Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

KVM: x86 emulator: limit instructions to 15 bytes

While we are never normally passed an instruction that exceeds 15 bytes,
smp games can cause us to attempt to interpret one, which will cause
large latencies in non-preempt hosts.

Cc: stable@kernel.org
Signed-off-by: Avi Kivity <avi@redhat.com>
Avi Kivity 15 years ago
parent
d7b0b5eb30
commit
eb3c79e64a
2 changed files with 5 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      arch/x86/include/asm/kvm_emulate.h
  2. 4 1
      arch/x86/kvm/emulate.c

+ 1 - 1
arch/x86/include/asm/kvm_emulate.h
View File 

@@ -129,7 +129,7 @@ struct decode_cache {
 
 	u8 seg_override;
 
 	unsigned int d;
 
 	unsigned long regs[NR_VCPU_REGS];
 
-	unsigned long eip;
 
+	unsigned long eip, eip_orig;
 
 	/* modrm */
 
 	u8 modrm;
 
 	u8 modrm_mod;

+ 4 - 1
arch/x86/kvm/emulate.c
View File 

@@ -622,6 +622,9 @@ static int do_insn_fetch(struct x86_emulate_ctxt *ctxt,
 
 {
 
 	int rc = 0;
 
 
+	/* x86 instructions are limited to 15 bytes. */
 
+	if (eip + size - ctxt->decode.eip_orig > 15)
 
+		return X86EMUL_UNHANDLEABLE;
 
 	eip += ctxt->cs_base;
 
 	while (size--) {
 
 		rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++);
 
@@ -880,7 +883,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
 
 	/* Shadow copy of register state. Committed on successful emulation. */
 
 
 	memset(c, 0, sizeof(struct decode_cache));
 
-	c->eip = kvm_rip_read(ctxt->vcpu);
 
+	c->eip = c->eip_orig = kvm_rip_read(ctxt->vcpu);
 
 	ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
 
 	memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);