• Rusty Russell's avatar
    lguest: Fix Malicious Guest GDT Host Crash · 0d027c01
    Rusty Russell authored
    If a Guest makes hypercall which sets a GDT entry to not present, we
    currently set any segment registers using that GDT entry to 0.
    Unfortunately, this is not sufficient: there are other ways of
    altering GDT entries which will cause a fault.
    
    The correct solution to do what Linux does: let them set any GDT value
    they want and handle the #GP when popping causes a fault.  This has
    the added benefit of making our Switcher slightly more robust in the
    case of any other bugs which cause it to fault.
    
    We kill the Guest if it causes a fault in the Switcher: it's the
    Guest's responsibility to make sure it's not using segments when it
    changes them.
    Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    0d027c01
lguest.c 41.4 KB