7088c3756a151abaadea5b1d4810c86e2651292e is the first bad commit
commit 7088c3756a151abaadea5b1d4810c86e2651292e
Author: Avi Kivity <email address hidden>
Date: Mon Mar 23 22:13:44 2009 +0200
KVM: VMX: Don't allow uninhibited access to EFER on i386
vmx_set_msr() does not allow i386 guests to touch EFER, but they can still
do so through the default: label in the switch. If they set EFER_LME, they
can oops the host.
Fix by having EFER access through the normal channel (which will check for
EFER_LME) even on i386.
Reported-and-tested-by: Benjamin Gilbert <email address hidden>
Cc: <email address hidden>
Signed-off-by: Avi Kivity <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
:040000 040000 067e338cc1db74e085e06c1bf598e10231cb7cba c57336b2f6e4e86d2e85096aaaad5f62a9c62f51 M arch
After git-bisect, the winner is:
7088c3756a151ab aadea5b1d4810c8 6e2651292e is the first bad commit aadea5b1d4810c8 6e2651292e
commit 7088c3756a151ab
Author: Avi Kivity <email address hidden>
Date: Mon Mar 23 22:13:44 2009 +0200
KVM: VMX: Don't allow uninhibited access to EFER on i386
CVE-2009-1242
commit 16175a796d06183 3aacfbd9672235f 2d2725df65 upstream
vmx_set_msr() does not allow i386 guests to touch EFER, but they can still
do so through the default: label in the switch. If they set EFER_LME, they
can oops the host.
Fix by having EFER access through the normal channel (which will check for
EFER_LME) even on i386.
Reported- and-tested- by: Benjamin Gilbert <email address hidden>
Cc: <email address hidden>
Signed-off-by: Avi Kivity <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
:040000 040000 067e338cc1db74e 085e06c1bf598e1 0231cb7cba c57336b2f6e4e86 d2e85096aaaad5f 62a9c62f51 M arch