[3.13.y-ckt stable] Patch "KVM: x86: Don't report guest userspace emulation error to userspace" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Nov 25 20:35:19 UTC 2014 

This is a note to let you know that I have just added a patch titled

    KVM: x86: Don't report guest userspace emulation error to userspace

to the linux-3.13.y-queue branch of the 3.13.y-ckt extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11-ckt12.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From bdf5160cc02f847a4e81a7693165906b6b773efd Mon Sep 17 00:00:00 2001
From: Nadav Amit <namit at cs.technion.ac.il>
Date: Wed, 17 Sep 2014 02:50:50 +0300
Subject: KVM: x86: Don't report guest userspace emulation error to userspace

commit a2b9e6c1a35afcc0973acb72e591c714e78885ff upstream.

Commit fc3a9157d314 ("KVM: X86: Don't report L2 emulation failures to
user-space") disabled the reporting of L2 (nested guest) emulation failures to
userspace due to race-condition between a vmexit and the instruction emulator.
The same rational applies also to userspace applications that are permitted by
the guest OS to access MMIO area or perform PIO.

This patch extends the current behavior - of injecting a #UD instead of
reporting it to userspace - also for guest userspace code.

Signed-off-by: Nadav Amit <namit at cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
Reference: CVE-2014-7842
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 arch/x86/kvm/x86.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 450c5c5..1d6e92c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4894,7 +4894,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu)

 	++vcpu->stat.insn_emulation_fail;
 	trace_kvm_emulate_insn_failed(vcpu);
-	if (!is_guest_mode(vcpu)) {
+	if (!is_guest_mode(vcpu) && kvm_x86_ops->get_cpl(vcpu) == 0) {
 		vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
 		vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
 		vcpu->run->internal.ndata = 0;
--
1.9.1

More information about the kernel-team mailing list