iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch
History
Paolo Bonzini 13d1c5b17d kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access 
commit 3c9fa24ca7c9c47605672916491f79e8ccacb9e6 upstream.

The functions that were used in the emulation of fxrstor, fxsave, sgdt and
sidt were originally meant for task switching, and as such they did not
check privilege levels.  This is very bad when the same functions are used
in the emulation of unprivileged instructions.  This is CVE-2018-10853.

The obvious fix is to add a new argument to ops->read_std and ops->write_std,
which decides whether the access is a "system" access or should use the
processor's CPL.

Fixes: 129a72a0d3c8 ("KVM: x86: Introduce segmented_write_std", 2017-01-12)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-16 09:52:34 +02:00
..
alpha
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
2018-05-30 07:50:30 +02:00
arc
ARC: Fix malformed ARC_EMUL_UNALIGNED default
2018-05-30 07:50:26 +02:00
arm
ARM: dts: porter: Fix HDMI output routing
2018-05-30 07:50:51 +02:00
arm64
arm64/cpufeature: don't use mutex in bringup path
2018-06-06 16:44:35 +02:00
avr32
Merge branch 'akpm' (patches from Andrew)
2016-10-07 21:38:00 -07:00
blackfin
pinctrl: adi2: Fix Kconfig build problem
2017-12-20 10:07:32 +01:00
c6x
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
2017-03-31 10:31:46 +02:00
cris
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
2017-01-12 11:39:24 +01:00
frv
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
h8300
h8300/ptrace: Fix incorrect register transfer count
2017-03-31 10:31:46 +02:00
hexagon
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
ia64
ia64/err-inject: Use get_user_pages_fast()
2018-05-30 07:50:34 +02:00
m32r
mm: replace access_process_vm() write parameter with gup_flags
2016-10-19 08:31:25 -07:00
m68k
m68k: set dma and coherent masks for platform FEC ethernets
2018-05-30 07:50:43 +02:00
metag
metag/uaccess: Check access_ok in strncpy_from_user
2017-05-25 15:44:46 +02:00
microblaze
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
mips
MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
2018-06-06 16:44:38 +02:00
mn10300
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
2018-02-17 13:21:20 +01:00
nios2
nios2: reserve boot memory for device tree
2017-04-12 12:41:14 +02:00
openrisc
signal/openrisc: Fix do_unaligned_access to send the proper signal
2018-02-17 13:21:19 +01:00
parisc
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
powerpc
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
2018-06-06 16:44:37 +02:00
s390
KVM: s390: vsie: fix < 8k check for the itdba
2018-05-30 07:50:18 +02:00
score
Merge branch 'gup_flag-cleanups'
2016-10-19 08:39:47 -07:00
sh
sh: fix debug trap failure to process signals before return to user
2018-05-30 07:50:39 +02:00
sparc
sparc64: Don't clibber fixed registers in __multi4.
2018-06-06 16:44:39 +02:00
tile
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
um
um: Use POSIX ucontext_t instead of struct ucontext
2018-04-24 09:34:13 +02:00
unicore32
unicore32: use simpler API for random address requests
2016-10-11 15:06:32 -07:00
x86
kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
2018-06-16 09:52:34 +02:00
xtensa
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
.gitignore
Kconfig
This adds a new gcc plugin named "latent_entropy". It is designed to
2016-10-15 10:03:15 -07:00