CVE-2013-6885
http://xenbits.xen.org/xsa/advisory-82.html
Guest triggerable AMD CPU erratum may cause host hang
MD CPU erratum 793
Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hangdescribes a situation under which a CPU core may hang.
logic error (inadequately consider specific arch)
http://xenbits.xen.org/xsa/xsa82.patch
The recommendation is to set a bit in an MSR - do this if the firmware didn’t, considering that otherwise we expose ourselves to a guest induced DoS.
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp
"*** Pass \"allow_unsafe\" if you're trusting"
" all your (PV) guest kernels. ***\n");
+ if (c->x86 == 0x16 && c->x86_model <= 0xf) {
+ rdmsrl(MSR_AMD64_LS_CFG, value);
+ if (!(value & (1 << 15))) {
+ static bool_t warned;
+
+ if (c == &boot_cpu_data || opt_cpu_info ||
+ !test_and_set_bool(warned))
+ printk(KERN_WARNING
+ "CPU%u: Applying workaround for erratum 793\n",
+ smp_processor_id());
+ wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15));
+ }
+ }
+
/* AMD CPUs do not support SYSENTER outside of legacy mode. */
clear_bit(X86_FEATURE_SEP, c->x86_capability);
--- a/xen/include/asm-x86/msr-index.h
+++ b/xen/include/asm-x86/msr-index.h
@@ -213,6 +213,7 @@
/* AMD64 MSRs */
#define MSR_AMD64_NB_CFG 0xc001001f
+#define MSR_AMD64_LS_CFG 0xc0011020
#define MSR_AMD64_IC_CFG 0xc0011021
#define MSR_AMD64_DC_CFG 0xc0011022
#define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46A malicious guest administrator can mount a denial of service attack affecting the whole system.
DoS