AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 01:50:54 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
228f45b39f
linux_dsm_epyc7002/arch
History
Sean Christopherson 228f45b39f Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()" 
commit e7177339d7b5f9594b316842122b5fda9513d5e2 upstream.

Revert a misguided illegal GPA check when "translating" a non-nested GPA.
The check is woefully incomplete as it does not fill in @exception as
expected by all callers, which leads to KVM attempting to inject a bogus
exception, potentially exposing kernel stack information in the process.

 WARNING: CPU: 0 PID: 8469 at arch/x86/kvm/x86.c:525 exception_type+0x98/0xb0 arch/x86/kvm/x86.c:525
 CPU: 1 PID: 8469 Comm: syz-executor531 Not tainted 5.14.0-rc7-syzkaller #0
 RIP: 0010:exception_type+0x98/0xb0 arch/x86/kvm/x86.c:525
 Call Trace:
  x86_emulate_instruction+0xef6/0x1460 arch/x86/kvm/x86.c:7853
  kvm_mmu_page_fault+0x2f0/0x1810 arch/x86/kvm/mmu/mmu.c:5199
  handle_ept_misconfig+0xdf/0x3e0 arch/x86/kvm/vmx/vmx.c:5336
  __vmx_handle_exit arch/x86/kvm/vmx/vmx.c:6021 [inline]
  vmx_handle_exit+0x336/0x1800 arch/x86/kvm/vmx/vmx.c:6038
  vcpu_enter_guest+0x2a1c/0x4430 arch/x86/kvm/x86.c:9712
  vcpu_run arch/x86/kvm/x86.c:9779 [inline]
  kvm_arch_vcpu_ioctl_run+0x47d/0x1b20 arch/x86/kvm/x86.c:10010
  kvm_vcpu_ioctl+0x49e/0xe50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3652

The bug has escaped notice because practically speaking the GPA check is
useless.  The GPA check in question only comes into play when KVM is
walking guest page tables (or "translating" CR3), and KVM already handles
illegal GPA checks by setting reserved bits in rsvd_bits_mask for each
PxE, or in the case of CR3 for loading PTDPTRs, manually checks for an
illegal CR3.  This particular failure doesn't hit the existing reserved
bits checks because syzbot sets guest.MAXPHYADDR=1, and IA32 architecture
simply doesn't allow for such an absurd MAXPHYADDR, e.g. 32-bit paging
doesn't define any reserved PA bits checks, which KVM emulates by only
incorporating the reserved PA bits into the "high" bits, i.e. bits 63:32.

Simply remove the bogus check.  There is zero meaningful value and no
architectural justification for supporting guest.MAXPHYADDR < 32, and
properly filling the exception would introduce non-trivial complexity.

This reverts commit ec7771ab47.

Fixes: ec7771ab47 ("KVM: x86: mmu: Add guest physical address check in translate_gpa()")
Cc: stable@vger.kernel.org
Reported-by: syzbot+200c08e88ae818f849ce@syzkaller.appspotmail.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210831164224.1119728-2-seanjc@google.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-07-05 19:13:47 +02:00
..
alpha alpha: Send stop IPI to send to online CPUs 2024-07-05 18:52:32 +02:00
arc ARC: Fix CONFIG_STACKDEPOT 2024-07-05 18:56:15 +02:00
arm ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties 2024-07-05 19:11:19 +02:00
arm64 arm64: dts: marvell: armada-37xx: Extend PCIe MEM space 2024-07-05 19:12:04 +02:00
c6x arch-cleanup-2020-10-22 2020-10-23 10:06:38 -07:00
csky csky: syscache: Fixup duplicate cache flush 2021-07-14 16:56:52 +02:00
h8300 h8300: fix PREEMPTION build, TI_PRE_COUNT undefined 2021-02-17 11:02:28 +01:00
hexagon hexagon: use common DISCARDS macro 2021-07-20 16:05:53 +02:00
ia64 mm/page_alloc: fix memory map initialization for descending nodes 2021-07-25 14:36:18 +02:00
m68k m68k: Fix invalid RMW_INSNS on CPUs that lack CAS 2024-07-05 19:10:07 +02:00
microblaze init: add dsm gpl source 2024-07-05 18:00:04 +02:00
mips MIPS: Malta: Do not byte-swap accesses to the CBUS UART 2024-07-05 18:52:29 +02:00
nds32 nds32: fix up stack guard gap 2021-07-28 14:35:46 +02:00
nios2 nios2: fixed broken sys_clone syscall 2021-03-04 11:38:16 +01:00
openrisc sched/core: Initialize the idle task with preemption disabled 2021-07-14 16:55:50 +02:00
parisc Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" 2024-07-05 19:02:21 +02:00
powerpc powerpc/perf: Invoke per-CPU variable access with disabled interrupts 2024-07-05 19:01:01 +02:00
riscv riscv: Fixup patch_text panic in ftrace 2024-07-05 19:01:00 +02:00
s390 s390/debug: fix debug area life cycle 2024-07-05 19:09:52 +02:00
sh sched/core: Initialize the idle task with preemption disabled 2021-07-14 16:55:50 +02:00
sparc init: add dsm gpl source 2024-07-05 18:00:04 +02:00
um um: fix error return code in winch_tramp() 2021-07-20 16:05:51 +02:00
x86 Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()" 2024-07-05 19:13:47 +02:00
xtensa xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG 2024-07-05 19:04:23 +02:00
.gitignore
Kconfig fanotify: Fix sys_fanotify_mark() on native x86-32 2021-01-17 14:16:59 +01:00