cloud-hypervisor

mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-07-07 10:15:45 +00:00

History

Samuel Ortiz 664431ff14 vsock: vhost_user: vfio: Fix potential host memory overflow The vsock packets that we're building are resolving guest addresses to host ones and use the latter as raw pointers. If the corresponding guest mapped buffer spans across several regions in the guest, they will do so in the host as well. Since we have no guarantees that host regions are contiguous, it may lead the VMM into trying to access memory outside of its memory space. For now we fix that by ensuring that the guest buffers do not span across several regions. If they do, we error out. Ideally, we should enhance the rust-vmm memory model to support safe acces across host regions. Fixes CVE-2019-18960 Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>	2019-12-12 22:15:50 +01:00
..
src	vsock: vhost_user: vfio: Fix potential host memory overflow	2019-12-12 22:15:50 +01:00
Cargo.toml	vmm: Port to latest vmm-sys-util	2019-12-11 14:11:11 +00:00

Samuel Ortiz 664431ff14 vsock: vhost_user: vfio: Fix potential host memory overflow

The vsock packets that we're building are resolving guest addresses to
host ones and use the latter as raw pointers.
If the corresponding guest mapped buffer spans across several regions in
the guest, they will do so in the host as well. Since we have no
guarantees that host regions are contiguous, it may lead the VMM into
trying to access memory outside of its memory space.

For now we fix that by ensuring that the guest buffers do not span
across several regions. If they do, we error out.
Ideally, we should enhance the rust-vmm memory model to support safe
acces across host regions.

Fixes CVE-2019-18960

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

2019-12-12 22:15:50 +01:00

src

vsock: vhost_user: vfio: Fix potential host memory overflow

2019-12-12 22:15:50 +01:00

Cargo.toml

vmm: Port to latest vmm-sys-util

2019-12-11 14:11:11 +00:00