On Wed, Feb 17, 2021 at 09:21:05AM +0100, Jan Beulich wrote:
> Bring them (back) in line with __{get,put}_guest().
>
> Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Roger Pau Monné <roger....@citrix.com>
>
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -1649,19 +1649,19 @@ static void load_segments(struct vcpu *n
>
> if ( !ring_1(regs) )
> {
> - ret = put_user(regs->ss, esp-1);
> - ret |= put_user(regs->esp, esp-2);
> + ret = put_guest(regs->ss, esp - 1);
> + ret |= put_guest(regs->esp, esp - 2);
> esp -= 2;
> }
>
> if ( ret |
> - put_user(rflags, esp-1) |
> - put_user(cs_and_mask, esp-2) |
> - put_user(regs->eip, esp-3) |
> - put_user(uregs->gs, esp-4) |
> - put_user(uregs->fs, esp-5) |
> - put_user(uregs->es, esp-6) |
> - put_user(uregs->ds, esp-7) )
> + put_guest(rflags, esp - 1) |
> + put_guest(cs_and_mask, esp - 2) |
> + put_guest(regs->eip, esp - 3) |
> + put_guest(uregs->gs, esp - 4) |
> + put_guest(uregs->fs, esp - 5) |
> + put_guest(uregs->es, esp - 6) |
> + put_guest(uregs->ds, esp - 7) )
I wonder whether we could use put_unsafe here, but I assume there's
some kind of speculation attack also against stores?
Thanks, Roger.
