x86: Handle buggy user_contexts (XCC)
authorBarret Rhoden <brho@cs.berkeley.edu>
Mon, 23 Jul 2018 18:54:28 +0000 (14:54 -0400)
committerBarret Rhoden <brho@cs.berkeley.edu>
Mon, 23 Jul 2018 18:54:28 +0000 (14:54 -0400)
commit1725a09ca0fe4287f0752e9bd749f2723753964f
treeda873685d9afc3b9ca46f118c4f3bbb4078dfc27
parent9196d29ad275f90b1e2bd0fd821fe2b48730d5f2
x86: Handle buggy user_contexts (XCC)

If the user gave the kernel garbage for the struct user_context, we could
trick the kernel into attempting to pop certain fields that trigger faults
in the kernel, resulting in all sorts of chaos.

While looking into this for hardware TFs, I noticed a few potential
problems for SW TFs and VM TFs.

Reinstall your kernel headers at your leisure.

Reported-by: syzbot+636de6080fc1a3016e08@syzkaller.appspotmail.com
Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
kern/arch/x86/process64.c
kern/arch/x86/ros/trapframe64.h
kern/arch/x86/vmm/vmm.c