KVM: VMX: make rmode_segment_valid() more strict.
authorGleb Natapov <gleb@redhat.com>
Thu, 20 Dec 2012 14:57:44 +0000 (16:57 +0200)
committerMarcelo Tosatti <mtosatti@redhat.com>
Wed, 2 Jan 2013 21:36:28 +0000 (19:36 -0200)
Currently it allows entering vm86 mode if segment limit is greater than
0xffff and db bit is set. Both of those can cause incorrect execution of
instruction by cpu since in vm86 mode limit will be set to 0xffff and db
will be forced to 0.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
arch/x86/kvm/vmx.c

index 23d5aec78073ab6e225ffc81485b9f2d41f6d430..7ebcac25725b7484b95728c6bf8ed5c27c447d18 100644 (file)
@@ -3341,15 +3341,13 @@ static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg)
 
        vmx_get_segment(vcpu, &var, seg);
        var.dpl = 0x3;
-       var.g = 0;
-       var.db = 0;
        if (seg == VCPU_SREG_CS)
                var.type = 0x3;
        ar = vmx_segment_access_rights(&var);
 
        if (var.base != (var.selector << 4))
                return false;
-       if (var.limit < 0xffff)
+       if (var.limit != 0xffff)
                return false;
        if (ar != 0xf3)
                return false;