diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | i386/i386/seg.h | 1 | ||||
-rw-r--r-- | i386/i386/user_ldt.c | 7 |
3 files changed, 11 insertions, 3 deletions
@@ -1,3 +1,9 @@ +2007-07-08 Samuel Thibault <samuel.thibault@ens-lyon.org> + + * i386/i386/seg.h (SZ_64): New macro. + * i386/i386/user_ldt.c (selector_check, i386_set_gdt): Check + user-provided descriptor against SZ_64. + 2007-07-04 Samuel Thibault <samuel.thibault@ens-lyon.org> * i386/intel/pmap.c (pmap_enter): Use INTEL_PTE_NCACHE|INTEL_PTE_WTHRU diff --git a/i386/i386/seg.h b/i386/i386/seg.h index 9427d85..ad7a0f5 100644 --- a/i386/i386/seg.h +++ b/i386/i386/seg.h @@ -62,6 +62,7 @@ struct real_gate { #endif /* !__ASSEMBLER__ */ +#define SZ_64 0x2 /* 64-bit segment */ #define SZ_32 0x4 /* 32-bit segment */ #define SZ_16 0x0 /* 16-bit segment */ #define SZ_G 0x8 /* 4K limit field */ diff --git a/i386/i386/user_ldt.c b/i386/i386/user_ldt.c index f1b5f6b..7646c35 100644 --- a/i386/i386/user_ldt.c +++ b/i386/i386/user_ldt.c @@ -83,10 +83,10 @@ boolean_t selector_check(thread, sel, type) access = ldt->ldt[sel_idx(sel)].access; - if ((access & (ACC_P|ACC_PL|ACC_TYPE_USER)) + if ((access & (ACC_P|ACC_PL|ACC_TYPE_USER|SZ_64)) != (ACC_P|ACC_PL_U|ACC_TYPE_USER)) return FALSE; - /* present, pl == pl.user, not system */ + /* present, pl == pl.user, not system, not 64bits */ return acc_type[(access & 0xe)>>1][type]; } @@ -432,7 +432,8 @@ i386_set_gdt (thread_t thread, int *selector, struct real_descriptor desc) if ((desc.access & ACC_P) == 0) memset (&thread->pcb->ims.user_gdt[idx], 0, sizeof thread->pcb->ims.user_gdt[idx]); - else if ((desc.access & (ACC_TYPE_USER|ACC_PL)) != (ACC_TYPE_USER|ACC_PL_U)) + else if ((desc.access & (ACC_TYPE_USER|ACC_PL)) != (ACC_TYPE_USER|ACC_PL_U) || (desc.granularity & SZ_64)) + return KERN_INVALID_ARGUMENT; else thread->pcb->ims.user_gdt[idx] = desc; |