KVM: VMX: Check cpl before emulating debug register access Debug registers may only be accessed from cpl 0. Unfortunately, vmx will code to emulate the instruction even though it was issued from guest userspace, possibly leading to an unexpected trap later. Cc: stable@kernel.org Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

commit: 0a79b009525b160081d75cef5dbf45817956acf2 [log] [tgz]
author: Avi Kivity <avi@redhat.com> Tue Sep 01 12:03:25 2009 +0300
committer: Avi Kivity <avi@redhat.com> Thu Sep 10 18:11:10 2009 +0300
tree: 86dc2671cbd3326e92c8845ce699bdb651d785b5
parent: 4da748960a6bd7b1e123e01bfa8f2dbcb6be209e [diff] [blame]
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index cc6e00a..f381201 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c

@@ -2934,6 +2934,8 @@
 	unsigned long val;
 	int dr, reg;
 
+	if (!kvm_require_cpl(vcpu, 0))
+		return 1;
 	dr = vmcs_readl(GUEST_DR7);
 	if (dr & DR7_GD) {
 		/*
commit	0a79b009525b160081d75cef5dbf45817956acf2	[log] [tgz]
author	Avi Kivity <avi@redhat.com>	Tue Sep 01 12:03:25 2009 +0300
committer	Avi Kivity <avi@redhat.com>	Thu Sep 10 18:11:10 2009 +0300
tree	86dc2671cbd3326e92c8845ce699bdb651d785b5
parent	4da748960a6bd7b1e123e01bfa8f2dbcb6be209e [diff] [blame]