1 files changed, 46 insertions, 0 deletions

diff --git a/main/xen/xsa9-xen-4.1.patch b/main/xen/xsa9-xen-4.1.patch
new file mode 100644
index 0000000000..a0ded0c825
--- /dev/null
+++ b/main/xen/xsa9-xen-4.1.patch
@@ -0,0 +1,46 @@
+x86-64: detect processors subject to AMD erratum #121 and refuse to boot
+
+Processors with this erratum are subject to a DoS attack by unprivileged
+guest users.
+
+This is XSA-9 / CVE-2006-0744.
+
+Signed-off-by: Jan Beulich <JBeulich@suse.com>
+Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
+
+--- a/xen/arch/x86/cpu/amd.c
++++ b/xen/arch/x86/cpu/amd.c
+@@ -32,6 +32,9 @@
+ static char opt_famrev[14];
+ string_param("cpuid_mask_cpu", opt_famrev);
+ 
++static int opt_allow_unsafe;
++boolean_param("allow_unsafe", opt_allow_unsafe);
++
+ static inline void wrmsr_amd(unsigned int index, unsigned int lo, 
+ 		unsigned int hi)
+ {
+@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp
+ 		clear_bit(X86_FEATURE_MCE, c->x86_capability);
+ 
+ #ifdef __x86_64__
++	if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
++		panic("Xen will not boot on this CPU for security reasons.\n"
++		      "Pass \"allow_unsafe\" if you're trusting all your"
++		      " (PV) guest kernels.\n");
++
+ 	/* AMD CPUs do not support SYSENTER outside of legacy mode. */
+ 	clear_bit(X86_FEATURE_SEP, c->x86_capability);
+ 
+--- a/xen/include/asm-x86/amd.h
++++ b/xen/include/asm-x86/amd.h
+@@ -127,6 +127,9 @@
+ #define AMD_MODEL_RANGE_START(range)    (((range) >> 12) & 0xfff)
+ #define AMD_MODEL_RANGE_END(range)      ((range) & 0xfff)
+ 
++#define AMD_ERRATUM_121                                                 \
++    AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf))
++
+ #define AMD_ERRATUM_170                                                 \
+     AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf))
+