linux/arch
Andy Honig b963a22e6d KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
Under guest controllable circumstances apic_get_tmcct will execute a
divide by zero and cause a crash.  If the guest cpuid support
tsc deadline timers and performs the following sequence of requests
the host will crash.
- Set the mode to periodic
- Set the TMICT to 0
- Set the mode bits to 11 (neither periodic, nor one shot, nor tsc deadline)
- Set the TMICT to non-zero.
Then the lapic_timer.period will be 0, but the TMICT will not be.  If the
guest then reads from the TMCCT then the host will perform a divide by 0.

This patch ensures that if the lapic_timer.period is 0, then the division
does not occur.

Reported-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-12 22:39:45 +01:00
..
alpha Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha 2013-11-20 15:03:45 -08:00
arc Final set of ARC changes for 3.13-rc1 2013-11-19 11:44:15 -08:00
arm Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm 2013-11-22 09:56:51 -08:00
arm64 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
avr32 avr32: uapi: be sure of "_UAPI" prefix for all guard macros 2013-11-20 09:53:22 +01:00
blackfin Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
c6x Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
cris Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
frv Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
hexagon Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
ia64 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-11-20 14:25:39 -08:00
m32r Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
m68k Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
metag Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
microblaze Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
mips Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
mn10300 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
openrisc OpenRISC updates for 3.13 2013-11-15 14:26:38 -08:00
parisc parisc: size_t is unsigned, so comparison size < 0 doesn't make sense. 2013-11-20 00:09:42 +01:00
powerpc Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-11-22 08:07:11 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2013-11-19 11:43:21 -08:00
score Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
sh Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
sparc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2013-11-19 15:50:03 -08:00
tile Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2013-11-19 11:42:32 -08:00
unicore32 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
x86 KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) 2013-12-12 22:39:45 +01:00
xtensa Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-19 10:40:00 -08:00
.gitignore
Kconfig kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS 2013-11-15 09:32:22 +09:00