Xen project Mailing List

[Xen-changelog] [xen stable-4.6] x86/alternatives: correct near branch check

Date: Sun, 20 Mar 2016 13:33:12 +0000

Delivery-date: Sun, 20 Mar 2016 13:33:16 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit ce18935f5ca547307c2a0512b0c0fc080ba9e663 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Fri Mar 18 08:05:05 2016 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Fri Mar 18 08:05:05 2016 +0100 x86/alternatives: correct near branch check Make sure the near JMP/CALL check doesn't consume uninitialized data, not even in a benign way. And relax the length check at once. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> master commit: cd29140ef0e65a33d62e7f5ee843077e51913f01 master date: 2016-03-09 16:51:16 +0100 --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 46ac0fd..643a2d1 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -174,7 +174,7 @@ static void __init apply_alternatives(struct alt_instr *start, struct alt_instr memcpy(insnbuf, replacement, a->replacementlen); /* 0xe8/0xe9 are relative branches; fix the offset. */ - if ( (*insnbuf & 0xfe) == 0xe8 && a->replacementlen == 5 ) + if ( a->replacementlen >= 5 && (*insnbuf & 0xfe) == 0xe8 ) *(s32 *)(insnbuf + 1) += replacement - instr; add_nops(insnbuf + a->replacementlen, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.6 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.