diff options
| author | Nadav Amit <namit@cs.technion.ac.il> | 2015-01-01 23:11:11 +0200 |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2015-04-27 20:25:29 +0200 |
| commit | 4483ef98b020b9d4cdafef95ee84b18eaccea61a (patch) | |
| tree | bce661eade7db049de34e58ea8e90009c12f5a86 /fs | |
| parent | 2fb11da9d9016f6c0a4fcb99b8ebd63495c79005 (diff) | |
KVM: x86: SYSENTER emulation is broken
commit f3747379accba8e95d70cec0eae0582c8c182050 upstream.
SYSENTER emulation is broken in several ways:
1. It misses the case of 16-bit code segments completely (CVE-2015-0239).
2. MSR_IA32_SYSENTER_CS is checked in 64-bit mode incorrectly (bits 0 and 1 can
still be set without causing #GP).
3. MSR_IA32_SYSENTER_EIP and MSR_IA32_SYSENTER_ESP are not masked in
legacy-mode.
4. There is some unneeded code.
Fix it.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[zhangzhiqiang: backport to 3.10:
- adjust context
- in 3.10 context "ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF)" is replaced by
"ctxt->eflags &= ~(EFLG_VM | EFLG_IF)" in upstream, which was changed by another commit.
- After the above adjustments, becomes same to the original patch:
https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050
]
Signed-off-by: Zhiqiang Zhang <zhangzhiqiang.zhang@huawei.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions