ia64/xen-unstable

changeset 11082:80f364a5662f

[XEN] Fix bug in spurious pagefault detection which could
be exploited by unprivileged guests. Thanks to Matt Yourst
for finding this and providing the patch.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Thu Aug 10 15:51:38 2006 +0100 (2006-08-10)
parents 323eb29083e6
children 1d817bfc5ed9
files xen/arch/x86/traps.c
line diff
     1.1 --- a/xen/arch/x86/traps.c	Thu Aug 10 15:45:47 2006 +0100
     1.2 +++ b/xen/arch/x86/traps.c	Thu Aug 10 15:51:38 2006 +0100
     1.3 @@ -780,7 +780,7 @@ static int __spurious_page_fault(
     1.4      l4e = l4t[l4_table_offset(addr)];
     1.5      mfn = l4e_get_pfn(l4e);
     1.6      unmap_domain_page(l4t);
     1.7 -    if ( !(l4e_get_flags(l4e) & required_flags) ||
     1.8 +    if ( ((l4e_get_flags(l4e) & required_flags) != required_flags) ||
     1.9           (l4e_get_flags(l4e) & disallowed_flags) )
    1.10          return 0;
    1.11  #endif
    1.12 @@ -797,7 +797,7 @@ static int __spurious_page_fault(
    1.13      if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) )
    1.14          return 0;
    1.15  #else
    1.16 -    if ( !(l3e_get_flags(l3e) & required_flags) ||
    1.17 +    if ( ((l3e_get_flags(l3e) & required_flags) != required_flags) ||
    1.18           (l3e_get_flags(l3e) & disallowed_flags) )
    1.19          return 0;
    1.20  #endif
    1.21 @@ -807,7 +807,7 @@ static int __spurious_page_fault(
    1.22      l2e = l2t[l2_table_offset(addr)];
    1.23      mfn = l2e_get_pfn(l2e);
    1.24      unmap_domain_page(l2t);
    1.25 -    if ( !(l2e_get_flags(l2e) & required_flags) ||
    1.26 +    if ( ((l2e_get_flags(l2e) & required_flags) != required_flags) ||
    1.27           (l2e_get_flags(l2e) & disallowed_flags) )
    1.28          return 0;
    1.29      if ( l2e_get_flags(l2e) & _PAGE_PSE )
    1.30 @@ -820,7 +820,7 @@ static int __spurious_page_fault(
    1.31      l1e = l1t[l1_table_offset(addr)];
    1.32      mfn = l1e_get_pfn(l1e);
    1.33      unmap_domain_page(l1t);
    1.34 -    if ( !(l1e_get_flags(l1e) & required_flags) ||
    1.35 +    if ( ((l1e_get_flags(l1e) & required_flags) != required_flags) ||
    1.36           (l1e_get_flags(l1e) & disallowed_flags) )
    1.37          return 0;
    1.38