From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH 04/47] KVM: x86: Disallow hypercalls for guest callers
 in rings > 0
Date: Sun, 04 Oct 2009 18:26:15 +0200
Message-ID: <4AC8CCA7.40804@redhat.com>
References: <1251282609-12835-1-git-send-email-avi@redhat.com>	 <1251282609-12835-5-git-send-email-avi@redhat.com> <1254293895.5468.2775.camel@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1;
	format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: kvm@vger.kernel.org
To: =?ISO-8859-1?Q?Jan_L=FCbbe?= <jluebbe@debian.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:43518 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755163AbZJDQ0s (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 4 Oct 2009 12:26:48 -0400
In-Reply-To: <1254293895.5468.2775.camel@localhost>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 09/30/2009 08:58 AM, Jan L=FCbbe wrote:
> Hi!
>
> On Wed, 2009-08-26 at 13:29 +0300, Avi Kivity wrote:
>   =20
>> From: Jan Kiszka<jan.kiszka@siemens.com>
>>
>> So far unprivileged guest callers running in ring 3 can issue, e.g.,=
 MMU
>> hypercalls. Normally, such callers cannot provide any hand-crafted M=
MU
>> command structure as it has to be passed by its physical address, bu=
t
>> they can still crash the guest kernel by passing random addresses.
>>
>> To close the hole, this patch considers hypercalls valid only if iss=
ued
>> from guest ring 0. This may still be relaxed on a per-hypercall base=
 in
>> the future once required.
>>     =20
> Does kvm-72 (used by Debian and Ubuntu in stable releases) have the
> problem? If yes, would the approach in this fix also work there?
>
>   =20

Probably yes to both.

--=20
error compiling committee.c: too many arguments to function