Re: [v6 PATCH 07/21] x86/insn-eval: Add utility function to get segment descriptor

From: Borislav Petkov
Date: Thu May 04 2017 - 07:02:48 EST


On Wed, Apr 26, 2017 at 02:51:56PM -0700, Ricardo Neri wrote:
> > > + seg >= current->active_mm->context.ldt->size)) {
> >
> > ldt->size is the size of the descriptor table but you've shifted seg by
> > 3. That selector index is shifted by 3 (to the left) to form an offset
> > into the descriptor table because the entries there are 8 bytes.
>
> I double-checked the ldt code and it seems to me that size refers to the
> number of entries in the table; it is always multiplied by
> LDT_ENTRY_SIZE [1], [2]. Am I missing something?

No, you're not. I fell into that wrongly named struct member trap.

So ldt_struct.size should actually be called ldt_struct.n_entries or
similar. Because what's in there is now is not "size".

And then code like

new_ldt->size * LDT_ENTRY_SIZE

would make much more sense if written like this:

new_ldt->n_entries * LDT_ENTRY_SIZE

Would you fix that in a prepatch pls?

Thanks.

--
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--