summaryrefslogtreecommitdiff
path: root/mm
diff options
context:
space:
mode:
authorNadav Amit <namit@cs.technion.ac.il>2014-09-18 22:39:38 +0300
committerPaolo Bonzini <pbonzini@redhat.com>2014-10-24 13:21:16 +0200
commit234f3ce485d54017f15cf5e0699cff4100121601 (patch)
tree62918ccdcac761cf86db931110482b089c905abb /mm
parent05c83ec9b73c8124555b706f6af777b10adf0862 (diff)
KVM: x86: Emulator fixes for eip canonical checks on near branches
Before changing rip (during jmp, call, ret, etc.) the target should be asserted to be canonical one, as real CPUs do. During sysret, both target rsp and rip should be canonical. If any of these values is noncanonical, a #GP exception should occur. The exception to this rule are syscall and sysenter instructions in which the assigned rip is checked during the assignment to the relevant MSRs. This patch fixes the emulator to behave as real CPUs do for near branches. Far branches are handled by the next patch. This fixes CVE-2014-3647. Cc: stable@vger.kernel.org Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'mm')
0 files changed, 0 insertions, 0 deletions