From c3173338df6eecc9dc6bf780cbfe7ab57e5d46b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?=
 <emulatorman@parabola.nu>
Date: Tue, 7 Jan 2014 15:02:05 -0200
Subject: xen-4.3.1-2: updating version

---
 kernels/xen/xsa75-4.3-unstable.patch | 55 ++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 kernels/xen/xsa75-4.3-unstable.patch

(limited to 'kernels/xen/xsa75-4.3-unstable.patch')

diff --git a/kernels/xen/xsa75-4.3-unstable.patch b/kernels/xen/xsa75-4.3-unstable.patch
new file mode 100644
index 000000000..6c0c5bca1
--- /dev/null
+++ b/kernels/xen/xsa75-4.3-unstable.patch
@@ -0,0 +1,55 @@
+nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing
+
+Otherwise uninitialized data may be used, leading to crashes.
+
+This is XSA-75.
+
+Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@McAfee.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- a/xen/arch/x86/hvm/vmx/vvmx.c
++++ b/xen/arch/x86/hvm/vmx/vvmx.c
+@@ -1508,15 +1508,10 @@ static void clear_vvmcs_launched(struct 
+     }
+ }
+ 
+-int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
++static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
+ {
+     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
+     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
+-    int rc;
+-
+-    rc = vmx_inst_check_privilege(regs, 0);
+-    if ( rc != X86EMUL_OKAY )
+-        return rc;
+ 
+     /* check VMCS is valid and IO BITMAP is set */
+     if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) &&
+@@ -1535,6 +1530,10 @@ int nvmx_handle_vmresume(struct cpu_user
+     struct vcpu *v = current;
+     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
+     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
++    int rc = vmx_inst_check_privilege(regs, 0);
++
++    if ( rc != X86EMUL_OKAY )
++        return rc;
+ 
+     if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
+     {
+@@ -1554,10 +1553,13 @@ int nvmx_handle_vmresume(struct cpu_user
+ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
+ {
+     bool_t launched;
+-    int rc;
+     struct vcpu *v = current;
+     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
+     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
++    int rc = vmx_inst_check_privilege(regs, 0);
++
++    if ( rc != X86EMUL_OKAY )
++        return rc;
+ 
+     if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
+     {
-- 
cgit v1.2.3-2-g168b