KVM: fix segment_base() error checking

fix segment_base() to properly check for null segment selector and avoid accessing NULL pointer if ldt selector in null. Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
author: Gleb Natapov <gleb@redhat.com> 2010-02-25 12:43:08 +0200
committer: Avi Kivity <avi@redhat.com> 2010-04-25 13:53:35 +0300
commit: 254d4d48a56925622a5592ad590a738735b66135 (patch)
tree: 050e2d5e924a5423916aa79ea3d9a265b282c038 /arch/x86/kvm/x86.c
parent: d6ab1ed44627c91d0a857a430b7ec4ed8648c7a5 (diff)
download: talos-op-linux-254d4d48a56925622a5592ad590a738735b66135.tar.gz
talos-op-linux-254d4d48a56925622a5592ad590a738735b66135.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e07b243055f8..814e72a02eff 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -230,7 +230,7 @@ unsigned long segment_base(u16 selector)
 	unsigned long table_base;
 	unsigned long v;
 
-	if (selector == 0)
+	if (!(selector & ~3))
 		return 0;
 
 	native_store_gdt(&gdt);
@@ -239,6 +239,8 @@ unsigned long segment_base(u16 selector)
 	if (selector & 4) {           /* from ldt */
 		u16 ldt_selector = kvm_read_ldt();
 
+		if (!(ldt_selector & ~3))
+			return 0;
 		table_base = segment_base(ldt_selector);
 	}
 	d = (struct desc_struct *)(table_base + (selector & ~7));
author	Gleb Natapov <gleb@redhat.com>	2010-02-25 12:43:08 +0200
committer	Avi Kivity <avi@redhat.com>	2010-04-25 13:53:35 +0300
commit	254d4d48a56925622a5592ad590a738735b66135 (patch)
tree	050e2d5e924a5423916aa79ea3d9a265b282c038 /arch/x86/kvm/x86.c
parent	d6ab1ed44627c91d0a857a430b7ec4ed8648c7a5 (diff)
download	talos-op-linux-254d4d48a56925622a5592ad590a738735b66135.tar.gz talos-op-linux-254d4d48a56925622a5592ad590a738735b66135.zip