motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-08 02:03:56 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

target/i386: check validity of VMCB addresses

Browse source 
MSR_VM_HSAVE_PA bits 0-11 are reserved, as are the bits above the
maximum physical address width of the processor.  Setting them to
1 causes a #GP (see "15.30.4 VM_HSAVE_PA MSR" in the AMD manual).

The same is true of VMCB addresses passed to VMRUN/VMLOAD/VMSAVE,
even though the manual is not clear on that.

Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11 ("target/i386: Use atomic operations for pte updates", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2023-12-22 17:47:38 +01:00
parent 68fb78d7d5
commit d09c79010f
2 changed files with 24 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
target/i386/tcg/sysemu/misc_helper.c
View file

@ -212,6 +212,9 @@ void helper_wrmsr(CPUX86State *env)
tlb_flush(cs);
break;
case MSR_VM_HSAVE_PA:
if (val & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) {
goto error;
}
env->vm_hsave = val;
break;
#ifdef TARGET_X86_64