KVM: VMX: Fix host GDT.LIMIT corruption

vmx does not restore GDT.LIMIT to the host value, instead it sets it to 64KB. This means host userspace can learn a few bits of host memory. Fix by reloading GDTR when we load other host state. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
git-mirror · Aug 2, 2010 · 3444d7d · 3444d7d
1 parent 9a3aad7
commit 3444d7d
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
@@ -185,6 +185,7 @@ static void kvm_cpu_vmxoff(void);
 static DEFINE_PER_CPU(struct vmcs *, vmxarea);
 static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
 static DEFINE_PER_CPU(struct list_head, vcpus_on_cpu);
+static DEFINE_PER_CPU(struct desc_ptr, host_gdt);
 
 static unsigned long *vmx_io_bitmap_a;
 static unsigned long *vmx_io_bitmap_b;
@@ -871,6 +872,7 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
 #endif
 	if (current_thread_info()->status & TS_USEDFPU)
 		clts();
+	load_gdt(&__get_cpu_var(host_gdt));
 }
 
 static void vmx_load_host_state(struct vcpu_vmx *vmx)
@@ -1379,6 +1381,8 @@ static int hardware_enable(void *garbage)
 		ept_sync_global();
 	}
 
+	store_gdt(&__get_cpu_var(host_gdt));
+
 	return 0;
 }