[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] x86/pv: Prohibit attempts to initialise a vcpu with EFLAGS.{NT, VM} set

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Thu, 31 Aug 2017 18:07:26 +0100
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Thu, 31 Aug 2017 17:07:55 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Luckily, this isn't a security issue, because the fix for XSA-202 (c/s
0e47f92b072) took a proactive aproach and clobbered these flags on the
exit-to-guest path.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
---
 xen/arch/x86/domain.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index dbddc53..ced1d2e 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -765,7 +765,8 @@ int arch_set_info_guest(
                  !is_canonical_address(c.nat->gs_base_user) ||
                  !is_canonical_address(c.nat->event_callback_eip) ||
                  !is_canonical_address(c.nat->syscall_callback_eip) ||
-                 !is_canonical_address(c.nat->failsafe_callback_eip) )
+                 !is_canonical_address(c.nat->failsafe_callback_eip) ||
+                 (c.nat->user_regs.rflags & (X86_EFLAGS_NT|X86_EFLAGS_VM)) )
                 return -EINVAL;
 
             fixup_guest_stack_selector(d, c.nat->user_regs.ss);
@@ -784,6 +785,9 @@ int arch_set_info_guest(
         }
         else
         {
+            if ( c.nat->user_regs.eflags & (X86_EFLAGS_NT|X86_EFLAGS_VM) )
+                return -EINVAL;
+
             fixup_guest_stack_selector(d, c.cmp->user_regs.ss);
             fixup_guest_stack_selector(d, c.cmp->kernel_ss);
             fixup_guest_code_selector(d, c.cmp->user_regs.cs);
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Prev by Date: [Xen-devel] [libvirt test] 112974: tolerable trouble: blocked/broken/pass - PUSHED
Next by Date: [Xen-devel] [xen-unstable-smoke test] 112988: tolerable trouble: broken/pass - PUSHED
Previous by thread: [Xen-devel] [libvirt test] 112974: tolerable trouble: blocked/broken/pass - PUSHED
Next by thread: [Xen-devel] [xen-unstable-smoke test] 112988: tolerable trouble: broken/pass - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.