ACK: [Precise][CVE-2014-7842] KVM: x86: Don't report guest userspace emulation error to userspace
Brad Figg
brad.figg at canonical.com
Tue Dec 2 16:55:50 UTC 2014
On 12/02/2014 03:49 AM, Luis Henriques wrote:
> From: Nadav Amit <namit at cs.technion.ac.il>
>
> Commit fc3a9157d314 ("KVM: X86: Don't report L2 emulation failures to
> user-space") disabled the reporting of L2 (nested guest) emulation failures to
> userspace due to race-condition between a vmexit and the instruction emulator.
> The same rational applies also to userspace applications that are permitted by
> the guest OS to access MMIO area or perform PIO.
>
> This patch extends the current behavior - of injecting a #UD instead of
> reporting it to userspace - also for guest userspace code.
>
> Signed-off-by: Nadav Amit <namit at cs.technion.ac.il>
> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
> (cherry picked from commit a2b9e6c1a35afcc0973acb72e591c714e78885ff)
> CVE-2014-7842
> BugLink: http://bugs.launchpad.net/bugs/1392823
> Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> ---
> arch/x86/kvm/x86.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 6aec68d35a50..a1fba13fa670 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -4335,7 +4335,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu)
>
> ++vcpu->stat.insn_emulation_fail;
> trace_kvm_emulate_insn_failed(vcpu);
> - if (!is_guest_mode(vcpu)) {
> + if (!is_guest_mode(vcpu) && kvm_x86_ops->get_cpl(vcpu) == 0) {
> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
> vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
> vcpu->run->internal.ndata = 0;
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list