xen: patch for XSA-108.
This commit is contained in:
Juan RP
parent
817ba6ef50
commit
aee8f0789f
2 changed files with 37 additions and 3 deletions
36
srcpkgs/xen/patches/xsa108.patch
Normal file
36
srcpkgs/xen/patches/xsa108.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
x86/HVM: properly bound x2APIC MSR range
|
||||
|
||||
While the write path change appears to be purely cosmetic (but still
|
||||
gets done here for consistency), the read side mistake permitted
|
||||
accesses beyond the virtual APIC page.
|
||||
|
||||
Note that while this isn't fully in line with the specification
|
||||
(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal
|
||||
possible fix addressing the security issue and getting x2APIC related
|
||||
code into a consistent shape (elsewhere a 256 rather than 1024 wide
|
||||
window is being used too). This will be dealt with subsequently.
|
||||
|
||||
This is XSA-108.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
--- xen/arch/x86/hvm/hvm.c
|
||||
+++ xen/arch/x86/hvm/hvm.c
|
||||
@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int
|
||||
*msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
|
||||
break;
|
||||
|
||||
- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
|
||||
+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
|
||||
if ( hvm_x2apic_msr_read(v, msr, msr_content) )
|
||||
goto gp_fault;
|
||||
break;
|
||||
@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int
|
||||
vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
|
||||
break;
|
||||
|
||||
- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
|
||||
+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
|
||||
if ( hvm_x2apic_msr_write(v, msr, msr_content) )
|
||||
goto gp_fault;
|
||||
break;
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
pkgname=xen
|
||||
version=4.4.1
|
||||
wrksrc=xen-${version}
|
||||
revision=3
|
||||
revision=4
|
||||
short_desc="The Xen hypervisor utilities"
|
||||
maintainer="Juan RP <xtraeme@gmail.com>"
|
||||
homepage="http://xen.org"
|
||||
|
|
@ -117,7 +117,6 @@ do_install() {
|
|||
|
||||
xen-hypervisor_package() {
|
||||
short_desc="Xen Hypervisor"
|
||||
replaces="xen<4.3.1_2"
|
||||
nostrip_files="xen-syms-${version}"
|
||||
pkg_install() {
|
||||
vmove boot
|
||||
|
|
@ -134,7 +133,6 @@ xen-devel_package() {
|
|||
}
|
||||
xen-libs_package() {
|
||||
short_desc+=" - runtime libraries"
|
||||
replaces="xen<4.3.1_2"
|
||||
pkg_install() {
|
||||
vmove "usr/lib/*.so.*"
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue