DuDu371/linux-rockchip
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-rockchip/arch/x86
History
Exact
Sean Christopherson 6876793907 KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory 
commit f559b2e9c5c5308850544ab59396b7d53cfc67bd upstream.

Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits
4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't
enforce 32-byte alignment of nCR3.

In the absolute worst case scenario, failure to ignore bits 4:0 can result
in an out-of-bounds read, e.g. if the target page is at the end of a
memslot, and the VMM isn't using guard pages.

Per the APM:

  The CR3 register points to the base address of the page-directory-pointer
  table. The page-directory-pointer table is aligned on a 32-byte boundary,
  with the low 5 address bits 4:0 assumed to be 0.

And the SDM's much more explicit:

  4:0    Ignored

Note, KVM gets this right when loading PDPTRs, it's only the nSVM flow
that is broken.

Fixes: e4e517b4be ("KVM: MMU: Do not unconditionally read PDPTE from guest memory")
Reported-by: Kirk Swidowski <swidowski@google.com>
Cc: Andy Nguyen <theflow@google.com>
Cc: 3pvd <3pvd@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-ID: <20241009140838.1036226-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-01 01:56:06 +01:00
..
boot x86/boot: Don't add the EFI stub to targets, again 2024-06-21 14:35:53 +02:00
coco x86/tdx: Fix "in-kernel MMIO" check 2024-10-17 15:21:29 +02:00
configs
crypto crypto: x86/sha512-avx2 - add missing vzeroupper 2024-06-12 11:03:05 +02:00
entry x86/entry_32: Clear CPU buffers after register restore in NMI return 2024-10-22 15:56:50 +02:00
events perf,x86: avoid missing caller address in stack traces captured in uprobe 2024-10-17 15:21:46 +02:00
hyperv
ia32
include x86/cpufeatures: Add a IBPB_NO_RET BUG flag 2024-10-22 15:56:45 +02:00
kernel x86/resctrl: Avoid overflow in MB settings in bw_validate() 2024-11-01 01:55:57 +01:00
kvm KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory 2024-11-01 01:56:06 +01:00
lib x86/kmsan: Fix hook for unaligned accesses 2024-09-12 11:10:19 +02:00
math-emu
mm x86/mm: Switch to new Intel CPU model defines 2024-09-30 16:23:56 +02:00
net bpf, x64: Fix a jit convergence issue 2024-10-17 15:22:13 +02:00
pci x86/pci/xen: Fix PCIBIOS_* return code handling 2024-08-03 08:48:54 +02:00
platform x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos 2024-08-03 08:48:54 +02:00
power
purgatory x86/purgatory: Switch to the position-independent small code model 2024-06-12 11:03:12 +02:00
ras
realmode
tools x86/boot: Ignore relocations in .notes sections in walk_relocs() too 2024-06-12 11:03:07 +02:00
um um: Fix the -Wmissing-prototypes warning for get_thread_reg 2024-06-12 11:03:47 +02:00
video
virt/vmx/tdx
xen xen: use correct end address of kernel for conflict checking 2024-10-17 15:20:54 +02:00
.gitignore
Kbuild
Kconfig cpu: Re-enable CPU mitigations by default for !X86 architectures 2024-05-02 16:29:28 +02:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y 2024-06-12 11:03:50 +02:00
Makefile
Makefile.um
Makefile_32.cpu