Xen project Mailing List

[Xen-changelog] [xen-4.1-testing] xen: prevent a 64 bit guest setting reserved bits in DR7

From: Xen patchbot-4.1-testing <patchbot@xxxxxxx>

Date: Thu, 06 Sep 2012 18:11:08 +0000

Delivery-date: Thu, 06 Sep 2012 18:11:20 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch # User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> # Date 1346844474 -3600 # Node ID bcc3402927311c64cc04e59d3680680b09459da6 # Parent d28a9ba889c02f835df05bc007c2b4828d86cff2 xen: prevent a 64 bit guest setting reserved bits in DR7 The upper 32 bits of this register are reserved and should be written as zero. This is XSA-12 / CVE-2012-3494 Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- diff -r d28a9ba889c0 -r bcc340292731 xen/include/asm-x86/debugreg.h --- a/xen/include/asm-x86/debugreg.h Tue Sep 04 14:56:48 2012 +0200 +++ b/xen/include/asm-x86/debugreg.h Wed Sep 05 12:27:54 2012 +0100 @@ -58,7 +58,7 @@ We can slow the instruction pipeline for instructions coming via the gdt or the ldt if we want to. I am not sure why this is an advantage */ -#define DR_CONTROL_RESERVED_ZERO (0x0000d800ul) /* Reserved, read as zero */ +#define DR_CONTROL_RESERVED_ZERO (~0xffff27fful) /* Reserved, read as zero */ #define DR_CONTROL_RESERVED_ONE (0x00000400ul) /* Reserved, read as one */ #define DR_LOCAL_EXACT_ENABLE (0x00000100ul) /* Local exact enable */ #define DR_GLOBAL_EXACT_ENABLE (0x00000200ul) /* Global exact enable */ _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.