[28/45] KVM: VMX: Check cpl before emulating debug register access

From: Greg KH
Date: Tue Mar 30 2010 - 19:09:52 EST

Next message: Greg KH: "[45/45] hwmon: (coretemp) Add missing newline to dev_warn() message"
Previous message: Greg KH: "[37/45] V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()"
In reply to: Greg KH: "[37/45] V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()"
Next in thread: Greg KH: "[45/45] hwmon: (coretemp) Add missing newline to dev_warn() message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.27-stable review patch. If anyone has any objections, please let us know.

------------------

From: Avi Kivity <avi@xxxxxxxxxx>

commit 0a79b009525b160081d75cef5dbf45817956acf2 upstream.

Debug registers may only be accessed from cpl 0. Unfortunately, vmx will
code to emulate the instruction even though it was issued from guest
userspace, possibly leading to an unexpected trap later.

Signed-off-by: Avi Kivity <avi@xxxxxxxxxx>
Signed-off-by: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
arch/x86/kvm/vmx.c | 3 +++
arch/x86/kvm/x86.c | 13 +++++++++++++
include/asm-x86/kvm_host.h | 1 +
3 files changed, 17 insertions(+)

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2464,6 +2464,9 @@ static int handle_dr(struct kvm_vcpu *vc
unsigned long val;
int dr, reg;

+ if (!kvm_require_cpl(vcpu, 0))
+ return 1;
+
/*
* FIXME: this code assumes the host is debugging the guest.
* need to deal with guest debugging itself too.
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -198,6 +198,19 @@ static void __queue_exception(struct kvm
}

/*
+ * Checks if cpl <= required_cpl; if true, return true. Otherwise queue
+ * a #GP and return false.
+ */
+bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
+{
+ if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl)
+ return true;
+ kvm_queue_exception_e(vcpu, GP_VECTOR, 0);
+ return false;
+}
+EXPORT_SYMBOL_GPL(kvm_require_cpl);
+
+/*
* Load the pae pdptrs. Return true is they are all valid.
*/
int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3)
--- a/include/asm-x86/kvm_host.h
+++ b/include/asm-x86/kvm_host.h
@@ -537,6 +537,7 @@ void kvm_queue_exception(struct kvm_vcpu
void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code);
void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2,
u32 error_code);
+bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl);

void kvm_inject_nmi(struct kvm_vcpu *vcpu);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[45/45] hwmon: (coretemp) Add missing newline to dev_warn() message"
Previous message: Greg KH: "[37/45] V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()"
In reply to: Greg KH: "[37/45] V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()"
Next in thread: Greg KH: "[45/45] hwmon: (coretemp) Add missing newline to dev_warn() message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]