summaryrefslogtreecommitdiff
path: root/virt
diff options
context:
space:
mode:
authorBoris Ostrovsky <boris.ostrovsky@oracle.com>2019-12-05 06:45:32 +0300
committerPaolo Bonzini <pbonzini@redhat.com>2020-01-30 20:45:55 +0300
commitb043138246a41064527cf019a3d51d9f015e9796 (patch)
treee702c1dec588a3c872d1c94e8e877176480b5846 /virt
parent917248144db5d7320655dbb41d3af0b8a0f3d589 (diff)
downloadlinux-b043138246a41064527cf019a3d51d9f015e9796.tar.xz
x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
There is a potential race in record_steal_time() between setting host-local vcpu->arch.st.steal.preempted to zero (i.e. clearing KVM_VCPU_PREEMPTED) and propagating this value to the guest with kvm_write_guest_cached(). Between those two events the guest may still see KVM_VCPU_PREEMPTED in its copy of kvm_steal_time, set KVM_VCPU_FLUSH_TLB and assume that hypervisor will do the right thing. Which it won't. Instad of copying, we should map kvm_steal_time and that will guarantee atomicity of accesses to @preempted. This is part of CVE-2019-3016. Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Joao Martins <joao.m.martins@oracle.com> Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions