646cd8897b
Updated block-dmmd script - fate#310510 - fix xenpaging restore changes to integrate paging into xm/xend xenpaging.autostart.patch xenpaging.doc.patch - bnc#787163 - VUL-0: CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk (XSA 25) CVE-2012-4544-xsa25.patch - bnc#779212 - VUL-0: CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) CVE-2012-4411-xsa19.patch - bnc#786516 - VUL-0: CVE-2012-4535: xen: Timer overflow DoS vulnerability CVE-2012-4535-xsa20.patch - bnc#786518 - VUL-0: CVE-2012-4536: xen: pirq range check DoS vulnerability CVE-2012-4536-xsa21.patch - bnc#786517 - VUL-0: CVE-2012-4537: xen: Memory mapping failure DoS vulnerability CVE-2012-4537-xsa22.patch - bnc#786519 - VUL-0: CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability CVE-2012-4538-xsa23.patch - bnc#786520 - VUL-0: CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=212
62 lines
2.0 KiB
Diff
62 lines
2.0 KiB
Diff
# HG changeset patch
|
|
# User Christoph Egger <Christoph.Egger@amd.com>
|
|
# Date 1350976467 -7200
|
|
# Node ID d642720e1ea996ce85203fc9718f64cf2cab0468
|
|
# Parent a7503ce27d462056421c6d74737cee08ab4ae31e
|
|
nestedsvm: fix VMEXIT emulation
|
|
|
|
Values in regs can be newer than those in the shadow vmcb (e.g. due to
|
|
an instruction emulation right before). So use the values from regs.
|
|
|
|
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
Acked-by: Tim Deegan <tim@xen.org>
|
|
Committed-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
|
|
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
|
|
@@ -995,7 +995,7 @@ nsvm_vmcb_guest_intercepts_trap(struct v
|
|
}
|
|
|
|
static int
|
|
-nsvm_vmcb_prepare4vmexit(struct vcpu *v)
|
|
+nsvm_vmcb_prepare4vmexit(struct vcpu *v, struct cpu_user_regs *regs)
|
|
{
|
|
struct nestedvcpu *nv = &vcpu_nestedhvm(v);
|
|
struct nestedsvm *svm = &vcpu_nestedsvm(v);
|
|
@@ -1119,17 +1119,22 @@ nsvm_vmcb_prepare4vmexit(struct vcpu *v)
|
|
ns_vmcb->_dr7 = n2vmcb->_dr7;
|
|
ns_vmcb->_dr6 = n2vmcb->_dr6;
|
|
|
|
+ /* Restore registers from regs as those values
|
|
+ * can be newer than in n2vmcb (e.g. due to an
|
|
+ * instruction emulation right before).
|
|
+ */
|
|
+
|
|
/* RFLAGS */
|
|
- ns_vmcb->rflags = n2vmcb->rflags;
|
|
+ ns_vmcb->rflags = n2vmcb->rflags = regs->eflags;
|
|
|
|
/* RIP */
|
|
- ns_vmcb->rip = n2vmcb->rip;
|
|
+ ns_vmcb->rip = n2vmcb->rip = regs->eip;
|
|
|
|
/* RSP */
|
|
- ns_vmcb->rsp = n2vmcb->rsp;
|
|
+ ns_vmcb->rsp = n2vmcb->rsp = regs->esp;
|
|
|
|
/* RAX */
|
|
- ns_vmcb->rax = n2vmcb->rax;
|
|
+ ns_vmcb->rax = n2vmcb->rax = regs->eax;
|
|
|
|
/* Keep the l2 guest values of the fs, gs, ldtr, tr, kerngsbase,
|
|
* star, lstar, cstar, sfmask, sysenter_cs, sysenter_esp,
|
|
@@ -1363,7 +1368,7 @@ nestedsvm_vmexit_n2n1(struct vcpu *v, st
|
|
ASSERT(vcpu_nestedhvm(v).nv_vmswitch_in_progress);
|
|
ASSERT(nestedhvm_vcpu_in_guestmode(v));
|
|
|
|
- rc = nsvm_vmcb_prepare4vmexit(v);
|
|
+ rc = nsvm_vmcb_prepare4vmexit(v, regs);
|
|
if (rc)
|
|
ret = NESTEDHVM_VMEXIT_ERROR;
|
|
|