diff options
| author | Jan Beulich <jbeulich@suse.com> | 2012-06-18 17:02:01 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2012-06-18 17:02:01 +0200 |
| commit | 73db9f65daca15a4f052d19738d5a1947cc503bd (patch) | |
| tree | bda3ff3c93359836def879669cfda066d087e043 /xen/arch/x86/domctl.c | |
| parent | 5f4acea2cec04e8e756ad3ab9291df098b4fb550 (diff) | |
| download | xen-73db9f65daca15a4f052d19738d5a1947cc503bd.tar.gz xen-73db9f65daca15a4f052d19738d5a1947cc503bd.tar.bz2 xen-73db9f65daca15a4f052d19738d5a1947cc503bd.zip | |
x86-64: don't allow non-canonical addresses to be set for any callback
Rather than deferring the detection of these to the point where they
get actually used (the fix for XSA-7, 25480:76eaf5966c05, causing a #GP
to be raised by IRET, which invokes the guest's [fragile] fail-safe
callback), don't even allow such to be set.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/arch/x86/domctl.c')
| -rw-r--r-- | xen/arch/x86/domctl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 498eb578b0..135ea6eca0 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -1033,6 +1033,9 @@ long arch_do_domctl( #ifdef __x86_64__ if ( !is_hvm_domain(d) ) { + if ( !is_canonical_address(evc->sysenter_callback_eip) || + !is_canonical_address(evc->syscall32_callback_eip) ) + goto ext_vcpucontext_out; fixup_guest_code_selector(d, evc->sysenter_callback_cs); v->arch.pv_vcpu.sysenter_callback_cs = evc->sysenter_callback_cs; |