mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-08 09:39:40 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/x86
History
Reiji Watanabe 7f64753835 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index 
[ Upstream commit 04c4f2ee3f ]

__vmx_handle_exit() uses vcpu->run->internal.ndata as an index for
an array access.  Since vcpu->run is (can be) mapped to a user address
space with a writer permission, the 'ndata' could be updated by the
user process at anytime (the user process can set it to outside the
bounds of the array).
So, it is not safe that __vmx_handle_exit() uses the 'ndata' that way.

Fixes: 1aa561b1a4 ("kvm: x86: Add "last CPU" to some KVM_EXIT information")
Signed-off-by: Reiji Watanabe <reijiw@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Message-Id: <20210413154739.490299-1-reijiw@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-04-21 13:00:59 +02:00
..
boot A set of fixes for x86: 2020-12-06 11:22:39 -08:00
configs * A defconfig fix, from Daniel Díaz. 2020-09-20 15:06:43 -07:00
crypto crypto: x86/aes-ni-xts - use direct calls to and 4-way stride 2021-03-20 10:43:43 +01:00
entry x86/entry: Fix entry/exit mismatch on failed fast 32-bit syscalls 2021-03-17 17:06:36 +01:00
events perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT 2021-03-25 09:04:16 +01:00
hyperv x86/hyperv: Fix kexec panic/hang issues 2021-01-27 11:54:57 +01:00
ia32 x86: remove address space overrides using set_fs() 2020-09-08 22:21:36 -04:00
include ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m 2021-04-14 08:41:58 +02:00
kernel ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() 2021-04-21 13:00:51 +02:00
kvm KVM: VMX: Don't use vcpu->run->internal.ndata as an array index 2021-04-21 13:00:59 +02:00
lib x86/sev-es: Use __copy_from_user_inatomic() 2021-03-17 17:06:36 +01:00
math-emu treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
mm x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() 2021-03-30 14:32:07 +02:00
net bpf, x86: Validate computation of branch displacements for x86-32 2021-04-10 13:36:11 +02:00
oprofile
pci x86/pci: Create PCI/MSI irqdomain after x86_init.pci.arch_init() 2021-02-17 11:02:28 +01:00
platform x86/efi: Remove EFI PGD build time checks 2021-02-17 11:02:24 +01:00
power Kbuild updates for v5.9 2020-08-09 14:10:26 -07:00
purgatory treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
ras
realmode x86/head/64: Don't call verify_cpu() on starting APs 2020-09-09 11:33:20 +02:00
tools x86/build: Treat R_386_PLT32 relocation as R_386_PC32 2021-03-07 12:34:04 +01:00
um arch/um: partially revert the conversion to __section() macro 2020-10-26 15:39:37 -07:00
video
xen Revert "xen: fix p2m size in dom0 for disabled memory hotplug case" 2021-03-30 14:32:08 +02:00
.gitignore
Kbuild
Kconfig fanotify: Fix sys_fanotify_mark() on native x86-32 2021-01-17 14:16:59 +01:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}() 2020-10-06 11:18:04 +02:00
Makefile x86/build: Turn off -fcf-protection for realmode targets 2021-04-10 13:36:09 +02:00
Makefile.um
Makefile_32.cpu