[xen/f19] HVM guest triggerable AMD CPU erratum may cause host hang

Mon Dec 2 21:14:13 UTC 2013

commit d9ae5a3baf454fe898e4ef45c8cdbfff1fd67ad7
Author: Michael Young <m.a.young at durham.ac.uk>
Date:   Mon Dec 2 21:13:48 2013 +0000

    HVM guest triggerable AMD CPU erratum may cause host hang

 xen.spec    |    8 +++++++-
 xsa82.patch |   44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletions(-)
---

diff --git a/xen.spec b/xen.spec
index b8aaa6d..8c65910 100644
--- a/xen.spec
+++ b/xen.spec
@@ -27,7 +27,7 @@
 Summary: Xen is a virtual machine monitor
 Name:    xen
 Version: 4.2.3
-Release: 10%{?dist}
+Release: 11%{?dist}
 Group:   Development/Libraries
 License: GPLv2+ and LGPLv2+ and BSD
 URL:     http://xen.org/
@@ -95,6 +95,7 @@ Patch117: xsa75-4.2.patch
 Patch118: xsa78.patch
 Patch119: xsa74-4.1-4.2.patch
 Patch120: xsa76.patch
+Patch121: xsa82.patch
 
 Patch100: xen-configure-xend.patch
 
@@ -280,6 +281,7 @@ manage Xen virtual machines.
 %patch118 -p1
 %patch119 -p1
 %patch120 -p1
+%patch121 -p1
 
 %patch100 -p1
 
@@ -773,6 +775,10 @@ rm -rf %{buildroot}
 %endif
 
 %changelog
+* Mon Dec 02 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-11
+- HVM guest triggerable AMD CPU erratum may cause host hang
+    [XSA-82, CVE-2013-6885]
+
 * Tue Nov 26 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-10
 - Lock order reversal between page_alloc_lock and mm_rwlock
     [XSA-74, CVE-2013-4553] (#1034925)
diff --git a/xsa82.patch b/xsa82.patch
new file mode 100644
index 0000000..6bcdffb
--- /dev/null
+++ b/xsa82.patch
@@ -0,0 +1,44 @@
+x86/AMD: work around erratum 793
+
+The recommendation is to set a bit in an MSR - do this if the firmware
+didn't, considering that otherwise we expose ourselves to a guest
+induced DoS.
+
+This is CVE-2013-6885 / XSA-82.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit at amd.com>
+
+--- a/xen/arch/x86/cpu/amd.c
++++ b/xen/arch/x86/cpu/amd.c
+@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp
+ 		       "*** Pass \"allow_unsafe\" if you're trusting"
+ 		       " all your (PV) guest kernels. ***\n");
+ 
++	if (c->x86 == 0x16 && c->x86_model <= 0xf) {
++		rdmsrl(MSR_AMD64_LS_CFG, value);
++		if (!(value & (1 << 15))) {
++			static bool_t warned;
++
++			if (c == &boot_cpu_data || opt_cpu_info ||
++			    !test_and_set_bool(warned))
++				printk(KERN_WARNING
++				       "CPU%u: Applying workaround for erratum 793\n",
++				       smp_processor_id());
++			wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15));
++		}
++	}
++
+ 	/* AMD CPUs do not support SYSENTER outside of legacy mode. */
+ 	clear_bit(X86_FEATURE_SEP, c->x86_capability);
+ 
+--- a/xen/include/asm-x86/msr-index.h
++++ b/xen/include/asm-x86/msr-index.h
+@@ -213,6 +213,7 @@
+ 
+ /* AMD64 MSRs */
+ #define MSR_AMD64_NB_CFG		0xc001001f
++#define MSR_AMD64_LS_CFG		0xc0011020
+ #define MSR_AMD64_IC_CFG		0xc0011021
+ #define MSR_AMD64_DC_CFG		0xc0011022
+ #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT	46
