linux/arch/x86/kvm
Jan Kiszka 07708c4af1 KVM: x86: Disallow hypercalls for guest callers in rings > 0
So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
hypercalls. Normally, such callers cannot provide any hand-crafted MMU
command structure as it has to be passed by its physical address, but
they can still crash the guest kernel by passing random addresses.

To close the hole, this patch considers hypercalls valid only if issued
from guest ring 0. This may still be relaxed on a per-hypercall base in
the future once required.

Cc: stable@kernel.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2009-09-10 08:33:20 +03:00
..
i8254.c KVM: remove superfluous NULL pointer check in kvm_inject_pit_timer_irqs() 2009-09-10 08:33:19 +03:00
i8254.h KVM: PIT support for HPET legacy mode 2009-09-10 08:33:12 +03:00
i8259.c KVM: make io_bus interface more robust 2009-09-10 08:33:12 +03:00
irq.c KVM: Remove irq_pending bitmap 2009-06-10 11:48:57 +03:00
irq.h KVM: make irq ack notifications aware of routing table 2009-03-24 11:03:08 +02:00
Kconfig KVM: remove old KVMTRACE support code 2009-09-10 08:33:03 +03:00
kvm_cache_regs.h KVM: Cache pdptrs 2009-09-10 08:32:46 +03:00
kvm_timer.h KVM: Use pointer to vcpu instead of vcpu_id in timer code. 2009-09-10 08:32:52 +03:00
lapic.c KVM: limit lapic periodic timer frequency 2009-09-10 08:33:17 +03:00
lapic.h KVM: x2apic interface to lapic 2009-09-10 08:33:08 +03:00
Makefile KVM: remove old KVMTRACE support code 2009-09-10 08:33:03 +03:00
mmu.c KVM: MMU: fix bogus alloc_mmu_pages assignment 2009-09-10 08:33:20 +03:00
mmu.h KVM: MMU: add kvm_mmu_get_spte_hierarchy helper 2009-09-10 08:32:56 +03:00
mmutrace.h KVM: Trace shadow page lifecycle 2009-09-10 08:33:10 +03:00
paging_tmpl.h KVM: MMU: shadow support for 1gb pages 2009-09-10 08:33:19 +03:00
svm.c KVM: report 1GB page support to userspace 2009-09-10 08:33:19 +03:00
timer.c KVM: Drop useless atomic test from timer function 2009-09-10 08:32:57 +03:00
trace.h KVM: Add trace points in irqchip code 2009-09-10 08:33:11 +03:00
tss.h KVM: x86: hardware task switching support 2008-04-27 12:00:39 +03:00
vmx.c KVM: report 1GB page support to userspace 2009-09-10 08:33:19 +03:00
x86_emulate.c KVM: x86 emulator: Add sysexit emulation 2009-09-10 08:33:01 +03:00
x86.c KVM: x86: Disallow hypercalls for guest callers in rings > 0 2009-09-10 08:33:20 +03:00
x86.h KVM: Add Directed EOI support to APIC emulation 2009-09-10 08:33:07 +03:00