KVM: x86: Fix of previously incomplete fix for CVE-2014-8480

commit 63ea0a49ae0b145b91ff2b070c01b66fc75854b9 upstream. STR and SLDT with rip-relative operand can cause a host kernel oops. Mark them as DstMem as well. Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

KVM: x86: Fix of previously incomplete fix for CVE-2014-8480
commit 63ea0a49ae0b145b91ff2b070c01b66fc75854b9 upstream. STR and SLDT with rip-relative operand can cause a host kernel oops. Mark them as DstMem as well. Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nadav Amit · Greg Kroah-Hartman
1 parent cb2567bf3e
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
arch/x86/kvm/emulate.c
@@ -3777,8 +3777,8 @@
 };
  
 static const struct opcode group6[] = {
-	DI(Prot,	sldt),
-	DI(Prot,	str),
+	DI(Prot | DstMem,	sldt),
+	DI(Prot | DstMem,	str),
 	II(Prot | Priv | SrcMem16, em_lldt, lldt),
 	II(Prot | Priv | SrcMem16, em_ltr, ltr),
 	N, N, N, N,
...	...	@@ -3777,8 +3777,8 @@
3777	3777	};
3778	3778
3779	3779	static const struct opcode group6[] = {
3780		- DI(Prot, sldt),
3781		- DI(Prot, str),
	3780	+ DI(Prot \| DstMem, sldt),
	3781	+ DI(Prot \| DstMem, str),
3782	3782	II(Prot \| Priv \| SrcMem16, em_lldt, lldt),
3783	3783	II(Prot \| Priv \| SrcMem16, em_ltr, ltr),
3784	3784	N, N, N, N,