|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.2] x86emul: only emulate software interrupt injection for real mode
commit d6a279ffa10e1d3d26f25f5b569264fa3b5cf8d6
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Sep 23 14:51:12 2014 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Sep 23 14:51:12 2014 +0200
x86emul: only emulate software interrupt injection for real mode
Protected mode emulation currently lacks proper privilege checking of
the referenced IDT entry, and there's currently no legitimate way for
any of the respective instructions to reach the emulator when the guest
is in protected mode.
This is XSA-106.
Reported-by: Andrei LUTAS <vlutas@xxxxxxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
master commit: 346d4545569928b652c40c7815c1732676f8587c
master date: 2014-09-23 14:33:50 +0200
---
xen/arch/x86/x86_emulate/x86_emulate.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c
b/xen/arch/x86/x86_emulate/x86_emulate.c
index 1d2eb03..45a39b6 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2616,6 +2616,7 @@ x86_emulate(
case 0xcd: /* int imm8 */
src.val = insn_fetch_type(uint8_t);
swint:
+ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
fail_if(ops->inject_sw_interrupt == NULL);
rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
ctxt) ? : X86EMUL_EXCEPTION;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |