aboutsummaryrefslogtreecommitdiffstats
path: root/docs/misc/xen-command-line.markdown
diff options
context:
space:
mode:
authorJan Beulich <JBeulich@suse.com>2012-06-12 11:33:40 +0100
committerJan Beulich <JBeulich@suse.com>2012-06-12 11:33:40 +0100
commit6b091fa4457c6768c7fc505e2a42a5f32b83bc8d (patch)
treed9e28e6b02e96671154a7ece509c246c02ce18cb /docs/misc/xen-command-line.markdown
parent46fce9fd2b3557c97e6ce9beec9ed17ad87d6f94 (diff)
downloadxen-6b091fa4457c6768c7fc505e2a42a5f32b83bc8d.tar.gz
xen-6b091fa4457c6768c7fc505e2a42a5f32b83bc8d.tar.bz2
xen-6b091fa4457c6768c7fc505e2a42a5f32b83bc8d.zip
x86_64: Do not execute sysret with a non-canonical return address
Check for non-canonical guest RIP before attempting to execute sysret. If sysret is executed with a non-canonical value in RCX, Intel CPUs take the fault in ring0, but we will necessarily already have switched to the the user's stack pointer. This is a security vulnerability, XSA-7 / CVE-2012-0217. Signed-off-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: Ian Campbell <Ian.Campbell@citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Tested-by: Ian Campbell <Ian.Campbell@citrix.com> Acked-by: Keir Fraser <keir.xen@gmail.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'docs/misc/xen-command-line.markdown')
0 files changed, 0 insertions, 0 deletions