[thirdparty/kernel/stable-queue.git] / releases / 2.6.32.12 / 0009-KVM-x86-Fix-TSS-size-check-for-16-bit-tasks.patch

From 2dbbf0c30bbb339e455b30db8ee13adb487e68f7 Mon Sep 17 00:00:00 2001
From: Jan Kiszka <jan.kiszka@siemens.com>
Date: Wed, 14 Apr 2010 16:57:11 +0200
Subject: KVM: x86: Fix TSS size check for 16-bit tasks

From: Jan Kiszka <jan.kiszka@siemens.com>

(Cherry-picked from commit e8861cfe2c75bdce36655b64d7ce02c2b31b604d)

A 16-bit TSS is only 44 bytes long. So make sure to test for the correct
size on task switch.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 arch/x86/kvm/x86.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4543,6 +4543,7 @@ int kvm_task_switch(struct kvm_vcpu *vcp
 	int ret = 0;
 	u32 old_tss_base = get_segment_base(vcpu, VCPU_SREG_TR);
 	u16 old_tss_sel = get_segment_selector(vcpu, VCPU_SREG_TR);
+	u32 desc_limit;
 
 	old_tss_base = kvm_mmu_gva_to_gpa_write(vcpu, old_tss_base, NULL);
 
@@ -4565,7 +4566,10 @@ int kvm_task_switch(struct kvm_vcpu *vcp
 		}
 	}
 
-	if (!nseg_desc.p || get_desc_limit(&nseg_desc) < 0x67) {
+	desc_limit = get_desc_limit(&nseg_desc);
+	if (!nseg_desc.p ||
+	    ((desc_limit < 0x67 && (nseg_desc.type & 8)) ||
+	     desc_limit < 0x2b)) {
 		kvm_queue_exception_e(vcpu, TS_VECTOR, tss_selector & 0xfffc);
 		return 1;
 	}
Commit	Line	Data
d7a00f6e GKH	1	From 2dbbf0c30bbb339e455b30db8ee13adb487e68f7 Mon Sep 17 00:00:00 2001
	2	From: Jan Kiszka <jan.kiszka@siemens.com>
	3	Date: Wed, 14 Apr 2010 16:57:11 +0200
	4	Subject: KVM: x86: Fix TSS size check for 16-bit tasks
	5
	6	From: Jan Kiszka <jan.kiszka@siemens.com>
	7
	8	(Cherry-picked from commit e8861cfe2c75bdce36655b64d7ce02c2b31b604d)
	9
	10	A 16-bit TSS is only 44 bytes long. So make sure to test for the correct
	11	size on task switch.
	12
	13	Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
	14	Signed-off-by: Avi Kivity <avi@redhat.com>
	15	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	16
	17	---
	18	arch/x86/kvm/x86.c \| 6 +++++-
	19	1 file changed, 5 insertions(+), 1 deletion(-)
	20
	21	--- a/arch/x86/kvm/x86.c
	22	+++ b/arch/x86/kvm/x86.c
	23	@@ -4543,6 +4543,7 @@ int kvm_task_switch(struct kvm_vcpu *vcp
	24	int ret = 0;
	25	u32 old_tss_base = get_segment_base(vcpu, VCPU_SREG_TR);
	26	u16 old_tss_sel = get_segment_selector(vcpu, VCPU_SREG_TR);
	27	+ u32 desc_limit;
	28
	29	old_tss_base = kvm_mmu_gva_to_gpa_write(vcpu, old_tss_base, NULL);
	30
	31	@@ -4565,7 +4566,10 @@ int kvm_task_switch(struct kvm_vcpu *vcp
	32	}
	33	}
	34
	35	- if (!nseg_desc.p \|\| get_desc_limit(&nseg_desc) < 0x67) {
	36	+ desc_limit = get_desc_limit(&nseg_desc);
	37	+ if (!nseg_desc.p \|\|
	38	+ ((desc_limit < 0x67 && (nseg_desc.type & 8)) \|\|
	39	+ desc_limit < 0x2b)) {
	40	kvm_queue_exception_e(vcpu, TS_VECTOR, tss_selector & 0xfffc);
	41	return 1;
	42	}