[Lguest] [PATCH] Fix Malicious Guest GDT Host Crash
ron minnich
rminnich at gmail.com
Thu Aug 9 14:40:04 EST 2007
On 8/7/07, Rusty Russell <rusty at rustcorp.com.au> wrote:
> Hi all,
>
> Testing would be appreciated (esp. Ron?): I'd like to push this as soon
> as possible into 2.6.23. I thought of it while pondering kvm-lite, and
> then proved it was a problem...
Works fine here.
Be aware that in the early Plan 9 port to lguest I created a gdt entry
and forgot to wrap the GDT # with a macro with the result that I
loaded a gdt # instead of a selector into the gdt entry, and when the
guest switched back to the host (and back to guest, I guess) it
crashed my machine so hard that it went into the BIOS 'let's set this
brand new thinkpad up' dialog. Do not pass GPF, do not collect your
mental state. It was pretty cool. I have lost disks to that failure
mode before, however, so it was also more excitement than I needed at
that particular time. I can try to find that bogus code (it's plan 9
after all, I've got all versions of the file) unless you know what I
mean here. I would rather not try to repeat the crash.
So, the 'GPF on bogus GDT entry' may not always be there for you. I
did not think it was possible to crash a machine this hard anymore; I
was wrong.
The guys at the Plan 9 BOF at Google thought lguest was pretty darn cool.
Thanks
ron
More information about the Lguest
mailing list