From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH v4 1/2] x86/hvm: fix segment validation
Date: Fri, 22 Nov 2013 14:25:21 +0000
Message-ID: <528F6951.9080700@citrix.com>
References: <DUB118-W117196BE785FA997AB5A479CE10@phx.gbl>
	<528DF45E.7050905@citrix.com>
	<20131121150355.GC89770@deinos.phlegethon.org>
	<528E219B.6060801@citrix.com>
	<20131121151308.GD89770@deinos.phlegethon.org>
	<20131121153231.GE89770@deinos.phlegethon.org>
	<528E5753.5020104@citrix.com>
	<528F53250200007800105C7C@nat28.tlf.novell.com>
	<20131122115453.GB86420@deinos.phlegethon.org>
	<528F764C0200007800105E41@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Andrew.Cooper3@citrix.com>) id 1Vjrfh-0006TI-UP
	for xen-devel@lists.xenproject.org; Fri, 22 Nov 2013 14:25:26 +0000
In-Reply-To: <528F764C0200007800105E41@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>, keir@xen.org, David Binderman <dcb314@hotmail.com>, Tim Deegan <tim@xen.org>
List-Id: xen-devel@lists.xenproject.org

On 22/11/13 14:20, Jan Beulich wrote:
> Also Coverity CID 1055180.
>     
> Reported-by: David Binderman <dcb314@hotmail.com>
> Signed-off-by: Tim Deegan <tim@xen.org>
>
> Use _SEGMENT_* instead of plain numbers and adjust a comment.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

>
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -2280,7 +2280,7 @@ static int hvm_load_segment_selector(
>              if ( !(desc.b & (1u<<11)) )
>                  goto unmap_and_fail;
>              /* Non-conforming segment: check DPL against RPL. */
> -            if ( ((desc.b & (6u<<9)) != 6) && (dpl != rpl) )
> +            if ( !(desc.b & _SEGMENT_EC) && (dpl != rpl) )
>                  goto unmap_and_fail;
>              break;
>          case x86_seg_ss:
> @@ -2299,8 +2299,13 @@ static int hvm_load_segment_selector(
>              /* Readable code or data segment? */
>              if ( (desc.b & (5u<<9)) == (4u<<9) )
>                  goto unmap_and_fail;
> -            /* Non-conforming segment: check DPL against RPL and CPL. */
> -            if ( ((desc.b & (6u<<9)) != 6) && ((dpl < cpl) || (dpl < rpl)) )
> +            /*
> +             * Data or non-conforming code segment:
> +             * check DPL against RPL and CPL.
> +             */
> +            if ( ((desc.b & (_SEGMENT_EC|_SEGMENT_CODE)) !=
> +                  (_SEGMENT_EC|_SEGMENT_CODE))
> +                 && ((dpl < cpl) || (dpl < rpl)) )
>                  goto unmap_and_fail;
>              break;
>          }
>
>
>