[Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()

Andrew Cooper posted 1 patch 4 years, 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/xen tags/patchew/20191219204202.27849-1-andrew.cooper3@citrix.com
tools/libxc/xc_sr_restore_x86_pv.c | 9 +++++++++
1 file changed, 9 insertions(+)
[Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()
Posted by Andrew Cooper 4 years, 3 months ago
The current logic only works by chance, in that XSAVE records also tend to be
a multiple of 128.  Implement the missing logic for XSAVE.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Ian Jackson <Ian.Jackson@citrix.com>
CC: Wei Liu <wl@xen.org>
---
 tools/libxc/xc_sr_restore_x86_pv.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/libxc/xc_sr_restore_x86_pv.c b/tools/libxc/xc_sr_restore_x86_pv.c
index 1a26f2205f..116a004726 100644
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -825,6 +825,15 @@ static int handle_x86_pv_vcpu_blob(struct xc_sr_context *ctx,
         break;
 
     case REC_TYPE_X86_PV_VCPU_XSAVE:
+        if ( blobsz < 128 )
+        {
+            ERROR("%s record too short: min %zu, got %u",
+                  rec_name, sizeof(*vhdr) + 128, rec->length);
+            goto out;
+        }
+        break;
+
+    case REC_TYPE_X86_PV_VCPU_MSRS:
         if ( blobsz % sizeof(xen_domctl_vcpu_msr_t) != 0 )
         {
             ERROR("%s record payload size %zu expected to be a multiple of %zu",
-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()
Posted by Ian Jackson 4 years, 3 months ago
Andrew Cooper writes ("[PATCH] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()"):
> The current logic only works by chance, in that XSAVE records also tend to be
> a multiple of 128.  Implement the missing logic for XSAVE.

Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel