Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 08da44aedba0f493e10695fa334348a7a4f72eb3

Authored by Nadav Amit
Committed by Paolo Bonzini
1 parent 2bc19dc375
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

KVM: x86: Decoding guest instructions which cross page boundary may fail 

Once an instruction crosses a page boundary, the size read from the second page
disregards the common case that part of the operand resides on the first page.
As a result, fetch of long insturctions may fail, and thereby cause the
decoding to fail as well.

Cc: stable@vger.kernel.org
Fixes: 5cfc7e0f5e5e1adf998df94f8e36edaf5d30d38e
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Showing 1 changed file with 4 additions and 2 deletions Side-by-side Diff

arch/x86/kvm/emulate.c
Diff comments   View file @ 08da44a
... ... @@ -778,8 +778,10 @@
778 778 static __always_inline int do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt,
779 779 unsigned size)
780 780 {
781   - if (unlikely(ctxt->fetch.end - ctxt->fetch.ptr < size))
782   - return __do_insn_fetch_bytes(ctxt, size);
  781 + unsigned done_size = ctxt->fetch.end - ctxt->fetch.ptr;
  782 +
  783 + if (unlikely(done_size < size))
  784 + return __do_insn_fetch_bytes(ctxt, size - done_size);
783 785 else
784 786 return X86EMUL_CONTINUE;
785 787 }