From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: Re: Xen Security Advisory 154 (CVE-2016-2270) - x86: inconsistent cachability flags on guest mappings Date: Wed, 25 Jan 2017 07:21:37 -0700 Message-ID: <5888C2810200007800133CDC@prv-mh.provo.novell.com> References: <1485353329.4727.111.camel@infradead.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <1485353329.4727.111.camel@infradead.org> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: David Woodhouse Cc: Andrew Cooper , "H. Peter Anvin" , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org Pj4+IE9uIDI1LjAxLjE3IGF0IDE1OjA4LCA8ZHdtdzJAaW5mcmFkZWFkLm9yZz4gd3JvdGU6Cj4+ IC0tLSBhL3hlbi9hcmNoL3g4Ni9odm0vbXRyci5jCj4+ICsrKyBiL3hlbi9hcmNoL3g4Ni9odm0v bXRyci5jCj4+IEBAIC03NzAsOCArNzcwLDE3IEBAIGludCBlcHRlX2dldF9lbnRyeV9lbXQoc3Ry dWN0IGRvbWFpbiAqZCwKPj4gICAgICBpZiAoIHYtPmRvbWFpbiAhPSBkICkKPj4gICAgICAgICAg diA9IGQtPnZjcHUgPyBkLT52Y3B1WzBdIDogTlVMTDsKPj4gIAo+PiAtICAgIGlmICggIW1mbl92 YWxpZChtZm5feChtZm4pKSApCj4+ICsgICAgaWYgKCAhbWZuX3ZhbGlkKG1mbl94KG1mbikpIHx8 Cj4+ICsgICAgICAgICByYW5nZXNldF9jb250YWluc19yYW5nZShtbWlvX3JvX3JhbmdlcywgbWZu X3gobWZuKSwKPj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1mbl94KG1mbikg KyAoMVVMIDwgb3JkZXIpIC0gMSkgKQo+PiArICAgIHsKPj4gKyAgICAgICAgKmlwYXQgPSAxOwo+ PiAgICAgICAgICByZXR1cm4gTVRSUl9UWVBFX1VOQ0FDSEFCTEU7Cj4+ICsgICAgfQo+PiArCj4+ ICsgICAgaWYgKCByYW5nZXNldF9vdmVybGFwc19yYW5nZShtbWlvX3JvX3JhbmdlcywgbWZuX3go bWZuKSwKPj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1mbl94KG1mbikgKyAo MVVMIDwgb3JkZXIpIC0gMSkgKQo+PiArICAgICAgICByZXR1cm4gLTE7Cj4+ICAKPj4gICAgICBz d2l0Y2ggKCBodm1fZ2V0X21lbV9waW5uZWRfY2FjaGVhdHRyKGQsIGdmbiwgb3JkZXIsICZ0eXBl KSApCj4+ICAgICAgewo+IAo+IFRoaXMgZG9lc24ndCBsb29rIHJpZ2h0LiBUaGF0IHNlY29uZCAn aWYocmFuZ2VzZXRfb3ZlcmxhcHNfcmFuZ2Uo4oCmKSknCj4gaXMgdGF1dG9sb2dpY2FsbHkgZmFs c2UsIGJlY2F1c2UgaWYgaXQgKmlzKiB0cnVlLCB0aGUgZmlyc3QgaWYoKQo+IHN0YXRlbWVudCBo YXBwZW5zIGZpcnN0IGFuZCBpdCdzIG5ldmVyIHJlYWNoZWQuCgpOb3RlIHRoZSBkaWZmZXJlbmNl IGJldHdlZW4gImNvbnRhaW5zIiBhbmQgIm92ZXJsYXBzIi4KCj4gVGhlIHJlYXNvbiBJJ20gbG9v a2luZyBpcyBiZWNhdXNlIHRoYXQgZmlyc3QgaWYoKSBzdGF0ZW1lbnQgaXMKPiBoYXBwZW5pbmcg Zm9yIE1NSU8gcmVnaW9ucyB3aGVyZSBpdCBwcm9iYWJseSBzaG91bGRuJ3QuIFRoaXMgbWVhbnMg dGhhdAo+IGd1ZXN0cyBhcmUgbWFwcGluZyBNTUlPIEJBUnMgb2YgYXNzaWduZWQgZGV2aWNlcyBh bmQgZ2V0dGluZyAqZm9yY2VkKgo+IFVDIChiZWNhdXNlICppcGF0PTEpIGluc3RlYWQgb2YgdGFr aW5nIHRoZSBpZihkaXJlY3RfbW1pbykgcGF0aAo+IHNsaWdodGx5IGZ1cnRoZXIgZG93biDigJQg d2hpY2ggd291bGRuJ3Qgc2V0IHRoZSAnaWdub3JlIFBBVCcgYml0LCBhbmQKPiB3b3VsZCB0aHVz IGFsbG93IHRoZW0gdG8gZW5hYmxlIFdDIHRocm91Z2ggdGhlaXIgUEFULgo+IAo+IEl0IG1ha2Vz IG1lIHdvbmRlciBpZiB0aGUgZmlyc3Qgd2FzIGFjdHVhbGx5IGludGVuZGVkIHRvIGJlCj4gJyFt Zm5fdmFsaWQoKSAmJiByYW5nZXNldF9jb250YWluc19yYW5nZSjigKYpJyDigJQgd2l0aCBsb2dp Y2FsICYmIHJhdGhlcgo+IHRoYW4gfHwuIFRoYXQgd291bGQgbWFrZSBzb21lIHNlbnNlIGJlY2F1 c2UgaXQncyB0aGVuIGV4cGxpY2l0bHkKPiByZWZ1c2luZyB0byBtYXAgcGFnZXMgd2hpY2ggYXJl IGluIG1taW9fcm9fcmFuZ2VzICphbmQqIG1mbl92YWxpZCgpLgoKTm8sIHRoaXMgc3VyZWx5IHdh c24ndCB0aGUgaW50ZW50aW9uLiBBcyBBbmRyZXcgaGFzIHRyaWVkIHRvCmV4cGxhaW4gb24gaXJj LCB0aGUgb25seSB2YWxpZCBpbXBsaWNhdGlvbiBpcyAhbWZuX3ZhbGlkKCkgLT4gTU1JTy4KCj4g QW5kIHRoZW4gdGhlcmUncyBhICdpZiAoZGlyZWN0X21taW8pIHJldHVybiBVQzsnIGZ1cnRoZXIg ZG93biB3aGljaAo+IGxvb2tzIGxpa2UgaXQnZCBkbyB0aGUgcmlnaHQgdGhpbmcgZm9yIHRoZSB1 c2UgY2FzZSBJJ20gYWN0dWFsbHkKPiB0ZXN0aW5nLiBJIG1heSBzZWUgaWYgSSBjYW4gY29uc3Ry dWN0IGEgc3RyYXcgbWFuIHBhdGNoLCBidXQgSSdtIGtpbmQKPiBvZiB1bmZhbWlsaWFyIHdpdGgg dGhpcyBjb2RlIHNvIGl0IHNob3VsZCBiZSB0YWtlbiB3aXRoIGEgbGFyZ2UgcGluY2gKPiBvZiBz YWx0Li4uCgpJZiB0aGVyZSB3YXNuJ3QgSU5WQUxJRF9NRk4gdG8gYmUgdGFrZW4gY2FyZSBvZiwg dGhlICFtZm5fdmFsaWQoKQpjaGVjayBjb3VsZCBzaW1wbHkgbW92ZSBkb3duLCBhbmQgYmUgY29t YmluZWQgd2l0aCB0aGUKZGlyZWN0X21taW8gb25lLgoKPiBUaGVyZSBpcyBhIHNlcGFyYXRlIHF1 ZXN0aW9uIG9mIHdoZXRoZXIgaXQncyBhY3R1YWxseSBzYWZlIHRvIGxldCB0aGUKPiBndWVzdCBt YXAgYW4gTU1JTyBwYWdlIHdpdGggYm90aCBVQyBhbmQgV0Mgc2ltdWx0YW5lb3VzbHkuIEVtcGly aWNhbGx5LAo+IGl0IHNlZW1zIHRvIGJlIE9LIOKAlCBJIGhhY2tlZCBhIGd1ZXN0IGtlcm5lbCBu b3QgdG8gZW5mb3JjZSB0aGUgbXV0dWFsCj4gZXhjbHVzaW9uLCBtYXBwZWQgdGhlIEJBUiB3aXRo IGJvdGggVUMgYW5kIFdDIGFuZCByYW4gdHdvIGtlcm5lbAo+IHRocmVhZHMsIHJlYWRpbmcgYW5k IHdyaXRpbmcgdGhlIHdob2xlIEJBUiBpbiBhIG51bWJlciBvZiBpdGVyYXRpb25zLgo+IFRoZSBX QyB0aHJlYWQgd2VudCBhIGxvdCBmYXN0ZXIgdGhhbiB0aGUgVUMgb25lLCBzbyBpdCB3aWxsIGhh dmUgb2Z0ZW4KPiBiZWVuIHRvdWNoaW5nIHRoZSBzYW1lIGxvY2F0aW9ucyBhcyB0aGUgVUMgdGhy ZWFkIGFzIGl0ICdvdmVydG9vaycgaXQsCj4gYW5kIG5vdGhpbmcgYmFkIGhhcHBlbmVkLiBUaGlz IHNlZW1zIHJlYXNvbmFibGUsIGFzIHRoZSBkaXJlIHdhcm5pbmdzCj4gYW5kIG1hY2hpbmUgY2hl Y2tzIGFyZSBtb3JlIGFib3V0ICpjYWNoZWQqIHZzLiB1bmNhY2hlZCBtYXBwaW5ncywgbm90Cj4g V0MgdnMuIFVDLiBCdXQgaXQgd291bGQgYmUgZ29vZCB0byBoYXZlIGEgZGVmaW5pdGl2ZSBhbnN3 ZXIgZnJvbSBJbnRlbAo+IGFuZCBBTUQgYWJvdXQgd2hldGhlciBpdCdzIHNhZmUuCgpXZWxsLCBp biB0aGUgY29udGV4dCBvZiB0aGlzIFhTQSB3ZSd2ZSBhc2tlZCBib3RoIG9mIHRoZW0sIGFuZCBp aXJjCndlJ3ZlIGdvdCBhIHZhZ3VlIHJlcGx5IGZyb20gSW50ZWwgYW5kIG5vbmUgZnJvbSBBTUQu IEluIGZhY3Qgd2UKZGlkIGRlZmVyIHRoZSBYU0EgZm9yIHF1aXRlIGEgYml0IHdhaXRpbmcgZm9y IGFueSB1c2VmdWwgZmVlZGJhY2suClRvIEFNRCdzIGFkdmFudGFnZSBJJ2QgbGlrZSB0byBhZGQg dGhvdWdoIHRoYXQgaWlyYyB0aGV5J3JlIGEgbGl0dGxlCm1vcmUgY2xlYXIgaW4gdGhlaXIgUE0g YWJvdXQgdGhlIHNwZWNpZmljIHF1ZXN0aW9uIG9mIFVDIGFuZCBXQwp5b3UgcmFpc2U6IFRoZXkg Z3JvdXAgdGhlIHZhcmlvdXMgY2FjaGVhYmlsaXRpZXMgaW50byB0d28gZ3JvdXBzCihjYWNoZWFi bGUgYW5kIHVuY2FjaGVhYmxlKSBhbmQgcmVxdWlyZSB0aGVyZSB0byBvbmx5IG5vdCBiZQphbnkg bWl4dHVyZSBiZXR3ZWVuIGdyb3Vwcy4gSWlyYyBJbnRlbCdzIHNvbWV3aGF0IHZhZ3VlIHJlcGx5 CmFsbG93ZWQgdXMgdG8gY29uY2x1ZGUgd2UncmUgbGlrZWx5IHNhZmUgdGhhdCB3YXkgb24gdGhl aXIgc2lkZSB0b28uCgpKYW4KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxpc3RzLnhlbi5vcmcK aHR0cHM6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=