Go to file
Eric Ren 62ab3d75d3 KVM: arm64: vgic: Fix exit condition in scan_its_table()
commit c000a26071 upstream.

With some PCIe topologies, restoring a guest fails while
parsing the ITS device tables.

Reproducer hints:
1. Create ARM virt VM with pxb-pcie bus which adds
   extra host bridges, with qemu command like:

```
  -device pxb-pcie,bus_nr=8,id=pci.x,numa_node=0,bus=pcie.0 \
  -device pcie-root-port,..,bus=pci.x \
  ...
  -device pxb-pcie,bus_nr=37,id=pci.y,numa_node=1,bus=pcie.0 \
  -device pcie-root-port,..,bus=pci.y \
  ...

```
2. Ensure the guest uses 2-level device table
3. Perform VM migration which calls save/restore device tables

In that setup, we get a big "offset" between 2 device_ids,
which makes unsigned "len" round up a big positive number,
causing the scan loop to continue with a bad GPA. For example:

1. L1 table has 2 entries;
2. and we are now scanning at L2 table entry index 2075 (pointed
   to by L1 first entry)
3. if next device id is 9472, we will get a big offset: 7397;
4. with unsigned 'len', 'len -= offset * esz', len will underflow to a
   positive number, mistakenly into next iteration with a bad GPA;
   (It should break out of the current L2 table scanning, and jump
   into the next L1 table entry)
5. that bad GPA fails the guest read.

Fix it by stopping the L2 table scan when the next device id is
outside of the current table, allowing the scan to continue from
the next L1 table entry.

Thanks to Eric Auger for the fix suggestion.

Fixes: 920a7a8fa9 ("KVM: arm64: vgic-its: Add infrastructure for tableookup")
Suggested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Eric Ren <renzhengeek@gmail.com>
[maz: commit message tidy-up]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/d9c3a564af9e2c5bf63f48a7dcbf08cd593c5c0b.1665802985.git.renzhengeek@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-11-03 23:50:50 +09:00
arch x86/microcode/AMD: Apply the patch early on every logical thread 2022-11-03 23:50:50 +09:00
block block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern 2022-06-06 08:20:57 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-25 11:46:44 +02:00
crypto crypto: drbg - make reseeding from get_random_bytes() synchronous 2022-06-25 11:46:41 +02:00
Documentation x86/speculation: Add RSB VM Exit protections 2022-11-01 19:14:46 +01:00
drivers ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS 2022-11-03 23:50:50 +09:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:20:30 +01:00
fs ocfs2: fix BUG when iput after ocfs2_mknod fails 2022-11-03 23:50:50 +09:00
include x86/bugs: Report AMD retbleed vulnerability 2022-11-01 19:14:44 +01:00
init random: handle latent entropy and command line from random_init() 2022-06-25 11:46:40 +02:00
ipc ipc: WARN if trying to remove ipc object which is absent 2021-12-08 08:46:53 +01:00
kernel gcov: support GCC 12.1 and newer compilers 2022-10-26 13:16:58 +02:00
lib dyndbg: let query-modname override actual module name 2022-10-26 13:17:04 +02:00
mm mm/migrate_device.c: flush TLB while holding PTL 2022-10-26 13:16:50 +02:00
net inet: fully convert sk->sk_rx_dst to RCU rules 2022-10-26 13:17:14 +02:00
samples samples/kretprobes: Fix return value if register_kretprobe() failed 2021-11-26 11:40:31 +01:00
scripts selinux: use "grep -E" instead of "egrep" 2022-10-26 13:16:58 +02:00
security apparmor: fix reference count leak in aa_pivotroot() 2022-08-25 11:11:32 +02:00
sound ALSA: dmaengine: increment buffer pointer atomically 2022-10-26 13:17:01 +02:00
tools x86/speculation: Add RSB VM Exit protections 2022-11-01 19:14:46 +01:00
usr initramfs: restore default compression behavior 2020-04-13 10:34:19 +02:00
virt KVM: arm64: vgic: Fix exit condition in scan_its_table() 2022-11-03 23:50:50 +09:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS MAINTAINERS: co-maintain random.c 2022-06-25 11:46:29 +02:00
Makefile Linux 4.14.297 2022-11-01 19:14:46 +01:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.