pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3f55414718
xen/24153-x86-emul-feature-checks.patch
Charles Arnold 3f55414718 - Update to Xen 4.1.3 c/s 23336 
- Upstream or pending upstream patches from Jan
  25587-fix-off-by-one-parsing-error.patch
  25616-x86-MCi_CTL-default.patch
  25617-vtd-qinval-addr.patch
  25688-x86-nr_irqs_gsi.patch
- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m
  teardown host DoS vulnerability
  CVE-2012-3433-xsa11.patch
- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO
  emulation DoS
  25682-x86-inconsistent-io-state.patch

- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't
  check the size of the bzip2 or lzma compressed kernel, leading to
  denial of service
  25589-pygrub-size-limits.patch

- Make it build with latest TeXLive 2012 with new package layout

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=196
2012-08-10 21:38:41 +00:00

110 lines
3.5 KiB
Diff
Raw Blame History

# HG changeset patch
# User Jan Beulich <jbeulich@suse.com>
# Date 1321459471 0
# Node ID 644ca5d3ec435f3372ce88a4de86909bd4033819
# Parent 1cbb3c1dfb3203f5344a6c1c52507b9e75af6742
x86/emulator: add feature checks for newer instructions
Certain instructions were introduced only after the i686 or original
x86-64 architecture, so we should not try to emulate them if the guest
is not seeing the respective feature enabled (or, worse, if the
underlying hardware doesn't support them). This affects fisttp,
movnti, and cmpxchg16b.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Index: xen-4.1.3-testing/xen/arch/x86/x86_emulate/x86_emulate.c
===================================================================
--- xen-4.1.3-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c
+++ xen-4.1.3-testing/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -955,6 +955,47 @@ in_protmode(
return !(in_realmode(ctxt, ops) || (ctxt->regs->eflags & EFLG_VM));
}
+#define EAX 0
+#define ECX 1
+#define EDX 2
+#define EBX 3
+
+static bool_t vcpu_has(
+ unsigned int eax,
+ unsigned int reg,
+ unsigned int bit,
+ struct x86_emulate_ctxt *ctxt,
+ const struct x86_emulate_ops *ops)
+{
+ unsigned int ebx = 0, ecx = 0, edx = 0;
+ int rc;
+
+ fail_if(!ops->cpuid);
+ rc = ops->cpuid(&eax, &ebx, &ecx, &edx, ctxt);
+ if ( rc == X86EMUL_OKAY )
+ {
+ switch ( reg )
+ {
+ case EAX: reg = eax; break;
+ case EBX: reg = ebx; break;
+ case ECX: reg = ecx; break;
+ case EDX: reg = edx; break;
+ default: BUG();
+ }
+ if ( !(reg & (1U << bit)) )
+ rc = ~X86EMUL_OKAY;
+ }
+
+ done:
+ return rc == X86EMUL_OKAY;
+}
+
+#define vcpu_must_have(leaf, reg, bit) \
+ generate_exception_if(!vcpu_has(leaf, reg, bit, ctxt, ops), EXC_UD, -1)
+#define vcpu_must_have_sse2() vcpu_must_have(0x00000001, EDX, 26)
+#define vcpu_must_have_sse3() vcpu_must_have(0x00000001, ECX, 0)
+#define vcpu_must_have_cx16() vcpu_must_have(0x00000001, ECX, 13)
+
static int
in_longmode(
struct x86_emulate_ctxt *ctxt,
@@ -2741,6 +2782,7 @@ x86_emulate(
emulate_fpu_insn_memsrc("fildl", src.val);
break;
case 1: /* fisttp m32i */
+ vcpu_must_have_sse3();
ea.bytes = 4;
dst = ea;
dst.type = OP_MEM;
@@ -2849,6 +2891,7 @@ x86_emulate(
emulate_fpu_insn_memsrc("fldl", src.val);
break;
case 1: /* fisttp m64i */
+ vcpu_must_have_sse3();
ea.bytes = 8;
dst = ea;
dst.type = OP_MEM;
@@ -2956,6 +2999,7 @@ x86_emulate(
emulate_fpu_insn_memsrc("fild", src.val);
break;
case 1: /* fisttp m16i */
+ vcpu_must_have_sse3();
ea.bytes = 2;
dst = ea;
dst.type = OP_MEM;
@@ -4144,6 +4188,7 @@ x86_emulate(
case 0xc3: /* movnti */
/* Ignore the non-temporal hint for now. */
+ vcpu_must_have_sse2();
generate_exception_if(dst.bytes <= 2, EXC_UD, -1);
dst.val = src.val;
break;
@@ -4154,6 +4199,8 @@ x86_emulate(
generate_exception_if((modrm_reg & 7) != 1, EXC_UD, -1);
generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
+ if ( op_bytes == 8 )
+ vcpu_must_have_cx16();
op_bytes *= 2;
/* Get actual old value. */
Reference in New Issue View Git Blame Copy Permalink