diff options
Diffstat (limited to 'system/xen/xsa/xsa201-1.patch')
-rw-r--r-- | system/xen/xsa/xsa201-1.patch | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/system/xen/xsa/xsa201-1.patch b/system/xen/xsa/xsa201-1.patch deleted file mode 100644 index 50983b852faca..0000000000000 --- a/system/xen/xsa/xsa201-1.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Wei Chen <Wei.Chen@arm.com> -Subject: arm64: handle guest-generated EL1 asynchronous abort - -In current code, when the hypervisor receives an asynchronous abort -from a guest, the hypervisor will do panic, the host will be down. -We have to prevent such security issue, so, in this patch we crash -the guest, when the hypervisor receives an asynchronous abort from -the guest. - -This is CVE-2016-9815, part of XSA-201. - -Signed-off-by: Wei Chen <Wei.Chen@arm.com> -Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> -Reviewed-by: Steve Capper <steve.capper@arm.com> -Reviewed-by: Julien Grall <Julien.Grall@arm.com> - ---- a/xen/arch/arm/arm64/entry.S -+++ b/xen/arch/arm/arm64/entry.S -@@ -204,9 +204,12 @@ guest_fiq_invalid: - entry hyp=0, compat=0 - invalid BAD_FIQ - --guest_error_invalid: -+guest_error: - entry hyp=0, compat=0 -- invalid BAD_ERROR -+ msr daifclr, #2 -+ mov x0, sp -+ bl do_trap_guest_error -+ exit hyp=0, compat=0 - - guest_sync_compat: - entry hyp=0, compat=1 -@@ -225,9 +228,12 @@ guest_fiq_invalid_compat: - entry hyp=0, compat=1 - invalid BAD_FIQ - --guest_error_invalid_compat: -+guest_error_compat: - entry hyp=0, compat=1 -- invalid BAD_ERROR -+ msr daifclr, #2 -+ mov x0, sp -+ bl do_trap_guest_error -+ exit hyp=0, compat=1 - - ENTRY(return_to_new_vcpu32) - exit hyp=0, compat=1 -@@ -286,12 +292,12 @@ ENTRY(hyp_traps_vector) - ventry guest_sync // Synchronous 64-bit EL0/EL1 - ventry guest_irq // IRQ 64-bit EL0/EL1 - ventry guest_fiq_invalid // FIQ 64-bit EL0/EL1 -- ventry guest_error_invalid // Error 64-bit EL0/EL1 -+ ventry guest_error // Error 64-bit EL0/EL1 - - ventry guest_sync_compat // Synchronous 32-bit EL0/EL1 - ventry guest_irq_compat // IRQ 32-bit EL0/EL1 - ventry guest_fiq_invalid_compat // FIQ 32-bit EL0/EL1 -- ventry guest_error_invalid_compat // Error 32-bit EL0/EL1 -+ ventry guest_error_compat // Error 32-bit EL0/EL1 - - /* - * struct vcpu *__context_switch(struct vcpu *prev, struct vcpu *next) ---- a/xen/arch/arm/traps.c -+++ b/xen/arch/arm/traps.c -@@ -2723,6 +2723,21 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs) - } - } - -+asmlinkage void do_trap_guest_error(struct cpu_user_regs *regs) -+{ -+ enter_hypervisor_head(regs); -+ -+ /* -+ * Currently, to ensure hypervisor safety, when we received a -+ * guest-generated vSerror/vAbort, we just crash the guest to protect -+ * the hypervisor. In future we can better handle this by injecting -+ * a vSerror/vAbort to the guest. -+ */ -+ gdprintk(XENLOG_WARNING, "Guest(Dom-%u) will be crashed by vSError\n", -+ current->domain->domain_id); -+ domain_crash_synchronous(); -+} -+ - asmlinkage void do_trap_irq(struct cpu_user_regs *regs) - { - enter_hypervisor_head(regs); |