* [PATCH] x86/pv: Prohibit attempts to initialise a vcpu with EFLAGS.{NT, VM} set
@ 2017-08-31 17:07 Andrew Cooper
2017-09-01 8:45 ` Jan Beulich
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Cooper @ 2017-08-31 17:07 UTC (permalink / raw)
To: Xen-devel; +Cc: Andrew Cooper, Jan Beulich
Luckily, this isn't a security issue, because the fix for XSA-202 (c/s
0e47f92b072) took a proactive aproach and clobbered these flags on the
exit-to-guest path.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
---
xen/arch/x86/domain.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index dbddc53..ced1d2e 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -765,7 +765,8 @@ int arch_set_info_guest(
!is_canonical_address(c.nat->gs_base_user) ||
!is_canonical_address(c.nat->event_callback_eip) ||
!is_canonical_address(c.nat->syscall_callback_eip) ||
- !is_canonical_address(c.nat->failsafe_callback_eip) )
+ !is_canonical_address(c.nat->failsafe_callback_eip) ||
+ (c.nat->user_regs.rflags & (X86_EFLAGS_NT|X86_EFLAGS_VM)) )
return -EINVAL;
fixup_guest_stack_selector(d, c.nat->user_regs.ss);
@@ -784,6 +785,9 @@ int arch_set_info_guest(
}
else
{
+ if ( c.nat->user_regs.eflags & (X86_EFLAGS_NT|X86_EFLAGS_VM) )
+ return -EINVAL;
+
fixup_guest_stack_selector(d, c.cmp->user_regs.ss);
fixup_guest_stack_selector(d, c.cmp->kernel_ss);
fixup_guest_code_selector(d, c.cmp->user_regs.cs);
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] x86/pv: Prohibit attempts to initialise a vcpu with EFLAGS.{NT, VM} set
2017-08-31 17:07 [PATCH] x86/pv: Prohibit attempts to initialise a vcpu with EFLAGS.{NT, VM} set Andrew Cooper
@ 2017-09-01 8:45 ` Jan Beulich
0 siblings, 0 replies; 2+ messages in thread
From: Jan Beulich @ 2017-09-01 8:45 UTC (permalink / raw)
To: Andrew Cooper; +Cc: Xen-devel
>>> On 31.08.17 at 19:07, <andrew.cooper3@citrix.com> wrote:
> Luckily, this isn't a security issue, because the fix for XSA-202 (c/s
> 0e47f92b072) took a proactive aproach and clobbered these flags on the
> exit-to-guest path.
Which makes me wonder whether ...
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -765,7 +765,8 @@ int arch_set_info_guest(
> !is_canonical_address(c.nat->gs_base_user) ||
> !is_canonical_address(c.nat->event_callback_eip) ||
> !is_canonical_address(c.nat->syscall_callback_eip) ||
> - !is_canonical_address(c.nat->failsafe_callback_eip) )
> + !is_canonical_address(c.nat->failsafe_callback_eip) ||
> + (c.nat->user_regs.rflags & (X86_EFLAGS_NT|X86_EFLAGS_VM)) )
> return -EINVAL;
... it is appropriate to fail the hypercall here, instead of simply
clearing the bogus flags, just like we also force IF on instead of
failing the operation.
> @@ -784,6 +785,9 @@ int arch_set_info_guest(
> }
> else
> {
> + if ( c.nat->user_regs.eflags & (X86_EFLAGS_NT|X86_EFLAGS_VM) )
> + return -EINVAL;
Don't you mean c.cmp here? In fact I could see failing the request to
really be the right thing for compat guests (at least for VM), while
ignoring the request to set either flag for native guests (as being
meaningless in 64-bit mode).
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-09-01 8:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-31 17:07 [PATCH] x86/pv: Prohibit attempts to initialise a vcpu with EFLAGS.{NT, VM} set Andrew Cooper
2017-09-01 8:45 ` Jan Beulich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.