From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@web.de>
Subject: Re: [PATCH] KVM: x86: Fix TSS size check for 16-bit tasks
Date: Tue, 23 Mar 2010 12:21:22 +0100
Message-ID: <4BA8A432.7070303@web.de>
References: <4BA74694.2080300@siemens.com> <4BA89706.5090808@redhat.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigCDAC63A9BC0F6ED9E88E39B8"
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from fmmailgate03.web.de ([217.72.192.234]:50823 "EHLO
	fmmailgate03.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751971Ab0CWLYF (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 23 Mar 2010 07:24:05 -0400
In-Reply-To: <4BA89706.5090808@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCDAC63A9BC0F6ED9E88E39B8
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Avi Kivity wrote:
> On 03/22/2010 12:29 PM, Jan Kiszka wrote:
>> A 16-bit TSS is only 44 bytes long. So make sure to test for the corre=
ct
>> size on task switch.
>>   =20
>=20
>> This should be stable material as well. I can provide a patch that
>> applies on .32 and .33, or what will be the procedure?
>>   =20
>=20
> I'd like to drop the Cc: stable and maintain stable queues explicitly
> (in kvm-updates/2.6.3[23]).  I'll fast-forward these to current -stable=
,
> please send patches against them.  These branches will be autotested
> before submission, a step that is missing in the current scheme of thin=
gs.
>=20
>>
>> -    if (!next_tss_desc.p || desc_limit_scaled(&next_tss_desc)<  0x67)=
 {
>> +    desc_limit =3D desc_limit_scaled(&next_tss_desc);
>> +    if (!next_tss_desc.p ||
>> +        ((desc_limit<  0x67&&  (next_tss_desc.type&  8)) ||
>> +         desc_limit<  0x2c)) {
>>   =20
>=20
> A 44-byte TSS has a limit of 43 (just like a 4GB segment has a limit of=

> 0xffffffff), so there is an off-by-one here.
>=20

Right - you just found an (harmless) off-by-one in our legacy OS as well
(I blindly copied its limit).

Jan


--------------enigCDAC63A9BC0F6ED9E88E39B8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkuopDIACgkQitSsb3rl5xTV0gCeN1W8a6kLifxk/jJFU8hNub/y
VhAAniR3kpNj9W2+YBwM4ViuS5O3v37W
=utni
-----END PGP SIGNATURE-----

--------------enigCDAC63A9BC0F6ED9E88E39B8--