Commit 07708c4af1346ab1521b26a202f438366b7bcffd
Committed by
Avi Kivity
1 parent
b90c062c65
Exists in
master
and in
7 other branches
KVM: x86: Disallow hypercalls for guest callers in rings > 0
So far unprivileged guest callers running in ring 3 can issue, e.g., MMU hypercalls. Normally, such callers cannot provide any hand-crafted MMU command structure as it has to be passed by its physical address, but they can still crash the guest kernel by passing random addresses. To close the hole, this patch considers hypercalls valid only if issued from guest ring 0. This may still be relaxed on a per-hypercall base in the future once required. Cc: stable@kernel.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
Showing 2 changed files with 7 additions and 0 deletions Side-by-side Diff
arch/x86/kvm/x86.c
... | ... | @@ -3213,6 +3213,11 @@ |
3213 | 3213 | a3 &= 0xFFFFFFFF; |
3214 | 3214 | } |
3215 | 3215 | |
3216 | + if (kvm_x86_ops->get_cpl(vcpu) != 0) { | |
3217 | + ret = -KVM_EPERM; | |
3218 | + goto out; | |
3219 | + } | |
3220 | + | |
3216 | 3221 | switch (nr) { |
3217 | 3222 | case KVM_HC_VAPIC_POLL_IRQ: |
3218 | 3223 | ret = 0; |
... | ... | @@ -3224,6 +3229,7 @@ |
3224 | 3229 | ret = -KVM_ENOSYS; |
3225 | 3230 | break; |
3226 | 3231 | } |
3232 | +out: | |
3227 | 3233 | kvm_register_write(vcpu, VCPU_REGS_RAX, ret); |
3228 | 3234 | ++vcpu->stat.hypercalls; |
3229 | 3235 | return r; |