[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/4] x86/alternatives: correct near branch check
Make sure the near JMP/CALL check doesn't consume uninitialized data, not even in a benign way. And relax the length check at once. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -174,7 +174,7 @@ static void __init apply_alternatives(st memcpy(insnbuf, replacement, a->replacementlen); /* 0xe8/0xe9 are relative branches; fix the offset. */ - if ( (*insnbuf & 0xfe) == 0xe8 && a->replacementlen == 5 ) + if ( a->replacementlen >= 5 && (*insnbuf & 0xfe) == 0xe8 ) *(s32 *)(insnbuf + 1) += replacement - instr; add_nops(insnbuf + a->replacementlen, Attachment:
x86-alternatives-branch-check.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |