[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.2] x86/hvm: fix segment validation

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Tue, 10 Dec 2013 00:55:03 +0000
Delivery-date: Tue, 10 Dec 2013 00:55:16 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 77c7b3c602744e7589522925b6d6f7dd11bede76
Author:     Tim Deegan <tim@xxxxxxx>
AuthorDate: Mon Dec 9 14:36:58 2013 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Dec 9 14:36:58 2013 +0100

    x86/hvm: fix segment validation
    
    Also Coverity CID 1055180.
    
    Reported-by: David Binderman <dcb314@xxxxxxxxxxx>
    Signed-off-by: Tim Deegan <tim@xxxxxxx>
    
    Use _SEGMENT_* instead of plain numbers and adjust a comment.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 6ed4bfbabd487b41021caa7ed03cee1f00ecbabf
    master date: 2013-11-26 09:54:21 +0100
---
 xen/arch/x86/hvm/hvm.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 3cfce05..2144d4a 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -2121,7 +2121,7 @@ static int hvm_load_segment_selector(
             if ( !(desc.b & (1u<<11)) )
                 goto unmap_and_fail;
             /* Non-conforming segment: check DPL against RPL. */
-            if ( ((desc.b & (6u<<9)) != 6) && (dpl != rpl) )
+            if ( !(desc.b & _SEGMENT_EC) && (dpl != rpl) )
                 goto unmap_and_fail;
             break;
         case x86_seg_ss:
@@ -2140,8 +2140,13 @@ static int hvm_load_segment_selector(
             /* Readable code or data segment? */
             if ( (desc.b & (5u<<9)) == (4u<<9) )
                 goto unmap_and_fail;
-            /* Non-conforming segment: check DPL against RPL and CPL. */
-            if ( ((desc.b & (6u<<9)) != 6) && ((dpl < cpl) || (dpl < rpl)) )
+            /*
+             * Data or non-conforming code segment:
+             * check DPL against RPL and CPL.
+             */
+            if ( ((desc.b & (_SEGMENT_EC|_SEGMENT_CODE)) !=
+                  (_SEGMENT_EC|_SEGMENT_CODE))
+                 && ((dpl < cpl) || (dpl < rpl)) )
                 goto unmap_and_fail;
             break;
         }
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen master] xen/arm: arch_domain_create: don't return 0 when alloc_xenheap_pages has failed
Next by Date: [Xen-changelog] [xen stable-4.2] VMX: disable EPT when !cpu_has_vmx_pat
Previous by thread: [Xen-changelog] [xen master] xen/arm: arch_domain_create: don't return 0 when alloc_xenheap_pages has failed
Next by thread: [Xen-changelog] [xen stable-4.2] VMX: disable EPT when !cpu_has_vmx_pat
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.