aha/arch/x86
Marcelo Tosatti 59839dfff5 KVM: x86: check for cr3 validity in ioctl_set_sregs
Matt T. Yourst notes that kvm_arch_vcpu_ioctl_set_sregs lacks validity
checking for the new cr3 value:

"Userspace callers of KVM_SET_SREGS can pass a bogus value of cr3 to
the kernel. This will trigger a NULL pointer access in gfn_to_rmap()
when userspace next tries to call KVM_RUN on the affected VCPU and kvm
attempts to activate the new non-existent page table root.

This happens since kvm only validates that cr3 points to a valid guest
physical memory page when code *inside* the guest sets cr3. However, kvm
currently trusts the userspace caller (e.g. QEMU) on the host machine to
always supply a valid page table root, rather than properly validating
it along with the rest of the reloaded guest state."

http://sourceforge.net/tracker/?func=detail&atid=893831&aid=2687641&group_id=180599

Check for a valid cr3 address in kvm_arch_vcpu_ioctl_set_sregs, triple
fault in case of failure.

Cc: stable@kernel.org
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2009-06-10 11:48:43 +03:00
..
boot x86, relocs: ignore R_386_NONE in kernel relocation entries 2009-05-25 22:52:49 -07:00
configs
crypto
ia32 Separate out common fstatat code into vfs_fstatat 2009-04-20 23:02:51 -04:00
include/asm KVM: x86 emulator: Add new mode of instruction emulation: skip 2009-06-10 11:48:42 +03:00
kernel KVM: x86: paravirt skip pit-through-ioapic boot check 2009-06-10 11:48:24 +03:00
kvm KVM: x86: check for cr3 validity in ioctl_set_sregs 2009-06-10 11:48:43 +03:00
lguest lguest: fix 'unhandled trap 13' with CONFIG_CC_STACKPROTECTOR 2009-06-04 11:50:06 -07:00
lib
math-emu Merge branch 'core/percpu' into percpu-cpumask-x86-for-linus-2 2009-03-27 17:28:43 +01:00
mm x86: ignore VM_LOCKED when determining if hugetlb-backed page tables can be shared or not 2009-05-29 08:40:03 -07:00
oprofile x86, 32-bit: fix kernel_trap_sp() 2009-05-12 00:39:52 +02:00
pci x86/pci: fix mmconfig detection with 32bit near 4g 2009-06-04 11:31:13 +01:00
power x86: disable stack-protector for __restore_processor_state() 2009-04-03 19:48:41 +02:00
vdso x86: gettimeofday() vDSO: fix segfault when tv == NULL 2009-04-30 12:31:45 +02:00
video
xen x86: Fix performance regression caused by paravirt_ops on native kernels 2009-05-15 20:07:42 +02:00
Kconfig x86: Fix performance regression caused by paravirt_ops on native kernels 2009-05-15 20:07:42 +02:00
Kconfig.cpu x86: disable X86_PTRACE_BTS for now 2009-04-15 23:15:14 +02:00
Kconfig.debug generic debug pagealloc: build fix 2009-04-02 19:04:48 -07:00
Makefile x86, kbuild: make "make install" not depend on vmlinux 2009-04-17 22:43:12 +02:00
Makefile_32.cpu