diff options
Diffstat (limited to 'main/xen/xsa62.patch')
| -rw-r--r-- | main/xen/xsa62.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/main/xen/xsa62.patch b/main/xen/xsa62.patch deleted file mode 100644 index 3bb432762a..0000000000 --- a/main/xen/xsa62.patch +++ /dev/null @@ -1,46 +0,0 @@ -x86/xsave: initialize extended register state when guests enable it - -Till now, when setting previously unset bits in XCR0 we wouldn't touch -the active register state, thus leaving in the newly enabled registers -whatever a prior user of it left there, i.e. potentially leaking -information between guests. - -This is CVE-2013-1442 / XSA-62. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/xstate.c -+++ b/xen/arch/x86/xstate.c -@@ -307,6 +307,7 @@ int validate_xstate(u64 xcr0, u64 xcr0_a - int handle_xsetbv(u32 index, u64 new_bv) - { - struct vcpu *curr = current; -+ u64 mask; - - if ( index != XCR_XFEATURE_ENABLED_MASK ) - return -EOPNOTSUPP; -@@ -320,9 +321,23 @@ int handle_xsetbv(u32 index, u64 new_bv) - if ( !set_xcr0(new_bv) ) - return -EFAULT; - -+ mask = new_bv & ~curr->arch.xcr0_accum; - curr->arch.xcr0 = new_bv; - curr->arch.xcr0_accum |= new_bv; - -+ mask &= curr->fpu_dirtied ? ~XSTATE_FP_SSE : XSTATE_NONLAZY; -+ if ( mask ) -+ { -+ unsigned long cr0 = read_cr0(); -+ -+ clts(); -+ if ( curr->fpu_dirtied ) -+ asm ( "stmxcsr %0" : "=m" (curr->arch.xsave_area->fpu_sse.mxcsr) ); -+ xrstor(curr, mask); -+ if ( cr0 & X86_CR0_TS ) -+ write_cr0(cr0); -+ } -+ - return 0; - } - |