KVM: VMX: make rmode_segment_valid() more strict.

Currently it allows entering vm86 mode if segment limit is greater than 0xffff and db bit is set. Both of those can cause incorrect execution of instruction by cpu since in vm86 mode limit will be set to 0xffff and db will be forced to 0. Signed-off-by: N Gleb Natapov <gleb@redhat.com> Signed-off-by: N Marcelo Tosatti <mtosatti@redhat.com>

KVM: VMX: make rmode_segment_valid() more strict.
Currently it allows entering vm86 mode if segment limit is greater than 0xffff and db bit is set. Both of those can cause incorrect execution of instruction by cpu since in vm86 mode limit will be set to 0xffff and db will be forced to 0. Signed-off-by: N Gleb Natapov <gleb@redhat.com> Signed-off-by: N Marcelo Tosatti <mtosatti@redhat.com>
89efbed0 · Gleb Natapov · Marcelo Tosatti · 045a282c · 89efbed0
隐藏空白更改
内联并排

Showing with 1 addition and 3 deletion

arch/x86/kvm/vmx.c arch/x86/kvm/vmx.c +1 -3

未找到文件。
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3341,15 +3341,13 @@ static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg)

 	vmx_get_segment(vcpu, &var, seg);
 	var.dpl = 0x3;
-	var.g = 0;
-	var.db = 0;
 	if (seg == VCPU_SREG_CS)
 		var.type = 0x3;
 	ar = vmx_segment_access_rights(&var);

 	if (var.base != (var.selector << 4))
 		return false;
-	if (var.limit < 0xffff)
+	if (var.limit != 0xffff)
 		return false;
 	if (ar != 0xf3)
 		return false;