A developer building a Type-2 hypervisor as a kernel module discovered a sign-extension bug in a C helper function borrowed from Linux KVM selftests. The bug in `get_desc64_base` caused incorrect TSS base addresses to be written into VMCS HOST_TR_BASE when `base2` had its most significant bit set, leading to catastrophic CPU

14m read timeFrom pooladkhay.com
Post cover image
Table of contents
Introx86 Task State Segment (TSS)Why do hypervisors care?SymptomsThe questThe smoking gunThe Kernel patchOutro
1 Comment

Sort: