]>
Commit | Line | Data |
---|---|---|
de6f4b1d TL |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
3 | Date: Fri, 31 Jan 2020 08:06:44 -0300 | |
4 | Subject: [PATCH] x86/KVM: Clean up host's steal time structure | |
5 | ||
6 | CVE-2019-3016 | |
7 | CVE-2020-3016 | |
8 | ||
9 | Now that we are mapping kvm_steal_time from the guest directly we | |
10 | don't need keep a copy of it in kvm_vcpu_arch.st. The same is true | |
11 | for the stime field. | |
12 | ||
13 | This is part of CVE-2019-3016. | |
14 | ||
15 | Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
16 | Reviewed-by: Joao Martins <joao.m.martins@oracle.com> | |
17 | Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> | |
18 | Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> | |
19 | --- | |
20 | arch/x86/include/asm/kvm_host.h | 3 +-- | |
21 | arch/x86/kvm/x86.c | 11 +++-------- | |
22 | 2 files changed, 4 insertions(+), 10 deletions(-) | |
23 | ||
24 | diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h | |
25 | index 7c06343614a4..f62f4ff5f4f4 100644 | |
26 | --- a/arch/x86/include/asm/kvm_host.h | |
27 | +++ b/arch/x86/include/asm/kvm_host.h | |
28 | @@ -674,10 +674,9 @@ struct kvm_vcpu_arch { | |
29 | bool pvclock_set_guest_stopped_request; | |
30 | ||
31 | struct { | |
32 | + u8 preempted; | |
33 | u64 msr_val; | |
34 | u64 last_steal; | |
35 | - struct gfn_to_hva_cache stime; | |
36 | - struct kvm_steal_time steal; | |
37 | struct gfn_to_pfn_cache cache; | |
38 | } st; | |
39 | ||
40 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | |
6ad15537 | 41 | index f63fa5846f08..6ce9ace8a801 100644 |
de6f4b1d TL |
42 | --- a/arch/x86/kvm/x86.c |
43 | +++ b/arch/x86/kvm/x86.c | |
6ad15537 | 44 | @@ -2509,7 +2509,7 @@ static void record_steal_time(struct kvm_vcpu *vcpu) |
de6f4b1d TL |
45 | if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB) |
46 | kvm_vcpu_flush_tlb(vcpu, false); | |
47 | ||
48 | - vcpu->arch.st.steal.preempted = 0; | |
49 | + vcpu->arch.st.preempted = 0; | |
50 | ||
51 | if (st->version & 1) | |
52 | st->version += 1; /* first time write, random junk */ | |
6ad15537 | 53 | @@ -2682,11 +2682,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
de6f4b1d TL |
54 | if (data & KVM_STEAL_RESERVED_MASK) |
55 | return 1; | |
56 | ||
57 | - if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime, | |
58 | - data & KVM_STEAL_VALID_BITS, | |
59 | - sizeof(struct kvm_steal_time))) | |
60 | - return 1; | |
61 | - | |
62 | vcpu->arch.st.msr_val = data; | |
63 | ||
64 | if (!(data & KVM_MSR_ENABLED)) | |
6ad15537 | 65 | @@ -3404,7 +3399,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) |
de6f4b1d TL |
66 | if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) |
67 | return; | |
68 | ||
69 | - if (vcpu->arch.st.steal.preempted) | |
70 | + if (vcpu->arch.st.preempted) | |
71 | return; | |
72 | ||
73 | if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map, | |
6ad15537 | 74 | @@ -3414,7 +3409,7 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) |
de6f4b1d TL |
75 | st = map.hva + |
76 | offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS); | |
77 | ||
78 | - st->preempted = vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED; | |
79 | + st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED; | |
80 | ||
81 | kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true); | |
82 | } |