Hi! On Wed, 2009-08-26 at 13:29 +0300, Avi Kivity wrote: > From: Jan Kiszka <jan.kiszka@xxxxxxxxxxx> > > So far unprivileged guest callers running in ring 3 can issue, e.g., MMU > hypercalls. Normally, such callers cannot provide any hand-crafted MMU > command structure as it has to be passed by its physical address, but > they can still crash the guest kernel by passing random addresses. > > To close the hole, this patch considers hypercalls valid only if issued > from guest ring 0. This may still be relaxed on a per-hypercall base in > the future once required. Does kvm-72 (used by Debian and Ubuntu in stable releases) have the problem? If yes, would the approach in this fix also work there? Thanks, Jan -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
