diff options
| author |   Mario Preksavec <mario@slackware.hr> | 2018-03-08 10:55:49 +0100 |
|---|---|---|
| committer |   Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2018-03-10 07:11:11 +0700 |
| commit | 451ae8400d2e5e365da89a52c166f86f80fb3a61 (patch) | |
| tree | 6ae9517b523bb1e7899b43c32deb8224a8cf6bb0 /system/xen/xsa/xsa256.patch | |
| parent | ec5f9bb5d508ee64fc1b442a53f21ee7280ed746 (diff) | |
| download | slackbuilds-451ae8400d2e5e365da89a52c166f86f80fb3a61.tar.gz slackbuilds-451ae8400d2e5e365da89a52c166f86f80fb3a61.tar.xz | |
system/xen: Updated for version 4.10.0.
Signed-off-by: Mario Preksavec <mario@slackware.hr>
Diffstat (limited to 'system/xen/xsa/xsa256.patch')
| -rw-r--r-- | system/xen/xsa/xsa256.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa256.patch b/system/xen/xsa/xsa256.patch new file mode 100644 index 0000000000..50ff24e17b --- /dev/null +++ b/system/xen/xsa/xsa256.patch @@ -0,0 +1,40 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/hvm: Disallow the creation of HVM domains without Local APIC emulation + +There are multiple problems, not necesserily limited to: + + * Guests which configure event channels via hvmop_set_evtchn_upcall_vector(), + or which hit %cr8 emulation will cause Xen to fall over a NULL vlapic->regs + pointer. + + * On Intel hardware, disabling the TPR_SHADOW execution control without + reenabling CR8_{LOAD,STORE} interception means that the guests %cr8 + accesses interact with the real TPR. Amongst other things, setting the + real TPR to 0xf blocks even IPIs from interrupting this CPU. + + * On hardware which sets up the use of Interrupt Posting, including + IOMMU-Posting, guests run without the appropriate non-root configuration, + which at a minimum will result in dropped interrupts. + +Whether no-LAPIC mode is of any use at all remains to be seen. + +This is XSA-256. + +Reported-by: Ian Jackson <ian.jackson@eu.citrix.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c +index f93327b..f65fc12 100644 +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -413,7 +413,7 @@ static bool emulation_flags_ok(const struct domain *d, uint32_t emflags) + if ( is_hardware_domain(d) && + emflags != (XEN_X86_EMU_LAPIC|XEN_X86_EMU_IOAPIC) ) + return false; +- if ( !is_hardware_domain(d) && emflags && ++ if ( !is_hardware_domain(d) && + emflags != XEN_X86_EMU_ALL && emflags != XEN_X86_EMU_LAPIC ) + return false; + } |