projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46fce9f) | patch
x86_64: Do not execute sysret with a non-canonical return address
authorJan Beulich <JBeulich@suse.com>
Tue, 12 Jun 2012 10:33:40 +0000 (11:33 +0100)
committerJan Beulich <JBeulich@suse.com>
Tue, 12 Jun 2012 10:33:40 +0000 (11:33 +0100)
commit6b091fa4457c6768c7fc505e2a42a5f32b83bc8d
treed9e28e6b02e96671154a7ece509c246c02ce18cbtree | snapshot
parent46fce9fd2b3557c97e6ce9beec9ed17ad87d6f94commit | diff
x86_64: Do not execute sysret with a non-canonical return address

Check for non-canonical guest RIP before attempting to execute sysret.
If sysret is executed with a non-canonical value in RCX, Intel CPUs
take the fault in ring0, but we will necessarily already have switched
to the the user's stack pointer.

This is a security vulnerability, XSA-7 / CVE-2012-0217.

Signed-off-by: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Ian Campbell <Ian.Campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Tested-by: Ian Campbell <Ian.Campbell@citrix.com>
Acked-by: Keir Fraser <keir.xen@gmail.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen/arch/x86/x86_64/entry.S diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.