[gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-CVE-2013-6885-XSA-82.patch - gentoo-commits

From:	"Ian Delaney (idella4)" <idella4@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-emulation/xen/files: xen-CVE-2013-6885-XSA-82.patch
Date:	Fri, 06 Dec 2013 14:13:09
Message-Id:	`20131206141304.959D12004E@flycatcher.gentoo.org`

1

idella4     13/12/06 14:13:04

2

3

  Added:                xen-CVE-2013-6885-XSA-82.patch

4

  Log:

5

  revbumps; add sec XSA-82.patch, remove old

6

7

  (Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)

8

9

Revision  Changes    Path

10

1.1                  app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch?rev=1.1&content-type=text/plain

14

15

Index: xen-CVE-2013-6885-XSA-82.patch

16

===================================================================

17

http://seclists.org/oss-sec/2013/q4/att-385/xsa82.patch

18

x86/AMD: work around erratum 793

19

20

The recommendation is to set a bit in an MSR - do this if the firmware

21

didn't, considering that otherwise we expose ourselves to a guest

22

induced DoS.

23

24

This is CVE-2013-6885 / XSA-82.

25

26

Signed-off-by: Jan Beulich <jbeulich@××××.com>

27

Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@×××.com>

28

29

--- a/xen/arch/x86/cpu/amd.c

30

+++ b/xen/arch/x86/cpu/amd.c

31

@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp

32

 		       "*** Pass \"allow_unsafe\" if you're trusting"

33

 		       " all your (PV) guest kernels. ***\n");

34

35

+	if (c->x86 == 0x16 && c->x86_model <= 0xf) {

36

+		rdmsrl(MSR_AMD64_LS_CFG, value);

37

+		if (!(value & (1 << 15))) {

38

+			static bool_t warned;

39

+

40

+			if (c == &boot_cpu_data || opt_cpu_info ||

41

+			    !test_and_set_bool(warned))

42

+				printk(KERN_WARNING

43

+				       "CPU%u: Applying workaround for erratum 793\n",

44

+				       smp_processor_id());

45

+			wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15));

46

+		}

47

+	}

48

+

49

 	/* AMD CPUs do not support SYSENTER outside of legacy mode. */

50

 	clear_bit(X86_FEATURE_SEP, c->x86_capability);

51

52

--- a/xen/include/asm-x86/msr-index.h

53

+++ b/xen/include/asm-x86/msr-index.h

54

@@ -213,6 +213,7 @@

55

56

 /* AMD64 MSRs */

57

 #define MSR_AMD64_NB_CFG		0xc001001f

58

+#define MSR_AMD64_LS_CFG		0xc0011020

59

 #define MSR_AMD64_IC_CFG		0xc0011021

60

 #define MSR_AMD64_DC_CFG		0xc0011022

61

 #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT	46

1	idella4 13/12/06 14:13:04
2
3	Added: xen-CVE-2013-6885-XSA-82.patch
4	Log:
5	revbumps; add sec XSA-82.patch, remove old
6
7	(Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
8
9	Revision Changes Path
10	1.1 app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch?rev=1.1&content-type=text/plain
14
15	Index: xen-CVE-2013-6885-XSA-82.patch
16	===================================================================
17	http://seclists.org/oss-sec/2013/q4/att-385/xsa82.patch
18	x86/AMD: work around erratum 793
19
20	The recommendation is to set a bit in an MSR - do this if the firmware
21	didn't, considering that otherwise we expose ourselves to a guest
22	induced DoS.
23
24	This is CVE-2013-6885 / XSA-82.
25
26	Signed-off-by: Jan Beulich <jbeulich@××××.com>
27	Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@×××.com>
28
29	--- a/xen/arch/x86/cpu/amd.c
30	+++ b/xen/arch/x86/cpu/amd.c
31	@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp
32	"*** Pass \"allow_unsafe\" if you're trusting"
33	" all your (PV) guest kernels. ***\n");
34
35	+ if (c->x86 == 0x16 && c->x86_model <= 0xf) {
36	+ rdmsrl(MSR_AMD64_LS_CFG, value);
37	+ if (!(value & (1 << 15))) {
38	+ static bool_t warned;
39	+
40	+ if (c == &boot_cpu_data \|\| opt_cpu_info \|\|
41	+ !test_and_set_bool(warned))
42	+ printk(KERN_WARNING
43	+ "CPU%u: Applying workaround for erratum 793\n",
44	+ smp_processor_id());
45	+ wrmsrl(MSR_AMD64_LS_CFG, value \| (1 << 15));
46	+ }
47	+ }
48	+
49	/* AMD CPUs do not support SYSENTER outside of legacy mode. */
50	clear_bit(X86_FEATURE_SEP, c->x86_capability);
51
52	--- a/xen/include/asm-x86/msr-index.h
53	+++ b/xen/include/asm-x86/msr-index.h
54	@@ -213,6 +213,7 @@
55
56	/* AMD64 MSRs */
57	#define MSR_AMD64_NB_CFG 0xc001001f
58	+#define MSR_AMD64_LS_CFG 0xc0011020
59	#define MSR_AMD64_IC_CFG 0xc0011021
60	#define MSR_AMD64_DC_CFG 0xc0011022
61	#define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46

Gentoo Archives: gentoo-commits