Patch "KVM: x86: Bail to userspace if emulation of atomic user access faults" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    KVM: x86: Bail to userspace if emulation of atomic user access faults

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-x86-bail-to-userspace-if-emulation-of-atomic-user-access-faults.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 5d6c7de6446e9ab3fb41d6f7d82770e50998f3de Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@xxxxxxxxxx>
Date: Wed, 2 Feb 2022 00:49:45 +0000
Subject: KVM: x86: Bail to userspace if emulation of atomic user access faults

From: Sean Christopherson <seanjc@xxxxxxxxxx>

commit 5d6c7de6446e9ab3fb41d6f7d82770e50998f3de upstream.

Exit to userspace when emulating an atomic guest access if the CMPXCHG on
the userspace address faults.  Emulating the access as a write and thus
likely treating it as emulated MMIO is wrong, as KVM has already
confirmed there is a valid, writable memslot.

Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Message-Id: <20220202004945.2540433-6-seanjc@xxxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/x86/kvm/x86.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7108,7 +7108,7 @@ static int emulator_cmpxchg_emulated(str
 	}
 
 	if (r < 0)
-		goto emul_write;
+		return X86EMUL_UNHANDLEABLE;
 	if (r)
 		return X86EMUL_CMPXCHG_FAILED;
 


Patches currently in stable-queue which might be from seanjc@xxxxxxxxxx are

queue-5.15/kvm-x86-mark-target-gfn-of-emulated-atomic-instruction-as-dirty.patch
queue-5.15/x86-cpu-support-amd-automatic-ibrs.patch
queue-5.15/kvm-x86-advertise-cpuid.-eax-7-ecx-2-edx-to-userspace.patch
queue-5.15/kvm-x86-update-kvm-only-leaf-handling-to-allow-for-100-kvm-only-leafs.patch
queue-5.15/x86-cpufeatures-add-cpuid_lnx_5-to-track-recently-added-linux-defined-word.patch
queue-5.15/kvm-always-flush-async-pf-workqueue-when-vcpu-is-bei.patch
queue-5.15/kvm-svm-flush-pages-under-kvm-lock-to-fix-uaf-in-svm_register_enc_region.patch
queue-5.15/kvm-x86-bail-to-userspace-if-emulation-of-atomic-user-access-faults.patch
queue-5.15/kvm-x86-use-a-switch-statement-and-macros-in-__feature_translate.patch
queue-5.15/kvm-vmx-use-bt-jnc-i.e.-eflags.cf-to-select-vmresume-vs.-vmlaunch.patch
queue-5.15/kvm-vmx-move-verw-closer-to-vmentry-for-mds-mitigation.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux