Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 07708c4af1346ab1521b26a202f438366b7bcffd

Authored by Jan Kiszka
Committed by Avi Kivity
1 parent b90c062c65
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

KVM: x86: Disallow hypercalls for guest callers in rings > 0 

So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
hypercalls. Normally, such callers cannot provide any hand-crafted MMU
command structure as it has to be passed by its physical address, but
they can still crash the guest kernel by passing random addresses.

To close the hole, this patch considers hypercalls valid only if issued
from guest ring 0. This may still be relaxed on a per-hypercall base in
the future once required.

Cc: stable@kernel.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

Showing 2 changed files with 7 additions and 0 deletions Side-by-side Diff

... ... @@ -3213,6 +3213,11 @@
3213 3213 a3 &= 0xFFFFFFFF;
3214 3214 }
3215 3215  
  3216 + if (kvm_x86_ops->get_cpl(vcpu) != 0) {
  3217 + ret = -KVM_EPERM;
  3218 + goto out;
  3219 + }
  3220 +
3216 3221 switch (nr) {
3217 3222 case KVM_HC_VAPIC_POLL_IRQ:
3218 3223 ret = 0;
... ... @@ -3224,6 +3229,7 @@
3224 3229 ret = -KVM_ENOSYS;
3225 3230 break;
3226 3231 }
  3232 +out:
3227 3233 kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
3228 3234 ++vcpu->stat.hypercalls;
3229 3235 return r;
include/linux/kvm_para.h
Diff comments   View file @ 07708c4
... ... @@ -13,6 +13,7 @@
13 13 #define KVM_ENOSYS 1000
14 14 #define KVM_EFAULT EFAULT
15 15 #define KVM_E2BIG E2BIG
  16 +#define KVM_EPERM EPERM
16 17  
17 18 #define KVM_HC_VAPIC_POLL_IRQ 1
18 19 #define KVM_HC_MMU_OP 2