xen-changelog

[Top] [All Lists]

[Xen-changelog] Validate the segment selectors passed to arch_set_info_g

from [Xen patchbot -unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] Validate the segment selectors passed to arch_set_info_guest().
From:	Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date:	Wed, 22 Feb 2006 18:50:08 +0000
Delivery-date:	Wed, 22 Feb 2006 18:50:23 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User Ian.Campbell@xxxxxxxxxxxxx
# Node ID 2d3124df8a0e3ad3045798df44980fb9e4827b49
# Parent  229c602a075a9fe16cb8797a6d5d718eb2deb18c
Validate the segment selectors passed to arch_set_info_guest().

Signed-off-by: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>

diff -r 229c602a075a -r 2d3124df8a0e xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c     Wed Feb 22 15:13:08 2006
+++ b/xen/arch/x86/domain.c     Wed Feb 22 15:13:48 2006
@@ -356,9 +356,15 @@
      */
     if ( !(c->flags & VGCF_HVM_GUEST) )
     {
-        if ( ((c->user_regs.cs & 3) == 0) ||
-             ((c->user_regs.ss & 3) == 0) )
+        if ( ((c->user_regs.ss & 3) == 0) ||
+             !VALID_CODESEL(c->user_regs.cs) ||
+             !VALID_CODESEL(c->event_callback_cs) ||
+             !VALID_CODESEL(c->failsafe_callback_cs) )
             return -EINVAL;
+
+        for ( i = 0; i < 256; i++ )
+            if ( !VALID_CODESEL(c->trap_ctxt[i].cs) )
+                return -EINVAL;
     }
     else if ( !hvm_enabled )
       return -EINVAL;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] Validate the segment selectors passed to arch_set_info_guest()., Xen patchbot -unstable <=

Previous by Date:	[Xen-changelog] Allow Xen to truncate x86_32 segment limits to the correct value, Xen patchbot -unstable
Next by Date:	[Xen-changelog] List supported feature flags in __xen_guest section., Xen patchbot -unstable
Previous by Thread:	[Xen-changelog] Allow Xen to truncate x86_32 segment limits to the correct value, Xen patchbot -unstable
Next by Thread:	[Xen-changelog] List supported feature flags in __xen_guest section., Xen patchbot -unstable
Indexes:	[Date] [Thread] [Top] [All Lists]