diff options
| author | Avi Kivity <avi@redhat.com> | 2009-09-01 05:03:25 -0400 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2009-09-10 11:11:10 -0400 |
| commit | 0a79b009525b160081d75cef5dbf45817956acf2 (patch) | |
| tree | 86dc2671cbd3326e92c8845ce699bdb651d785b5 | |
| parent | 4da748960a6bd7b1e123e01bfa8f2dbcb6be209e (diff) | |
KVM: VMX: Check cpl before emulating debug register access
Debug registers may only be accessed from cpl 0. Unfortunately, vmx will
code to emulate the instruction even though it was issued from guest
userspace, possibly leading to an unexpected trap later.
Cc: stable@kernel.org
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
| -rw-r--r-- | arch/x86/include/asm/kvm_host.h | 1 | ||||
| -rw-r--r-- | arch/x86/kvm/vmx.c | 2 | ||||
| -rw-r--r-- | arch/x86/kvm/x86.c | 13 |
3 files changed, 16 insertions, 0 deletions
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index e8f166a02c79..3be000435fad 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h | |||
| @@ -620,6 +620,7 @@ void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr); | |||
| 620 | void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code); | 620 | void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code); |
| 621 | void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2, | 621 | void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2, |
| 622 | u32 error_code); | 622 | u32 error_code); |
| 623 | bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl); | ||
| 623 | 624 | ||
| 624 | int kvm_pic_set_irq(void *opaque, int irq, int level); | 625 | int kvm_pic_set_irq(void *opaque, int irq, int level); |
| 625 | 626 | ||
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index cc6e00a9f724..f3812014bd0b 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c | |||
| @@ -2934,6 +2934,8 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) | |||
| 2934 | unsigned long val; | 2934 | unsigned long val; |
| 2935 | int dr, reg; | 2935 | int dr, reg; |
| 2936 | 2936 | ||
| 2937 | if (!kvm_require_cpl(vcpu, 0)) | ||
| 2938 | return 1; | ||
| 2937 | dr = vmcs_readl(GUEST_DR7); | 2939 | dr = vmcs_readl(GUEST_DR7); |
| 2938 | if (dr & DR7_GD) { | 2940 | if (dr & DR7_GD) { |
| 2939 | /* | 2941 | /* |
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 7627ff607a90..4137cc579ba5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c | |||
| @@ -223,6 +223,19 @@ void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code) | |||
| 223 | EXPORT_SYMBOL_GPL(kvm_queue_exception_e); | 223 | EXPORT_SYMBOL_GPL(kvm_queue_exception_e); |
| 224 | 224 | ||
| 225 | /* | 225 | /* |
| 226 | * Checks if cpl <= required_cpl; if true, return true. Otherwise queue | ||
| 227 | * a #GP and return false. | ||
| 228 | */ | ||
| 229 | bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl) | ||
| 230 | { | ||
| 231 | if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl) | ||
| 232 | return true; | ||
| 233 | kvm_queue_exception_e(vcpu, GP_VECTOR, 0); | ||
| 234 | return false; | ||
| 235 | } | ||
| 236 | EXPORT_SYMBOL_GPL(kvm_require_cpl); | ||
| 237 | |||
| 238 | /* | ||
| 226 | * Load the pae pdptrs. Return true is they are all valid. | 239 | * Load the pae pdptrs. Return true is they are all valid. |
| 227 | */ | 240 | */ |
| 228 | int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3) | 241 | int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3) |