From: job <job@openbsd.org>
Date: Thu, 26 Jul 2018 10:05:02 +0000 (+0000)
Subject: Remove CPUID insn_length check
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9e131c2ee0bd5bad7bb53432aee0c8c77bb4cbf3;p=openbsd

Remove CPUID insn_length check

Don't allow unprivileged users to crash things from ring 3

Thanks to William McCall for the patch!

OK mlarkin@
---

diff --git a/sys/arch/amd64/amd64/vmm.c b/sys/arch/amd64/amd64/vmm.c
index bbf88025f5b..a007e7272e5 100644
--- a/sys/arch/amd64/amd64/vmm.c
+++ b/sys/arch/amd64/amd64/vmm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmm.c,v 1.216 2018/07/12 10:16:41 mlarkin Exp $	*/
+/*	$OpenBSD: vmm.c,v 1.217 2018/07/26 10:05:02 job Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -5896,12 +5896,6 @@ vmm_handle_cpuid(struct vcpu *vcpu)
 			return (EINVAL);
 		}
 
-		if (insn_length != 2) {
-			DPRINTF("%s: CPUID with instruction length %lld not "
-			    "supported\n", __func__, insn_length);
-			return (EINVAL);
-		}
-
 		rax = &vcpu->vc_gueststate.vg_rax;
 		msr_store =
 		    (struct vmx_msr_store *)vcpu->vc_vmx_msr_exit_save_va;