[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] target/i386: fix interrupt CPL error when using ist
|
From: |
Wu Xiang |
|
Subject: |
[Qemu-devel] [PATCH] target/i386: fix interrupt CPL error when using ist in x86-64 |
|
Date: |
Wed, 21 Jun 2017 22:21:56 +0800 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
In do_interrupt64(), when interrupt stack table(ist) is enabled
and the the target code segment is conforming(e2 & DESC_C_MASK), the
old implementation always set new CPL to 0, and SS.RPL to 0.
This is incorrect for when CPL3 code access a CPL0 conforming code
segment, the CPL should remain unchanged. Otherwise higher privileged
code can be compromised.
The patch fix this for always set dpl = cpl when the target code segment
is conforming, and modify the last parameter `flags`, which contains
correct new CPL, in cpu_x86_load_seg_cache().
Signed-off-by: Wu Xiang <address@hidden>
---
target/i386/seg_helper.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/target/i386/seg_helper.c b/target/i386/seg_helper.c
index 0374031..9af69c2 100644
--- a/target/i386/seg_helper.c
+++ b/target/i386/seg_helper.c
@@ -931,12 +931,14 @@ static void do_interrupt64(CPUX86State *env, int intno,
int is_int,
}
new_stack = 0;
esp = env->regs[R_ESP];
- dpl = cpl;
} else {
raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
new_stack = 0; /* avoid warning */
esp = 0; /* avoid warning */
}
+ if (e2 & DESC_C_MASK) {
+ dpl = cpl;
+ }
esp &= ~0xfLL; /* align stack */
PUSHQ(esp, env->segs[R_SS].selector);
@@ -956,7 +958,7 @@ static void do_interrupt64(CPUX86State *env, int intno, int
is_int,
if (new_stack) {
ss = 0 | dpl;
- cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, 0);
+ cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, dpl << DESC_DPL_SHIFT);
}
env->regs[R_ESP] = esp;
--
2.7.4
- [Qemu-devel] [PATCH] target/i386: fix interrupt CPL error when using ist in x86-64,
Wu Xiang <=