diff options
author | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-12-07 18:15:36 +0000 |
---|---|---|
committer | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-12-07 18:15:36 +0000 |
commit | 0b97134b2911d0e5d6789de70a3c70fab4dbde6e (patch) | |
tree | d9ee699e78b2befac88239d8becbeec16505c439 | |
parent | slirp: fix CVE 2007-5729 (diff) | |
download | qemu-kvm-0b97134b2911d0e5d6789de70a3c70fab4dbde6e.tar.gz qemu-kvm-0b97134b2911d0e5d6789de70a3c70fab4dbde6e.tar.bz2 qemu-kvm-0b97134b2911d0e5d6789de70a3c70fab4dbde6e.zip |
target-i386: fix CVE-2007-1322
The icebp instruction can be abused to terminate the emulation,
resulting in denial of service.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5921 c046a42c-6fe2-441c-8c8c-71466251a162
-rw-r--r-- | target-i386/translate.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/target-i386/translate.c b/target-i386/translate.c index 612811b02..423fca380 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -6564,6 +6564,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) gen_jmp_im(pc_start - s->cs_base); gen_helper_into(tcg_const_i32(s->pc - pc_start)); break; +#ifdef WANT_ICEBP case 0xf1: /* icebp (undocumented, exits to external debugger) */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP); #if 1 @@ -6574,6 +6575,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM); #endif break; +#endif case 0xfa: /* cli */ if (!s->vm86) { if (s->cpl <= s->iopl) { |