ia64/xen-unstable

changeset 11184:b9af81884b99

[XEN] Fix x86/64 bug where a guest application can crash the
guest OS by setting AC flag in RFLAGS. This wasn't being
cleared on entry to the guest kernel, causing unwanted faults
because the kernel runs in ring 3 on Xen.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Thu Aug 17 12:08:26 2006 +0100 (2006-08-17)
parents 130eee9e9728
children 879918dbe77f 395bfcf84451
files xen/arch/x86/domain.c xen/arch/x86/x86_32/entry.S xen/arch/x86/x86_64/entry.S
line diff
     1.1 --- a/xen/arch/x86/domain.c	Thu Aug 17 12:01:44 2006 +0100
     1.2 +++ b/xen/arch/x86/domain.c	Thu Aug 17 12:08:26 2006 +0100
     1.3 @@ -556,7 +556,8 @@ static void load_segments(struct vcpu *n
     1.4              n->vcpu_info->evtchn_upcall_mask = 1;
     1.5  
     1.6          regs->entry_vector  = TRAP_syscall;
     1.7 -        regs->rflags       &= 0xFFFCBEFFUL;
     1.8 +        regs->rflags       &= ~(X86_EFLAGS_AC|X86_EFLAGS_VM|X86_EFLAGS_RF|
     1.9 +                                X86_EFLAGS_NT|X86_EFLAGS_TF);
    1.10          regs->ss            = __GUEST_SS;
    1.11          regs->rsp           = (unsigned long)(rsp-11);
    1.12          regs->cs            = __GUEST_CS;
     2.1 --- a/xen/arch/x86/x86_32/entry.S	Thu Aug 17 12:01:44 2006 +0100
     2.2 +++ b/xen/arch/x86/x86_32/entry.S	Thu Aug 17 12:08:26 2006 +0100
     2.3 @@ -356,7 +356,8 @@ 2:      testl $X86_EFLAGS_VM,UREGS_eflag
     2.4          movl %eax,UREGS_gs+4(%esp)
     2.5  nvm86_3:/* Rewrite our stack frame and return to ring 1. */
     2.6          /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
     2.7 -        andl $0xfffcbeff,UREGS_eflags+4(%esp)
     2.8 +        andl $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\
     2.9 +                X86_EFLAGS_NT|X86_EFLAGS_TF),UREGS_eflags+4(%esp)
    2.10          mov  %gs,UREGS_ss+4(%esp)
    2.11          movl %esi,UREGS_esp+4(%esp)
    2.12          movzwl TRAPBOUNCE_cs(%edx),%eax
     3.1 --- a/xen/arch/x86/x86_64/entry.S	Thu Aug 17 12:01:44 2006 +0100
     3.2 +++ b/xen/arch/x86/x86_64/entry.S	Thu Aug 17 12:08:26 2006 +0100
     3.3 @@ -294,8 +294,10 @@ FLT12:  movq  %rax,8(%rsi)              
     3.4  FLT13:  movq  %rax,(%rsi)               # RCX
     3.5          /* Rewrite our stack frame and return to guest-OS mode. */
     3.6          /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
     3.7 +        /* Also clear AC: alignment checks shouldn't trigger in kernel mode. */
     3.8          movl  $TRAP_syscall,UREGS_entry_vector+8(%rsp)
     3.9 -        andl  $0xfffcbeff,UREGS_eflags+8(%rsp)
    3.10 +        andl  $~(X86_EFLAGS_AC|X86_EFLAGS_VM|X86_EFLAGS_RF|\
    3.11 +                 X86_EFLAGS_NT|X86_EFLAGS_TF),UREGS_eflags+8(%rsp)
    3.12          movq  $__GUEST_SS,UREGS_ss+8(%rsp)
    3.13          movq  %rsi,UREGS_rsp+8(%rsp)
    3.14          movq  $__GUEST_CS,UREGS_cs+8(%rsp)