diff options
| author | Michal Luczaj <[email protected]> | 2023-07-28 02:12:57 +0200 |
|---|---|---|
| committer | Sean Christopherson <[email protected]> | 2023-08-02 13:30:15 -0700 |
| commit | 0d033770d43a7aa36025bcef9a60da7fb750f735 (patch) | |
| tree | 4b8f797d71d917eeea56c77544bed2907e6fa5ef /tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/EventClass.py | |
| parent | fdf0eaf11452d72945af31804e2a1048ee1b574c (diff) | |
KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues
In a spirit of using a sledgehammer to crack a nut, make sync_regs() feed
__set_sregs() and kvm_vcpu_ioctl_x86_set_vcpu_events() with kernel's own
copy of data.
Both __set_sregs() and kvm_vcpu_ioctl_x86_set_vcpu_events() assume they
have exclusive rights to structs they operate on. While this is true when
coming from an ioctl handler (caller makes a local copy of user's data),
sync_regs() breaks this contract; a pointer to a user-modifiable memory
(vcpu->run->s.regs) is provided. This can lead to a situation when incoming
data is checked and/or sanitized only to be re-set by a user thread running
in parallel.
Signed-off-by: Michal Luczaj <[email protected]>
Fixes: 01643c51bfcf ("KVM: x86: KVM_CAP_SYNC_REGS")
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Sean Christopherson <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/EventClass.py')
0 files changed, 0 insertions, 0 deletions