Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:114
xen.openSUSE_Evergreen_11.4
25480-x86_64-sysret-canonical.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 25480-x86_64-sysret-canonical.patch of Package xen.openSUSE_Evergreen_11.4
References: CVE-2012-0217, bnc#757537 # HG changeset patch # User Jan Beulich <JBeulich@suse.com> # Date 1339497220 -3600 # Node ID 76eaf5966c05a4a10fd29eee6968977fd9d4ce6d # Parent 61dfb3da56b0a3ac86f81f4a8770e11e1dbc2aa9 x86_64: Do not execute sysret with a non-canonical return address Check for non-canonical guest RIP before attempting to execute sysret. If sysret is executed with a non-canonical value in RCX, Intel CPUs take the fault in ring0, but we will necessarily already have switched to the the user's stack pointer. This is a security vulnerability, XSA-7 / CVE-2012-0217. Signed-off-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: Ian Campbell <Ian.Campbell@citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Tested-by: Ian Campbell <Ian.Campbell@citrix.com> Acked-by: Keir Fraser <keir.xen@gmail.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com> --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -51,6 +51,13 @@ restore_all_guest: testw $TRAP_syscall,4(%rsp) jz iret_exit_to_guest + /* Don't use SYSRET path if the return address is not canonical. */ + movq 8(%rsp),%rcx + sarq $47,%rcx + incl %ecx + cmpl $1,%ecx + ja .Lforce_iret + addq $8,%rsp popq %rcx # RIP popq %r11 # CS @@ -61,6 +68,10 @@ restore_all_guest: sysretq 1: sysretl +.Lforce_iret: + /* Mimic SYSRET behavior. */ + movq 8(%rsp),%rcx # RIP + movq 24(%rsp),%r11 # RFLAGS ALIGN /* No special register assumptions. */ iret_exit_to_guest:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor