87 lines
2.9 KiB
Diff
87 lines
2.9 KiB
Diff
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
|
Date: Fri, 6 Dec 2019 15:36:12 +0000
|
|
Subject: [11/11] x86/KVM: Clean up host's steal time structure
|
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=c434092ef8172ed027f2bd9afcd42c0ee5002b85
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3016
|
|
|
|
commit a6bd811f1209fe1c64c9f6fd578101d6436c6b6e upstream.
|
|
|
|
Now that we are mapping kvm_steal_time from the guest directly we
|
|
don't need keep a copy of it in kvm_vcpu_arch.st. The same is true
|
|
for the stime field.
|
|
|
|
This is part of CVE-2019-3016.
|
|
|
|
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
|
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
|
|
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
---
|
|
arch/x86/include/asm/kvm_host.h | 3 +--
|
|
arch/x86/kvm/x86.c | 11 +++--------
|
|
2 files changed, 4 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
|
|
index ca9c7110b99d..33136395db8f 100644
|
|
--- a/arch/x86/include/asm/kvm_host.h
|
|
+++ b/arch/x86/include/asm/kvm_host.h
|
|
@@ -622,10 +622,9 @@ struct kvm_vcpu_arch {
|
|
bool pvclock_set_guest_stopped_request;
|
|
|
|
struct {
|
|
+ u8 preempted;
|
|
u64 msr_val;
|
|
u64 last_steal;
|
|
- struct gfn_to_hva_cache stime;
|
|
- struct kvm_steal_time steal;
|
|
struct gfn_to_pfn_cache cache;
|
|
} st;
|
|
|
|
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
index d77822e03ff6..6bfc9eaf8dee 100644
|
|
--- a/arch/x86/kvm/x86.c
|
|
+++ b/arch/x86/kvm/x86.c
|
|
@@ -2418,7 +2418,7 @@ static void record_steal_time(struct kvm_vcpu *vcpu)
|
|
if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB)
|
|
kvm_vcpu_flush_tlb(vcpu, false);
|
|
|
|
- vcpu->arch.st.steal.preempted = 0;
|
|
+ vcpu->arch.st.preempted = 0;
|
|
|
|
if (st->version & 1)
|
|
st->version += 1; /* first time write, random junk */
|
|
@@ -2577,11 +2577,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
|
|
if (data & KVM_STEAL_RESERVED_MASK)
|
|
return 1;
|
|
|
|
- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
|
|
- data & KVM_STEAL_VALID_BITS,
|
|
- sizeof(struct kvm_steal_time)))
|
|
- return 1;
|
|
-
|
|
vcpu->arch.st.msr_val = data;
|
|
|
|
if (!(data & KVM_MSR_ENABLED))
|
|
@@ -3280,7 +3275,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
|
|
if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
|
|
return;
|
|
|
|
- if (vcpu->arch.st.steal.preempted)
|
|
+ if (vcpu->arch.st.preempted)
|
|
return;
|
|
|
|
if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map,
|
|
@@ -3290,7 +3285,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
|
|
st = map.hva +
|
|
offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
|
|
|
|
- st->preempted = vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED;
|
|
+ st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED;
|
|
|
|
kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true);
|
|
}
|
|
--
|
|
2.27.0.rc0
|
|
|