vmm(4): Reset host LDTR on exit for SVM - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	mlarkin <mlarkin@openbsd.org>	2018-09-18 16:02:08 +0000
committer	mlarkin <mlarkin@openbsd.org>	2018-09-18 16:02:08 +0000
commit	184c804a7bcef546d5d111b9caecc5e1574bd145 (patch)
tree	889306f7ee18a1b3f378ed212e6588a730598b93 /lib
parent	Start testing the roa backend (test 5) and cleanup tool in general. (diff)
download	wireguard-openbsd-184c804a7bcef546d5d111b9caecc5e1574bd145.tar.xz wireguard-openbsd-184c804a7bcef546d5d111b9caecc5e1574bd145.zip

vmm(4): Reset host LDTR on exit for SVM

For SVM machines, the LDT content remains set to that of the guest VM on exit (as compared to Intel/VMX which resets the LDTR to 0). This fix ensures the LDT is reset to 0 on SVM exits. Leaving the LDT set to the guest's choice could allow a malicious process to escalate its privileges with the help of a malicious VM that they also are able to run on the machine. This was reported by Maxime Villard; thanks!

Diffstat (limited to 'lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: