[kernel/f19] Fix oops in KVM with invalid root_hpa (rhbz 924916)

Josh Boyer jwboyer at fedoraproject.org
Mon Jan 6 13:19:54 UTC 2014 

commit 4f0a3478f520de6c7f50b2fc8c7fdeecc8abe346
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date:   Mon Jan 6 08:18:13 2014 -0500

    Fix oops in KVM with invalid root_hpa (rhbz 924916)

 ...U-handle-invalid-root_hpa-at-__direct_map.patch |   40 ++++++++++++++++++++
 kernel.spec                                        |    7 +++
 2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch b/KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
new file mode 100644
index 0000000..a80b256
--- /dev/null
+++ b/KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
@@ -0,0 +1,40 @@
+Bugzilla: 924916
+Upstream-status: Queued for 3.14 in kvm tree
+
+From 989c6b34f6a9480e397b170cc62237e89bf4fdb9 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti at redhat.com>
+Date: Thu, 19 Dec 2013 17:28:51 +0000
+Subject: KVM: MMU: handle invalid root_hpa at __direct_map
+
+It is possible for __direct_map to be called on invalid root_hpa
+(-1), two examples:
+
+1) try_async_pf -> can_do_async_pf
+    -> vmx_interrupt_allowed -> nested_vmx_vmexit
+2) vmx_handle_exit -> vmx_interrupt_allowed -> nested_vmx_vmexit
+
+Then to load_vmcs12_host_state and kvm_mmu_reset_context.
+
+Check for this possibility, let fault exception be regenerated.
+
+BZ: https://bugzilla.redhat.com/show_bug.cgi?id=924916
+
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+---
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
+index 40772ef..31a5702 100644
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2659,6 +2659,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
+ 	int emulate = 0;
+ 	gfn_t pseudo_gfn;
+ 
++	if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
++		return 0;
++
+ 	for_each_shadow_entry(vcpu, (u64)gfn << PAGE_SHIFT, iterator) {
+ 		if (iterator.level == level) {
+ 			mmu_set_spte(vcpu, iterator.sptep, ACC_ALL,
+--
+cgit v0.9.2
diff --git a/kernel.spec b/kernel.spec
index 8e33c63..96bb801 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -757,6 +757,9 @@ Patch25177: libata-implement-ATA_HORKAGE_NO_NCQ_TRIM-and-apply-it-to-Micro-M500-
 #CVE-2013-4579 rhbz 1032753 1033072
 Patch25178: ath9k_htc-properly-set-MAC-address-and-BSSID-mask.patch
 
+#rhbz 924916
+Patch25179: KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1453,6 +1456,9 @@ ApplyPatch libata-implement-ATA_HORKAGE_NO_NCQ_TRIM-and-apply-it-to-Micro-M500-S
 #CVE-2013-4579 rhbz 1032753 1033072
 ApplyPatch ath9k_htc-properly-set-MAC-address-and-BSSID-mask.patch
 
+#rhbz 924916
+ApplyPatch KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2266,6 +2272,7 @@ fi
 
 %changelog
 * Mon Jan 06 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- Fix oops in KVM with invalid root_hpa (rhbz 924916)
 - CVE-2013-4579: ath9k_htc improper MAC update (rhbz 1032753 1033072)
 
 * Mon Dec 23 2013 Justin M. Forbes <jforbes at fedoraproject.org - 3.12.6-200

More information about the scm-commits mailing list