Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 434658 Details for
Bug 583462
<app-emulation/xen-4.6.1-r2, <app-emulation/xen-tools-4.6.1-r3: x86 software guest page walk PS bit handling flaw - XSA-176 (CVE-2016-4480)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
xsa176 Patch - as in Document
xsa176.patch (text/plain), 1.47 KB, created by
Yury German
on 2016-05-19 02:36:28 UTC
(
hide
)
Description:
xsa176 Patch - as in Document
Filename:
MIME Type:
Creator:
Yury German
Created:
2016-05-19 02:36:28 UTC
Size:
1.47 KB
patch
obsolete
>x86/mm: fully honor PS bits in guest page table walks > >In L4 entries it is currently unconditionally reserved (and hence >should, when set, always result in a reserved bit page fault), and is >reserved on hardware not supporting 1Gb pages (and hence should, when >set, similarly cause a reserved bit page fault on such hardware). > >This is CVE-2016-4480 / XSA-176. > >Signed-off-by: Jan Beulich <jbeulich@suse.com> >Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> >Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> > >--- a/xen/arch/x86/mm/guest_walk.c >+++ b/xen/arch/x86/mm/guest_walk.c >@@ -226,6 +226,11 @@ guest_walk_tables(struct vcpu *v, struct > rc |= _PAGE_PRESENT; > goto out; > } >+ if ( gflags & _PAGE_PSE ) >+ { >+ rc |= _PAGE_PSE | _PAGE_INVALID_BIT; >+ goto out; >+ } > rc |= ((gflags & mflags) ^ mflags); > > /* Map the l3 table */ >@@ -247,7 +252,7 @@ guest_walk_tables(struct vcpu *v, struct > } > rc |= ((gflags & mflags) ^ mflags); > >- pse1G = (gflags & _PAGE_PSE) && guest_supports_1G_superpages(v); >+ pse1G = !!(gflags & _PAGE_PSE); > > if ( pse1G ) > { >@@ -267,6 +272,8 @@ guest_walk_tables(struct vcpu *v, struct > /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */ > flags &= ~_PAGE_PAT; > >+ if ( !guest_supports_1G_superpages(v) ) >+ rc |= _PAGE_PSE | _PAGE_INVALID_BIT; > if ( gfn_x(start) & GUEST_L3_GFN_MASK & ~0x1 ) > rc |= _PAGE_INVALID_BITS; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 583462
: 434658