[Precise][CVE-2013-4592][PATCH 1/2] KVM: perform an invalid memslot step for gpa base change
Luis Henriques
luis.henriques at canonical.com
Thu Nov 28 14:42:03 UTC 2013
From: Marcelo Tosatti <mtosatti at redhat.com>
CVE-2013-4592
BugLink: https://bugs.launchpad.net/bugs/1254900
PPC must flush all translations before the new memory slot
is visible.
Signed-off-by: Marcelo Tosatti <mtosatti at redhat.com>
Signed-off-by: Avi Kivity <avi at redhat.com>
(back ported from commit 12d6e7538e2d418c08f082b1b44ffa5fb7270ed8)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
virt/kvm/kvm_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 8bf05f0..fdc8297 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -774,7 +774,7 @@ skip_lpage:
new.userspace_addr = mem->userspace_addr;
#endif /* not defined CONFIG_S390 */
- if (!npages) {
+ if (!npages || base_gfn != old.base_gfn) {
r = -ENOMEM;
slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
if (!slots)
@@ -788,8 +788,8 @@ skip_lpage:
old_memslots = kvm->memslots;
rcu_assign_pointer(kvm->memslots, slots);
synchronize_srcu_expedited(&kvm->srcu);
- /* From this point no new shadow pages pointing to a deleted
- * memslot will be created.
+ /* From this point no new shadow pages pointing to a deleted,
+ * or moved, memslot will be created.
*
* validation of sp->gfn happens in:
* - gfn_to_hva (kvm_read_guest, gfn_to_pfn)
--
1.8.3.2
More information about the kernel-team
mailing list