On Tue, May 11, 2010 at 07:52:41PM +0300, Mohammed Gamal wrote:
> - Add 's' and 'g' field checks on segment registers
> - Correct SS checks for request and descriptor privilege levels
>
> Signed-off-by: Mohammed Gamal <m.gamal005@xxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++----
> 1 files changed, 67 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 777e00d..9805c2a 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -2121,16 +2121,30 @@ static bool stack_segment_valid(struct kvm_vcpu *vcpu)
> vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
> ss_rpl = ss.selector & SELECTOR_RPL_MASK;
>
> - if (ss.unusable)
> + if (ss.dpl != ss_rpl) /* DPL != RPL */
> + return false;
> +
> + if (ss.unusable) /* Short-circuit */
> return true;
> +
> if (ss.type != 3 && ss.type != 7)
> return false;
> if (!ss.s)
> return false;
> - if (ss.dpl != ss_rpl) /* DPL != RPL */
> - return false;
> if (!ss.present)
> return false;
> + if (ss.limit & 0xfff00000) {
0x1fff limit and g==1 is valid, for example.
> + if ((ss.limit & 0xfff) < 0xfff)
> + return false;
> + if (!ss.g)
> + return false;
> + } else {
> + if ((ss.limit & 0xfff) == 0xfff)
> + return false;
!g segments can be up to 1Mbyte in size, and byte granular.
Please send as separate patches. Also, the limit checks could
be in a helper function since they are shared.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
