Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-07 12:41:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
17d68b763f
linux/arch/x86
History
Gleb Natapov 17d68b763f KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) 
A guest can cause a BUG_ON() leading to a host kernel crash.
When the guest writes to the ICR to request an IPI, while in x2apic
mode the following things happen, the destination is read from
ICR2, which is a register that the guest can control.

kvm_irq_delivery_to_apic_fast uses the high 16 bits of ICR2 as the
cluster id.  A BUG_ON is triggered, which is a protection against
accessing map->logical_map with an out-of-bounds access and manages
to avoid that anything really unsafe occurs.

The logic in the code is correct from real HW point of view. The problem
is that KVM supports only one cluster with ID 0 in clustered mode, but
the code that has the bug does not take this into account.

Reported-by: Lars Bull <larsbull@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-12 22:46:18 +01:00
..
boot Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-12 10:48:30 +09:00
configs x86, defconfig: Add DEVTMPFS and DEVTMPFS_MOUNT to *86*_defconfig 2013-11-04 20:01:55 -08:00
crypto Reinstate "crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework" 2013-09-07 12:56:26 +10:00
ia32 constify copy_siginfo_to_user{,32}() 2013-11-09 00:16:29 -05:00
include More ACPI and power management updates for 3.13-rc1 2013-11-20 13:25:04 -08:00
kernel Merge tag 'drm-intel-fixes-2013-11-20' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes 2013-11-21 18:45:51 +10:00
kvm KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) 2013-12-12 22:46:18 +01:00
lguest lguest: fix GPF in guest when using gdb. 2013-09-06 08:09:28 +09:30
lib ACPI and power management updates for 3.13-rc1 2013-11-14 13:41:48 +09:00
math-emu
mm x86, mm: do not leak page->ptl for pmd page tables 2013-11-21 16:42:28 -08:00
net net: x86: bpf: don't forget to free sk_filter (v2) 2013-11-07 19:06:52 -05:00
oprofile perf: Fix arch_perf_out_copy_user default 2013-11-06 12:34:25 +01:00
pci ACPI / driver core: Store an ACPI device pointer in struct acpi_dev_node 2013-11-14 23:14:43 +01:00
platform Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-14 16:55:56 +09:00
power x86, asmlinkage, power: Make various symbols used by the suspend asm code visible 2013-08-06 14:21:03 -07:00
realmode
syscalls unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE 2013-05-09 13:46:38 -04:00
tools Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-09-04 08:39:38 -07:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2013-11-19 11:42:32 -08:00
vdso seqcount: Add lockdep functionality to seqcount/seqlock structures 2013-11-06 12:40:26 +01:00
video
xen Features: 2013-11-15 13:34:37 +09:00
.gitignore
Kbuild
Kconfig Kconfig cleanups for v3.13 2013-11-15 14:05:15 -08:00
Kconfig.cpu
Kconfig.debug x86/efi: Add EFI framebuffer earlyprintk support 2013-10-28 18:09:58 +00:00
Makefile x86, relocs: Move ELF relocation handling to C 2013-08-07 21:00:04 -07:00
Makefile_32.cpu
Makefile.um