diff options
author | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2012-09-05 12:27:58 +0100 |
---|---|---|
committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2012-09-05 12:27:58 +0100 |
commit | f2913de21711c3ba6bf2780564e25190bf3c97a8 (patch) | |
tree | aeda89979e442ae48bd13607536a5782e872bdb9 | |
parent | 221c40e88d93513ce526a3f4de2ee948e109a067 (diff) | |
download | xen-f2913de21711c3ba6bf2780564e25190bf3c97a8.tar.gz xen-f2913de21711c3ba6bf2780564e25190bf3c97a8.tar.bz2 xen-f2913de21711c3ba6bf2780564e25190bf3c97a8.zip |
xen: prevent a 64 bit guest setting reserved bits in DR7
The upper 32 bits of this register are reserved and should be written as
zero.
This is XSA-12 / CVE-2012-3494
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
-rw-r--r-- | xen/include/asm-x86/debugreg.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/xen/include/asm-x86/debugreg.h b/xen/include/asm-x86/debugreg.h index 9b7e9717cb..24021b8734 100644 --- a/xen/include/asm-x86/debugreg.h +++ b/xen/include/asm-x86/debugreg.h @@ -58,7 +58,7 @@ We can slow the instruction pipeline for instructions coming via the gdt or the ldt if we want to. I am not sure why this is an advantage */ -#define DR_CONTROL_RESERVED_ZERO (0x0000d800ul) /* Reserved, read as zero */ +#define DR_CONTROL_RESERVED_ZERO (~0xffff27fful) /* Reserved, read as zero */ #define DR_CONTROL_RESERVED_ONE (0x00000400ul) /* Reserved, read as one */ #define DR_LOCAL_EXACT_ENABLE (0x00000100ul) /* Local exact enable */ #define DR_GLOBAL_EXACT_ENABLE (0x00000200ul) /* Global exact enable */ |