Andy Honig 338c7dbadd KVM: Improve create VCPU parameter (CVE-2013-4587) ... In multiple functions the vcpu_id is used as an offset into a bitfield. Ag malicious user could specify a vcpu_id greater than 255 in order to set or clear bits in kernel memory. This could be used to elevate priveges in the kernel. This patch verifies that the vcpu_id provided is less than 255. The api documentation already specifies that the vcpu_id must be less than max_vcpus, but this is currently not checked. Reported-by: Andrew Honig <ahonig@google.com> Cc: stable@vger.kernel.org Signed-off-by: Andrew Honig <ahonig@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>		2013-12-12 22:39:33 +01:00
..
arm	ARM: KVM: Bugfix: vgic_bytemap_get_reg per cpu regs	2013-08-30 16:12:38 +03:00
Kconfig	kvm: Add VFIO device	2013-10-30 19:02:03 +01:00
assigned-dev.c	KVM: Move irq routing to generic code	2013-04-26 20:27:17 +02:00
async_pf.c	KVM: Drop FOLL_GET in GUP when doing async page fault	2013-10-15 13:43:37 +03:00
async_pf.h	KVM: Halt vcpu if page it tries to access is swapped out	2011-01-12 11:21:39 +02:00
coalesced_mmio.c	KVM: make checks stricter in coalesced_mmio_in_range()	2011-12-27 11:17:07 +02:00
coalesced_mmio.h	KVM: Make coalesced mmio use a device per zone	2011-09-25 19:17:57 +03:00
eventfd.c	kvm eventfd: switch to fdget	2013-09-03 23:04:45 -04:00
ioapic.c	KVM: Set TMR when programming ioapic entry	2013-04-16 16:32:40 -03:00
ioapic.h	KVM: Set TMR when programming ioapic entry	2013-04-16 16:32:40 -03:00
iodev.h	KVM: remove in_range from io devices	2009-09-10 08:33:05 +03:00
iommu.c	KVM: IOMMU: hva align mapping page size	2013-11-05 09:55:36 +02:00
irq_comm.c	KVM: Fix RTC interrupt coalescing tracking	2013-06-27 14:20:53 +03:00
irqchip.c	KVM: Move irq routing setup to irqchip.c	2013-04-26 20:27:18 +02:00
kvm_main.c	KVM: Improve create VCPU parameter (CVE-2013-4587)	2013-12-12 22:39:33 +01:00
vfio.c	kvm: Create non-coherent DMA registeration	2013-10-30 19:02:23 +01:00