1 |
idella4 13/12/06 14:13:04 |
2 |
|
3 |
Added: xen-CVE-2013-6885-XSA-82.patch |
4 |
Log: |
5 |
revbumps; add sec XSA-82.patch, remove old |
6 |
|
7 |
(Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: xen-CVE-2013-6885-XSA-82.patch |
16 |
=================================================================== |
17 |
http://seclists.org/oss-sec/2013/q4/att-385/xsa82.patch |
18 |
x86/AMD: work around erratum 793 |
19 |
|
20 |
The recommendation is to set a bit in an MSR - do this if the firmware |
21 |
didn't, considering that otherwise we expose ourselves to a guest |
22 |
induced DoS. |
23 |
|
24 |
This is CVE-2013-6885 / XSA-82. |
25 |
|
26 |
Signed-off-by: Jan Beulich <jbeulich@××××.com> |
27 |
Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@×××.com> |
28 |
|
29 |
--- a/xen/arch/x86/cpu/amd.c |
30 |
+++ b/xen/arch/x86/cpu/amd.c |
31 |
@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp |
32 |
"*** Pass \"allow_unsafe\" if you're trusting" |
33 |
" all your (PV) guest kernels. ***\n"); |
34 |
|
35 |
+ if (c->x86 == 0x16 && c->x86_model <= 0xf) { |
36 |
+ rdmsrl(MSR_AMD64_LS_CFG, value); |
37 |
+ if (!(value & (1 << 15))) { |
38 |
+ static bool_t warned; |
39 |
+ |
40 |
+ if (c == &boot_cpu_data || opt_cpu_info || |
41 |
+ !test_and_set_bool(warned)) |
42 |
+ printk(KERN_WARNING |
43 |
+ "CPU%u: Applying workaround for erratum 793\n", |
44 |
+ smp_processor_id()); |
45 |
+ wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15)); |
46 |
+ } |
47 |
+ } |
48 |
+ |
49 |
/* AMD CPUs do not support SYSENTER outside of legacy mode. */ |
50 |
clear_bit(X86_FEATURE_SEP, c->x86_capability); |
51 |
|
52 |
--- a/xen/include/asm-x86/msr-index.h |
53 |
+++ b/xen/include/asm-x86/msr-index.h |
54 |
@@ -213,6 +213,7 @@ |
55 |
|
56 |
/* AMD64 MSRs */ |
57 |
#define MSR_AMD64_NB_CFG 0xc001001f |
58 |
+#define MSR_AMD64_LS_CFG 0xc0011020 |
59 |
#define MSR_AMD64_IC_CFG 0xc0011021 |
60 |
#define MSR_AMD64_DC_CFG 0xc0011022 |
61 |
#define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46 |