diff options
author | Roel Kluin <roel.kluin@gmail.com> | 2009-08-04 05:08:45 -0400 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2009-09-10 01:33:21 -0400 |
commit | 3a34a8810b2ed316bfe58fa53640e8d30de3f6c2 (patch) | |
tree | 8ddc7747bc7070d98b2746f4fad865f83e4d1996 | |
parent | 1f3ee616dd21ff155f781c35509229bf2788c072 (diff) |
KVM: fix EFER read buffer overflow
Check whether index is within bounds before grabbing the element.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: Avi Kivity <avi@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
-rw-r--r-- | arch/x86/kvm/vmx.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 0ba706e87c50..31c3a8740c42 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c | |||
@@ -571,12 +571,15 @@ static void reload_tss(void) | |||
571 | static void load_transition_efer(struct vcpu_vmx *vmx) | 571 | static void load_transition_efer(struct vcpu_vmx *vmx) |
572 | { | 572 | { |
573 | int efer_offset = vmx->msr_offset_efer; | 573 | int efer_offset = vmx->msr_offset_efer; |
574 | u64 host_efer = vmx->host_msrs[efer_offset].data; | 574 | u64 host_efer; |
575 | u64 guest_efer = vmx->guest_msrs[efer_offset].data; | 575 | u64 guest_efer; |
576 | u64 ignore_bits; | 576 | u64 ignore_bits; |
577 | 577 | ||
578 | if (efer_offset < 0) | 578 | if (efer_offset < 0) |
579 | return; | 579 | return; |
580 | host_efer = vmx->host_msrs[efer_offset].data; | ||
581 | guest_efer = vmx->guest_msrs[efer_offset].data; | ||
582 | |||
580 | /* | 583 | /* |
581 | * NX is emulated; LMA and LME handled by hardware; SCE meaninless | 584 | * NX is emulated; LMA and LME handled by hardware; SCE meaninless |
582 | * outside long mode | 585 | * outside long mode |