[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/3] x86/HVM: restrict emulation in hvm_descriptor_access_intercept()
On 13/04/17 15:51, Jan Beulich wrote: > While I did review d0a699a389 ("x86/monitor: add support for descriptor > access events") it didn't really occur to me that somone could be this > blunt and add unguarded emulation again just a few weeks after we > guarded all special purpose emulator invocations. Fix this. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Oops - I also omitted that point from my review checklist. I will endeavour not to make the same mistake again. > > --- a/xen/arch/x86/hvm/hvm.c > +++ b/xen/arch/x86/hvm/hvm.c > @@ -3598,6 +3598,28 @@ gp_fault: > return X86EMUL_EXCEPTION; > } > > +static bool is_sysdesc_access(const struct x86_emulate_state *state, > + const struct x86_emulate_ctxt *ctxt) > +{ > + unsigned int ext; > + int mode = x86_insn_modrm(state, NULL, &ext); Unfortunately, this is another example which Coverity will pick up on, along with the use of x86_insn_modrm() in is_invlpg(). In the case that we return -EINVAL, ext is uninitialised when it gets used below. Other than that, the change looks good. ~Andrew > + > + switch ( ctxt->opcode ) > + { > + case X86EMUL_OPC(0x0f, 0x00): > + if ( !(ext & 4) ) /* SLDT / STR / LLDT / LTR */ > + return true; > + break; > + > + case X86EMUL_OPC(0x0f, 0x01): > + if ( mode != 3 && !(ext & 4) ) /* SGDT / SIDT / LGDT / LIDT */ > + return true; > + break; > + } > + > + return false; > +} > + > int hvm_descriptor_access_intercept(uint64_t exit_info, > uint64_t vmx_exit_qualification, > unsigned int descriptor, bool is_write) _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |