[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86-64: don't allow non-canonical addresses to be set for any callback



On 13/06/12 11:02, Jan Beulich wrote:
> Rather than deferring the detection of these to the point where they
> get actually used (the fix for XSA-7, 25480:76eaf5966c05, causing a #GP
> to be raised by IRET, which invokes the guest's [fragile] fail-safe
> callback), don't even allow such to be set.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -736,6 +736,14 @@ int arch_set_info_guest(
>      {
>          if ( !compat )
>          {
> +#ifdef __x86_64__
> +            if ( !is_canonical_address(c.nat->user_regs.eip) ||
> +                 !is_canonical_address(c.nat->event_callback_eip) ||
> +                 !is_canonical_address(c.nat->syscall_callback_eip) ||
> +                 !is_canonical_address(c.nat->failsafe_callback_eip) )
> +                return -EINVAL;
> +#endif
> +

Would it be better to have

#ifndef __x86_64__
#  define is_canonical_address(a) 1
#endif

somewhere?

David

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.