korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-14 07:44:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
b9021de3ec
linux/arch/x86/kvm
History
Sean Christopherson f559b2e9c5 KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory 
Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits
4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't
enforce 32-byte alignment of nCR3.

In the absolute worst case scenario, failure to ignore bits 4:0 can result
in an out-of-bounds read, e.g. if the target page is at the end of a
memslot, and the VMM isn't using guard pages.

Per the APM:

  The CR3 register points to the base address of the page-directory-pointer
  table. The page-directory-pointer table is aligned on a 32-byte boundary,
  with the low 5 address bits 4:0 assumed to be 0.

And the SDM's much more explicit:

  4:0    Ignored

Note, KVM gets this right when loading PDPTRs, it's only the nSVM flow
that is broken.

Fixes: e4e517b4be ("KVM: MMU: Do not unconditionally read PDPTE from guest memory")
Reported-by: Kirk Swidowski <swidowski@google.com>
Cc: Andy Nguyen <theflow@google.com>
Cc: 3pvd <3pvd@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-ID: <20241009140838.1036226-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-10-20 07:31:06 -04:00
..
mmu KVM: x86/mmu: Add lockdep assert to enforce safe usage of kvm_unmap_gfn_range() 2024-10-20 07:31:05 -04:00
svm KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory 2024-10-20 07:31:06 -04:00
vmx KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() 2024-10-20 07:31:06 -04:00
.gitignore KVM: x86: use a separate asm-offsets.c file 2022-11-09 12:10:17 -05:00
cpuid.c KVM: x86: Advertise AVX10.1 CPUID to userspace 2024-08-22 11:25:25 -07:00
cpuid.h KVM: x86: Bury guest_cpuid_is_amd_or_hygon() in cpuid.c 2024-06-10 14:29:39 -07:00
debugfs.c KVM: Get rid of return value from kvm_arch_create_vm_debugfs() 2024-02-23 21:44:58 +00:00
emulate.c ARM: 2024-07-20 12:41:03 -07:00
fpu.h
governed_features.h KVM: x86: Use KVM-governed feature framework to track "LAM enabled" 2023-11-28 17:54:09 -08:00
hyperv.c KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops 2024-07-16 12:14:12 -04:00
hyperv.h KVM: x86: hyper-v: Remove unused inline function kvm_hv_free_pa_page() 2024-08-13 09:28:48 -04:00
i8254.c KVM: x86: Unify pr_fmt to use module name for all KVM modules 2022-12-29 15:47:35 -05:00
i8254.h KVM: x86: PIT: Preserve state of speaker port data bit 2022-06-08 13:06:20 -04:00
i8259.c KVM: x86: Fix poll command 2023-06-01 13:44:13 -07:00
ioapic.c KVM: x86/ioapic: Resample the pending state of an IRQ when unmasking 2023-03-27 10:13:28 -04:00
ioapic.h x86/kvm: remove unused ack_notifier callbacks 2021-11-18 07:05:57 -05:00
irq_comm.c KVM: x86: Don't re-setup empty IRQ routing when KVM_CAP_SPLIT_IRQCHIP 2024-06-11 14:18:40 -07:00
irq.c KVM: x86: Fold kvm_get_apic_interrupt() into kvm_cpu_get_interrupt() 2024-09-09 20:15:01 -07:00
irq.h KVM: x86: Don't re-setup empty IRQ routing when KVM_CAP_SPLIT_IRQCHIP 2024-06-11 14:18:40 -07:00
Kconfig KVM: x86: leave kvm.ko out of the build if no vendor module is requested 2024-10-06 03:53:41 -04:00
kvm_cache_regs.h KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops 2024-07-16 12:14:12 -04:00
kvm_emulate.h KVM: x86: Use "is Intel compatible" helper to emulate SYSCALL in !64-bit 2024-06-10 14:29:38 -07:00
kvm_onhyperv.c KVM: x86/mmu: Move filling of Hyper-V's TLB range struct into Hyper-V code 2023-04-10 15:17:29 -07:00
kvm_onhyperv.h KVM: x86: Move Hyper-V partition assist page out of Hyper-V emulation context 2023-12-07 09:34:01 -08:00
kvm-asm-offsets.c KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly 2022-11-09 12:25:53 -05:00
lapic.c Merge tag 'kvm-x86-vmx-6.12' of https://github.com/kvm-x86/linux into HEAD 2024-09-17 12:41:23 -04:00
lapic.h Merge tag 'kvm-x86-vmx-6.12' of https://github.com/kvm-x86/linux into HEAD 2024-09-17 12:41:23 -04:00
Makefile KVM: x86: leave kvm.ko out of the build if no vendor module is requested 2024-10-06 03:53:41 -04:00
mmu.h KVM: x86: Remove some unused declarations 2024-09-09 20:12:43 -07:00
mtrr.c KVM: x86: Remove VMX support for virtualizing guest MTRR memtypes 2024-06-05 08:13:14 -07:00
pmu.c KVM: x86/pmu: Add kvm_pmu_call() to simplify static calls of kvm_pmu_ops 2024-07-16 12:14:12 -04:00
pmu.h KVM: x86/pmu: Introduce distinct macros for GP/fixed counter max number 2024-06-28 09:12:16 -07:00
reverse_cpuid.h KVM: x86: Advertise AVX10.1 CPUID to userspace 2024-08-22 11:25:25 -07:00
smm.c KVM: x86: Forcibly leave nested if RSM to L2 hits shutdown 2024-09-09 20:09:49 -07:00
smm.h KVM: x86: smm: preserve interrupt shadow in SMRAM 2022-11-09 12:31:26 -05:00
trace.h KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops 2024-07-16 12:14:12 -04:00
tss.h
x86.c Merge tag 'kvm-x86-vmx-6.12' of https://github.com/kvm-x86/linux into HEAD 2024-09-17 12:41:23 -04:00
x86.h Merge tag 'kvm-x86-pat_vmx_msrs-6.12' of https://github.com/kvm-x86/linux into HEAD 2024-09-17 12:40:39 -04:00
xen.c KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops 2024-07-16 12:14:12 -04:00
xen.h KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled 2024-03-04 16:22:36 -08:00