Avi Kivity wrote:
> On 03/22/2010 12:29 PM, Jan Kiszka wrote:
>> A 16-bit TSS is only 44 bytes long. So make sure to test for the correct
>> size on task switch.
>>
>
>> This should be stable material as well. I can provide a patch that
>> applies on .32 and .33, or what will be the procedure?
>>
>
> I'd like to drop the Cc: stable and maintain stable queues explicitly
> (in kvm-updates/2.6.3[23]). I'll fast-forward these to current -stable,
> please send patches against them. These branches will be autotested
> before submission, a step that is missing in the current scheme of things.
>
>>
>> - if (!next_tss_desc.p || desc_limit_scaled(&next_tss_desc)< 0x67) {
>> + desc_limit = desc_limit_scaled(&next_tss_desc);
>> + if (!next_tss_desc.p ||
>> + ((desc_limit< 0x67&& (next_tss_desc.type& 8)) ||
>> + desc_limit< 0x2c)) {
>>
>
> A 44-byte TSS has a limit of 43 (just like a 4GB segment has a limit of
> 0xffffffff), so there is an off-by-one here.
>
Right - you just found an (harmless) off-by-one in our legacy OS as well
(I blindly copied its limit).
Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
