evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

KVM: x86: pop sreg accesses only 2 bytes

Browse source 
Although pop sreg updates RSP according to the operand size, only 2 bytes are
read.  The current behavior may result in incorrect #GP or #PF exceptions.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Nadav Amit 2014-12-25 02:52:17 +02:00 committed by Paolo Bonzini
parent fa4a2c080e
commit 3313bc4ee8
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
arch/x86/kvm/emulate.c
View file

@ -1828,12 +1828,14 @@ static int em_pop_sreg(struct x86_emulate_ctxt *ctxt)
unsigned long selector; unsigned long selector;
int rc; int rc;
rc = emulate_pop(ctxt, &selector, ctxt->op_bytes); rc = emulate_pop(ctxt, &selector, 2);
if (rc != X86EMUL_CONTINUE) if (rc != X86EMUL_CONTINUE)
return rc; return rc;
if (ctxt->modrm_reg == VCPU_SREG_SS) if (ctxt->modrm_reg == VCPU_SREG_SS)
ctxt->interruptibility = KVM_X86_SHADOW_INT_MOV_SS; ctxt->interruptibility = KVM_X86_SHADOW_INT_MOV_SS;
if (ctxt->op_bytes > 2)
rsp_increment(ctxt, ctxt->op_bytes - 2);
rc = load_segment_descriptor(ctxt, (u16)selector, seg); rc = load_segment_descriptor(ctxt, (u16)selector, seg);
return rc; return rc;