4cdbb395f2
grub2-x86_64-xen dependency not available xen.spec - More cleanup of README.SUSE - Update xen patch with upstream patch so that latest libvirt patch can work. (bnc#896044) + 53fcebab-xen-pass-kernel-initrd-to-qemu.patch - xen-pass-kernel-initrd-to-qemu.patch - bnc#895804 - VUL-0: CVE-2014-6268: xen: XSA-107: Mishandling of uninitialised FIFO-based event channel control blocks xsa107.patch - bnc#895802 - VUL-0: xen: XSA-106: Missing privilege level checks in x86 emulation of software interrupts xsa106.patch - bnc#895799 - VUL-0: xen: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation xsa105.patch - bnc#895798 - VUL-0: xen: XSA-104: Race condition in HVMOP_track_dirty_vram xsa104.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=331
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
x86/emulate: check cpl for all privileged instructions
|
|
|
|
Without this, it is possible for userspace to load its own IDT or GDT.
|
|
|
|
This is XSA-105.
|
|
|
|
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
|
|
@@ -3314,6 +3314,7 @@ x86_emulate(
|
|
goto swint;
|
|
|
|
case 0xf4: /* hlt */
|
|
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
|
|
ctxt->retire.flags.hlt = 1;
|
|
break;
|
|
|
|
@@ -3710,6 +3711,7 @@ x86_emulate(
|
|
break;
|
|
case 2: /* lgdt */
|
|
case 3: /* lidt */
|
|
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
|
|
generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
|
|
fail_if(ops->write_segment == NULL);
|
|
memset(®, 0, sizeof(reg));
|
|
@@ -3738,6 +3740,7 @@ x86_emulate(
|
|
case 6: /* lmsw */
|
|
fail_if(ops->read_cr == NULL);
|
|
fail_if(ops->write_cr == NULL);
|
|
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
|
|
if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
|
|
goto done;
|
|
if ( ea.type == OP_REG )
|