File 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch of Package xen.openSUSE_Leap_42.3_Update

# Commit 03bd8c3a70d101fc2f8f36f1e171b7594462a4cd
# Date 2018-01-05 19:57:08 +0000
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/entry: Erase guest GPR state on entry to Xen

This reduces the number of code gadgets which can be attacked with arbitrary
guest-controlled GPR values.

This is part of XSA-254.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>

--- a/xen/include/asm-x86/asm_defns.h
+++ b/xen/include/asm-x86/asm_defns.h
@@ -217,22 +217,34 @@ static always_inline void stac(void)
         addq  $-(UREGS_error_code-UREGS_r15), %rsp
         cld
         movq  %rdi,UREGS_rdi(%rsp)
+        xor   %edi, %edi
         movq  %rsi,UREGS_rsi(%rsp)
+        xor   %esi, %esi
         movq  %rdx,UREGS_rdx(%rsp)
+        xor   %edx, %edx
         movq  %rcx,UREGS_rcx(%rsp)
+        xor   %ecx, %ecx
         movq  %rax,UREGS_rax(%rsp)
+        xor   %eax, %eax
 .if !\compat
         movq  %r8,UREGS_r8(%rsp)
         movq  %r9,UREGS_r9(%rsp)
         movq  %r10,UREGS_r10(%rsp)
         movq  %r11,UREGS_r11(%rsp)
 .endif
+        xor   %r8, %r8
+        xor   %r9, %r9
+        xor   %r10, %r10
+        xor   %r11, %r11
         movq  %rbx,UREGS_rbx(%rsp)
+        xor   %ebx, %ebx
         movq  %rbp,UREGS_rbp(%rsp)
 #ifdef CONFIG_FRAME_POINTER
 /* Indicate special exception stack frame by inverting the frame pointer. */
         leaq  UREGS_rbp(%rsp), %rbp
         notq  %rbp
+#else
+        xor   %ebp, %ebp
 #endif
 .if !\compat
         movq  %r12,UREGS_r12(%rsp)
@@ -240,6 +252,10 @@ static always_inline void stac(void)
         movq  %r14,UREGS_r14(%rsp)
         movq  %r15,UREGS_r15(%rsp)
 .endif
+        xor   %r12, %r12
+        xor   %r13, %r13
+        xor   %r14, %r14
+        xor   %r15, %r15
 .endm
 
 #define LOAD_ONE_REG(reg, compat) \