From patchwork Tue Mar 23 11:25:44 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Kiszka <jan.kiszka@web.de>
X-Patchwork-Id: 87602
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o2NBPm79015913
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue, 23 Mar 2010 11:25:48 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751739Ab0CWLZr (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 23 Mar 2010 07:25:47 -0400
Received: from fmmailgate02.web.de ([217.72.192.227]:47504 "EHLO
	fmmailgate02.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751008Ab0CWLZq (ORCPT <rfc822; kvm@vger.kernel.org>);
	Tue, 23 Mar 2010 07:25:46 -0400
Received: from smtp05.web.de (fmsmtp05.dlan.cinetic.de [172.20.4.166])
	by fmmailgate02.web.de (Postfix) with ESMTP id AC0501576B0F8;
	Tue, 23 Mar 2010 12:25:45 +0100 (CET)
Received: from [92.75.139.210] (helo=[192.168.1.10])
	by smtp05.web.de with asmtp (TLSv1:AES256-SHA:256)
	(WEB.DE 4.110 #4)
	id 1Nu2Ey-0002Ie-00; Tue, 23 Mar 2010 12:25:44 +0100
Message-ID: <4BA8A538.8040107@web.de>
Date: Tue, 23 Mar 2010 12:25:44 +0100
From: Jan Kiszka <jan.kiszka@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
	rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1
	Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Avi Kivity <avi@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>
CC: kvm <kvm@vger.kernel.org>
Subject: [PATCH v2] KVM: x86: Fix TSS size check for 16-bit tasks
References: <4BA74694.2080300@siemens.com>
In-Reply-To: <4BA74694.2080300@siemens.com>
X-Enigmail-Version: 0.95.7
X-Sender: jan.kiszka@web.de
X-Provags-ID: V01U2FsdGVkX18IKPxWsi+0FlQc5Q8HHDcGrwE0qTyRzINo4JH6
	fxoUQWNQEd54PDxfETc/BUIXZryWR84OS3FkKb9ENDFeEAx1ER qYwtH6pTc=
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Tue, 23 Mar 2010 11:25:49 +0000 (UTC)


diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 266576c..ab3fff5 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2355,6 +2355,7 @@ static int emulator_do_task_switch(struct x86_emulate_ctxt *ctxt,
 	u16 old_tss_sel = ops->get_segment_selector(VCPU_SREG_TR, ctxt->vcpu);
 	ulong old_tss_base =
 		get_cached_descriptor_base(ctxt, ops, VCPU_SREG_TR);
+	u32 desc_limit;
 
 	/* FIXME: old_tss_base == ~0 ? */
 
@@ -2375,7 +2376,10 @@ static int emulator_do_task_switch(struct x86_emulate_ctxt *ctxt,
 		}
 	}
 
-	if (!next_tss_desc.p || desc_limit_scaled(&next_tss_desc) < 0x67) {
+	desc_limit = desc_limit_scaled(&next_tss_desc);
+	if (!next_tss_desc.p ||
+	    ((desc_limit < 0x67 && (next_tss_desc.type & 8)) ||
+	     desc_limit < 0x2b)) {
 		kvm_queue_exception_e(ctxt->vcpu, TS_VECTOR,
 				      tss_selector & 0xfffc);
 		return X86EMUL_PROPAGATE_FAULT;