3c2f525a91
libxl.pvscsi.patch - bnc#875668 - VUL-0: CVE-2014-3124: xen: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch (replaces xsa92.patch) - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch - Upstream patches from Jan 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch 53636ebf-x86-fix-guest-CPUID-handling.patch - Fix pygrub to handle VM with no grub/menu.lst file. - Don't use /var/run/xend/boot for temporary boot directory pygrub-boot-legacy-sles.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=314
82 lines
2.5 KiB
Diff
82 lines
2.5 KiB
Diff
# Commit 4c0ff6bd54b5a67f8f820f9ed0a89a79f1a26a1c
|
|
# Date 2014-05-02 12:09:03 +0200
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86: fix guest CPUID handling
|
|
|
|
The way XEN_DOMCTL_set_cpuid got handled so far allowed for surprises
|
|
to the caller. With this set of operations
|
|
- set leaf A (using array index 0)
|
|
- set leaf B (using array index 1)
|
|
- clear leaf A (clearing array index 0)
|
|
- set leaf B (using array index 0)
|
|
- clear leaf B (clearing array index 0)
|
|
the entry for leaf B at array index 1 would still be in place, while
|
|
the caller would expect it to be cleared.
|
|
|
|
While looking at the use sites of d->arch.cpuid[] I also noticed that
|
|
the allocation of the array needlessly uses the zeroing form - the
|
|
relevant fields of the array elements get set in a loop immediately
|
|
following the allocation.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Reviewed-by: Tim Deegan <tim@xen.org>
|
|
|
|
--- a/xen/arch/x86/domain.c
|
|
+++ b/xen/arch/x86/domain.c
|
|
@@ -553,7 +553,7 @@ int arch_domain_create(struct domain *d,
|
|
|
|
if ( !is_idle_domain(d) )
|
|
{
|
|
- d->arch.cpuids = xzalloc_array(cpuid_input_t, MAX_CPUID_INPUT);
|
|
+ d->arch.cpuids = xmalloc_array(cpuid_input_t, MAX_CPUID_INPUT);
|
|
rc = -ENOMEM;
|
|
if ( d->arch.cpuids == NULL )
|
|
goto fail;
|
|
--- a/xen/arch/x86/domctl.c
|
|
+++ b/xen/arch/x86/domctl.c
|
|
@@ -920,7 +920,7 @@ long arch_do_domctl(
|
|
case XEN_DOMCTL_set_cpuid:
|
|
{
|
|
xen_domctl_cpuid_t *ctl = &domctl->u.cpuid;
|
|
- cpuid_input_t *cpuid = NULL;
|
|
+ cpuid_input_t *cpuid, *unused = NULL;
|
|
int i;
|
|
|
|
for ( i = 0; i < MAX_CPUID_INPUT; i++ )
|
|
@@ -928,7 +928,11 @@ long arch_do_domctl(
|
|
cpuid = &d->arch.cpuids[i];
|
|
|
|
if ( cpuid->input[0] == XEN_CPUID_INPUT_UNUSED )
|
|
- break;
|
|
+ {
|
|
+ if ( !unused )
|
|
+ unused = cpuid;
|
|
+ continue;
|
|
+ }
|
|
|
|
if ( (cpuid->input[0] == ctl->input[0]) &&
|
|
((cpuid->input[1] == XEN_CPUID_INPUT_UNUSED) ||
|
|
@@ -936,15 +940,12 @@ long arch_do_domctl(
|
|
break;
|
|
}
|
|
|
|
- if ( i == MAX_CPUID_INPUT )
|
|
- {
|
|
- ret = -ENOENT;
|
|
- }
|
|
+ if ( i < MAX_CPUID_INPUT )
|
|
+ *cpuid = *ctl;
|
|
+ else if ( unused )
|
|
+ *unused = *ctl;
|
|
else
|
|
- {
|
|
- memcpy(cpuid, ctl, sizeof(cpuid_input_t));
|
|
- ret = 0;
|
|
- }
|
|
+ ret = -ENOENT;
|
|
}
|
|
break;
|
|
|