KVM: fix EFER read buffer overflow

Check whether index is within bounds before grabbing the element. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Avi Kivity <avi@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Avi Kivity <avi@redhat.com>
author: Roel Kluin 2009-08-04 11:08:45 +0200
committer: Avi Kivity 2009-09-10 07:33:21 +0200
commit: 3a34a8810b2ed316bfe58fa53640e8d30de3f6c2 (patch)
tree: 8ddc7747bc7070d98b2746f4fad865f83e4d1996 /arch/x86/kvm/vmx.c
parent: KVM: ignore reads to perfctr msrs (diff)
download: kernel-qcow2-linux-3a34a8810b2ed316bfe58fa53640e8d30de3f6c2.tar.gz
kernel-qcow2-linux-3a34a8810b2ed316bfe58fa53640e8d30de3f6c2.tar.xz
kernel-qcow2-linux-3a34a8810b2ed316bfe58fa53640e8d30de3f6c2.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 0ba706e87c50..31c3a8740c42 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -571,12 +571,15 @@ static void reload_tss(void)
 static void load_transition_efer(struct vcpu_vmx *vmx)
 {
 	int efer_offset = vmx->msr_offset_efer;
-	u64 host_efer = vmx->host_msrs[efer_offset].data;
-	u64 guest_efer = vmx->guest_msrs[efer_offset].data;
+	u64 host_efer;
+	u64 guest_efer;
 	u64 ignore_bits;
 
 	if (efer_offset < 0)
 		return;
+	host_efer = vmx->host_msrs[efer_offset].data;
+	guest_efer = vmx->guest_msrs[efer_offset].data;
+
 	/*
 	 * NX is emulated; LMA and LME handled by hardware; SCE meaninless
 	 * outside long mode
author	Roel Kluin	2009-08-04 11:08:45 +0200
committer	Avi Kivity	2009-09-10 07:33:21 +0200
commit	3a34a8810b2ed316bfe58fa53640e8d30de3f6c2 (patch)
tree	8ddc7747bc7070d98b2746f4fad865f83e4d1996 /arch/x86/kvm/vmx.c
parent	KVM: ignore reads to perfctr msrs (diff)
download	kernel-qcow2-linux-3a34a8810b2ed316bfe58fa53640e8d30de3f6c2.tar.gz kernel-qcow2-linux-3a34a8810b2ed316bfe58fa53640e8d30de3f6c2.tar.xz kernel-qcow2-linux-3a34a8810b2ed316bfe58fa53640e8d30de3f6c2.zip