aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen/xsa215.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/xen/xsa215.patch')
-rw-r--r--main/xen/xsa215.patch37
1 files changed, 0 insertions, 37 deletions
diff --git a/main/xen/xsa215.patch b/main/xen/xsa215.patch
deleted file mode 100644
index f18a1cd01f..0000000000
--- a/main/xen/xsa215.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86: correct create_bounce_frame
-
-We may push up to 96 bytes on the guest (kernel) stack, so we should
-also cover as much in the early range check. Note that this is the
-simplest possible patch, which has the theoretical potential of
-breaking a guest: We only really push 96 bytes when invoking the
-failsafe callback, ordinary exceptions only have 56 or 64 bytes pushed
-(without / with error code respectively). There is, however, no PV OS
-known to place a kernel stack there.
-
-This is XSA-215.
-
-Reported-by: Jann Horn <jannh@google.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/x86_64/entry.S
-+++ b/xen/arch/x86/x86_64/entry.S
-@@ -347,7 +347,7 @@ int80_slow_path:
- jmp handle_exception_saved
-
- /* CREATE A BASIC EXCEPTION FRAME ON GUEST OS STACK: */
--/* { RCX, R11, [DS-GS,] [CR2,] [ERRCODE,] RIP, CS, RFLAGS, RSP, SS } */
-+/* { RCX, R11, [DS-GS,] [ERRCODE,] RIP, CS, RFLAGS, RSP, SS } */
- /* %rdx: trap_bounce, %rbx: struct vcpu */
- /* On return only %rbx and %rdx are guaranteed non-clobbered. */
- create_bounce_frame:
-@@ -367,7 +367,7 @@ create_bounce_frame:
- 2: andq $~0xf,%rsi # Stack frames are 16-byte aligned.
- movq $HYPERVISOR_VIRT_START,%rax
- cmpq %rax,%rsi
-- movq $HYPERVISOR_VIRT_END+60,%rax
-+ movq $HYPERVISOR_VIRT_END+12*8,%rax
- sbb %ecx,%ecx # In +ve address space? Then okay.
- cmpq %rax,%rsi
- adc %ecx,%ecx # Above Xen private area? Then okay.