diff options
| author | Gleb Natapov <gleb@redhat.com> | 2010-02-25 05:43:08 -0500 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2010-04-25 06:53:35 -0400 |
| commit | 254d4d48a56925622a5592ad590a738735b66135 (patch) | |
| tree | 050e2d5e924a5423916aa79ea3d9a265b282c038 /arch | |
| parent | d6ab1ed44627c91d0a857a430b7ec4ed8648c7a5 (diff) | |
KVM: fix segment_base() error checking
fix segment_base() to properly check for null segment selector and
avoid accessing NULL pointer if ldt selector in null.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/kvm/x86.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e07b243055f8..814e72a02eff 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c | |||
| @@ -230,7 +230,7 @@ unsigned long segment_base(u16 selector) | |||
| 230 | unsigned long table_base; | 230 | unsigned long table_base; |
| 231 | unsigned long v; | 231 | unsigned long v; |
| 232 | 232 | ||
| 233 | if (selector == 0) | 233 | if (!(selector & ~3)) |
| 234 | return 0; | 234 | return 0; |
| 235 | 235 | ||
| 236 | native_store_gdt(&gdt); | 236 | native_store_gdt(&gdt); |
| @@ -239,6 +239,8 @@ unsigned long segment_base(u16 selector) | |||
| 239 | if (selector & 4) { /* from ldt */ | 239 | if (selector & 4) { /* from ldt */ |
| 240 | u16 ldt_selector = kvm_read_ldt(); | 240 | u16 ldt_selector = kvm_read_ldt(); |
| 241 | 241 | ||
| 242 | if (!(ldt_selector & ~3)) | ||
| 243 | return 0; | ||
| 242 | table_base = segment_base(ldt_selector); | 244 | table_base = segment_base(ldt_selector); |
| 243 | } | 245 | } |
| 244 | d = (struct desc_struct *)(table_base + (selector & ~7)); | 246 | d = (struct desc_struct *)(table_base + (selector & ~7)); |