestedvmx *nvmx = &vcpu_2_nvmx(v); ++ int rc = vmx_inst_check_privilege(regs, 0); ++ ++ if ( rc != X86EMUL_OKAY ) ++ return rc; + + if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) + { |