From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1L9OAN-0006wx-Cn
	for qemu-devel@nongnu.org; Sun, 07 Dec 2008 13:15:39 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1L9OAM-0006wQ-Tj
	for qemu-devel@nongnu.org; Sun, 07 Dec 2008 13:15:38 -0500
Received: from [199.232.76.173] (port=46000 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1L9OAM-0006wM-K8
	for qemu-devel@nongnu.org; Sun, 07 Dec 2008 13:15:38 -0500
Received: from savannah.gnu.org ([199.232.41.3]:39276 helo=sv.gnu.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <INVALID.NOREPLY@gnu.org>)
	id 1L9OAM-0008FR-Au
	for qemu-devel@nongnu.org; Sun, 07 Dec 2008 13:15:38 -0500
Received: from cvs.savannah.gnu.org ([199.232.41.69])
	by sv.gnu.org with esmtp (Exim 4.63)
	(envelope-from <INVALID.NOREPLY@gnu.org>) id 1L9OAL-0005td-Ns
	for qemu-devel@nongnu.org; Sun, 07 Dec 2008 18:15:37 +0000
Received: from aurel32 by cvs.savannah.gnu.org with local (Exim 4.63)
	(envelope-from <aurel32@savannah.gnu.org>) id 1L9OAL-0005tY-4u
	for qemu-devel@nongnu.org; Sun, 07 Dec 2008 18:15:37 +0000
MIME-Version: 1.0
Errors-To: aurel32
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Aurelien Jarno <aurelien@aurel32.net>
Message-Id: <E1L9OAL-0005tY-4u@cvs.savannah.gnu.org>
Date: Sun, 07 Dec 2008 18:15:37 +0000
Subject: [Qemu-devel] [5921] target-i386: fix CVE-2007-1322
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Revision: 5921
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=5921
Author:   aurel32
Date:     2008-12-07 18:15:36 +0000 (Sun, 07 Dec 2008)

Log Message:
-----------
target-i386: fix CVE-2007-1322

The icebp instruction can be abused to terminate the emulation,
resulting in denial of service.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Modified Paths:
--------------
    trunk/target-i386/translate.c

Modified: trunk/target-i386/translate.c
===================================================================
--- trunk/target-i386/translate.c	2008-12-07 18:15:23 UTC (rev 5920)
+++ trunk/target-i386/translate.c	2008-12-07 18:15:36 UTC (rev 5921)
@@ -6564,6 +6564,7 @@
         gen_jmp_im(pc_start - s->cs_base);
         gen_helper_into(tcg_const_i32(s->pc - pc_start));
         break;
+#ifdef WANT_ICEBP
     case 0xf1: /* icebp (undocumented, exits to external debugger) */
         gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
 #if 1
@@ -6574,6 +6575,7 @@
         cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
 #endif
         break;
+#endif
     case 0xfa: /* cli */
         if (!s->vm86) {
             if (s->cpl <= s->iopl) {