NACK: [SRU][Bionic][PULL] KVM_VCPU_FLUSH_TLB for CVE-2019-3016

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Thu Jun 25 21:46:50 UTC 2020 

On Thu, Jun 25, 2020 at 01:58:23PM -0700, Kamal Mostafa wrote:
> BugLink: https://bugs.launchpad.net/bugs/1885184
> 
> As reported by Alex Thorlton <alex.thorlton at oracle.com>:
> 
> This mainline commit (part of the fix for CVE-2019-3016) was accidentally
> omitted from Bionic when the rest of that fix was applied in 4.15.0-106.107:
> 
> b043138246a4 x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
> 
> This pull req supplies a backport of that commit (from its 4.19-stable
> backport) and its prequisites.
> 
>  -Kamal

I am going to NACK this for now. The thing is that the fix is not necessary
because the vulnerability is introduced by
f38a7b75267f1fb240a8178cbcb16d66dd37aac8 ("KVM: X86: support paravirtualized
help for TLB shootdowns") in the first place. Ironically, it's included in your
list of pre-requisites.

Of course, with the complete list of fixes, we would not be vulnerable. The
vulnerability also requires that guests use the feature, and, by default, on
bionic, qemu, as we ship it, does not enable that feature.

What we could discuss here is if it's worth it to bring the feature to bionic,
and whether it's right to backport any of the changes if not bringing
f38a7b75267f1fb2.

Cascardo.

> 
> -----
> 
> The following changes since commit e34279bebc61d5817ab7c3bb27c497556e452d77:
> 
>   UBUNTU: Ubuntu-4.15.0-109.110 (2020-06-22 23:11:45 -0300)
> 
> are available in the Git repository at:
> 
>   git://git.launchpad.net/~kamalmostafa/ubuntu/+source/linux/+git/bionic lp1885184-kvm-flush
> 
> for you to fetch changes up to 5fe07809606bdae3953f5b228a6d24d6164935a2:
> 
>   x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (2020-06-25 12:51:17 -0700)
> 
> ----------------------------------------------------------------
> Boris Ostrovsky (1):
>       x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
> 
> Wanpeng Li (3):
>       KVM: X86: support paravirtualized help for TLB shootdowns
>       KVM: X86: Add KVM_VCPU_PREEMPTED
>       KVM: X86: use paravirtualized TLB Shootdown
> 
>  Documentation/virtual/kvm/cpuid.txt  |  4 +++
>  arch/x86/include/uapi/asm/kvm_para.h |  4 +++
>  arch/x86/kernel/kvm.c                | 49 +++++++++++++++++++++++++-
>  arch/x86/kvm/cpuid.c                 |  1 +
>  arch/x86/kvm/x86.c                   | 66 ++++++++++++++++++++++--------------
>  5 files changed, 97 insertions(+), 27 deletions(-)

More information about the kernel-team mailing list