diff options
author | Linus Torvalds | 2012-11-12 17:37:53 -0800 |
---|---|---|
committer | Linus Torvalds | 2012-11-12 17:37:53 -0800 |
commit | 9924a1992a86ebdb7ca36ef790d2ba0da506296c (patch) | |
tree | 22aaeaeb38a3d5d77e2b8303ffe25e581ee172a3 | |
parent | 946edc47b6106e7fbacac667fdf26d858231c7c4 (diff) | |
parent | 6d1068b3a98519247d8ba4ec85cd40ac136dbdf9 (diff) |
Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fix from Marcelo Tosatti:
"A correction for user triggerable oops"
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)
-rw-r--r-- | arch/x86/kvm/cpuid.h | 3 | ||||
-rw-r--r-- | arch/x86/kvm/x86.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index a10e46016851..58fc51488828 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -24,6 +24,9 @@ static inline bool guest_cpuid_has_xsave(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; + if (!static_cpu_has(X86_FEATURE_XSAVE)) + return 0; + best = kvm_find_cpuid_entry(vcpu, 1, 0); return best && (best->ecx & bit(X86_FEATURE_XSAVE)); } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 224a7e78cb6c..4f7641756be2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5781,6 +5781,9 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu, int pending_vec, max_bits, idx; struct desc_ptr dt; + if (!guest_cpuid_has_xsave(vcpu) && (sregs->cr4 & X86_CR4_OSXSAVE)) + return -EINVAL; + dt.size = sregs->idt.limit; dt.address = sregs->idt.base; kvm_x86_ops->set_idt(vcpu, &dt); |