* [PATCH 2/5] KVM: nVMX: fix limit check for protected mode
@ 2015-08-20 19:36 Eugene Korenevsky
0 siblings, 0 replies; only message in thread
From: Eugene Korenevsky @ 2015-08-20 19:36 UTC (permalink / raw)
To: kvm; +Cc: Paolo Bonzini
Fix limit checking for all segment types except expand-down data segments.
The effective limit is the last address that is allowed to be accessed in the
segment. The condition for exceeding the limit should be
offset + operand_size - 1 > limit
For example, if offset == limit and operand size is one, there is no limit
exceeding (limit + 1 - 1 == limit), but if operand size is two, the limit
is exceeded (limit + 2 - 1 > limit).
Signed-off-by: Eugene Korenevsky <ekorenevsky@gmail.com>
---
arch/x86/kvm/vmx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 32d2979..faa05a4 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6377,7 +6377,7 @@ static int vmx_protmode_seg_check(struct kvm_vcpu *vcpu,
/* #GP(0)/#SS(0) if the segment is unusable. */
exn = (s->unusable != 0);
/* #GP(0)/#SS(0) if the memory operand is outside the segment limit. */
- exn = exn || (off + mem_op_size > s->limit);
+ exn = exn || (off + mem_op_size - 1 > s->limit);
if (exn) {
kvm_queue_exception_e(vcpu,
seg == VCPU_SREG_SS ?
--
2.1.4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-08-20 19:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-20 19:36 [PATCH 2/5] KVM: nVMX: fix limit check for protected mode Eugene Korenevsky
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.