Skip to content

Commit

Permalink
Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Browse files Browse the repository at this point in the history 
Pull KVM fix from Marcelo Tosatti:
 "A correction for user triggerable oops"

* git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)
  • Loading branch information
@torvalds
torvalds committed Nov 13, 2012
2 parents 946edc4 + 6d1068b commit 9924a19
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions arch/x86/kvm/cpuid.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ static inline bool guest_cpuid_has_xsave(struct kvm_vcpu *vcpu)
{
struct kvm_cpuid_entry2 *best;

if (!static_cpu_has(X86_FEATURE_XSAVE))
return 0;

best = kvm_find_cpuid_entry(vcpu, 1, 0);
return best && (best->ecx & bit(X86_FEATURE_XSAVE));
}
Expand Down
3 changes: 3 additions & 0 deletions arch/x86/kvm/x86.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5781,6 +5781,9 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
int pending_vec, max_bits, idx;
struct desc_ptr dt;

if (!guest_cpuid_has_xsave(vcpu) && (sregs->cr4 & X86_CR4_OSXSAVE))
return -EINVAL;

dt.size = sregs->idt.limit;
dt.address = sregs->idt.base;
kvm_x86_ops->set_idt(vcpu, &dt);
Expand Down

0 comments on commit 9924a19

Please sign in to comment.