* [Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()
@ 2019-12-19 20:42 Andrew Cooper
2019-12-20 12:08 ` Ian Jackson
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Cooper @ 2019-12-19 20:42 UTC (permalink / raw
To: Xen-devel; +Cc: Andrew Cooper, Wei Liu, Ian Jackson
The current logic only works by chance, in that XSAVE records also tend to be
a multiple of 128. Implement the missing logic for XSAVE.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Ian Jackson <Ian.Jackson@citrix.com>
CC: Wei Liu <wl@xen.org>
---
tools/libxc/xc_sr_restore_x86_pv.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tools/libxc/xc_sr_restore_x86_pv.c b/tools/libxc/xc_sr_restore_x86_pv.c
index 1a26f2205f..116a004726 100644
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -825,6 +825,15 @@ static int handle_x86_pv_vcpu_blob(struct xc_sr_context *ctx,
break;
case REC_TYPE_X86_PV_VCPU_XSAVE:
+ if ( blobsz < 128 )
+ {
+ ERROR("%s record too short: min %zu, got %u",
+ rec_name, sizeof(*vhdr) + 128, rec->length);
+ goto out;
+ }
+ break;
+
+ case REC_TYPE_X86_PV_VCPU_MSRS:
if ( blobsz % sizeof(xen_domctl_vcpu_msr_t) != 0 )
{
ERROR("%s record payload size %zu expected to be a multiple of %zu",
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()
2019-12-19 20:42 [Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob() Andrew Cooper
@ 2019-12-20 12:08 ` Ian Jackson
0 siblings, 0 replies; 2+ messages in thread
From: Ian Jackson @ 2019-12-20 12:08 UTC (permalink / raw
To: Andrew Cooper; +Cc: Xen-devel, Wei Liu
Andrew Cooper writes ("[PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()"):
> The current logic only works by chance, in that XSAVE records also tend to be
> a multiple of 128. Implement the missing logic for XSAVE.
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-12-20 12:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-19 20:42 [Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob() Andrew Cooper
2019-12-20 12:08 ` Ian Jackson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.