[thirdparty/kernel/stable-queue.git] / releases / 3.18.3 / kvm-x86-em_ret_far-overrides-cpl.patch

From ab646f54f4fd1a8b9671b8707f0739fdd28ce2b1 Mon Sep 17 00:00:00 2001
From: Nadav Amit <nadav.amit@gmail.com>
Date: Thu, 11 Dec 2014 12:27:14 +0100
Subject: KVM: x86: em_ret_far overrides cpl

From: Nadav Amit <nadav.amit@gmail.com>

commit ab646f54f4fd1a8b9671b8707f0739fdd28ce2b1 upstream.

commit d50eaa18039b ("KVM: x86: Perform limit checks when assigning EIP")
mistakenly used zero as cpl on em_ret_far. Use the actual one.

Fixes: d50eaa18039b8b848c2285478d0775335ad5e930
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/emulate.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2128,7 +2128,7 @@ static int em_ret_far(struct x86_emulate
 	/* Outer-privilege level return is not implemented */
 	if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
 		return X86EMUL_UNHANDLEABLE;
-	rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false,
+	rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, cpl, false,
 				       &new_desc);
 	if (rc != X86EMUL_CONTINUE)
 		return rc;
Commit	Line	Data
9d8012c9 GKH	1	From ab646f54f4fd1a8b9671b8707f0739fdd28ce2b1 Mon Sep 17 00:00:00 2001
	2	From: Nadav Amit <nadav.amit@gmail.com>
	3	Date: Thu, 11 Dec 2014 12:27:14 +0100
	4	Subject: KVM: x86: em_ret_far overrides cpl
	5
	6	From: Nadav Amit <nadav.amit@gmail.com>
	7
	8	commit ab646f54f4fd1a8b9671b8707f0739fdd28ce2b1 upstream.
	9
	10	commit d50eaa18039b ("KVM: x86: Perform limit checks when assigning EIP")
	11	mistakenly used zero as cpl on em_ret_far. Use the actual one.
	12
	13	Fixes: d50eaa18039b8b848c2285478d0775335ad5e930
	14	Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
	15	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	16	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	17
	18	---
	19	arch/x86/kvm/emulate.c \| 2 +-
	20	1 file changed, 1 insertion(+), 1 deletion(-)
	21
	22	--- a/arch/x86/kvm/emulate.c
	23	+++ b/arch/x86/kvm/emulate.c
	24	@@ -2128,7 +2128,7 @@ static int em_ret_far(struct x86_emulate
	25	/* Outer-privilege level return is not implemented */
	26	if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
	27	return X86EMUL_UNHANDLEABLE;
	28	- rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false,
	29	+ rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, cpl, false,
	30	&new_desc);
	31	if (rc != X86EMUL_CONTINUE)
	32	return rc;