From patchwork Wed Aug 26 10:29:29 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Avi Kivity <avi@redhat.com>
X-Patchwork-Id: 44012
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n7QAlUYj018571
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed, 26 Aug 2009 10:47:33 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932757AbZHZKmA (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 26 Aug 2009 06:42:00 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932390AbZHZKl7
	(ORCPT <rfc822;kvm-outgoing>); Wed, 26 Aug 2009 06:41:59 -0400
Received: from mx1.redhat.com ([209.132.183.28]:25267 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756773AbZHZKaL (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 26 Aug 2009 06:30:11 -0400
Received: from int-mx06.intmail.prod.int.phx2.redhat.com
	(int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.19])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n7QAUDll019469;
	Wed, 26 Aug 2009 06:30:13 -0400
Received: from cleopatra.tlv.redhat.com (cleopatra.tlv.redhat.com
	[10.35.255.11])
	by int-mx06.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with
	ESMTP id n7QAUB2Y017237; Wed, 26 Aug 2009 06:30:12 -0400
Received: from localhost.localdomain (cleopatra.tlv.redhat.com
	[10.35.255.11])
	by cleopatra.tlv.redhat.com (Postfix) with ESMTP id D4A36250054;
	Wed, 26 Aug 2009 13:30:09 +0300 (IDT)
From: Avi Kivity <avi@redhat.com>
To: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH 07/47] KVM: fix EFER read buffer overflow
Date: Wed, 26 Aug 2009 13:29:29 +0300
Message-Id: <1251282609-12835-8-git-send-email-avi@redhat.com>
In-Reply-To: <1251282609-12835-1-git-send-email-avi@redhat.com>
References: <1251282609-12835-1-git-send-email-avi@redhat.com>
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.19
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

From: Roel Kluin <roel.kluin@gmail.com>

Check whether index is within bounds before grabbing the element.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: Avi Kivity <avi@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
---
 arch/x86/kvm/vmx.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 0ba706e..31c3a87 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -571,12 +571,15 @@ static void reload_tss(void)
 static void load_transition_efer(struct vcpu_vmx *vmx)
 {
 	int efer_offset = vmx->msr_offset_efer;
-	u64 host_efer = vmx->host_msrs[efer_offset].data;
-	u64 guest_efer = vmx->guest_msrs[efer_offset].data;
+	u64 host_efer;
+	u64 guest_efer;
 	u64 ignore_bits;
 
 	if (efer_offset < 0)
 		return;
+	host_efer = vmx->host_msrs[efer_offset].data;
+	guest_efer = vmx->guest_msrs[efer_offset].data;
+
 	/*
 	 * NX is emulated; LMA and LME handled by hardware; SCE meaninless
 	 * outside long mode