diff options
Diffstat (limited to 'main/xen/xsa54.patch')
| -rw-r--r-- | main/xen/xsa54.patch | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/main/xen/xsa54.patch b/main/xen/xsa54.patch deleted file mode 100644 index 83c8993d6a..0000000000 --- a/main/xen/xsa54.patch +++ /dev/null @@ -1,24 +0,0 @@ -x86/xsave: properly check guest input to XSETBV - -Other than the HVM emulation path, the PV case so far failed to check -that YMM state requires SSE state to be enabled, allowing for a #GP to -occur upon passing the inputs to XSETBV inside the hypervisor. - -This is CVE-2013-2078 / XSA-54. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -2205,6 +2205,11 @@ static int emulate_privileged_op(struct - if ( !(new_xfeature & XSTATE_FP) || (new_xfeature & ~xfeature_mask) ) - goto fail; - -+ /* YMM state takes SSE state as prerequisite. */ -+ if ( (xfeature_mask & new_xfeature & XSTATE_YMM) && -+ !(new_xfeature & XSTATE_SSE) ) -+ goto fail; -+ - v->arch.xcr0 = new_xfeature; - v->arch.xcr0_accum |= new_xfeature; - set_xcr0(new_xfeature); |