Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 13d1c5b17d127afbd947210c5cdd80eaded5d9f4
commit13d1c5b17d127afbd947210c5cdd80eaded5d9f4[log] [tgz]
authorPaolo Bonzini <pbonzini@redhat.com>Wed Jun 06 17:38:09 2018 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Jun 16 09:52:34 2018 +0200
treecab19cf9db82aefa8b09a1ac89f18c420dcd2b77
parent018e5191c6e0b046bf0d2942f402627162c6b29a [diff]
kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access

commit 3c9fa24ca7c9c47605672916491f79e8ccacb9e6 upstream.

The functions that were used in the emulation of fxrstor, fxsave, sgdt and
sidt were originally meant for task switching, and as such they did not
check privilege levels.  This is very bad when the same functions are used
in the emulation of unprivileged instructions.  This is CVE-2018-10853.

The obvious fix is to add a new argument to ops->read_std and ops->write_std,
which decides whether the access is a "system" access or should use the
processor's CPL.

Fixes: 129a72a0d3c8 ("KVM: x86: Introduce segmented_write_std", 2017-01-12)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3 files changed
tree: cab19cf9db82aefa8b09a1ac89f18c420dcd2b77
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS