linux/arch/x86/kvm
Peter Shier ecec76885b KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
Bugzilla: 1671904

There are multiple code paths where an hrtimer may have been started to
emulate an L1 VMX preemption timer that can result in a call to free_nested
without an intervening L2 exit where the hrtimer is normally
cancelled. Unconditionally cancel in free_nested to cover all cases.

Embargoed until Feb 7th 2019.

Signed-off-by: Peter Shier <pshier@google.com>
Reported-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Message-Id: <20181011184646.154065-1-pshier@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-07 19:03:01 +01:00
..
vmx KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) 2019-02-07 19:03:01 +01:00
cpuid.c KVM: x86: Add CPUID support for new instruction WBNOINVD 2018-12-21 14:26:32 +01:00
cpuid.h KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX 2018-02-03 23:06:51 +01:00
debugfs.c kvm: x86: export TSC information to user-space 2016-09-16 16:57:48 +02:00
emulate.c jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
hyperv.c KVM: x86: Mark expected switch fall-throughs 2019-01-25 19:29:36 +01:00
hyperv.h x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID 2018-12-14 17:59:54 +01:00
i8254.c KVM: x86: take slots_lock in kvm_free_pit 2017-07-12 22:38:26 +02:00
i8254.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
i8259.c KVM: x86: simplify pic_ioport_read() 2017-04-12 20:17:15 +02:00
ioapic.c KVM: x86: ioapic: Preserve read-only values in the redirection table 2017-11-17 13:20:21 +01:00
ioapic.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq_comm.c KVM: x86: don't hold kvm->lock in KVM_SET_GSI_ROUTING 2017-05-02 14:45:45 +02:00
irq.c KVM: x86: Rename interrupt.pending to interrupt.injected 2018-03-28 22:47:06 +02:00
irq.h KVM: x86: don't hold kvm->lock in KVM_SET_GSI_ROUTING 2017-05-02 14:45:45 +02:00
Kconfig treewide: surround Kconfig file paths with double quotes 2018-12-22 00:25:54 +09:00
kvm_cache_regs.h KVM: x86: Add requisite includes to kvm_cache_regs.h 2018-12-14 12:34:22 +01:00
lapic.c KVM: x86: Mark expected switch fall-throughs 2019-01-25 19:29:36 +01:00
lapic.h KVM: hyperv: define VP assist page helpers 2018-10-17 00:30:13 +02:00
Makefile KVM: x86: fix TRACE_INCLUDE_PATH and remove -I. header search paths 2019-01-25 19:12:37 +01:00
mmu_audit.c x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU 2018-10-17 00:30:02 +02:00
mmu.c KVM: x86: Mark expected switch fall-throughs 2019-01-25 19:29:36 +01:00
mmu.h x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU 2018-10-17 00:30:02 +02:00
mmutrace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mtrr.c KVM: x86: generalize guest_cpuid_has_ helpers 2017-08-07 16:11:50 +02:00
page_track.c treewide: kvzalloc() -> kvcalloc() 2018-06-12 16:19:22 -07:00
paging_tmpl.h KVM: Replace old tlb flush function with new one to flush a specified range. 2018-12-21 11:28:41 +01:00
pmu_amd.c KVM: x86: Add support for AMD Core Perf Extension in guest 2018-03-16 22:01:28 +01:00
pmu.c KVM: x86: Add support for VMware backdoor Pseudo-PMCs 2018-03-16 22:02:01 +01:00
pmu.h KVM: x86: Add support for VMware backdoor Pseudo-PMCs 2018-03-16 22:02:01 +01:00
svm.c KVM: x86: Mark expected switch fall-throughs 2019-01-25 19:29:36 +01:00
trace.h KVM: x86: fix TRACE_INCLUDE_PATH and remove -I. header search paths 2019-01-25 19:12:37 +01:00
tss.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
x86.c KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) 2019-02-07 19:02:56 +01:00
x86.h kvm: x86: Defer setting of CR2 until #PF delivery 2018-10-17 19:07:43 +02:00