From 12597da1a7fefcad1f51f588abf2da972c47257f Mon Sep 17 00:00:00 2001
From: "Ian.Campbell@xensource.com" <Ian.Campbell@xensource.com>
Date: Wed, 22 Feb 2006 15:13:48 +0000
Subject: [PATCH] Validate the segment selectors passed to
 arch_set_info_guest().

Signed-off-by: Ian Campbell <Ian.Campbell@XenSource.com>
---
 xen/arch/x86/domain.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 4265d3f8bb..1c083fcb67 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -356,9 +356,15 @@ int arch_set_info_guest(
      */
     if ( !(c->flags & VGCF_HVM_GUEST) )
     {
-        if ( ((c->user_regs.cs & 3) == 0) ||
-             ((c->user_regs.ss & 3) == 0) )
+        if ( ((c->user_regs.ss & 3) == 0) ||
+             !VALID_CODESEL(c->user_regs.cs) ||
+             !VALID_CODESEL(c->event_callback_cs) ||
+             !VALID_CODESEL(c->failsafe_callback_cs) )
             return -EINVAL;
+
+        for ( i = 0; i < 256; i++ )
+            if ( !VALID_CODESEL(c->trap_ctxt[i].cs) )
+                return -EINVAL;
     }
     else if ( !hvm_enabled )
       return -EINVAL;
-- 
2.30.2