--- /dev/null
+From 6aa5c47c351b22c21205c87977c84809cd015fcf Mon Sep 17 00:00:00 2001
+From: Michal Luczaj <mhal@rbox.co>
+Date: Mon, 22 Aug 2022 00:06:47 +0200
+Subject: KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
+
+From: Michal Luczaj <mhal@rbox.co>
+
+commit 6aa5c47c351b22c21205c87977c84809cd015fcf upstream.
+
+The emulator checks the wrong variable while setting the CPU
+interruptibility state, the target segment is embedded in the instruction
+opcode, not the ModR/M register. Fix the condition.
+
+Signed-off-by: Michal Luczaj <mhal@rbox.co>
+Fixes: a5457e7bcf9a ("KVM: emulate: POP SS triggers a MOV SS shadow too")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/all/20220821215900.1419215-1-mhal@rbox.co
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/emulate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -1980,7 +1980,7 @@ static int em_pop_sreg(struct x86_emulat
+ if (rc != X86EMUL_CONTINUE)
+ return rc;
+
+- if (ctxt->modrm_reg == VCPU_SREG_SS)
++ if (seg == VCPU_SREG_SS)
+ ctxt->interruptibility = KVM_X86_SHADOW_INT_MOV_SS;
+ if (ctxt->op_bytes > 2)
+ rsp_increment(ctxt, ctxt->op_bytes - 2);
projects / thirdparty / kernel / stable-queue.git / commitdiff
