Overview

File 56e04674-x86-alternatives-correct-near-branch-check.patch of Package xen.2959

# Commit cd29140ef0e65a33d62e7f5ee843077e51913f01
# Date 2016-03-09 16:51:16 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/alternatives: correct near branch check

Make sure the near JMP/CALL check doesn't consume uninitialized
data, not even in a benign way. And relax the length check at once.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/arch/x86/alternative.c
+++ b/xen/arch/x86/alternative.c
@@ -175,7 +175,7 @@ static void __init apply_alternatives(st
         memcpy(insnbuf, replacement, a->replacementlen);
 
         /* 0xe8/0xe9 are relative branches; fix the offset. */
-        if ( (*insnbuf & 0xfe) == 0xe8 && a->replacementlen == 5 )
+        if ( a->replacementlen >= 5 && (*insnbuf & 0xfe) == 0xe8 )
             *(s32 *)(insnbuf + 1) += replacement - instr;
 
         add_nops(insnbuf + a->replacementlen,
openSUSE Build Service is sponsored by
Places