WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] [LINUX] privcmd: Range-check hypercall in

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [LINUX] privcmd: Range-check hypercall index.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Oct 2006 22:10:14 +0000
Delivery-date: Thu, 02 Nov 2006 13:40:49 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID c3b4fef4f751e1fc57b8ee48abf06f1e3e802ce4
# Parent  7e52933a46b183fccd47bc3ac1f1e38c4f699596
[LINUX] privcmd: Range-check hypercall index.
Otherwise, bugs in e.g. libxc may bring the kernel down.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
---
 linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)

diff -r 7e52933a46b1 -r c3b4fef4f751 
linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c
--- a/linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c        Mon Oct 30 
13:53:09 2006 +0000
+++ b/linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c        Mon Oct 30 
14:04:44 2006 +0000
@@ -53,6 +53,8 @@ static int privcmd_ioctl(struct inode *i
                        return -EFAULT;
 
 #if defined(__i386__)
+               if (hypercall.op >= (PAGE_SIZE >> 5))
+                       break;
                __asm__ __volatile__ (
                        "pushl %%ebx; pushl %%ecx; pushl %%edx; "
                        "pushl %%esi; pushl %%edi; "
@@ -69,21 +71,21 @@ static int privcmd_ioctl(struct inode *i
                        "popl %%ecx; popl %%ebx"
                        : "=a" (ret) : "0" (&hypercall) : "memory" );
 #elif defined (__x86_64__)
-               {
+               if (hypercall.op < (PAGE_SIZE >> 5)) {
                        long ign1, ign2, ign3;
                        __asm__ __volatile__ (
                                "movq %8,%%r10; movq %9,%%r8;"
-                               "shlq $5,%%rax ;"
+                               "shll $5,%%eax ;"
                                "addq $hypercall_page,%%rax ;"
                                "call *%%rax"
                                : "=a" (ret), "=D" (ign1),
                                  "=S" (ign2), "=d" (ign3)
-                               : "0" ((unsigned long)hypercall.op), 
-                               "1" ((unsigned long)hypercall.arg[0]), 
-                               "2" ((unsigned long)hypercall.arg[1]),
-                               "3" ((unsigned long)hypercall.arg[2]), 
-                               "g" ((unsigned long)hypercall.arg[3]),
-                               "g" ((unsigned long)hypercall.arg[4])
+                               : "0" ((unsigned int)hypercall.op),
+                               "1" (hypercall.arg[0]),
+                               "2" (hypercall.arg[1]),
+                               "3" (hypercall.arg[2]),
+                               "g" (hypercall.arg[3]),
+                               "g" (hypercall.arg[4])
                                : "r8", "r10", "memory" );
                }
 #elif defined (__ia64__)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [LINUX] privcmd: Range-check hypercall index., Xen patchbot-unstable <=