diff options
Diffstat (limited to 'system/xen/xsa/xsa201-3-4.7.patch')
-rw-r--r-- | system/xen/xsa/xsa201-3-4.7.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/system/xen/xsa/xsa201-3-4.7.patch b/system/xen/xsa/xsa201-3-4.7.patch deleted file mode 100644 index af7fc3703e..0000000000 --- a/system/xen/xsa/xsa201-3-4.7.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Wei Chen <Wei.Chen@arm.com> -Subject: arm: crash the guest when it traps on external abort - -If we spot a data or prefetch abort bearing the ESR_EL2.EA bit set, we -know that this is an external abort, and that should crash the guest. - -This is CVE-2016-9817, part of XSA-201. - -Signed-off-by: Wei Chen <Wei.Chen@arm.com> -Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> -Reviewed-by: Steve Capper <steve.capper@arm.com> -Reviewed-by: Julien Grall <Julien.Grall@arm.com> - ---- a/xen/arch/arm/traps.c -+++ b/xen/arch/arm/traps.c -@@ -2383,6 +2383,15 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs, - int rc; - register_t gva = READ_SYSREG(FAR_EL2); - -+ /* -+ * If this bit has been set, it means that this instruction abort is caused -+ * by a guest external abort. Currently we crash the guest to protect the -+ * hypervisor. In future one can better handle this by injecting a virtual -+ * abort to the guest. -+ */ -+ if ( hsr.iabt.eat ) -+ domain_crash_synchronous(); -+ - switch ( hsr.iabt.ifsc & 0x3f ) - { - case FSC_FLT_PERM ... FSC_FLT_PERM + 3: -@@ -2437,6 +2446,15 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs, - return; - } - -+ /* -+ * If this bit has been set, it means that this data abort is caused -+ * by a guest external abort. Currently we crash the guest to protect the -+ * hypervisor. In future one can better handle this by injecting a virtual -+ * abort to the guest. -+ */ -+ if ( dabt.eat ) -+ domain_crash_synchronous(); -+ - info.dabt = dabt; - #ifdef CONFIG_ARM_32 - info.gva = READ_CP32(HDFAR); |