aboutsummaryrefslogtreecommitdiffstats
path: root/xen/arch/x86/traps.c
diff options
context:
space:
mode:
authorJan Beulich <jbeulich@suse.com>2012-06-18 17:02:01 +0200
committerJan Beulich <jbeulich@suse.com>2012-06-18 17:02:01 +0200
commit73db9f65daca15a4f052d19738d5a1947cc503bd (patch)
treebda3ff3c93359836def879669cfda066d087e043 /xen/arch/x86/traps.c
parent5f4acea2cec04e8e756ad3ab9291df098b4fb550 (diff)
downloadxen-73db9f65daca15a4f052d19738d5a1947cc503bd.tar.gz
xen-73db9f65daca15a4f052d19738d5a1947cc503bd.tar.bz2
xen-73db9f65daca15a4f052d19738d5a1947cc503bd.zip
x86-64: don't allow non-canonical addresses to be set for any callback
Rather than deferring the detection of these to the point where they get actually used (the fix for XSA-7, 25480:76eaf5966c05, causing a #GP to be raised by IRET, which invokes the guest's [fragile] fail-safe callback), don't even allow such to be set. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/arch/x86/traps.c')
-rw-r--r--xen/arch/x86/traps.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index d4fdf64e1d..2264583f14 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -3581,6 +3581,9 @@ long register_guest_nmi_callback(unsigned long address)
struct domain *d = v->domain;
struct trap_info *t = &v->arch.pv_vcpu.trap_ctxt[TRAP_nmi];
+ if ( !is_canonical_address(address) )
+ return -EINVAL;
+
t->vector = TRAP_nmi;
t->flags = 0;
t->cs = (is_pv_32on64_domain(d) ?
@@ -3708,6 +3711,9 @@ long do_set_trap_table(XEN_GUEST_HANDLE(const_trap_info_t) traps)
if ( cur.address == 0 )
break;
+ if ( !is_canonical_address(cur.address) )
+ return -EINVAL;
+
fixup_guest_code_selector(curr->domain, cur.cs);
memcpy(&dst[cur.vector], &cur, sizeof(cur));
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 02:11:01 +0000