[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-4.0-testing] xen: prevent a 64 bit guest setting reserved bits in DR7


  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-4.0-testing <patchbot@xxxxxxx>
  • Date: Wed, 05 Sep 2012 21:11:07 +0000
  • Delivery-date: Wed, 05 Sep 2012 21:11:15 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
# Date 1346844478 -3600
# Node ID 92334c7f577e04ab121ee4ce1252ed7edb2a6892
# Parent  228e6f382d5d239d969c04448e045e2b74077f10
xen: prevent a 64 bit guest setting reserved bits in DR7

The upper 32 bits of this register are reserved and should be written as
zero.

This is XSA-12 / CVE-2012-3494

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---


diff -r 228e6f382d5d -r 92334c7f577e xen/include/asm-x86/debugreg.h
--- a/xen/include/asm-x86/debugreg.h    Thu Aug 09 16:48:19 2012 +0100
+++ b/xen/include/asm-x86/debugreg.h    Wed Sep 05 12:27:58 2012 +0100
@@ -58,7 +58,7 @@
    We can slow the instruction pipeline for instructions coming via the
    gdt or the ldt if we want to.  I am not sure why this is an advantage */
 
-#define DR_CONTROL_RESERVED_ZERO (0x0000d800ul) /* Reserved, read as zero */
+#define DR_CONTROL_RESERVED_ZERO (~0xffff27fful) /* Reserved, read as zero */
 #define DR_CONTROL_RESERVED_ONE  (0x00000400ul) /* Reserved, read as one */
 #define DR_LOCAL_EXACT_ENABLE    (0x00000100ul) /* Local exact enable */
 #define DR_GLOBAL_EXACT_ENABLE   (0x00000200ul) /* Global exact enable */

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.