[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] xen: arm: Correctly handle do_sysreg exception injection from 64-bit userspace



commit 0ddedcb8748f6db39f1825d5b2bb7d09fdabbaf2
Author:     Ian Campbell <ian.campbell@xxxxxxxxxx>
AuthorDate: Tue Aug 12 15:50:13 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Aug 12 15:50:13 2014 +0200

    xen: arm: Correctly handle do_sysreg exception injection from 64-bit 
userspace
    
    The do_sysreg case was missing a return, so it would increment PC and
    inject the trap to the second instruction of the handler.
    
    This is CVE-2014-5148 / XSA-103.
    
    Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
    Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
    Acked-by: Julien Grall <julien.grall@xxxxxxxxxx>
    master commit: f2ae8bfa498831ee6343d672066b898d3cd73892
    master date: 2014-08-12 15:38:01 +0200
---
 xen/arch/arm/traps.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index e763f12..4c910c8 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1683,6 +1683,7 @@ static void do_sysreg(struct cpu_user_regs *regs,
                      hsr.bits & HSR_SYSREG_REGS_MASK);
 #endif
             inject_undef_exception(regs, sysreg.len);
+            return;
         }
     }
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.