| commit | 885b7c44e4f8b7a012a92770a0dba8b238662caa | |
| author | Stanislav Shmarov <snarpix@gmail.com> | |
| Tue, 13 Sep 2016 13:23:28 +0000 (13 16:23 +0300) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Wed, 14 Sep 2016 20:52:44 +0000 (14 22:52 +0200) | ||
| tree | 8cea4b3ec7b87c187b7c31322d749e493299b713 | treesnapshot (tar.gz zip) |
| parent | 89d0a64f496fb4248885ebf75216c49337951540 | commitdiff |
target-i386: Fixed syscall posssible segfault
In user-mode emulation env->idt.base memory is
allocated in linux-user/main.c with
size 8*512 = 4096 (for 64-bit).
When fake interrupt EXCP_SYSCALL is thrown
do_interrupt_user checks destination privilege level
for this fake exception, and tries to read 4 bytes
at address base + (256 * 2^4)=4096, that causes
segfault.
Privlege level was checked only for int's, so lets
read dpl from memory only for this case.
Signed-off-by: Stanislav Shmarov <snarpix@gmail.com>
Message-Id: <1473773008-2588376-1-git-send-email-snarpix@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In user-mode emulation env->idt.base memory is
allocated in linux-user/main.c with
size 8*512 = 4096 (for 64-bit).
When fake interrupt EXCP_SYSCALL is thrown
do_interrupt_user checks destination privilege level
for this fake exception, and tries to read 4 bytes
at address base + (256 * 2^4)=4096, that causes
segfault.
Privlege level was checked only for int's, so lets
read dpl from memory only for this case.
Signed-off-by: Stanislav Shmarov <snarpix@gmail.com>
Message-Id: <1473773008-2588376-1-git-send-email-snarpix@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| target-i386/seg_helper.c | diffblobblamehistory |