linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-04 20:53:07 -04:00

Go to file

Liran Alon 7f9ad1dfa3 KVM: nVMX: Fix kernel info-leak when enabling KVM_CAP_HYPERV_ENLIGHTENED_VMCS more than once

Consider the case that userspace enables KVM_CAP_HYPERV_ENLIGHTENED_VMCS twice:
1) kvm_vcpu_ioctl_enable_cap() is called to enable
KVM_CAP_HYPERV_ENLIGHTENED_VMCS which calls nested_enable_evmcs().
2) nested_enable_evmcs() sets enlightened_vmcs_enabled to true and fills
vmcs_version which is then copied to userspace.
3) kvm_vcpu_ioctl_enable_cap() is called again to enable
KVM_CAP_HYPERV_ENLIGHTENED_VMCS which calls nested_enable_evmcs().
4) This time nested_enable_evmcs() just returns 0 as
enlightened_vmcs_enabled is already true. *Without filling
vmcs_version*.
5) kvm_vcpu_ioctl_enable_cap() continues as usual and copies
*uninitialized* vmcs_version to userspace which leads to kernel info-leak.

Fix this issue by simply changing nested_enable_evmcs() to always fill
vmcs_version output argument. Even when enlightened_vmcs_enabled is
already set to true.

Note that SVM's nested_enable_evmcs() should not be modified because it
always returns a non-zero value (-ENODEV) which results in
kvm_vcpu_ioctl_enable_cap() skipping the copy of vmcs_version to
userspace (as it should).

Fixes: 57b119da35 ("KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability")
Reported-by: syzbot+cfbc368e283d381f8cef@syzkaller.appspotmail.com
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2018-11-27 12:49:46 +01:00

arch

KVM: nVMX: Fix kernel info-leak when enabling KVM_CAP_HYPERV_ENLIGHTENED_VMCS more than once

2018-11-27 12:49:46 +01:00

block

SCSI: fix queue cleanup race before queue initialization is done

2018-11-14 08:19:10 -07:00

certs

export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR()

2018-08-22 23:21:44 +09:00

crypto

crypto: user - Zeroize whole structure given to user space

2018-11-09 17:35:43 +08:00

Documentation

Merge tag 'pm-4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

2018-11-14 15:33:45 -06:00

drivers

Merge tag 'libnvdimm-fixes-4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm

2018-11-18 12:21:09 -08:00

firmware

kbuild: remove all dummy assignments to obj-

2017-11-18 11:46:06 +09:00

ocfs2: free up write context when direct IO failed

2018-11-18 10:15:09 -08:00

include

Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2018-11-18 10:52:26 -08:00

init

memblock: stop using implicit alignment to SMP_CACHE_BYTES

2018-10-31 08:54:16 -07:00

ipc

ipc: IPCMNI limit check for semmni

2018-10-31 08:54:14 -07:00

kernel

Merge branch 'akpm' (patches from Andrew)

2018-11-18 11:31:26 -08:00

lib

lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn

2018-11-18 10:15:10 -08:00

LICENSES

Merge tag 'docs-4.20' of git://git.lwn.net/linux

2018-10-24 18:01:11 +01:00

mm/memblock.c: fix a typo in __next_mem_pfn_range() comments

2018-11-18 10:15:10 -08:00

net

Merge tag 'nfs-for-4.20-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

2018-11-15 10:59:37 -06:00

samples

Merge tag 'vfio-v4.20-rc1.v2' of git://github.com/awilliam/linux-vfio

2018-10-31 11:01:38 -07:00

scripts

scripts/spdxcheck.py: make python3 compliant

2018-11-18 10:15:10 -08:00

security

Merge tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

2018-11-15 11:26:09 -06:00

sound

ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks

2018-11-06 16:33:53 +01:00

tools

Merge tag 'libnvdimm-fixes-4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm

2018-11-18 12:21:09 -08:00

usr

initramfs: move gen_initramfs_list.sh from scripts/ to usr/

2018-08-22 23:21:44 +09:00

virt

Revert "mm, mmu_notifier: annotate mmu notifiers with blockable invalidate callbacks"

2018-10-26 16:25:19 -07:00

.clang-format

page cache: Convert find_get_pages_contig to XArray

2018-10-21 10:46:34 -04:00

.cocciconfig

scripts: add Linux .cocciconfig for coccinelle

2016-07-22 12:13:39 +02:00

.get_maintainer.ignore

Add hch to .get_maintainer.ignore

2015-08-21 14:30:10 -07:00

.gitattributes

.gitattributes: set git diff driver for C source code files

2016-10-07 18:46:30 -07:00

.gitignore

Merge tag 'kbuild-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

2018-04-15 17:21:30 -07:00

.mailmap

mailmap: Update email for Punit Agrawal

2018-11-05 10:02:11 +00:00

COPYING

COPYING: use the new text with points to the license files

2018-03-23 12:41:45 -06:00

CREDITS

MAINTAINERS: update OMAP MMC entry

2018-11-18 10:15:09 -08:00

Kbuild

Merge tag 'kbuild-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

2017-11-17 17:45:29 -08:00

Kconfig

kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt

2018-08-02 08:06:55 +09:00

MAINTAINERS

MAINTAINERS: update OMAP MMC entry

2018-11-18 10:15:09 -08:00

Makefile

Linux 4.20-rc3

2018-11-18 13:33:44 -08:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

Languages

C 97%

Assembly 1%

Shell 0.6%

Rust 0.5%

Python 0.4%

Other 0.3%