iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fda4e2e855
linux/arch/x86
History
Andy Honig fda4e2e855 KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) 
In kvm_lapic_sync_from_vapic and kvm_lapic_sync_to_vapic there is the
potential to corrupt kernel memory if userspace provides an address that
is at the end of a page.  This patches concerts those functions to use
kvm_write_guest_cached and kvm_read_guest_cached.  It also checks the
vapic_address specified by userspace during ioctl processing and returns
an error to userspace if the address is not a valid GPA.

This is generally not guest triggerable, because the required write is
done by firmware that runs before the guest.  Also, it only affects AMD
processors and oldish Intel that do not have the FlexPriority feature
(unless you disable FlexPriority, of course; then newer processors are
also affected).

Fixes: b93463aa59 ('KVM: Accelerated apic support')

Reported-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-12 22:39:46 +01:00
..
boot Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 10:48:30 +09:00
configs x86, defconfig: Add DEVTMPFS and DEVTMPFS_MOUNT to *86*_defconfig 2013-11-04 20:01:55 -08:00
crypto Reinstate "crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework" 2013-09-07 12:56:26 +10:00
ia32 constify copy_siginfo_to_user{,32}() 2013-11-09 00:16:29 -05:00
include More ACPI and power management updates for 3.13-rc1 2013-11-20 13:25:04 -08:00
kernel Merge tag 'drm-intel-fixes-2013-11-20' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes 2013-11-21 18:45:51 +10:00
kvm KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) 2013-12-12 22:39:46 +01:00
lguest lguest: fix GPF in guest when using gdb. 2013-09-06 08:09:28 +09:30
lib ACPI and power management updates for 3.13-rc1 2013-11-14 13:41:48 +09:00
math-emu
mm x86, mm: do not leak page->ptl for pmd page tables 2013-11-21 16:42:28 -08:00
net net: x86: bpf: don't forget to free sk_filter (v2) 2013-11-07 19:06:52 -05:00
oprofile perf: Fix arch_perf_out_copy_user default 2013-11-06 12:34:25 +01:00
pci ACPI / driver core: Store an ACPI device pointer in struct acpi_dev_node 2013-11-14 23:14:43 +01:00
platform Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-14 16:55:56 +09:00
power
realmode
syscalls
tools Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-09-04 08:39:38 -07:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2013-11-19 11:42:32 -08:00
vdso seqcount: Add lockdep functionality to seqcount/seqlock structures 2013-11-06 12:40:26 +01:00
video
xen Features: 2013-11-15 13:34:37 +09:00
.gitignore
Kbuild
Kconfig Kconfig cleanups for v3.13 2013-11-15 14:05:15 -08:00
Kconfig.cpu
Kconfig.debug x86/efi: Add EFI framebuffer earlyprintk support 2013-10-28 18:09:58 +00:00
Makefile
Makefile_32.cpu
Makefile.um