hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-22 03:04:34 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
a64729f507
HardenedBSD/sys/amd64
History
Pierre Pronchery d19fa9c1b7 vmm: avoid potential KASSERT kernel panic in vm_handle_db 
If the guest VM emits the exit code VM_EXITCODE_DB the kernel will
execute the function named vm_handle_db.

If the value of rsp is not page aligned and if rsp+sizeof(uint64_t)
spans across two pages, the function vm_copy_setup will need two structs
vm_copyinfo to prepare the copy operation.

For instance is rsp value is 0xFFC, two vm_copyinfo objects are needed:

* address=0xFFC, len=4
* address=0x1000, len=4

The vulnerability was addressed by commit 51fda658ba ("vmm: Properly
handle writes spanning across two pages in vm_handle_db").  Still,
replace the KASSERT with an error return as a more defensive approach.

Reported by:    Synacktiv
Reviewed by	markj, emaste
Security:       HYP-09
Sponsored by:   The Alpha-Omega Project
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D46133
2024-10-02 12:58:45 -04:00
..
acpica
amd64 amd64/mp_machdep.c: style 2024-10-01 14:32:19 +03:00
conf
ia32
include Remove stray whitespaces from sys/amd64/ 2024-09-21 07:05:46 -06:00
linux sysent: regen comments 2024-10-01 18:46:40 +01:00
linux32 sysent: regen comments 2024-10-01 18:46:40 +01:00
pci Remove stray whitespaces from sys/amd64/ 2024-09-21 07:05:46 -06:00
sgx Remove stray whitespaces from sys/amd64/ 2024-09-21 07:05:46 -06:00
vmm vmm: avoid potential KASSERT kernel panic in vm_handle_db 2024-10-02 12:58:45 -04:00
Makefile