[xen/f19] HVM guest triggerable AMD CPU erratum may cause host hang
myoung
myoung at fedoraproject.org
Mon Dec 2 21:14:13 UTC 2013
commit d9ae5a3baf454fe898e4ef45c8cdbfff1fd67ad7
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Mon Dec 2 21:13:48 2013 +0000
HVM guest triggerable AMD CPU erratum may cause host hang
xen.spec | 8 +++++++-
xsa82.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 51 insertions(+), 1 deletions(-)
---
diff --git a/xen.spec b/xen.spec
index b8aaa6d..8c65910 100644
--- a/xen.spec
+++ b/xen.spec
@@ -27,7 +27,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 4.2.3
-Release: 10%{?dist}
+Release: 11%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -95,6 +95,7 @@ Patch117: xsa75-4.2.patch
Patch118: xsa78.patch
Patch119: xsa74-4.1-4.2.patch
Patch120: xsa76.patch
+Patch121: xsa82.patch
Patch100: xen-configure-xend.patch
@@ -280,6 +281,7 @@ manage Xen virtual machines.
%patch118 -p1
%patch119 -p1
%patch120 -p1
+%patch121 -p1
%patch100 -p1
@@ -773,6 +775,10 @@ rm -rf %{buildroot}
%endif
%changelog
+* Mon Dec 02 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-11
+- HVM guest triggerable AMD CPU erratum may cause host hang
+ [XSA-82, CVE-2013-6885]
+
* Tue Nov 26 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-10
- Lock order reversal between page_alloc_lock and mm_rwlock
[XSA-74, CVE-2013-4553] (#1034925)
diff --git a/xsa82.patch b/xsa82.patch
new file mode 100644
index 0000000..6bcdffb
--- /dev/null
+++ b/xsa82.patch
@@ -0,0 +1,44 @@
+x86/AMD: work around erratum 793
+
+The recommendation is to set a bit in an MSR - do this if the firmware
+didn't, considering that otherwise we expose ourselves to a guest
+induced DoS.
+
+This is CVE-2013-6885 / XSA-82.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit at amd.com>
+
+--- a/xen/arch/x86/cpu/amd.c
++++ b/xen/arch/x86/cpu/amd.c
+@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp
+ "*** Pass \"allow_unsafe\" if you're trusting"
+ " all your (PV) guest kernels. ***\n");
+
++ if (c->x86 == 0x16 && c->x86_model <= 0xf) {
++ rdmsrl(MSR_AMD64_LS_CFG, value);
++ if (!(value & (1 << 15))) {
++ static bool_t warned;
++
++ if (c == &boot_cpu_data || opt_cpu_info ||
++ !test_and_set_bool(warned))
++ printk(KERN_WARNING
++ "CPU%u: Applying workaround for erratum 793\n",
++ smp_processor_id());
++ wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15));
++ }
++ }
++
+ /* AMD CPUs do not support SYSENTER outside of legacy mode. */
+ clear_bit(X86_FEATURE_SEP, c->x86_capability);
+
+--- a/xen/include/asm-x86/msr-index.h
++++ b/xen/include/asm-x86/msr-index.h
+@@ -213,6 +213,7 @@
+
+ /* AMD64 MSRs */
+ #define MSR_AMD64_NB_CFG 0xc001001f
++#define MSR_AMD64_LS_CFG 0xc0011020
+ #define MSR_AMD64_IC_CFG 0xc0011021
+ #define MSR_AMD64_DC_CFG 0xc0011022
+ #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46
More information about the scm-commits
mailing list