summaryrefslogtreecommitdiff
path: root/fs/splice.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2017-10-26 16:45:46 +0300
committerKees Cook <keescook@chromium.org>2018-01-15 23:08:07 +0300
commit46515736f8687c5dbde5637ca2f2678055c9c0f7 (patch)
treedc606a9321bb99525c243973734447d2c8cd1b4a /fs/splice.c
parent08626a6056aad824c43d34ce587ab2b01f49d1a4 (diff)
downloadlinux-46515736f8687c5dbde5637ca2f2678055c9c0f7.tar.xz
kvm: whitelist struct kvm_vcpu_arch
On x86, ARM and s390, struct kvm_vcpu_arch has a usercopy region that is read and written by the KVM_GET/SET_CPUID2 ioctls (x86) or KVM_GET/SET_ONE_REG (ARM/s390). Without whitelisting the area, KVM is completely broken on those architectures with usercopy hardening enabled. For now, allow writing to the entire struct on all architectures. The KVM tree will not refine this to an architecture-specific subset of struct kvm_vcpu_arch. Cc: kernel-hardening@lists.openwall.com Cc: Kees Cook <keescook@chromium.org> Cc: Christian Borntraeger <borntraeger@redhat.com> Cc: Christoffer Dall <cdall@linaro.org> Cc: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Christoffer Dall <christoffer.dall@linaro.org> Acked-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'fs/splice.c')
0 files changed, 0 insertions, 0 deletions