|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] x86/hvm/viridian: save APIC assist vector
>>> On 29.03.16 at 11:30, <paul.durrant@xxxxxxxxxx> wrote:
> @@ -806,7 +808,8 @@ static int viridian_save_vcpu_ctxt(struct domain *d,
> hvm_domain_context_t *h)
> for_each_vcpu( d, v ) {
> struct hvm_viridian_vcpu_context ctxt;
>
> - ctxt.apic_assist = v->arch.hvm_vcpu.viridian.apic_assist.msr.raw;
> + ctxt.apic_assist_msr = v->arch.hvm_vcpu.viridian.apic_assist.msr.raw;
> + ctxt.apic_assist_vector =
> v->arch.hvm_vcpu.viridian.apic_assist.vector;
>
> if ( hvm_save_entry(VIRIDIAN_VCPU, v->vcpu_id, h, &ctxt) != 0 )
> return 1;
While this went in already, I'm afraid there's further work needed:
There's an information leak here (since the padding field doesn't get
zeroed), and ...
> @@ -829,13 +832,15 @@ static int viridian_load_vcpu_ctxt(struct domain *d,
> hvm_domain_context_t *h)
> return -EINVAL;
> }
>
> - if ( hvm_load_entry(VIRIDIAN_VCPU, h, &ctxt) != 0 )
> + if ( hvm_load_entry_zeroextend(VIRIDIAN_VCPU, h, &ctxt) != 0 )
> return -EINVAL;
>
> - v->arch.hvm_vcpu.viridian.apic_assist.msr.raw = ctxt.apic_assist;
> + v->arch.hvm_vcpu.viridian.apic_assist.msr.raw = ctxt.apic_assist_msr;
> if ( v->arch.hvm_vcpu.viridian.apic_assist.msr.fields.enabled )
> initialize_apic_assist(v);
>
> + v->arch.hvm_vcpu.viridian.apic_assist.vector = ctxt.apic_assist_vector;
> +
> return 0;
> }
... the padding field doesn't get checked to be zero here,
preventing us from later on assigning meaning to any parts of it.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |