File 25814-x86_64-set-debugreg-guest.patch of Package xen.openSUSE_12.1_Update

References: bnc#777090

# HG changeset patch
# User Ian Jackson <Ian.Jackson@eu.citrix.com>
# Date 1346844445 -3600
# Node ID 4f1c696482016e7ba76f222c5875618c37680286
# Parent  9dc729b7559535af78209f325c76b16c767ef7bf
xen: prevent a 64 bit guest setting reserved bits in DR7

The upper 32 bits of this register are reserved and should be written as
zero.

This is XSA-12 / CVE-2012-3494

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>

--- a/xen/include/asm-x86/debugreg.h
+++ b/xen/include/asm-x86/debugreg.h
@@ -58,7 +58,7 @@
    We can slow the instruction pipeline for instructions coming via the
    gdt or the ldt if we want to.  I am not sure why this is an advantage */
 
-#define DR_CONTROL_RESERVED_ZERO (0x0000d800ul) /* Reserved, read as zero */
+#define DR_CONTROL_RESERVED_ZERO (~0xffff27fful) /* Reserved, read as zero */
 #define DR_CONTROL_RESERVED_ONE  (0x00000400ul) /* Reserved, read as one */
 #define DR_LOCAL_EXACT_ENABLE    (0x00000100ul) /* Local exact enable */
 #define DR_GLOBAL_EXACT_ENABLE   (0x00000200ul) /* Global exact enable */

Places

File 25814-x86_64-set-debugreg-guest.patch of Package xen.openSUSE_12.1_Update

Places