diff options
Diffstat (limited to 'src/VBox/VMM/VMMR0')
-rw-r--r-- | src/VBox/VMM/VMMR0/HMVMXR0.cpp | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/VBox/VMM/VMMR0/HMVMXR0.cpp b/src/VBox/VMM/VMMR0/HMVMXR0.cpp index 26b6252e..0bb3b490 100644 --- a/src/VBox/VMM/VMMR0/HMVMXR0.cpp +++ b/src/VBox/VMM/VMMR0/HMVMXR0.cpp @@ -382,13 +382,20 @@ static void hmR0VmxLazyLoadGuestMsrs(PVMCPUCC pVCpu) } else { - ASMWrMsr(MSR_K8_KERNEL_GS_BASE, pCtx->msrKERNELGSBASE); - ASMWrMsr(MSR_K8_LSTAR, pCtx->msrLSTAR); - ASMWrMsr(MSR_K6_STAR, pCtx->msrSTAR); - /* The system call flag mask register isn't as benign and accepting of all - values as the above, so mask it to avoid #GP'ing on corrupted input. */ - Assert(!(pCtx->msrSFMASK & ~(uint64_t)UINT32_MAX)); - ASMWrMsr(MSR_K8_SF_MASK, pCtx->msrSFMASK & UINT32_MAX); + /* Avoid raising #GP caused by writing illegal values to these MSRs. */ + if ( X86_IS_CANONICAL(pCtx->msrKERNELGSBASE) + && X86_IS_CANONICAL(pCtx->msrLSTAR)) + { + ASMWrMsr(MSR_K8_KERNEL_GS_BASE, pCtx->msrKERNELGSBASE); + ASMWrMsr(MSR_K8_LSTAR, pCtx->msrLSTAR); + ASMWrMsr(MSR_K6_STAR, pCtx->msrSTAR); + /* The system call flag mask register isn't as benign and accepting of all + values as the above, so mask it to avoid #GP'ing on corrupted input. */ + Assert(!(pCtx->msrSFMASK & ~(uint64_t)UINT32_MAX)); + ASMWrMsr(MSR_K8_SF_MASK, pCtx->msrSFMASK & UINT32_MAX); + } + else + AssertMsgFailed(("Incompatible lazily-loaded guest MSR values\n")); } } pVCpu->hmr0.s.vmx.fLazyMsrs |= VMX_LAZY_MSRS_LOADED_GUEST; |