mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-04 16:15:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/x86/kvm
History
Nick Desaulniers 428b8f1d9f KVM: VMX: don't allow memory operands for inline asm that modifies SP 
THUNK_TARGET defines [thunk_target] as having "rm" input constraints
when CONFIG_RETPOLINE is not set, which isn't constrained enough for
this specific case.

For inline assembly that modifies the stack pointer before using this
input, the underspecification of constraints is dangerous, and results
in an indirect call to a previously pushed flags register.

In this case `entry`'s stack slot is good enough to satisfy the "m"
constraint in "rm", but the inline assembly in
handle_external_interrupt_irqoff() modifies the stack pointer via
push+pushf before using this input, which in this case results in
calling what was the previous state of the flags register, rather than
`entry`.

Be more specific in the constraints by requiring `entry` be in a
register, and not a memory operand.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: syzbot+3f29ca2efb056a761e38@syzkaller.appspotmail.com
Debugged-by: Alexander Potapenko <glider@google.com>
Debugged-by: Paolo Bonzini <pbonzini@redhat.com>
Debugged-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Message-Id: <20200323191243.30002-1-ndesaulniers@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-03-23 15:40:51 -04:00
..
mmu KVM: x86/mmu: Fix struct guest_walker arrays for 5-level paging 2020-02-12 20:09:44 +01:00
vmx KVM: VMX: don't allow memory operands for inline asm that modifies SP 2020-03-23 15:40:51 -04:00
cpuid.c kvm/svm: PKU not currently supported 2020-01-27 19:59:35 +01:00
cpuid.h KVM: x86: Refactor and rename bit() to feature_bit() macro 2020-01-21 14:45:28 +01:00
debugfs.c KVM: no need to check return value of debugfs_create functions 2019-08-05 12:55:49 +02:00
emulate.c KVM: x86: clear stale x86_emulate_ctxt->intercept value 2020-03-03 17:38:16 +01:00
hyperv.c kvm: x86: hyperv: Use APICv update request interface 2020-02-05 15:17:43 +01:00
hyperv.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
i8254.c kvm: i8254: Deactivate APICv when using in-kernel PIT re-injection mode. 2020-02-05 15:17:44 +01:00
i8254.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
i8259.c KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks 2020-01-27 19:59:37 +01:00
ioapic.c KVM: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect 2020-03-14 10:46:01 +01:00
ioapic.h KVM: X86: Move irrelevant declarations out of ioapic.h 2020-01-08 17:33:14 +01:00
irq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
irq.h KVM: X86: Move irrelevant declarations out of ioapic.h 2020-01-08 17:33:14 +01:00
irq_comm.c KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI 2020-02-21 18:04:57 +01:00
Kconfig KVM: fix Kconfig menu text for -Werror 2020-03-05 15:27:43 +01:00
kvm_cache_regs.h KVM: x86: Fold decache_cr3() into cache_reg() 2019-10-22 13:34:16 +02:00
lapic.c KVM: LAPIC: Mark hrtimer for period or oneshot mode to expire in hard interrupt context 2020-03-23 09:01:14 -04:00
lapic.h kvm: lapic: Introduce APICv update helper function 2020-02-05 15:17:40 +01:00
Makefile KVM: allow disabling -Werror 2020-02-28 10:45:28 +01:00
mmu.h KVM: x86/mmu: Avoid retpoline on ->page_fault() with TDP 2020-02-12 20:09:42 +01:00
mmu_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
mmutrace.h KVM: x86: fix incorrect comparison in trace event 2020-02-20 18:13:44 +01:00
mtrr.c KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks 2020-01-27 19:59:39 +01:00
pmu.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 15:42:43 -08:00
pmu.h KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks 2020-01-27 19:59:40 +01:00
pmu_amd.c KVM: x86/vPMU: Add lazy mechanism to release perf_event per vPMC 2019-11-15 11:44:10 +01:00
svm.c KVM: SVM: Issue WBINVD after deactivating an SEV guest 2020-03-23 09:01:04 -04:00
trace.h kvm: x86: Add APICv (de)activate request trace points 2020-02-05 15:17:41 +01:00
tss.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
x86.c KVM: x86: remove bogus user-triggerable WARN_ON 2020-03-20 13:43:21 -04:00
x86.h KVM: x86: Take a u64 when checking for a valid dr7 value 2020-02-05 15:17:45 +01:00