AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
0debc69f00
kernel_optimize_test/arch
History
Paolo Bonzini 9b4aa0d80b KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID 
commit 9f46c187e2e680ecd9de7983e4d081c3391acc76 upstream.

With shadow paging enabled, the INVPCID instruction results in a call
to kvm_mmu_invpcid_gva.  If INVPCID is executed with CR0.PG=0, the
invlpg callback is not set and the result is a NULL pointer dereference.
Fix it trivially by checking for mmu->invlpg before every call.

There are other possibilities:

- check for CR0.PG, because KVM (like all Intel processors after P5)
  flushes guest TLB on CR0.PG changes so that INVPCID/INVLPG are a
  nop with paging disabled

- check for EFER.LMA, because KVM syncs and flushes when switching
  MMU contexts outside of 64-bit mode

All of these are tricky, go for the simple solution.  This is CVE-2022-1789.

Reported-by: Yongkang Jia <kangel@zju.edu.cn>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[fix conflict due to missing b9e5603c2a3accbadfec570ac501a54431a6bdba]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-30 09:33:22 +02:00
..
alpha
arc ARC: entry: fix syscall_trace_exit argument 2022-04-27 13:53:55 +02:00
arm ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 2022-05-25 09:17:59 +02:00
arm64 arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs 2022-05-25 09:18:01 +02:00
c6x
csky uaccess: fix type mismatch warnings from access_ok() 2022-04-08 14:40:35 +02:00
h8300
hexagon hexagon: clean up timer-regs.h 2021-11-26 10:39:19 +01:00
ia64 ia64: ensure proper NUMA distance and possible map initialization 2022-03-08 19:09:34 +01:00
m68k m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined 2022-04-08 14:40:09 +02:00
microblaze uaccess: fix nios2 and microblaze get_user_8() 2022-04-08 14:40:08 +02:00
mips MIPS: lantiq: check the return value of kzalloc() 2022-05-25 09:17:54 +02:00
nds32 nds32: fix access_ok() checks in get/put_user 2022-03-28 09:57:10 +02:00
nios2 uaccess: fix type mismatch warnings from access_ok() 2022-04-08 14:40:35 +02:00
openrisc openrisc: Add clone3 ABI wrapper 2022-01-27 10:54:06 +01:00
parisc parisc: Merge model and model name into one line in /proc/cpuinfo 2022-05-12 12:25:29 +02:00
powerpc powerpc/perf: Fix 32bit compile 2022-05-09 09:05:06 +02:00
riscv riscv: dts: sifive: fu540-c000: align dma node name with dtschema 2022-05-25 09:17:59 +02:00
s390 s390/pci: improve zpci_dev reference counting 2022-05-25 09:17:53 +02:00
sh sh: define __BIG_ENDIAN for math-emu 2021-11-26 10:39:12 +01:00
sparc uaccess: fix type mismatch warnings from access_ok() 2022-04-08 14:40:35 +02:00
um um: Fix uml_mconsole stop/go 2022-04-08 14:40:44 +02:00
x86 KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID 2022-05-30 09:33:22 +02:00
xtensa xtensa: fix a7 clobbering in coprocessor context load/store 2022-04-27 13:53:55 +02:00
.gitignore
Kconfig arch/cc: Introduce a function to check for confidential computing features 2021-11-18 14:04:32 +01:00