KVM: x86: Emulator fixes for eip canonical checks on near branches - pm24.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Nadav Amit <namit@cs.technion.ac.il>	2014-09-18 22:39:38 +0300
committer	Paolo Bonzini <pbonzini@redhat.com>	2014-10-24 13:21:16 +0200
commit	234f3ce485d54017f15cf5e0699cff4100121601 (patch)
tree	62918ccdcac761cf86db931110482b089c905abb /COPYING
parent	05c83ec9b73c8124555b706f6af777b10adf0862 (diff)

KVM: x86: Emulator fixes for eip canonical checks on near branches

Before changing rip (during jmp, call, ret, etc.) the target should be asserted to be canonical one, as real CPUs do. During sysret, both target rsp and rip should be canonical. If any of these values is noncanonical, a #GP exception should occur. The exception to this rule are syscall and sysenter instructions in which the assigned rip is checked during the assignment to the relevant MSRs. This patch fixes the emulator to behave as real CPUs do for near branches. Far branches are handled by the next patch. This fixes CVE-2014-3647. Cc: stable@vger.kernel.org Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'COPYING')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: