KVM: x86: Disallow hypercalls for guest callers in rings > 0 [CVE-2009-3290]

[ backport to 2.6.27 by Chuck Ebbert <cebbert@redhat.com> ] commit 07708c4af1346ab1521b26a202f438366b7bcffd upstream. So far unprivileged guest callers running in ring 3 can issue, e.g., MMU hypercalls. Normally, such callers cannot provide any hand-crafted MMU command structure as it has to be passed by its physical address, but they can still crash the guest kernel by passing random addresses. To close the hole, this patch considers hypercalls valid only if issued from guest ring 0. This may still be relaxed on a per-hypercall base in the future once required. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Jan Kiszka <jan.kiszka@siemens.com> 2009-10-07 17:40:32 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-10-12 11:33:20 -0700
commit: c905930150d0952c4ce008553b377492bcbd29d7 (patch)
tree: 91fde9a15252018b163295da2e1eb3886b1043a4 /include
parent: 2578cf95969936c372db29ee2bbc21c9b6a299aa (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h
index 3ddce03766ca..d73109243fda 100644
--- a/include/linux/kvm_para.h
+++ b/include/linux/kvm_para.h
@@ -13,6 +13,7 @@
 #define KVM_ENOSYS		1000
 #define KVM_EFAULT		EFAULT
 #define KVM_E2BIG		E2BIG
+#define KVM_EPERM		EPERM
 
 #define KVM_HC_VAPIC_POLL_IRQ		1
 #define KVM_HC_MMU_OP			2
author	Jan Kiszka <jan.kiszka@siemens.com>	2009-10-07 17:40:32 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-10-12 11:33:20 -0700
commit	c905930150d0952c4ce008553b377492bcbd29d7 (patch)
tree	91fde9a15252018b163295da2e1eb3886b1043a4 /include
parent	2578cf95969936c372db29ee2bbc21c9b6a299aa (diff)