 Home |
Products |
Support |
Community |
News |
xen-changelog
[Xen-changelog] [xen-unstable] [LINUX] privcmd: Range-check hypercall in
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-unstable] [LINUX] privcmd: Range-check hypercall index. |
| From: | Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx> |
| Date: | Mon, 30 Oct 2006 22:10:14 +0000 |
| Delivery-date: | Thu, 02 Nov 2006 13:40:49 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID c3b4fef4f751e1fc57b8ee48abf06f1e3e802ce4
# Parent 7e52933a46b183fccd47bc3ac1f1e38c4f699596
[LINUX] privcmd: Range-check hypercall index.
Otherwise, bugs in e.g. libxc may bring the kernel down.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
---
linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c | 18 ++++++++++--------
1 files changed, 10 insertions(+), 8 deletions(-)
diff -r 7e52933a46b1 -r c3b4fef4f751
linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c
--- a/linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c Mon Oct 30
13:53:09 2006 +0000
+++ b/linux-2.6-xen-sparse/drivers/xen/privcmd/privcmd.c Mon Oct 30
14:04:44 2006 +0000
@@ -53,6 +53,8 @@ static int privcmd_ioctl(struct inode *i
return -EFAULT;
#if defined(__i386__)
+ if (hypercall.op >= (PAGE_SIZE >> 5))
+ break;
__asm__ __volatile__ (
"pushl %%ebx; pushl %%ecx; pushl %%edx; "
"pushl %%esi; pushl %%edi; "
@@ -69,21 +71,21 @@ static int privcmd_ioctl(struct inode *i
"popl %%ecx; popl %%ebx"
: "=a" (ret) : "0" (&hypercall) : "memory" );
#elif defined (__x86_64__)
- {
+ if (hypercall.op < (PAGE_SIZE >> 5)) {
long ign1, ign2, ign3;
__asm__ __volatile__ (
"movq %8,%%r10; movq %9,%%r8;"
- "shlq $5,%%rax ;"
+ "shll $5,%%eax ;"
"addq $hypercall_page,%%rax ;"
"call *%%rax"
: "=a" (ret), "=D" (ign1),
"=S" (ign2), "=d" (ign3)
- : "0" ((unsigned long)hypercall.op),
- "1" ((unsigned long)hypercall.arg[0]),
- "2" ((unsigned long)hypercall.arg[1]),
- "3" ((unsigned long)hypercall.arg[2]),
- "g" ((unsigned long)hypercall.arg[3]),
- "g" ((unsigned long)hypercall.arg[4])
+ : "0" ((unsigned int)hypercall.op),
+ "1" (hypercall.arg[0]),
+ "2" (hypercall.arg[1]),
+ "3" (hypercall.arg[2]),
+ "g" (hypercall.arg[3]),
+ "g" (hypercall.arg[4])
: "r8", "r10", "memory" );
}
#elif defined (__ia64__)
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-unstable] [XEN] Add a warning to the i8259 if we generate spurious IRQs. Tidy up, Xen patchbot-unstable |
|---|---|
| Next by Date: | [Xen-changelog] [xen-unstable] [HVM] Fix Qemu-dm serial issues:, Xen patchbot-unstable |
| Previous by Thread: | [Xen-changelog] [xen-unstable] [XEN] Add a warning to the i8259 if we generate spurious IRQs. Tidy up, Xen patchbot-unstable |
| Next by Thread: | [Xen-changelog] [xen-unstable] [HVM] Fix Qemu-dm serial issues:, Xen patchbot-unstable |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
