summaryrefslogtreecommitdiff
path: root/system/xen/patches/xsa176.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/xen/patches/xsa176.patch')
-rw-r--r--system/xen/patches/xsa176.patch45
1 files changed, 0 insertions, 45 deletions
diff --git a/system/xen/patches/xsa176.patch b/system/xen/patches/xsa176.patch
deleted file mode 100644
index 1c15abd3e3..0000000000
--- a/system/xen/patches/xsa176.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-x86/mm: fully honor PS bits in guest page table walks
-
-In L4 entries it is currently unconditionally reserved (and hence
-should, when set, always result in a reserved bit page fault), and is
-reserved on hardware not supporting 1Gb pages (and hence should, when
-set, similarly cause a reserved bit page fault on such hardware).
-
-This is CVE-2016-4480 / XSA-176.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/mm/guest_walk.c
-+++ b/xen/arch/x86/mm/guest_walk.c
-@@ -226,6 +226,11 @@ guest_walk_tables(struct vcpu *v, struct
- rc |= _PAGE_PRESENT;
- goto out;
- }
-+ if ( gflags & _PAGE_PSE )
-+ {
-+ rc |= _PAGE_PSE | _PAGE_INVALID_BIT;
-+ goto out;
-+ }
- rc |= ((gflags & mflags) ^ mflags);
-
- /* Map the l3 table */
-@@ -247,7 +252,7 @@ guest_walk_tables(struct vcpu *v, struct
- }
- rc |= ((gflags & mflags) ^ mflags);
-
-- pse1G = (gflags & _PAGE_PSE) && guest_supports_1G_superpages(v);
-+ pse1G = !!(gflags & _PAGE_PSE);
-
- if ( pse1G )
- {
-@@ -267,6 +272,8 @@ guest_walk_tables(struct vcpu *v, struct
- /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */
- flags &= ~_PAGE_PAT;
-
-+ if ( !guest_supports_1G_superpages(v) )
-+ rc |= _PAGE_PSE | _PAGE_INVALID_BIT;
- if ( gfn_x(start) & GUEST_L3_GFN_MASK & ~0x1 )
- rc |= _PAGE_INVALID_BITS;
-