Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Commit: 0b62bdb4751d0cd6898a3176acfedaa5d21e9d3a

Blob Blame History Raw

From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date: Wed, 30 Oct 2019 19:01:31 +0000
Subject: x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
Patch-mainline: v5.6-rc1
Git-commit: 8c6de56a42e0c657955e12b882a81ef07d1d073e
References: bsc#1161154, CVE-2019-3016

kvm_steal_time_set_preempted() may accidentally clear KVM_VCPU_FLUSH_TLB
bit if it is called more than once while VCPU is preempted.

This is part of CVE-2019-3016.

(This bug was also independently discovered by Jim Mattson
<jmattson@google.com>)

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Acked-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/kvm/x86.c | 3 +++
 1 file changed, 3 insertions(+)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3392,6 +3392,9 @@ static void kvm_steal_time_set_preempted
 	if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
 		return;
 
+	if (vcpu->arch.st.steal.preempted)
+		return;
+
 	vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED;
 
 	kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime,

kernel / kernel-source

Source Code

Files