[IA64] Check slot for itr.d and itr.i and generate interrupt in case of error.

author Alex Williamson <alex.williamson@hp.com>

Mon, 17 Sep 2007 16:59:27 +0000 (10:59 -0600)

committer Alex Williamson <alex.williamson@hp.com>

Mon, 17 Sep 2007 16:59:27 +0000 (10:59 -0600)
author Alex Williamson <alex.williamson@hp.com>
Mon, 17 Sep 2007 16:59:27 +0000 (10:59 -0600)
committer Alex Williamson <alex.williamson@hp.com>
Mon, 17 Sep 2007 16:59:27 +0000 (10:59 -0600)
diff --git a/xen/arch/ia64/vmx/vmmu.c b/xen/arch/ia64/vmx/vmmu.c

index 8ab640f542ee6a71d5212a615395c005fc87db24..67075921a45169da7d4cf29a635098853be7ba99 100644 (file)
--- a/xen/arch/ia64/vmx/vmmu.c
+++ b/xen/arch/ia64/vmx/vmmu.c
@@ -403,6 +403,12 @@ IA64FAULT vmx_vcpu_itr_i(VCPU *vcpu, u64 slot, u64 pte, u64 itir, u64 ifa)
      }
      thash_purge_entries(vcpu, va, ps);
  #endif
+
+    if (slot >= NITRS) {
+        panic_domain(NULL, "bad itr.i slot (%ld)", slot);
+        return IA64_FAULT;
+    }
+        
      pte &= ~PAGE_FLAGS_RV_MASK;
      vcpu_get_rr(vcpu, va, &rid);
      rid = rid& RR_RID_MASK;
@@ -431,6 +437,12 @@ IA64FAULT vmx_vcpu_itr_d(VCPU *vcpu, u64 slot, u64 pte, u64 itir, u64 ifa)
          return IA64_FAULT;
      }
  #endif   
+
+    if (slot >= NDTRS) {
+        panic_domain(NULL, "bad itr.d slot (%ld)", slot);
+        return IA64_FAULT;
+    }
+
      pte &= ~PAGE_FLAGS_RV_MASK;
  
      /* This is a bad workaround
diff --git a/xen/arch/ia64/vmx/vmx_virt.c b/xen/arch/ia64/vmx/vmx_virt.c

index 181ee40d56b8796cce993251a99fd3c522a59585..0785992d0b77d1217a734a03da3f0010b80a9888 100644 (file)
--- a/xen/arch/ia64/vmx/vmx_virt.c
+++ b/xen/arch/ia64/vmx/vmx_virt.c
@@ -567,6 +567,7 @@ static IA64FAULT vmx_emul_tak(VCPU *vcpu, INST64 inst)
  static IA64FAULT vmx_emul_itr_d(VCPU *vcpu, INST64 inst)
  {
      u64 itir, ifa, pte, slot;
+    ISR isr;
  #ifdef  VMAL_NO_FAULT_CHECK
      IA64_PSR  vpsr;
      vpsr.val=vmx_vcpu_get_psr(vcpu);
@@ -575,7 +576,6 @@ static IA64FAULT vmx_emul_itr_d(VCPU *vcpu, INST64 inst)
          illegal_op(vcpu);
          return IA64_FAULT;
      }
-    ISR isr;
      if ( vpsr.cpl != 0) {
          /* Inject Privileged Operation fault into guest */
          set_privileged_operation_isr (vcpu, 0);
@@ -618,14 +618,22 @@ static IA64FAULT vmx_emul_itr_d(VCPU *vcpu, INST64 inst)
     }
  #endif // VMAL_NO_FAULT_CHECK
  
+    if (slot >= NDTRS) {
+        isr.val = set_isr_ei_ni(vcpu);
+        isr.code = IA64_RESERVED_REG_FAULT;
+        vcpu_set_isr(vcpu, isr.val);
+        rsv_reg_field(vcpu);
+        return IA64_FAULT;
+    }
+
      return (vmx_vcpu_itr_d(vcpu,slot,pte,itir,ifa));
  }
  
  static IA64FAULT vmx_emul_itr_i(VCPU *vcpu, INST64 inst)
  {
      u64 itir, ifa, pte, slot;
-#ifdef  VMAL_NO_FAULT_CHECK
      ISR isr;
+#ifdef  VMAL_NO_FAULT_CHECK
      IA64_PSR  vpsr;
      vpsr.val=vmx_vcpu_get_psr(vcpu);
      if ( vpsr.ic ) {
@@ -675,6 +683,14 @@ static IA64FAULT vmx_emul_itr_i(VCPU *vcpu, INST64 inst)
     }
  #endif // VMAL_NO_FAULT_CHECK
  
+    if (slot >= NITRS) {
+        isr.val = set_isr_ei_ni(vcpu);
+        isr.code = IA64_RESERVED_REG_FAULT;
+        vcpu_set_isr(vcpu, isr.val);
+        rsv_reg_field(vcpu);
+        return IA64_FAULT;
+    }
+ 
     return (vmx_vcpu_itr_i(vcpu,slot,pte,itir,ifa));
  }
author	Alex Williamson <alex.williamson@hp.com>
	Mon, 17 Sep 2007 16:59:27 +0000 (10:59 -0600)
committer	Alex Williamson <alex.williamson@hp.com>
	Mon, 17 Sep 2007 16:59:27 +0000 (10:59 -0600)
xen/arch/ia64/vmx/vmmu.c		patch \| blob \| history
xen/arch/ia64/vmx/vmx_virt.c		patch \| blob \| history