|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] Revert "x86/traps: 'Fix' safety of read_registers() in #DF path"
commit 14acde869f02a39d395b6c78d9e367aebc3dbde5
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Dec 30 14:07:18 2024 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri May 16 22:20:21 2025 +0100
Revert "x86/traps: 'Fix' safety of read_registers() in #DF path"
This reverts commit 6065a05adf152a556fb9f11a5218c89e41b62893.
The discussed "proper fix" has now been implemented, and the #DF path no
longer writes out-of-bounds. Restore the proper #DF IST pointer.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/cpu/common.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index e8d4ca3203..b934ce7ca4 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -847,13 +847,7 @@ void load_system_tables(void)
tss->ist[IST_MCE - 1] = stack_top + (1 + IST_MCE) * PAGE_SIZE;
tss->ist[IST_NMI - 1] = stack_top + (1 + IST_NMI) * PAGE_SIZE;
tss->ist[IST_DB - 1] = stack_top + (1 + IST_DB) * PAGE_SIZE;
- /*
- * Gross bodge. The #DF handler uses the vm86 fields of cpu_user_regs
- * beyond the hardware frame. Adjust the stack entrypoint so this
- * doesn't manifest as an OoB write which hits the guard page.
- */
- tss->ist[IST_DF - 1] = stack_top + (1 + IST_DF) * PAGE_SIZE -
- (sizeof(struct cpu_user_regs) - offsetof(struct cpu_user_regs,
es));
+ tss->ist[IST_DF - 1] = stack_top + (1 + IST_DF) * PAGE_SIZE;
tss->bitmap = IOBMP_INVALID_OFFSET;
/* All other stack pointers poisioned. */
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |