head 1.2; access; symbols pkgsrc-2020Q2:1.1.0.28 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.8 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.30 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.26 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.24 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.22 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.20 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.18 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.16 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.14 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.12 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.10 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.6 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.4 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.2 pkgsrc-2016Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2020.08.19.10.39.23; author bouyer; state dead; branches; next 1.1; commitid DGAMglRf0Jde6FkC; 1.1 date 2016.12.21.15.35.44; author bouyer; state Exp; branches; next ; commitid 5zvw6vgCfmRBIRyz; desc @@ 1.2 log @Remove xenkernel and xentools packages older than 4.11. They're not maintained anymore upstream, and don't build on supported NetBSD releases. @ text @$NetBSD: patch-XSA-202,v 1.1 2016/12/21 15:35:44 bouyer Exp $ From: Jan Beulich Subject: x86: force EFLAGS.IF on when exiting to PV guests Guest kernels modifying instructions in the process of being emulated for another of their vCPU-s may effect EFLAGS.IF to be cleared upon next exiting to guest context, by converting the being emulated instruction to CLI (at the right point in time). Prevent any such bad effects by always forcing EFLAGS.IF on. And to cover hypothetical other similar issues, also force EFLAGS.{IOPL,NT,VM} to zero. This is XSA-202. Signed-off-by: Jan Beulich --- xen/arch/x86/x86_64/entry.S.orig +++ xen/arch/x86/x86_64/entry.S @@@@ -41,28 +41,29 @@@@ restore_all_guest: testw $TRAP_syscall,4(%rsp) jz iret_exit_to_guest + movq 24(%rsp),%r11 # RFLAGS + andq $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11 + orq $X86_EFLAGS_IF,%r11 + /* Don't use SYSRET path if the return address is not canonical. */ movq 8(%rsp),%rcx sarq $47,%rcx incl %ecx cmpl $1,%ecx - ja .Lforce_iret + movq 8(%rsp),%rcx # RIP + ja iret_exit_to_guest cmpw $FLAT_USER_CS32,16(%rsp)# CS - movq 8(%rsp),%rcx # RIP - movq 24(%rsp),%r11 # RFLAGS movq 32(%rsp),%rsp # RSP je 1f sysretq 1: sysretl -.Lforce_iret: - /* Mimic SYSRET behavior. */ - movq 8(%rsp),%rcx # RIP - movq 24(%rsp),%r11 # RFLAGS ALIGN /* No special register assumptions. */ iret_exit_to_guest: + andl $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),24(%rsp) + orl $X86_EFLAGS_IF,24(%rsp) addq $8,%rsp .Lft0: iretq --- xen/arch/x86/x86_64/compat/entry.S.orig 2014-09-02 08:22:57.000000000 +0200 +++ xen/arch/x86/x86_64/compat/entry.S 2016-12-21 13:23:21.000000000 +0100 @@@@ -173,6 +173,10 @@@@ /* %rbx: struct vcpu, interrupts disabled */ ENTRY(compat_restore_all_guest) ASSERT_INTERRUPTS_DISABLED + mov $~(X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_VM),%r11d + and UREGS_eflags(%rsp),%r11d + or $X86_EFLAGS_IF,%r11 + mov %r11d,UREGS_eflags(%rsp) RESTORE_ALL addq $8,%rsp .Lft0: iretq @ 1.1 log @Apply patch backported from upstream, fixing XSA-202 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: patch-XSA-200,v 1.1 2016/12/20 10:22:28 bouyer Exp $ @