diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-09-30 14:17:46 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-09-30 14:17:46 +0200 |
commit | 6bb838e7375f5b031e9ac346b353775c90de45dc (patch) | |
tree | 9a3a447fa05f3e3462b8c1cbc279aa7229a4ca98 /xen/arch/x86/hvm/hvm.c | |
parent | 0a6b415d5212af68249ddf41a20dfc3998c8d670 (diff) | |
download | xen-6bb838e7375f5b031e9ac346b353775c90de45dc.tar.gz xen-6bb838e7375f5b031e9ac346b353775c90de45dc.tar.bz2 xen-6bb838e7375f5b031e9ac346b353775c90de45dc.zip |
x86: properly handle hvm_copy_from_guest_{phys,virt}() errors
Ignoring them generally implies using uninitialized data and, in all
but two of the cases dealt with here, potentially leaking hypervisor
stack contents to guests.
This is CVE-2013-4355 / XSA-63.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Diffstat (limited to 'xen/arch/x86/hvm/hvm.c')
-rw-r--r-- | xen/arch/x86/hvm/hvm.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 150b0ec460..bf807bf7c8 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -2310,11 +2310,7 @@ void hvm_task_switch( rc = hvm_copy_from_guest_virt( &tss, prev_tr.base, sizeof(tss), PFEC_page_present); - if ( rc == HVMCOPY_bad_gva_to_gfn ) - goto out; - if ( rc == HVMCOPY_gfn_paged_out ) - goto out; - if ( rc == HVMCOPY_gfn_shared ) + if ( rc != HVMCOPY_okay ) goto out; eflags = regs->eflags; @@ -2359,13 +2355,11 @@ void hvm_task_switch( rc = hvm_copy_from_guest_virt( &tss, tr.base, sizeof(tss), PFEC_page_present); - if ( rc == HVMCOPY_bad_gva_to_gfn ) - goto out; - if ( rc == HVMCOPY_gfn_paged_out ) - goto out; - /* Note: this could be optimised, if the callee functions knew we want RO - * access */ - if ( rc == HVMCOPY_gfn_shared ) + /* + * Note: The HVMCOPY_gfn_shared case could be optimised, if the callee + * functions knew we want RO access. + */ + if ( rc != HVMCOPY_okay ) goto out; |