mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-08 09:39:40 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/x86/kvm
History
Reiji Watanabe 7f64753835 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index 
[ Upstream commit 04c4f2ee3f ]

__vmx_handle_exit() uses vcpu->run->internal.ndata as an index for
an array access.  Since vcpu->run is (can be) mapped to a user address
space with a writer permission, the 'ndata' could be updated by the
user process at anytime (the user process can set it to outside the
bounds of the array).
So, it is not safe that __vmx_handle_exit() uses the 'ndata' that way.

Fixes: 1aa561b1a4 ("kvm: x86: Add "last CPU" to some KVM_EXIT information")
Signed-off-by: Reiji Watanabe <reijiw@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Message-Id: <20210413154739.490299-1-reijiw@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-04-21 13:00:59 +02:00
..
mmu KVM: x86/mmu: preserve pending TLB flush across calls to kvm_tdp_mmu_zap_sp 2021-04-14 08:42:04 +02:00
svm KVM: SVM: ensure that EFER.SVME is set when running nested guest or on nested vmexit 2021-04-07 15:00:09 +02:00
vmx KVM: VMX: Don't use vcpu->run->internal.ndata as an array index 2021-04-21 13:00:59 +02:00
cpuid.c KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl 2021-02-10 09:29:20 +01:00
cpuid.h KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits 2020-12-30 11:54:14 +01:00
debugfs.c KVM: let kvm_destroy_vm_debugfs clean up vCPU debugfs directories 2020-06-04 11:00:54 -04:00
emulate.c KVM: x86: Restore all 64 bits of DR6 and DR7 during RSM on x86-64 2021-03-04 11:37:48 +01:00
hyperv.c ARM: 2020-10-23 11:17:56 -07:00
hyperv.h x86/kvm/hyper-v: Add support for synthetic debugger interface 2020-06-01 04:26:11 -04:00
i8254.c kvm: i8254: remove redundant assignment to pointer s 2020-06-11 12:35:18 -04:00
i8254.h
i8259.c
ioapic.c KVM: ioapic: break infinite recursion on lazy EOI 2020-10-24 04:42:06 -04:00
ioapic.h kvm/x86: Remove redundant function implementations 2020-05-27 13:11:10 -04:00
irq.c KVM: x86: Fix split-irqchip vs interrupt injection window request 2020-11-27 09:27:28 -05:00
irq.h kvm/x86: Remove redundant function implementations 2020-05-27 13:11:10 -04:00
irq_comm.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
Kconfig x86/kvm: hide KVM options from menuconfig when KVM is not compiled 2020-10-21 17:36:30 -04:00
kvm_cache_regs.h KVM: x86: Let the guest own CR4.FSGSBASE 2020-10-21 17:48:50 -04:00
kvm_emulate.h ARM: 2020-04-02 15:13:15 -07:00
lapic.c KVM: x86: Ensure deadline timer has truly expired before posting its IRQ 2021-03-17 17:06:36 +01:00
lapic.h KVM: nVMX: Morph notification vector IRQ on nested VM-Enter to pending PI 2020-09-28 07:57:22 -04:00
Makefile kvm: x86/mmu: Init / Uninit the TDP MMU 2020-10-21 18:17:00 -04:00
mmu.h KVM: x86: fix shift out of bounds reported by UBSAN 2021-01-12 20:18:26 +01:00
mtrr.c KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks 2020-01-27 19:59:39 +01:00
pmu.c KVM/x86: pmu: Fix #GP condition check for RDPMC emulation 2020-07-09 07:08:37 -04:00
pmu.h kvm: x86: limit the maximum number of vPMU fixed counters to 3 2020-07-08 16:21:59 -04:00
trace.h KVM: x86: Use common definition for kvm_nested_vmexit tracepoint 2020-09-28 07:57:52 -04:00
tss.h
x86.c KVM: x86: Protect userspace MSR filter with SRCU, and set atomically-ish 2021-03-30 14:31:53 +02:00
x86.h KVM: x86: Supplement __cr4_reserved_bits() with X86_FEATURE_PCID check 2021-03-11 14:17:26 +01:00