From 020be4626281b084eed17894c94c405fe45c9646 Mon Sep 17 00:00:00 2001
From: Ingo Molnar <mingo@elte.hu>
Date: Fri, 5 Jan 2007 16:36:59 -0800
Subject: [PATCH] --- yaml --- r: 45293 b: refs/heads/master c:
 d21225ee2b6fa9f7669526927f2e0bedebd90940 h: refs/heads/master i:   45291:
 60269bd3d8e95cb6f01948f9f34b65de3495acd8 v: v3

---
 [refs]                       |  2 +-
 trunk/drivers/kvm/kvm_main.c | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index 6babed9570ea..4b22bacb6bac 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 760db773fbd0ad2ece89393218c4a4213b5bae6a
+refs/heads/master: d21225ee2b6fa9f7669526927f2e0bedebd90940
diff --git a/trunk/drivers/kvm/kvm_main.c b/trunk/drivers/kvm/kvm_main.c
index 0675d3e51692..67c1154960f0 100644
--- a/trunk/drivers/kvm/kvm_main.c
+++ b/trunk/drivers/kvm/kvm_main.c
@@ -463,7 +463,19 @@ void set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 
 	vcpu->cr3 = cr3;
 	spin_lock(&vcpu->kvm->lock);
-	vcpu->mmu.new_cr3(vcpu);
+	/*
+	 * Does the new cr3 value map to physical memory? (Note, we
+	 * catch an invalid cr3 even in real-mode, because it would
+	 * cause trouble later on when we turn on paging anyway.)
+	 *
+	 * A real CPU would silently accept an invalid cr3 and would
+	 * attempt to use it - with largely undefined (and often hard
+	 * to debug) behavior on the guest side.
+	 */
+	if (unlikely(!gfn_to_memslot(vcpu->kvm, cr3 >> PAGE_SHIFT)))
+		inject_gp(vcpu);
+	else
+		vcpu->mmu.new_cr3(vcpu);
 	spin_unlock(&vcpu->kvm->lock);
 }
 EXPORT_SYMBOL_GPL(set_cr3);