From 04aecf1372d30eb709d8de65152535ab66dcb74a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 00:55:45 +0200 Subject: Adding upstream version 7.0.16-dfsg. Signed-off-by: Daniel Baumann --- src/VBox/VMM/VMMR0/HMVMXR0.cpp | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'src/VBox/VMM/VMMR0') diff --git a/src/VBox/VMM/VMMR0/HMVMXR0.cpp b/src/VBox/VMM/VMMR0/HMVMXR0.cpp index 26b6252e..0bb3b490 100644 --- a/src/VBox/VMM/VMMR0/HMVMXR0.cpp +++ b/src/VBox/VMM/VMMR0/HMVMXR0.cpp @@ -382,13 +382,20 @@ static void hmR0VmxLazyLoadGuestMsrs(PVMCPUCC pVCpu) } else { - ASMWrMsr(MSR_K8_KERNEL_GS_BASE, pCtx->msrKERNELGSBASE); - ASMWrMsr(MSR_K8_LSTAR, pCtx->msrLSTAR); - ASMWrMsr(MSR_K6_STAR, pCtx->msrSTAR); - /* The system call flag mask register isn't as benign and accepting of all - values as the above, so mask it to avoid #GP'ing on corrupted input. */ - Assert(!(pCtx->msrSFMASK & ~(uint64_t)UINT32_MAX)); - ASMWrMsr(MSR_K8_SF_MASK, pCtx->msrSFMASK & UINT32_MAX); + /* Avoid raising #GP caused by writing illegal values to these MSRs. */ + if ( X86_IS_CANONICAL(pCtx->msrKERNELGSBASE) + && X86_IS_CANONICAL(pCtx->msrLSTAR)) + { + ASMWrMsr(MSR_K8_KERNEL_GS_BASE, pCtx->msrKERNELGSBASE); + ASMWrMsr(MSR_K8_LSTAR, pCtx->msrLSTAR); + ASMWrMsr(MSR_K6_STAR, pCtx->msrSTAR); + /* The system call flag mask register isn't as benign and accepting of all + values as the above, so mask it to avoid #GP'ing on corrupted input. */ + Assert(!(pCtx->msrSFMASK & ~(uint64_t)UINT32_MAX)); + ASMWrMsr(MSR_K8_SF_MASK, pCtx->msrSFMASK & UINT32_MAX); + } + else + AssertMsgFailed(("Incompatible lazily-loaded guest MSR values\n")); } } pVCpu->hmr0.s.vmx.fLazyMsrs |= VMX_LAZY_MSRS_LOADED_GUEST; -- cgit v1.2.3