KVM: x86: verify MTRR/PAT validity (d6289b93) · Commits · e / devices / android_kernel_oneplus_sm7250

arch/x86/kvm/x86.c

+38 −1

Original line number	Diff line number	Diff line
		@@ -704,11 +704,48 @@ static bool msr_mtrr_valid(unsigned msr)
		return false;
		}

		static bool valid_pat_type(unsigned t)
		{
		return t < 8 && (1 << t) & 0xf3; /* 0, 1, 4, 5, 6, 7 */
		}

		static bool valid_mtrr_type(unsigned t)
		{
		return t < 8 && (1 << t) & 0x73; /* 0, 1, 4, 5, 6 */
		}

		static bool mtrr_valid(struct kvm_vcpu *vcpu, u32 msr, u64 data)
		{
		int i;

		if (!msr_mtrr_valid(msr))
		return false;

		if (msr == MSR_IA32_CR_PAT) {
		for (i = 0; i < 8; i++)
		if (!valid_pat_type((data >> (i * 8)) & 0xff))
		return false;
		return true;
		} else if (msr == MSR_MTRRdefType) {
		if (data & ~0xcff)
		return false;
		return valid_mtrr_type(data & 0xff);
		} else if (msr >= MSR_MTRRfix64K_00000 && msr <= MSR_MTRRfix4K_F8000) {
		for (i = 0; i < 8 ; i++)
		if (!valid_mtrr_type((data >> (i * 8)) & 0xff))
		return false;
		return true;
		}

		/* variable MTRRs */
		return valid_mtrr_type(data & 0xff);
		}

		static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data)
		{
		u64 p = (u64 )&vcpu->arch.mtrr_state.fixed_ranges;

		if (!msr_mtrr_valid(msr))
		if (!mtrr_valid(vcpu, msr, data))
		return 1;

		if (msr == MSR_MTRRdefType) {