[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.1] x86/xsave: initialize unused register state when restoring for guest

commit 5238678b8fec15a90460378fc8c67362f73f6fdc
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Sep 25 12:11:52 2013 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Sep 25 12:11:52 2013 +0200

    x86/xsave: initialize unused register state when restoring for guest
    
    In order to avoid leaking register contents from the prior use of the
    registers restored through xrstor due to a guest enabling certain xcr0
    bits late (particularly after the context restor in question), force
    restoring of all known registers (the ones that never got saved would
    be forced to their init state).
    
    This is CVE-2013-1442 / XSA-62.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 63a75ba0de817d6f384f96d25427a05c313e2179
    master date: 2013-09-25 10:41:25 +0200
---
 xen/arch/x86/i387.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/i387.c b/xen/arch/x86/i387.c
index bba14ca..011a55a 100644
--- a/xen/arch/x86/i387.c
+++ b/xen/arch/x86/i387.c
@@ -103,9 +103,9 @@ void setup_fpu(struct vcpu *v)
     {
         /*
          * XCR0 normally represents what guest OS set. In case of Xen itself, 
-         * we set all supported feature mask before doing save/restore.
+         * we set all supported feature mask before restoring.
          */
-        set_xcr0(v->arch.xcr0_accum);
+        set_xcr0(xfeature_mask);
         xrstor(v);
         set_xcr0(v->arch.xcr0);
     }
@@ -149,7 +149,7 @@ void save_init_fpu(struct vcpu *v)
     if ( xsave_enabled(v) )
     {
         /* XCR0 normally represents what guest OS set. In case of Xen itself,
-         * we set all accumulated feature mask before doing save/restore.
+         * we set all accumulated feature mask before saving.
          */
         set_xcr0(v->arch.xcr0_accum);
         if ( cpu_has_xsaveopt )
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.1

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.