1ba4b2310d
-Information leak on AVX and/or LWP capable CPUs (CVE-2013-1442 / XSA-62) -Information leaks through I/O instruction emulation (CVE-2013-4355 / XSA-63) -Information leak through fbld instruction emulation (CVE-2013-4361 / XSA-66) bump PKGREV
36 lines
1.3 KiB
Text
36 lines
1.3 KiB
Text
$NetBSD: patch-CVE-2013-4355_3,v 1.1 2013/10/01 14:54:44 drochner Exp $
|
|
|
|
--- xen/arch/x86/hvm/io.c.orig 2013-09-10 06:42:18.000000000 +0000
|
|
+++ xen/arch/x86/hvm/io.c 2013-09-30 15:23:07.000000000 +0000
|
|
@@ -333,14 +333,24 @@ static int dpci_ioport_write(uint32_t mp
|
|
data = p->data;
|
|
if ( p->data_is_ptr )
|
|
{
|
|
- int ret;
|
|
-
|
|
- ret = hvm_copy_from_guest_phys(&data,
|
|
- p->data + (sign * i * p->size),
|
|
- p->size);
|
|
- if ( (ret == HVMCOPY_gfn_paged_out) &&
|
|
- (ret == HVMCOPY_gfn_shared) )
|
|
+ switch ( hvm_copy_from_guest_phys(&data,
|
|
+ p->data + sign * i * p->size,
|
|
+ p->size) )
|
|
+ {
|
|
+ case HVMCOPY_okay:
|
|
+ break;
|
|
+ case HVMCOPY_gfn_paged_out:
|
|
+ case HVMCOPY_gfn_shared:
|
|
return X86EMUL_RETRY;
|
|
+ case HVMCOPY_bad_gfn_to_mfn:
|
|
+ data = ~0;
|
|
+ break;
|
|
+ case HVMCOPY_bad_gva_to_gfn:
|
|
+ ASSERT(0);
|
|
+ /* fall through */
|
|
+ default:
|
|
+ return X86EMUL_UNHANDLEABLE;
|
|
+ }
|
|
}
|
|
|
|
switch ( p->size )
|