xen/5257a944-x86-check-for-canonical-address-before-doing-page-walks.patch

# Commit 6fd9b0361e2eb5a7f12bdd5cbf7e42c0d1937d26
# Date 2013-10-11 09:31:16 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: check for canonical address before doing page walks

... as there doesn't really exists any valid mapping for them.

Particularly in the case of do_page_walk() this also avoids returning
non-NULL for such invalid input.

Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>

--- a/xen/arch/x86/x86_64/mm.c
+++ b/xen/arch/x86/x86_64/mm.c
@@ -135,7 +135,7 @@ void *do_page_walk(struct vcpu *v, unsig
     l2_pgentry_t l2e, *l2t;
     l1_pgentry_t l1e, *l1t;
 
-    if ( is_hvm_vcpu(v) )
+    if ( is_hvm_vcpu(v) || !is_canonical_address(addr) )
         return NULL;
 
     l4t = map_domain_page(mfn);
--- a/xen/arch/x86/x86_64/traps.c
+++ b/xen/arch/x86/x86_64/traps.c
@@ -169,6 +169,8 @@ void show_page_walk(unsigned long addr)
     l1_pgentry_t l1e, *l1t;
 
     printk("Pagetable walk from %016lx:\n", addr);
+    if ( !is_canonical_address(addr) )
+        return;
 
     l4t = map_domain_page(mfn);
     l4e = l4t[l4_table_offset(addr)];
- domUloader can no longer be used with the xl toolstack to boot sles10. Patch pygrub to get the kernel and initrd from the image. pygrub-boot-legacy-sles.patch - bnc#842515 - VUL-0: CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak CVE-2013-4375-xsa71.patch - Upstream patches from Jan 52496bea-x86-properly-handle-hvm_copy_from_guest_-phys-virt-errors.patch (Replaces CVE-2013-4355-xsa63.patch) 52496c11-x86-mm-shadow-Fix-initialization-of-PV-shadow-L4-tables.patch (Replaces CVE-2013-4356-xsa64.patch) 52496c32-x86-properly-set-up-fbld-emulation-operand-address.patch (Replaces CVE-2013-4361-xsa66.patch) 52497c6c-x86-don-t-blindly-create-L3-tables-for-the-direct-map.patch 524e971b-x86-idle-Fix-get_cpu_idle_time-s-interaction-with-offline-pcpus.patch 524e9762-x86-percpu-Force-INVALID_PERCPU_AREA-to-non-canonical.patch 524e983e-Nested-VMX-check-VMX-capability-before-read-VMX-related-MSRs.patch 524e98b1-Nested-VMX-fix-IA32_VMX_CR4_FIXED1-msr-emulation.patch 524e9dc0-xsm-forbid-PV-guest-console-reads.patch 5256a979-x86-check-segment-descriptor-read-result-in-64-bit-OUTS-emulation.patch 5256be57-libxl-fix-vif-rate-parsing.patch 5256be84-tools-ocaml-fix-erroneous-free-of-cpumap-in-stub_xc_vcpu_getaffinity.patch 5256be92-libxl-fix-out-of-memory-error-handling-in-libxl_list_cpupool.patch 5257a89a-x86-correct-LDT-checks.patch 5257a8e7-x86-add-address-validity-check-to-guest_map_l1e.patch 5257a944-x86-check-for-canonical-address-before-doing-page-walks.patch 525b95f4-scheduler-adjust-internal-locking-interface.patch 525b9617-sched-fix-race-between-sched_move_domain-and-vcpu_wake.patch 525e69e8-credit-unpause-parked-vcpu-before-destroying-it.patch 525faf5e-x86-print-relevant-tail-part-of-filename-for-warnings-and-crashes.patch - bnc#840196 - L3: MTU size on Dom0 gets reset when booting DomU OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=276 2013-10-24 23:00:35 +02:00			`# Commit 6fd9b0361e2eb5a7f12bdd5cbf7e42c0d1937d26`
			`# Date 2013-10-11 09:31:16 +0200`
			`# Author Jan Beulich <jbeulich@suse.com>`
			`# Committer Jan Beulich <jbeulich@suse.com>`
			`x86: check for canonical address before doing page walks`

			`... as there doesn't really exists any valid mapping for them.`

			`Particularly in the case of do_page_walk() this also avoids returning`
			`non-NULL for such invalid input.`

			`Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>`
			`Signed-off-by: Jan Beulich <jbeulich@suse.com>`
			`Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>`
			`Acked-by: Keir Fraser <keir@xen.org>`

			`--- a/xen/arch/x86/x86_64/mm.c`
			`+++ b/xen/arch/x86/x86_64/mm.c`
			`@@ -135,7 +135,7 @@ void do_page_walk(struct vcpu v, unsig`
			`l2_pgentry_t l2e, *l2t;`
			`l1_pgentry_t l1e, *l1t;`

			`- if ( is_hvm_vcpu(v) )`
			`+ if ( is_hvm_vcpu(v) \|\| !is_canonical_address(addr) )`
			`return NULL;`

			`l4t = map_domain_page(mfn);`
			`--- a/xen/arch/x86/x86_64/traps.c`
			`+++ b/xen/arch/x86/x86_64/traps.c`
			`@@ -169,6 +169,8 @@ void show_page_walk(unsigned long addr)`
			`l1_pgentry_t l1e, *l1t;`

			`printk("Pagetable walk from %016lx:\n", addr);`
			`+ if ( !is_canonical_address(addr) )`
			`+ return;`

			`l4t = map_domain_page(mfn);`
			`l4e = l4t[l4_table_offset(addr)];`