[Focal 1/5] UBUNTU: SAUCE: x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Jan 31 11:05:26 UTC 2020
From: Boris Ostrovsky <boris.ostrovsky at oracle.com>
CVE-2019-3016
CVE-2020-3016
kvm_steal_time_set_preempted() may accidentally clear KVM_VCPU_FLUSH_TLB
bit if it is called more than once while VCPU is preempted.
This is part of CVE-2019-3016.
(This bug was also independently discovered by Jim Mattson
<jmattson at google.com>)
Signed-off-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
Reviewed-by: Joao Martins <joao.m.martins at oracle.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
arch/x86/kvm/x86.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index f0f7b4d744da..2ea36e63cb31 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3489,6 +3489,9 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
return;
+ if (vcpu->arch.st.steal.preempted)
+ return;
+
vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED;
kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime,
--
2.24.0
More information about the kernel-team
mailing list