OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/arch/x86/kvm
History
Andy Honig 0b79459b48 KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) 
There is a potential use after free issue with the handling of
MSR_KVM_SYSTEM_TIME.  If the guest specifies a GPA in a movable or removable
memory such as frame buffers then KVM might continue to write to that
address even after it's removed via KVM_SET_USER_MEMORY_REGION.  KVM pins
the page in memory so it's unlikely to cause an issue, but if the user
space component re-purposes the memory previously used for the guest, then
the guest will be able to corrupt that memory.

Tested: Tested against kvmclock unit test

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
 		2013-03-19 14:17:35 -03:00
..
Kconfig
Makefile
cpuid.c
cpuid.h
emulate.c x86 emulator: fix parity calculation for AAD instruction 2013-02-13 18:01:00 +02:00
i8254.c kvm: fix i8254 counter 0 wraparound 2012-12-18 11:12:38 +02:00
i8254.h
i8259.c KVM: inject ExtINT interrupt before APIC interrupts 2012-12-13 23:05:21 -02:00
irq.c x86, apicv: add virtual interrupt delivery support 2013-01-29 10:48:19 +02:00
irq.h
kvm_cache_regs.h
lapic.c x86, apicv: add virtual interrupt delivery support 2013-01-29 10:48:19 +02:00
lapic.h x86, apicv: add virtual interrupt delivery support 2013-01-29 10:48:19 +02:00
mmu.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
mmu.h
mmu_audit.c
mmutrace.h KVM: mmu: remove unused trace event 2013-01-07 19:54:50 -02:00
paging_tmpl.h KVM: MMU: remove pt_access in mmu_set_spte 2013-02-06 22:42:08 -02:00
pmu.c
svm.c x86, apicv: add virtual interrupt delivery support 2013-01-29 10:48:19 +02:00
trace.h
tss.h
vmx.c KVM: nVMX: Remove redundant get_vmcs12 from nested_vmx_exit_handled_msr 2013-02-14 10:35:16 +02:00
x86.c KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) 2013-03-19 14:17:35 -03:00
x86.h