projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 58e3948) | patch
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
authorJim Mattson <jmattson@google.com>
Wed, 26 Oct 2016 15:38:38 +0000 (08:38 -0700)
committerPaolo Bonzini <pbonzini@redhat.com>
Thu, 27 Oct 2016 10:15:27 +0000 (12:15 +0200)
commit85c856b39b479dde410ddd09df1da745343010c9
tree54e99503fc7d4abc2d6b573099566428c864c0d0tree | snapshot (tar.gz zip)
parent58e3948a87e39289aeda5753e9712092c8ca0745commit | diff
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types

Bitwise shifts by amounts greater than or equal to the width of the left
operand are undefined. A malicious guest can exploit this to crash a
32-bit host, due to the BUG_ON(1)'s in handle_{invept,invvpid}.

Signed-off-by: Jim Mattson <jmattson@google.com>
Message-Id: <1477496318-17681-1-git-send-email-jmattson@google.com>
[Change 1UL to 1, to match the range check on the shift count. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/vmx.c diff | blob | blame | history