From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH] KVM: x86: Fix TSS size check for 16-bit tasks
Date: Tue, 23 Mar 2010 12:25:10 +0200
Message-ID: <4BA89706.5090808@redhat.com>
References: <4BA74694.2080300@siemens.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>
To: Jan Kiszka <jan.kiszka@siemens.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:21959 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751437Ab0CWKZP (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 23 Mar 2010 06:25:15 -0400
In-Reply-To: <4BA74694.2080300@siemens.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 03/22/2010 12:29 PM, Jan Kiszka wrote:
> A 16-bit TSS is only 44 bytes long. So make sure to test for the correct
> size on task switch.
>    

> This should be stable material as well. I can provide a patch that
> applies on .32 and .33, or what will be the procedure?
>    

I'd like to drop the Cc: stable and maintain stable queues explicitly 
(in kvm-updates/2.6.3[23]).  I'll fast-forward these to current -stable, 
please send patches against them.  These branches will be autotested 
before submission, a step that is missing in the current scheme of things.

>
> -	if (!next_tss_desc.p || desc_limit_scaled(&next_tss_desc)<  0x67) {
> +	desc_limit = desc_limit_scaled(&next_tss_desc);
> +	if (!next_tss_desc.p ||
> +	    ((desc_limit<  0x67&&  (next_tss_desc.type&  8)) ||
> +	     desc_limit<  0x2c)) {
>    

A 44-byte TSS has a limit of 43 (just like a 4GB segment has a limit of 
0xffffffff), so there is an off-by-one here.

-- 
error compiling committee.c: too many arguments to function