KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) - kernel/linux.git

diff options

author	Andy Honig <ahonig@google.com>	2013-11-20 02:12:18 +0400
committer	Paolo Bonzini <pbonzini@redhat.com>	2013-12-13 01:39:45 +0400
commit	b963a22e6d1a266a67e9eecc88134713fd54775c (patch)
tree	b378e97caf7869445b6168e87b7c6b36d7e87674 /arch/mn10300
parent	338c7dbadd2671189cec7faf64c84d01071b3f96 (diff)
download	linux-b963a22e6d1a266a67e9eecc88134713fd54775c.tar.xz

KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)

Under guest controllable circumstances apic_get_tmcct will execute a divide by zero and cause a crash. If the guest cpuid support tsc deadline timers and performs the following sequence of requests the host will crash. - Set the mode to periodic - Set the TMICT to 0 - Set the mode bits to 11 (neither periodic, nor one shot, nor tsc deadline) - Set the TMICT to non-zero. Then the lapic_timer.period will be 0, but the TMICT will not be. If the guest then reads from the TMCCT then the host will perform a divide by 0. This patch ensures that if the lapic_timer.period is 0, then the division does not occur. Reported-by: Andrew Honig <ahonig@google.com> Cc: stable@vger.kernel.org Signed-off-by: Andrew Honig <ahonig@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'arch/mn10300')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: