diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-02-24 08:29:39 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-02-24 08:31:30 +0000 |
| commit | ccba2d08cc9d7de25cfa2eccbe943cb2e4ced400 (patch) | |
| tree | 7aa522260ab9fa5d62a06b71a36e6aa68b689c72 /main/xen/xsa165.patch | |
| parent | c1d177c44a1d6248d5d291e272caa8a8cd3428d6 (diff) | |
| download | aports-ccba2d08cc9d7de25cfa2eccbe943cb2e4ced400.tar.bz2 aports-ccba2d08cc9d7de25cfa2eccbe943cb2e4ced400.tar.xz | |
main/xen: security fix multiple vulnerabilties. Fixes #5159
(CVE-2016-2270, XSA-154)
(CVE-2015-8550, XSA-155)
(CVE-2015-8339, CVE-2015-8340, XSA-159)
(CVE-2015-8341, XSA-160)
(CVE-2015-8555, XSA-165)
(CVE-2016-1570, XSA-167)
(CVE-2016-1571, XSA 168)
(CVE-2015-8615, XSA-169)
(CVE-2016-2271, XSA-170)
Diffstat (limited to 'main/xen/xsa165.patch')
| -rw-r--r-- | main/xen/xsa165.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/main/xen/xsa165.patch b/main/xen/xsa165.patch new file mode 100644 index 0000000000..81de03cd38 --- /dev/null +++ b/main/xen/xsa165.patch @@ -0,0 +1,85 @@ +x86: don't leak ST(n)/XMMn values to domains first using them + +FNINIT doesn't alter these registers, and hence using it is +insufficient to initialize a guest's initial state. + +This is XSA-165. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -851,6 +851,17 @@ int arch_set_info_guest( + if ( v->arch.xsave_area ) + v->arch.xsave_area->xsave_hdr.xstate_bv = XSTATE_FP_SSE; + } ++ else if ( v->arch.xsave_area ) ++ memset(&v->arch.xsave_area->xsave_hdr, 0, ++ sizeof(v->arch.xsave_area->xsave_hdr)); ++ else ++ { ++ typeof(v->arch.xsave_area->fpu_sse) *fpu_sse = v->arch.fpu_ctxt; ++ ++ memset(fpu_sse, 0, sizeof(*fpu_sse)); ++ fpu_sse->fcw = FCW_DEFAULT; ++ fpu_sse->mxcsr = MXCSR_DEFAULT; ++ } + + if ( !compat ) + { +--- a/xen/arch/x86/i387.c ++++ b/xen/arch/x86/i387.c +@@ -17,19 +17,6 @@ + #include <asm/xstate.h> + #include <asm/asm_defns.h> + +-static void fpu_init(void) +-{ +- unsigned long val; +- +- asm volatile ( "fninit" ); +- if ( cpu_has_xmm ) +- { +- /* load default value into MXCSR control/status register */ +- val = MXCSR_DEFAULT; +- asm volatile ( "ldmxcsr %0" : : "m" (val) ); +- } +-} +- + /*******************************/ + /* FPU Restore Functions */ + /*******************************/ +@@ -248,15 +235,8 @@ void vcpu_restore_fpu_lazy(struct vcpu * + + if ( cpu_has_xsave ) + fpu_xrstor(v, XSTATE_LAZY); +- else if ( v->fpu_initialised ) +- { +- if ( cpu_has_fxsr ) +- fpu_fxrstor(v); +- else +- fpu_frstor(v); +- } + else +- fpu_init(); ++ fpu_fxrstor(v); + + v->fpu_initialised = 1; + v->fpu_dirtied = 1; +@@ -313,7 +293,14 @@ int vcpu_init_fpu(struct vcpu *v) + else + { + v->arch.fpu_ctxt = _xzalloc(sizeof(v->arch.xsave_area->fpu_sse), 16); +- if ( !v->arch.fpu_ctxt ) ++ if ( v->arch.fpu_ctxt ) ++ { ++ typeof(v->arch.xsave_area->fpu_sse) *fpu_sse = v->arch.fpu_ctxt; ++ ++ fpu_sse->fcw = FCW_DEFAULT; ++ fpu_sse->mxcsr = MXCSR_DEFAULT; ++ } ++ else + rc = -ENOMEM; + } + |