[Pkg-xen-changes] [xen] 36/48: x86emul: only emulate software interrupt injection for real mode
Ian James Campbell
ijc at moszumanska.debian.org
Tue Dec 9 12:49:27 UTC 2014
This is an automated email from the git hooks/post-receive script.
ijc pushed a commit to branch feature/patch-names
in repository xen.
commit 248a718c806b0ab790f10e230ef177746dd2f828
Author: Jan Beulich <jbeulich at suse.com>
Date: Tue Sep 23 14:40:51 2014 +0200
x86emul: only emulate software interrupt injection for real mode
Protected mode emulation currently lacks proper privilege checking of
the referenced IDT entry, and there's currently no legitimate way for
any of the respective instructions to reach the emulator when the guest
is in protected mode.
This is XSA-106.
Reported-by: Andrei LUTAS <vlutas at bitdefender.com>
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Acked-by: Keir Fraser <keir at xen.org>
master commit: 346d4545569928b652c40c7815c1732676f8587c
master date: 2014-09-23 14:33:50 +0200
Patch-Name: xsa106.diff
---
xen/arch/x86/x86_emulate/x86_emulate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 4810e68..5fbe024 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2634,6 +2634,7 @@ x86_emulate(
case 0xcd: /* int imm8 */
src.val = insn_fetch_type(uint8_t);
swint:
+ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
fail_if(ops->inject_sw_interrupt == NULL);
rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
ctxt) ? : X86EMUL_EXCEPTION;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list