linux_dsm_epyc7002/arch
Paolo Bonzini 33ab91103b KVM: x86: fix emulation of "MOV SS, null selector"
This is CVE-2017-2583.  On Intel this causes a failed vmentry because
SS's type is neither 3 nor 7 (even though the manual says this check is
only done for usable SS, and the dmesg splat says that SS is unusable!).
On AMD it's worse: svm.c is confused and sets CPL to 0 in the vmcb.

The fix fabricates a data segment descriptor when SS is set to a null
selector, so that CPL and SS.DPL are set correctly in the VMCS/vmcb.
Furthermore, only allow setting SS to a NULL selector if SS.RPL < 3;
this in turn ensures CPL < 3 because RPL must be equal to CPL.

Thanks to Andy Lutomirski and Willy Tarreau for help in analyzing
the bug and deciphering the manuals.

Reported-by: Xiaohan Zhang <zhangxiaohan1@huawei.com>
Fixes: 79d5b4c3cd
Cc: stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-12 15:17:13 +01:00
..
alpha clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
arc 2nd round of ARC udpates for 4.10rc1 2016-12-23 10:22:47 -08:00
arm This pull request contains fixes for the following issues 2017-01-04 16:43:00 +01:00
arm64 - Re-introduce the arm64 get_current() optimisation 2017-01-06 15:18:58 -08:00
avr32 clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
blackfin Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
c6x clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
cris Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
frv Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
h8300 Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
hexagon clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
ia64 clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
m32r Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
m68k clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
metag Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:05:56 -08:00
microblaze clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
mips KVM fixes for v4.10-rc3 2017-01-06 15:27:17 -08:00
mn10300 clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
nios2 clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
openrisc openrisc: Add _text symbol to fix ksym build error 2017-01-02 10:35:11 +09:00
parisc parisc: Add line-break when printing segfault info 2017-01-02 18:07:25 +01:00
powerpc powerpc: Fix build warning on 32-bit PPC 2016-12-25 16:12:20 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2017-01-02 09:08:45 -08:00
score Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
sh Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
sparc clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
tile Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
um clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
unicore32 clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
x86 KVM: x86: fix emulation of "MOV SS, null selector" 2017-01-12 15:17:13 +01:00
xtensa Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
.gitignore
Kconfig powerpc: ima: get the kexec buffer passed by the previous kernel 2016-12-20 09:48:40 -08:00