[xen/f19] xen-4.2.4 also fixes [XSA-60, CVE-2013-2212] (#987914), 32-bit fix for [XSA-82, CVE-2013-6885]
myoung
myoung at fedoraproject.org
Wed Feb 19 20:32:05 UTC 2014
commit 9e2b1057817ae1fd83ecff070692d63b5805e77e
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Wed Feb 19 20:31:09 2014 +0000
xen-4.2.4 also fixes [XSA-60, CVE-2013-2212] (#987914),
32-bit fix for [XSA-82, CVE-2013-6885]
xen.spec | 10 +++++++++-
xsa82-4.2-32bit.patch | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 57 insertions(+), 1 deletions(-)
---
diff --git a/xen.spec b/xen.spec
index 7148396..6cb4800 100644
--- a/xen.spec
+++ b/xen.spec
@@ -27,7 +27,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 4.2.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -81,6 +81,7 @@ Patch63: xl.list.-l.format.patch
Patch64: xen.git-9c23a1d0eb7a6b5e3273d527cfd7960838fbfee6.patch
Patch73: xen.pygrubtitlefix.patch
Patch106: xen.setdevid.patch
+Patch107: xsa82-4.2-32bit.patch
Patch100: xen-configure-xend.patch
@@ -252,6 +253,7 @@ manage Xen virtual machines.
%patch64 -p1
%patch73 -p1
%patch106 -p1
+%patch107 -p1
%patch100 -p1
@@ -745,8 +747,14 @@ rm -rf %{buildroot}
%endif
%changelog
+* Wed Feb 19 2014 Michael Young <m.a.young at durham.ac.uk> - 4.2.4-2
+- 32-bit fix for "Guest triggerable AMD CPU erratum may cause host hang"
+ [XSA-82, CVE-2013-6885]
+
* Tue Feb 18 2014 Michael Young <m.a.young at durham.ac.uk> - 4.2.4-1
- update to xen-4.2.4
+ includes fix for "Excessive time to disable caching with HVM guests with
+ PCI passthrough" [XSA-60, CVE-2013-2212] (#987914)
- remove patches that are now included
* Wed Feb 12 2014 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-16
diff --git a/xsa82-4.2-32bit.patch b/xsa82-4.2-32bit.patch
new file mode 100644
index 0000000..7195b0b
--- /dev/null
+++ b/xsa82-4.2-32bit.patch
@@ -0,0 +1,48 @@
+x86/AMD: work around erratum 793 for 32-bit
+
+The original change went into a 64-bit only code section, thus leaving
+the issue unfixed on 32-bit. Re-order code to address this.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+Acked-by: Ian Campbell <Ian.Campbell at citrix.com>
+
+--- a/xen/arch/x86/cpu/amd.c
++++ b/xen/arch/x86/cpu/amd.c
+@@ -522,6 +522,18 @@ static void __devinit init_amd(struct cp
+ "*** Pass \"allow_unsafe\" if you're trusting"
+ " all your (PV) guest kernels. ***\n");
+
++ /* AMD CPUs do not support SYSENTER outside of legacy mode. */
++ clear_bit(X86_FEATURE_SEP, c->x86_capability);
++
++ if (c->x86 == 0x10) {
++ /* do this for boot cpu */
++ if (c == &boot_cpu_data)
++ check_enable_amd_mmconf_dmi();
++
++ fam10h_check_enable_mmcfg();
++ }
++#endif
++
+ if (c->x86 == 0x16 && c->x86_model <= 0xf) {
+ if (c == &boot_cpu_data) {
+ l = pci_conf_read32(0, 0, 0x18, 0x3, 0x58);
+@@ -555,18 +567,6 @@ static void __devinit init_amd(struct cp
+ }
+ }
+
+- /* AMD CPUs do not support SYSENTER outside of legacy mode. */
+- clear_bit(X86_FEATURE_SEP, c->x86_capability);
+-
+- if (c->x86 == 0x10) {
+- /* do this for boot cpu */
+- if (c == &boot_cpu_data)
+- check_enable_amd_mmconf_dmi();
+-
+- fam10h_check_enable_mmcfg();
+- }
+-#endif
+-
+ if (c->x86 == 0x10) {
+ /*
+ * On family 10h BIOS may not have properly enabled WC+
More information about the scm-commits
mailing list