From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 16 Oct 2022 16:24:09 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v5.4.219~87
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7df4278fb4db6f5e038ec12e8b2a41be3a652185;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	kvm-x86-emulator-fix-handing-of-pop-ss-to-correctly-set-interruptibility.patch
---

diff --git a/queue-4.9/kvm-x86-emulator-fix-handing-of-pop-ss-to-correctly-set-interruptibility.patch b/queue-4.9/kvm-x86-emulator-fix-handing-of-pop-ss-to-correctly-set-interruptibility.patch
new file mode 100644
index 00000000000..f46efbdbc8e
--- /dev/null
+++ b/queue-4.9/kvm-x86-emulator-fix-handing-of-pop-ss-to-correctly-set-interruptibility.patch
@@ -0,0 +1,34 @@
+From 6aa5c47c351b22c21205c87977c84809cd015fcf Mon Sep 17 00:00:00 2001
+From: Michal Luczaj <mhal@rbox.co>
+Date: Mon, 22 Aug 2022 00:06:47 +0200
+Subject: KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
+
+From: Michal Luczaj <mhal@rbox.co>
+
+commit 6aa5c47c351b22c21205c87977c84809cd015fcf upstream.
+
+The emulator checks the wrong variable while setting the CPU
+interruptibility state, the target segment is embedded in the instruction
+opcode, not the ModR/M register.  Fix the condition.
+
+Signed-off-by: Michal Luczaj <mhal@rbox.co>
+Fixes: a5457e7bcf9a ("KVM: emulate: POP SS triggers a MOV SS shadow too")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/all/20220821215900.1419215-1-mhal@rbox.co
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/emulate.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -1980,7 +1980,7 @@ static int em_pop_sreg(struct x86_emulat
+ 	if (rc != X86EMUL_CONTINUE)
+ 		return rc;
+ 
+-	if (ctxt->modrm_reg == VCPU_SREG_SS)
++	if (seg == VCPU_SREG_SS)
+ 		ctxt->interruptibility = KVM_X86_SHADOW_INT_MOV_SS;
+ 	if (ctxt->op_bytes > 2)
+ 		rsp_increment(ctxt, ctxt->op_bytes - 2);
diff --git a/queue-4.9/series b/queue-4.9/series
index f8fd6aa648b..81ad27043db 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -59,3 +59,4 @@ ext4-place-buffer-head-allocation-before-handle-start.patch
 ring-buffer-allow-splice-to-read-previous-partially-read-pages.patch
 ring-buffer-check-pending-waiters-when-doing-wake-ups-as-well.patch
 ring-buffer-fix-race-between-reset-page-and-reading-page.patch
+kvm-x86-emulator-fix-handing-of-pop-ss-to-correctly-set-interruptibility.patch