Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 440630 Details for
Bug 588780
<app-emulation/xen{,-tools}-4.6.3-r1, <app-emulation/xen-pvgrub-4.6.3: Multiple vulnerabilities (CVE-2016-6258)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
xsa183-4.6.patch
xsa183-4.6.patch (text/plain), 2.23 KB, created by
Aaron Bauman (RETIRED)
on 2016-07-13 19:40:50 UTC
(
hide
)
Description:
xsa183-4.6.patch
Filename:
MIME Type:
Creator:
Aaron Bauman (RETIRED)
Created:
2016-07-13 19:40:50 UTC
Size:
2.23 KB
patch
obsolete
>From 114e31ccf4ab4e787340032f3630638ea36b0b71 Mon Sep 17 00:00:00 2001 >From: Andrew Cooper <andrew.cooper3@citrix.com> >Date: Wed, 15 Jun 2016 18:32:14 +0100 >Subject: [PATCH] x86/entry: Avoid SMAP violation in > compat_create_bounce_frame() > >A 32bit guest kernel might be running on user mappings. >compat_create_bounce_frame() must whitelist its guest accesses to avoid >risking a SMAP violation. > >For both variants of create_bounce_frame(), re-blacklist user accesses if >execution exits via an exception table redirection. > >This is XSA-183 > >Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> >Reviewed-by: George Dunlap <george.dunlap@citrix.com> >--- > xen/arch/x86/x86_64/compat/entry.S | 3 +++ > xen/arch/x86/x86_64/entry.S | 1 + > 2 files changed, 4 insertions(+) > >diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S >index 0e3db7c..89c1e19 100644 >--- a/xen/arch/x86/x86_64/compat/entry.S >+++ b/xen/arch/x86/x86_64/compat/entry.S >@@ -351,6 +351,7 @@ compat_create_bounce_frame: > ASSERT_INTERRUPTS_ENABLED > mov %fs,%edi > testb $2,UREGS_cs+8(%rsp) >+ ASM_STAC > jz 1f > /* Push new frame at registered guest-OS stack base. */ > movl VCPU_kernel_sp(%rbx),%esi >@@ -403,6 +404,7 @@ UNLIKELY_START(nz, compat_bounce_failsafe) > movl %ds,%eax > .Lft12: movl %eax,%fs:0*4(%rsi) # DS > UNLIKELY_END(compat_bounce_failsafe) >+ ASM_CLAC > /* Rewrite our stack frame and return to guest-OS mode. */ > /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */ > andl $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\ >@@ -448,6 +450,7 @@ compat_crash_page_fault_4: > addl $4,%esi > compat_crash_page_fault: > .Lft14: mov %edi,%fs >+ ASM_CLAC > movl %esi,%edi > call show_page_walk > jmp dom_crash_sync_extable >diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S >index 6e27508..bdd1284 100644 >--- a/xen/arch/x86/x86_64/entry.S >+++ b/xen/arch/x86/x86_64/entry.S >@@ -462,6 +462,7 @@ domain_crash_page_fault_16: > domain_crash_page_fault_8: > addq $8,%rsi > domain_crash_page_fault: >+ ASM_CLAC > movq %rsi,%rdi > call show_page_walk > ENTRY(dom_crash_sync_extable) >-- >2.1.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=440630">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 588780
:
440622
|
440624
|
440628
| 440630 |
440632
