[PATCH v5 07/16] target/i386: Allow setting of R_LDTR and R_TR with cpu

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v5 07/16] target/i386: Allow setting of R_LDTR and R_TR with cpu_

From:	Roy Hopkins
Subject:	[PATCH v5 07/16] target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache()
Date:	Tue, 13 Aug 2024 16:01:09 +0100

The x86 segment registers are identified by the X86Seg enumeration which
includes LDTR and TR as well as the normal segment registers. The
function 'cpu_x86_load_seg_cache()' uses the enum to determine which
segment to set. However, specifying R_LDTR or R_TR results in an
out-of-bounds access of the segment array.

Possibly by coincidence, the function does correctly set LDTR or TR in
this case as the structures for these registers immediately follow the
array which is accessed out of bounds.

This patch adds correct handling for R_LDTR and R_TR in the function.

Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
---
 target/i386/cpu.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index c6cc035df3..227bf2600a 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2256,7 +2256,14 @@ static inline void cpu_x86_load_seg_cache(CPUX86State 
*env,
     SegmentCache *sc;
     unsigned int new_hflags;
 
-    sc = &env->segs[seg_reg];
+    if (seg_reg == R_LDTR) {
+        sc = &env->ldt;
+    } else if (seg_reg == R_TR) {
+        sc = &env->tr;
+    } else {
+        sc = &env->segs[seg_reg];
+    }
+
     sc->selector = selector;
     sc->base = base;
     sc->limit = limit;
-- 
2.43.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v5 00/16] Introduce support for IGVM files, Roy Hopkins, 2024/08/13
- [PATCH v5 01/16] meson: Add optional dependency on IGVM library, Roy Hopkins, 2024/08/13
  - Re: [PATCH v5 01/16] meson: Add optional dependency on IGVM library, Daniel P . Berrangé, 2024/08/19
- [PATCH v5 05/16] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM, Roy Hopkins, 2024/08/13
- [PATCH v5 06/16] sev: Update launch_update_data functions to use Error handling, Roy Hopkins, 2024/08/13
  - Re: [PATCH v5 06/16] sev: Update launch_update_data functions to use Error handling, Gupta, Pankaj, 2024/08/14
- [PATCH v5 03/16] backends/igvm: Add IGVM loader and configuration, Roy Hopkins, 2024/08/13
- [PATCH v5 07/16] target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache(), Roy Hopkins <=
- [PATCH v5 02/16] backends/confidential-guest-support: Add functions to support IGVM, Roy Hopkins, 2024/08/13
- [PATCH v5 04/16] hw/i386: Add igvm-cfg object and processing for IGVM files, Roy Hopkins, 2024/08/13
- [PATCH v5 08/16] i386/sev: Refactor setting of reset vector and initial CPU state, Roy Hopkins, 2024/08/13
- [PATCH v5 09/16] i386/sev: Implement ConfidentialGuestSupport functions for SEV, Roy Hopkins, 2024/08/13
- [PATCH v5 13/16] backends/igvm: Process initialization sections in IGVM file, Roy Hopkins, 2024/08/13
- [PATCH v5 14/16] backends/igvm: Handle policy for SEV guests, Roy Hopkins, 2024/08/13
- [PATCH v5 11/16] docs/interop/firmware.json: Add igvm to FirmwareDevice, Roy Hopkins, 2024/08/13
- [PATCH v5 15/16] i386/sev: Add implementation of CGS set_guest_policy(), Roy Hopkins, 2024/08/13
- [PATCH v5 12/16] backends/confidential-guest-support: Add set_guest_policy() function, Roy Hopkins, 2024/08/13
- [PATCH v5 16/16] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2, Roy Hopkins, 2024/08/13

Prev by Date: [PATCH v5 03/16] backends/igvm: Add IGVM loader and configuration
Next by Date: [PATCH v5 02/16] backends/confidential-guest-support: Add functions to support IGVM
Previous by thread: [PATCH v5 03/16] backends/igvm: Add IGVM loader and configuration
Next by thread: [PATCH v5 02/16] backends/confidential-guest-support: Add functions to support IGVM
Index(es):
- Date
- Thread