forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/arch
History
Paolo Bonzini 1c3ed9d481 BACKPORT: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID 
commit 9f46c187e2 upstream.

With shadow paging enabled, the INVPCID instruction results in a call
to kvm_mmu_invpcid_gva.  If INVPCID is executed with CR0.PG=0, the
invlpg callback is not set and the result is a NULL pointer dereference.
Fix it trivially by checking for mmu->invlpg before every call.

There are other possibilities:

- check for CR0.PG, because KVM (like all Intel processors after P5)
  flushes guest TLB on CR0.PG changes so that INVPCID/INVLPG are a
  nop with paging disabled

- check for EFER.LMA, because KVM syncs and flushes when switching
  MMU contexts outside of 64-bit mode

All of these are tricky, go for the simple solution.  This is CVE-2022-1789.

Bug: 235691682
Reported-by: Yongkang Jia <kangel@zju.edu.cn>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[fix conflict due to missing b9e5603c2a]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If558163c4ddd4606274b456324278ed3fb5b093c
2022-08-04 11:36:41 +00:00
..
alpha Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
arc ARC: entry: fix syscall_trace_exit argument 2022-04-27 13:53:55 +02:00
arm This is the 5.10.117 stable release 2022-05-18 13:09:42 +02:00
arm64 Merge tag 'android12-5.10.117_r00' into 'android12-5.10' 2022-07-27 11:21:05 +02:00
c6x
csky This is the 5.10.110 stable release 2022-04-18 17:41:18 +02:00
h8300
hexagon hexagon: clean up timer-regs.h 2021-11-26 10:39:19 +01:00
ia64 This is the 5.10.104 stable release 2022-03-12 13:57:09 +01:00
m68k This is the 5.10.110 stable release 2022-04-18 17:41:18 +02:00
microblaze This is the 5.10.110 stable release 2022-04-18 17:41:18 +02:00
mips This is the 5.10.116 stable release 2022-05-16 08:45:59 +02:00
nds32 nds32: fix access_ok() checks in get/put_user 2022-03-28 09:57:10 +02:00
nios2 uaccess: fix type mismatch warnings from access_ok() 2022-04-08 14:40:35 +02:00
openrisc openrisc: Add clone3 ABI wrapper 2022-01-27 10:54:06 +01:00
parisc This is the 5.10.115 stable release 2022-05-16 08:45:26 +02:00
powerpc This is the 5.10.114 stable release 2022-05-12 17:48:27 +02:00
riscv This is the 5.10.114 stable release 2022-05-12 17:48:27 +02:00
s390 This is the 5.10.117 stable release 2022-05-18 13:09:42 +02:00
sh Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
sparc This is the 5.10.110 stable release 2022-04-18 17:41:18 +02:00
um This is the 5.10.110 stable release 2022-04-18 17:41:18 +02:00
x86 BACKPORT: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID 2022-08-04 11:36:41 +00:00
xtensa This is the 5.10.113 stable release 2022-05-12 11:23:35 +02:00
.gitignore
Kconfig This is the 5.10.80 stable release 2021-11-19 11:50:41 +01:00