AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-24 13:49:51 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
81cdb259fb
linux_dsm_epyc7002/arch/x86/kvm
History
Radim Krčmář 81cdb259fb KVM: x86: fix out-of-bounds accesses of rtc_eoi map 
KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be
bigger that the maximal number of VCPUs, resulting in out-of-bounds
access.

Found by syzkaller:

  BUG: KASAN: slab-out-of-bounds in __apic_accept_irq+0xb33/0xb50 at addr [...]
  Write of size 1 by task a.out/27101
  CPU: 1 PID: 27101 Comm: a.out Not tainted 4.9.0-rc5+ #49
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
   [...]
  Call Trace:
   [...] __apic_accept_irq+0xb33/0xb50 arch/x86/kvm/lapic.c:905
   [...] kvm_apic_set_irq+0x10e/0x180 arch/x86/kvm/lapic.c:495
   [...] kvm_irq_delivery_to_apic+0x732/0xc10 arch/x86/kvm/irq_comm.c:86
   [...] ioapic_service+0x41d/0x760 arch/x86/kvm/ioapic.c:360
   [...] ioapic_set_irq+0x275/0x6c0 arch/x86/kvm/ioapic.c:222
   [...] kvm_ioapic_inject_all arch/x86/kvm/ioapic.c:235
   [...] kvm_set_ioapic+0x223/0x310 arch/x86/kvm/ioapic.c:670
   [...] kvm_vm_ioctl_set_irqchip arch/x86/kvm/x86.c:3668
   [...] kvm_arch_vm_ioctl+0x1a08/0x23c0 arch/x86/kvm/x86.c:3999
   [...] kvm_vm_ioctl+0x1fa/0x1a70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3099

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: stable@vger.kernel.org
Fixes: af1bae5497 ("KVM: x86: bump KVM_MAX_VCPU_ID to 1023")
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-11-24 18:37:19 +01:00
..
assigned-dev.c KVM: x86: use list_for_each_entry* 2016-02-23 15:40:54 +01:00
assigned-dev.h KVM: x86: move device assignment out of kvm_host.h 2014-11-24 16:53:50 +01:00
cpuid.c KVM: x86: Expose more Intel AVX512 feature to guest 2016-08-19 17:51:40 +02:00
cpuid.h Revert "KVM: x86: add pcommit support" 2016-07-23 11:04:23 -07:00
debugfs.c kvm: x86: export TSC information to user-space 2016-09-16 16:57:48 +02:00
emulate.c KVM: x86: drop error recovery in em_jmp_far and em_ret_far 2016-11-24 18:36:54 +01:00
hyperv.c KVM: x86: Hyper-V tsc page setup 2016-09-20 09:26:20 +02:00
hyperv.h KVM: x86: Hyper-V tsc page setup 2016-09-20 09:26:20 +02:00
i8254.c kthread: kthread worker API cleanup 2016-10-11 15:06:33 -07:00
i8254.h KVM: i8254: turn kvm_kpit_state.reinject into atomic_t 2016-03-04 09:30:25 +01:00
i8259.c KVM: x86: clean/fix memory barriers in irqchip_in_kernel 2015-07-30 16:02:56 +02:00
ioapic.c KVM: x86: fix out-of-bounds accesses of rtc_eoi map 2016-11-24 18:37:19 +01:00
ioapic.h KVM: x86: fix out-of-bounds accesses of rtc_eoi map 2016-11-24 18:37:19 +01:00
iommu.c - ARM: GICv3 ITS emulation and various fixes. Removal of the old 2016-08-02 16:11:27 -04:00
irq_comm.c kvm: x86: merge kvm_arch_set_irq and kvm_arch_set_irq_inatomic 2016-11-19 19:04:19 +01:00
irq.c x86/kvm: Audit and remove any unnecessary uses of module.h 2016-07-14 15:07:00 +02:00
irq.h KVM: Move kvm_setup_default/empty_irq_routing declaration in arch specific header 2016-07-22 18:52:00 +01:00
Kconfig KVM: remove kvm_vcpu_compatible 2016-06-16 00:05:00 +02:00
kvm_cache_regs.h KVM, pkeys: add pkeys support for permission_fault 2016-03-22 16:23:37 +01:00
lapic.c KVM: x86: fix out-of-bounds access in lapic 2016-11-24 18:35:53 +01:00
lapic.h KVM: x86: use hardware-compatible format for APIC ID register 2016-07-14 09:03:54 +02:00
Makefile kvm: add stubs for arch specific debugfs support 2016-09-16 16:57:47 +02:00
mmu_audit.c kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
mmu.c mmu: don't pass *kvm to spte_write_protect and spte_*_dirty 2016-08-19 17:51:40 +02:00
mmu.h kvm: mmu: remove is_present_gpte() 2016-07-14 09:02:47 +02:00
mmutrace.h tracing: Rename ftrace_event.h to trace_events.h 2015-05-13 14:05:12 -04:00
mtrr.c KVM: MTRR: fix kvm_mtrr_check_gfn_range_consistency page fault 2016-07-05 16:14:43 +02:00
page_track.c KVM: page_track: fix access to NULL slot 2016-03-22 17:27:28 +01:00
paging_tmpl.h kvm: mmu: track read permission explicitly for shadow EPT page tables 2016-07-14 09:03:50 +02:00
pmu_amd.c perf/x86/amd: Make HW_CACHE_REFERENCES and HW_CACHE_MISSES measure L2 2016-09-16 16:19:49 +02:00
pmu_intel.c KVM: x86: Fix typos 2016-06-14 11:16:28 +02:00
pmu.c KVM: x86: consolidate different ways to test for in-kernel LAPIC 2016-02-09 16:57:45 +01:00
pmu.h KVM: x86/vPMU: Define kvm_pmu_ops to support vPMU function dispatch 2015-06-23 14:12:14 +02:00
svm.c KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK 2016-11-02 20:03:07 +01:00
trace.h KVM: x86: support using the vmx preemption timer for tsc deadline timer 2016-06-16 10:07:48 +02:00
tss.h KVM: x86: hardware task switching support 2008-04-27 12:00:39 +03:00
vmx.c kvm: nVMX: VMCLEAR an active shadow VMCS after last use 2016-11-02 20:03:17 +01:00
x86.c KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr 2016-11-19 19:04:18 +01:00
x86.h KVM: x86: introduce get_kvmclock_ns 2016-09-20 09:26:15 +02:00