KVM: fix segment_base() error checking
authorGleb Natapov <gleb@redhat.com>
Thu, 25 Feb 2010 10:43:08 +0000 (12:43 +0200)
committerAvi Kivity <avi@redhat.com>
Sun, 25 Apr 2010 10:53:35 +0000 (13:53 +0300)
fix segment_base() to properly check for null segment selector and
avoid accessing NULL pointer if ldt selector in null.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
arch/x86/kvm/x86.c

index e07b243055f835a35ee8db9f1a2b932dfc601208..814e72a02effcbf736f485dfc557e276944da91f 100644 (file)
@@ -230,7 +230,7 @@ unsigned long segment_base(u16 selector)
        unsigned long table_base;
        unsigned long v;
 
-       if (selector == 0)
+       if (!(selector & ~3))
                return 0;
 
        native_store_gdt(&gdt);
@@ -239,6 +239,8 @@ unsigned long segment_base(u16 selector)
        if (selector & 4) {           /* from ldt */
                u16 ldt_selector = kvm_read_ldt();
 
+               if (!(ldt_selector & ~3))
+                       return 0;
                table_base = segment_base(ldt_selector);
        }
        d = (struct desc_struct *)(table_base + (selector & ~7));