xen/CVE-2013-4361-xsa66.patch

References: bnc#841766 CVE-2013-4361 XSA-66

x86: properly set up fbld emulation operand address

This is CVE-2013-4361 / XSA-66.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -3156,11 +3156,11 @@ x86_emulate(
                 break;
             case 4: /* fbld m80dec */
                 ea.bytes = 10;
-                dst = ea;
+                src = ea;
                 if ( (rc = ops->read(src.mem.seg, src.mem.off,
                                      &src.val, src.bytes, ctxt)) != 0 )
                     goto done;
-                emulate_fpu_insn_memdst("fbld", src.val);
+                emulate_fpu_insn_memsrc("fbld", src.val);
                 break;
             case 5: /* fild m64i */
                 ea.bytes = 8;
- Improvements to block-dmmd script bnc#828623 - bnc#839596 - VUL-0: CVE-2013-1442: XSA-62: xen: Information leak on AVX and/or LWP capable CPUs 5242a1b5-x86-xsave-initialize-extended-register-state-when-guests-enable-it.patch - bnc#840592 - VUL-0: CVE-2013-4355: XSA-63: xen: Information leaks through I/O instruction emulation CVE-2013-4355-xsa63.patch - bnc#840593 - VUL-0: CVE-2013-4356: XSA-64: xen: Memory accessible by 64-bit PV guests under live migration CVE-2013-4356-xsa64.patch - bnc#841766 - VUL-1: CVE-2013-4361: XSA-66: xen: Information leak through fbld instruction emulation CVE-2013-4361-xsa66.patch - bnc#833796 - L3: Xen: migration broken from xsave-capable to xsave-incapable host 52205e27-x86-xsave-initialization-improvements.patch 522dc0e6-x86-xsave-fix-migration-from-xsave-capable-to-xsave-incapable-host.patch - bnc#839600 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and sles11sp3 with xen environment, xen hypervisor will panic on multiple blades nPar. 523172d5-x86-fix-memory-cut-off-when-using-PFN-compression.patch - bnc#833251 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. 522d896b-x86-EFI-properly-handle-run-time-memory-regions-outside-the-1-1-map.patch - bnc#834751 - [HP BCS SLES11 Bug]: In xen, “shutdown –y 0 –h” cannot power off system 522d896b-x86-EFI-properly-handle-run-time-memory-regions-outside-the-1-1-map.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=274 2013-10-03 00:41:46 +02:00			`References: bnc#841766 CVE-2013-4361 XSA-66`

			`x86: properly set up fbld emulation operand address`

			`This is CVE-2013-4361 / XSA-66.`

			`Signed-off-by: Jan Beulich <jbeulich@suse.com>`
			`Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>`

			`--- a/xen/arch/x86/x86_emulate/x86_emulate.c`
			`+++ b/xen/arch/x86/x86_emulate/x86_emulate.c`
			`@@ -3156,11 +3156,11 @@ x86_emulate(`
			`break;`
			`case 4: /* fbld m80dec */`
			`ea.bytes = 10;`
			`- dst = ea;`
			`+ src = ea;`
			`if ( (rc = ops->read(src.mem.seg, src.mem.off,`
			`&src.val, src.bytes, ctxt)) != 0 )`
			`goto done;`
			`- emulate_fpu_insn_memdst("fbld", src.val);`
			`+ emulate_fpu_insn_memsrc("fbld", src.val);`
			`break;`
			`case 5: /* fild m64i */`
			`ea.bytes = 8;`