Re: [PATCH 04/47] KVM: x86: Disallow hypercalls for guest callers in rings > 0

kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Avi Kivity <avi@redhat.com>
To: "Jan Lübbe" <jluebbe@debian.org>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH 04/47] KVM: x86: Disallow hypercalls for guest callers in rings > 0
Date: Sun, 04 Oct 2009 18:26:15 +0200	[thread overview]
Message-ID: <4AC8CCA7.40804@redhat.com> (raw)
In-Reply-To: <1254293895.5468.2775.camel@localhost>

On 09/30/2009 08:58 AM, Jan Lübbe wrote:
> Hi!
>
> On Wed, 2009-08-26 at 13:29 +0300, Avi Kivity wrote:
>    
>> From: Jan Kiszka<jan.kiszka@siemens.com>
>>
>> So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
>> hypercalls. Normally, such callers cannot provide any hand-crafted MMU
>> command structure as it has to be passed by its physical address, but
>> they can still crash the guest kernel by passing random addresses.
>>
>> To close the hole, this patch considers hypercalls valid only if issued
>> from guest ring 0. This may still be relaxed on a per-hypercall base in
>> the future once required.
>>      
> Does kvm-72 (used by Debian and Ubuntu in stable releases) have the
> problem? If yes, would the approach in this fix also work there?
>
>    

Probably yes to both.

-- 
error compiling committee.c: too many arguments to function

next prev parent reply	other threads:[~2009-10-04 16:26 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-26 10:29 [PATCH 00/47] KVM updates for 2.6.32 merge window (4/4) Avi Kivity
2009-08-26 10:29 ` [PATCH 01/47] KVM: remove superfluous NULL pointer check in kvm_inject_pit_timer_irqs() Avi Kivity
2009-08-26 10:29 ` [PATCH 02/47] KVM: MMU: make __kvm_mmu_free_some_pages handle empty list Avi Kivity
2009-08-26 10:29 ` [PATCH 03/47] KVM: MMU: fix bogus alloc_mmu_pages assignment Avi Kivity
2009-08-26 10:29 ` [PATCH 04/47] KVM: x86: Disallow hypercalls for guest callers in rings > 0 Avi Kivity
2009-09-30  6:58   ` Jan Lübbe
2009-10-04 16:26     ` Avi Kivity [this message]
2009-08-26 10:29 ` [PATCH 05/47] KVM: VMX: Optimize vmx_get_cpl() Avi Kivity
2009-08-26 14:15   ` Roel Kluin
2009-08-26 14:33     ` Avi Kivity
2009-08-26 10:29 ` [PATCH 06/47] KVM: ignore reads to perfctr msrs Avi Kivity
2009-08-26 10:29 ` [PATCH 07/47] KVM: fix EFER read buffer overflow Avi Kivity
2009-08-26 10:29 ` [PATCH 08/47] KVM: Call kvm_vcpu_kick() inside pic spinlock Avi Kivity
2009-08-26 10:29 ` [PATCH 09/47] KVM: Call ack notifiers from PIC when guest OS acks an IRQ Avi Kivity
2009-08-26 10:29 ` [PATCH 10/47] KVM: Replace pic_lock()/pic_unlock() with direct call to spinlock functions Avi Kivity
2009-08-26 10:29 ` [PATCH 11/47] x86: Export kmap_atomic_to_page() Avi Kivity
2009-08-26 10:29 ` [PATCH 12/47] KVM: SVM: add helper functions for global interrupt flag Avi Kivity
2009-08-26 10:29 ` [PATCH 13/47] KVM: SVM: optimize nested #vmexit Avi Kivity
2009-08-26 10:29 ` [PATCH 14/47] KVM: SVM: optimize nested vmrun Avi Kivity
2009-08-26 10:29 ` [PATCH 15/47] KVM: SVM: copy only necessary parts of the control area on vmrun/vmexit Avi Kivity
2009-08-26 10:29 ` [PATCH 16/47] KVM: SVM: complete interrupts after handling nested exits Avi Kivity
2009-08-26 10:29 ` [PATCH 17/47] KVM: SVM: move nested svm state into seperate struct Avi Kivity
2009-08-26 10:29 ` [PATCH 18/47] KVM: SVM: cache nested intercepts Avi Kivity
2009-08-26 10:29 ` [PATCH 19/47] KVM: SVM: consolidate nested_svm_exit_handled Avi Kivity
2009-08-26 10:29 ` [PATCH 20/47] KVM: SVM: do nested vmexit in nested_svm_exit_handled Avi Kivity
2009-08-26 10:29 ` [PATCH 21/47] KVM: SVM: simplify nested_svm_check_exception Avi Kivity
2009-08-26 10:29 ` [PATCH 22/47] KVM: SVM: get rid of nested_svm_vmexit_real Avi Kivity
2009-08-26 10:29 ` [PATCH 23/47] KVM: SVM: clean up nested_svm_exit_handled_msr Avi Kivity
2009-08-26 10:29 ` [PATCH 24/47] KVM: SVM: clean up nestec vmload/vmsave paths Avi Kivity
2009-08-26 10:29 ` [PATCH 25/47] KVM: SVM: clean up nested vmrun path Avi Kivity
2009-08-26 10:29 ` [PATCH 26/47] KVM: SVM: remove nested_svm_do and helper functions Avi Kivity
2009-08-26 10:29 ` [PATCH 27/47] KVM: SVM: handle errors in vmrun emulation path appropriatly Avi Kivity
2009-08-26 10:29 ` [PATCH 28/47] KVM: SVM: move special nested exit handling to separate function Avi Kivity
2009-08-26 10:29 ` [PATCH 29/47] KVM: SVM: remove unnecessary is_nested check from svm_cpu_run Avi Kivity
2009-08-26 10:29 ` [PATCH 30/47] KVM: SVM: move nested_svm_intr main logic out of if-clause Avi Kivity
2009-08-26 10:29 ` [PATCH 31/47] KVM: SVM: check for nested VINTR flag in svm_interrupt_allowed Avi Kivity
2009-08-26 10:29 ` [PATCH 32/47] KVM: SVM: enable nested svm by default Avi Kivity
2009-08-26 10:29 ` [PATCH 33/47] KVM: Update cr8 intercept when APIC TPR is changed by userspace Avi Kivity
2009-08-26 10:29 ` [PATCH 34/47] KVM: SVM: Drop tlb flush workaround in npt Avi Kivity
2009-08-26 10:29 ` [PATCH 35/47] KVM: Move #endif KVM_CAP_IRQ_ROUTING to correct place Avi Kivity
2009-08-26 10:29 ` [PATCH 36/47] KVM: VMX: Adjust rflags if in real mode emulation Avi Kivity
2009-08-26 10:29 ` [PATCH 37/47] KVM: When switching to a vm8086 task, load segments as 16-bit Avi Kivity
2009-08-26 10:30 ` [PATCH 38/47] KVM: Rename x86_emulate.c to emulate.c Avi Kivity
2009-08-26 10:30 ` [PATCH 39/47] Documentation: Update KVM list email address Avi Kivity
2009-08-26 10:30 ` [PATCH 40/47] KVM: export kvm_para.h Avi Kivity
2009-08-26 10:30 ` [PATCH 41/47] KVM: Add __KERNEL__ guards to exported headers Avi Kivity
2009-08-26 10:30 ` [PATCH 42/47] KVM: Add missing #include Avi Kivity
2009-08-26 10:30 ` [PATCH 43/47] KVM: x86 emulator: Add adc and sbb missing decoder flags Avi Kivity
2009-08-26 10:30 ` [PATCH 44/47] KVM: Use kvm_{read,write}_guest_virt() to read and write segment descriptors Avi Kivity
2009-08-26 10:30 ` [PATCH 45/47] KVM: VMX: Fix EPT with WP bit change during paging Avi Kivity
2009-08-26 10:30 ` [PATCH 46/47] KVM: Protect update_cr8_intercept() when running without an apic Avi Kivity
2009-08-26 10:30 ` [PATCH 47/47] KVM: Document KVM_CAP_IRQCHIP Avi Kivity

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AC8CCA7.40804@redhat.com \
    --to=avi@redhat.com \
    --cc=jluebbe@debian.org \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).