Patchwork [13/45] KVM: VMX: Dont allow uninhibited access to EFER on i386

mail settings
Submitter Chris Wright
Date March 31, 2009, 11:10 p.m.
Message ID <>
Download mbox | patch
Permalink /patch/15549/
State New, archived
Headers show


Chris Wright - March 31, 2009, 11:10 p.m.
-stable review patch.  If anyone has any objections, please let us know.

From: Avi Kivity <>

upstream commit: 16175a796d061833aacfbd9672235f2d2725df65

vmx_set_msr() does not allow i386 guests to touch EFER, but they can still
do so through the default: label in the switch.  If they set EFER_LME, they
can oops the host.

Fix by having EFER access through the normal channel (which will check for
EFER_LME) even on i386.

Reported-and-tested-by: Benjamin Gilbert <>
Signed-off-by: Avi Kivity <>
Signed-off-by: Chris Wright <>
 arch/x86/kvm/vmx.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at


--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -928,11 +928,11 @@  static int vmx_set_msr(struct kvm_vcpu *
 	int ret = 0;
 	switch (msr_index) {
-#ifdef CONFIG_X86_64
 	case MSR_EFER:
 		ret = kvm_set_msr_common(vcpu, msr_index, data);
+#ifdef CONFIG_X86_64
 	case MSR_FS_BASE:
 		vmcs_writel(GUEST_FS_BASE, data);