[kernel/f20] Fix oops in KVM with invalid root_hpa (rhbz 924916)
Josh Boyer
jwboyer at fedoraproject.org
Mon Jan 6 13:19:59 UTC 2014
commit 5a39acb644eccac08185eebc1439b148f2801c1f
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date: Mon Jan 6 08:18:13 2014 -0500
Fix oops in KVM with invalid root_hpa (rhbz 924916)
...U-handle-invalid-root_hpa-at-__direct_map.patch | 40 ++++++++++++++++++++
kernel.spec | 7 +++
2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch b/KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
new file mode 100644
index 0000000..a80b256
--- /dev/null
+++ b/KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
@@ -0,0 +1,40 @@
+Bugzilla: 924916
+Upstream-status: Queued for 3.14 in kvm tree
+
+From 989c6b34f6a9480e397b170cc62237e89bf4fdb9 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti at redhat.com>
+Date: Thu, 19 Dec 2013 17:28:51 +0000
+Subject: KVM: MMU: handle invalid root_hpa at __direct_map
+
+It is possible for __direct_map to be called on invalid root_hpa
+(-1), two examples:
+
+1) try_async_pf -> can_do_async_pf
+ -> vmx_interrupt_allowed -> nested_vmx_vmexit
+2) vmx_handle_exit -> vmx_interrupt_allowed -> nested_vmx_vmexit
+
+Then to load_vmcs12_host_state and kvm_mmu_reset_context.
+
+Check for this possibility, let fault exception be regenerated.
+
+BZ: https://bugzilla.redhat.com/show_bug.cgi?id=924916
+
+Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+---
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
+index 40772ef..31a5702 100644
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2659,6 +2659,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
+ int emulate = 0;
+ gfn_t pseudo_gfn;
+
++ if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
++ return 0;
++
+ for_each_shadow_entry(vcpu, (u64)gfn << PAGE_SHIFT, iterator) {
+ if (iterator.level == level) {
+ mmu_set_spte(vcpu, iterator.sptep, ACC_ALL,
+--
+cgit v0.9.2
diff --git a/kernel.spec b/kernel.spec
index 696affc..b6516af 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -754,6 +754,9 @@ Patch25177: libata-implement-ATA_HORKAGE_NO_NCQ_TRIM-and-apply-it-to-Micro-M500-
#CVE-2013-4579 rhbz 1032753 1033072
Patch25178: ath9k_htc-properly-set-MAC-address-and-BSSID-mask.patch
+#rhbz 924916
+Patch25179: KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1463,6 +1466,9 @@ ApplyPatch libata-implement-ATA_HORKAGE_NO_NCQ_TRIM-and-apply-it-to-Micro-M500-S
#CVE-2013-4579 rhbz 1032753 1033072
ApplyPatch ath9k_htc-properly-set-MAC-address-and-BSSID-mask.patch
+#rhbz 924916
+ApplyPatch KVM-MMU-handle-invalid-root_hpa-at-__direct_map.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2266,6 +2272,7 @@ fi
# || ||
%changelog
* Mon Jan 06 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- Fix oops in KVM with invalid root_hpa (rhbz 924916)
- CVE-2013-4579: ath9k_htc improper MAC update (rhbz 1032753 1033072)
* Sat Dec 28 2013 Peter Robinson <pbrobinson at fedoraproject.org>
More information about the scm-commits
mailing list