target-i386: fix CVE-2007-1322
The icebp instruction can be abused to terminate the emulation, resulting in denial of service. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5921 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
parent
e8e880a72e
commit
0b97134b29
@ -6564,6 +6564,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
|
|||||||
gen_jmp_im(pc_start - s->cs_base);
|
gen_jmp_im(pc_start - s->cs_base);
|
||||||
gen_helper_into(tcg_const_i32(s->pc - pc_start));
|
gen_helper_into(tcg_const_i32(s->pc - pc_start));
|
||||||
break;
|
break;
|
||||||
|
#ifdef WANT_ICEBP
|
||||||
case 0xf1: /* icebp (undocumented, exits to external debugger) */
|
case 0xf1: /* icebp (undocumented, exits to external debugger) */
|
||||||
gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
|
gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
|
||||||
#if 1
|
#if 1
|
||||||
@ -6574,6 +6575,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
|
|||||||
cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
|
cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
case 0xfa: /* cli */
|
case 0xfa: /* cli */
|
||||||
if (!s->vm86) {
|
if (!s->vm86) {
|
||||||
if (s->cpl <= s->iopl) {
|
if (s->cpl <= s->iopl) {
|
||||||
|
Loading…
Reference in New Issue
Block a user