linux/arch/x86
Andy Honig 0b79459b48 KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797)
There is a potential use after free issue with the handling of
MSR_KVM_SYSTEM_TIME.  If the guest specifies a GPA in a movable or removable
memory such as frame buffers then KVM might continue to write to that
address even after it's removed via KVM_SET_USER_MEMORY_REGION.  KVM pins
the page in memory so it's unlikely to cause an issue, but if the user
space component re-purposes the memory previously used for the guest, then
the guest will be able to corrupt that memory.

Tested: Tested against kvmclock unit test

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19 14:17:35 -03:00
..
boot Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-27 16:17:42 -08:00
configs x86: Default to ARCH=x86 to avoid overriding CONFIG_64BIT 2012-12-20 14:37:18 -08:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
ia32 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-03-02 08:34:06 -08:00
include KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) 2013-03-19 14:17:35 -03:00
kernel Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-03-03 13:23:03 -08:00
kvm KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) 2013-03-19 14:17:35 -03:00
lguest Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-21 18:06:55 -08:00
lib x86: Be consistent with data size in getuser.S 2013-02-11 23:14:48 -08:00
math-emu
mm x86, ACPI, mm: Revert movablemem_map support 2013-03-02 09:34:39 -08:00
net x86: bpf_jit_comp: add pkt_type support 2013-01-30 22:38:34 -05:00
oprofile oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() 2012-10-15 14:38:24 +02:00
pci Bug-fixes: 2013-03-03 14:22:53 -08:00
platform Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-27 16:17:42 -08:00
power Merge remote-tracking branch 'origin/x86/mm' into x86/mm2 2013-02-01 02:28:36 -08:00
realmode Merge remote-tracking branch 'origin/x86/mm' into x86/mm2 2013-02-01 02:28:36 -08:00
syscalls fix compat truncate/ftruncate 2013-02-25 09:24:55 -05:00
tools Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-05 07:57:09 +11:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-02-23 18:50:11 -08:00
vdso timers/x86/hpet: Use HPET_COUNTER to specify the hpet counter in vread_hpet() 2013-02-15 12:13:18 +01:00
video
xen xen/pat: Disable PAT using pat_enabled value. 2013-02-28 09:03:00 -05:00
.gitignore
Kbuild
Kconfig arch Kconfig: centralise CONFIG_ARCH_NO_VIRT_TO_BUS 2013-02-27 19:10:23 -08:00
Kconfig.cpu x86, 386 removal: Document Nx586 as a 386 and thus unsupported 2012-11-29 13:28:39 -08:00
Kconfig.debug x86/tlb: add tlb_flushall_shift knob into debugfs 2012-06-27 19:29:10 -07:00
Makefile Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:12:03 -08:00
Makefile_32.cpu x86, 386 removal: Remove CONFIG_M386 from Kconfig 2012-11-29 13:23:01 -08:00
Makefile.um