WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] [XEN] Fix x86/64 bug where a guest applic

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [XEN] Fix x86/64 bug where a guest application can crash the
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 19 Aug 2006 02:40:50 +0000
Delivery-date: Fri, 18 Aug 2006 19:44:25 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID b9af81884b99def770685dc4a872ba6fee902b31
# Parent  130eee9e972876bba82c73a19e56d314859d8b77
[XEN] Fix x86/64 bug where a guest application can crash the
guest OS by setting AC flag in RFLAGS. This wasn't being
cleared on entry to the guest kernel, causing unwanted faults
because the kernel runs in ring 3 on Xen.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 xen/arch/x86/domain.c       |    3 ++-
 xen/arch/x86/x86_32/entry.S |    3 ++-
 xen/arch/x86/x86_64/entry.S |    4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff -r 130eee9e9728 -r b9af81884b99 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c     Thu Aug 17 12:01:44 2006 +0100
+++ b/xen/arch/x86/domain.c     Thu Aug 17 12:08:26 2006 +0100
@@ -556,7 +556,8 @@ static void load_segments(struct vcpu *n
             n->vcpu_info->evtchn_upcall_mask = 1;
 
         regs->entry_vector  = TRAP_syscall;
-        regs->rflags       &= 0xFFFCBEFFUL;
+        regs->rflags       &= ~(X86_EFLAGS_AC|X86_EFLAGS_VM|X86_EFLAGS_RF|
+                                X86_EFLAGS_NT|X86_EFLAGS_TF);
         regs->ss            = __GUEST_SS;
         regs->rsp           = (unsigned long)(rsp-11);
         regs->cs            = __GUEST_CS;
diff -r 130eee9e9728 -r b9af81884b99 xen/arch/x86/x86_32/entry.S
--- a/xen/arch/x86/x86_32/entry.S       Thu Aug 17 12:01:44 2006 +0100
+++ b/xen/arch/x86/x86_32/entry.S       Thu Aug 17 12:08:26 2006 +0100
@@ -356,7 +356,8 @@ 2:      testl $X86_EFLAGS_VM,UREGS_eflag
         movl %eax,UREGS_gs+4(%esp)
 nvm86_3:/* Rewrite our stack frame and return to ring 1. */
         /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
-        andl $0xfffcbeff,UREGS_eflags+4(%esp)
+        andl $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\
+                X86_EFLAGS_NT|X86_EFLAGS_TF),UREGS_eflags+4(%esp)
         mov  %gs,UREGS_ss+4(%esp)
         movl %esi,UREGS_esp+4(%esp)
         movzwl TRAPBOUNCE_cs(%edx),%eax
diff -r 130eee9e9728 -r b9af81884b99 xen/arch/x86/x86_64/entry.S
--- a/xen/arch/x86/x86_64/entry.S       Thu Aug 17 12:01:44 2006 +0100
+++ b/xen/arch/x86/x86_64/entry.S       Thu Aug 17 12:08:26 2006 +0100
@@ -294,8 +294,10 @@ FLT13:  movq  %rax,(%rsi)               
 FLT13:  movq  %rax,(%rsi)               # RCX
         /* Rewrite our stack frame and return to guest-OS mode. */
         /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
+        /* Also clear AC: alignment checks shouldn't trigger in kernel mode. */
         movl  $TRAP_syscall,UREGS_entry_vector+8(%rsp)
-        andl  $0xfffcbeff,UREGS_eflags+8(%rsp)
+        andl  $~(X86_EFLAGS_AC|X86_EFLAGS_VM|X86_EFLAGS_RF|\
+                 X86_EFLAGS_NT|X86_EFLAGS_TF),UREGS_eflags+8(%rsp)
         movq  $__GUEST_SS,UREGS_ss+8(%rsp)
         movq  %rsi,UREGS_rsp+8(%rsp)
         movq  $__GUEST_CS,UREGS_cs+8(%rsp)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [XEN] Fix x86/64 bug where a guest application can crash the, Xen patchbot-unstable <=