* One nasty use-after-free bugfix, from this merge window however
* A less nasty use-after-free that can only zero some words at the beginning of the page, and hence is not really exploitable * A NULL pointer dereference * A dummy implementation of an AMD chicken bit MSR that Windows uses for some unknown reason -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAABAgAGBQJcGWZUAAoJEL/70l94x66DhecIAKhyarwvQ1HyKUCmeeVAuQHi 8RW8iisiCAQdhtrzjrOjt025gYskeuKItw0V/ipg0orgTTgti4TRoJpfDpZV+550 2EHT2UyUNCjSUwwtUNJ60ky+GRyFCgY8kdqiMTqFmFnpbK/TWY7jx7jtPToRQron tL1H0RCeYJlPThK/UM7i3UIvS5oVIZ8YOJ18PVcKCoiynrbPk7wgw3it5OdiO2bS VnI5JMfNy4YIXPc6QqdcKmsLqtinHxVObg+0PnLFtaI6xUqzTzEa12toZxsc9Sf3 rHyYhpNO8kaTw2inLpvbgLX3TZbw5DckHEoOn+s4e5Q193HGTjsTfG9P9oph2hA= =VQE8 -----END PGP SIGNATURE----- Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull kvm fixes from Paolo Bonzini: - One nasty use-after-free bugfix, from this merge window however - A less nasty use-after-free that can only zero some words at the beginning of the page, and hence is not really exploitable - A NULL pointer dereference - A dummy implementation of an AMD chicken bit MSR that Windows uses for some unknown reason * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs KVM: X86: Fix NULL deref in vcpu_scan_ioapic KVM: Fix UAF in nested posted interrupt processing KVM: fix unregistering coalesced mmio zone from wrong bus
This commit is contained in:
commit
fe11279360
@ -390,6 +390,7 @@
|
||||
#define MSR_F15H_NB_PERF_CTR 0xc0010241
|
||||
#define MSR_F15H_PTSC 0xc0010280
|
||||
#define MSR_F15H_IC_CFG 0xc0011021
|
||||
#define MSR_F15H_EX_CFG 0xc001102c
|
||||
|
||||
/* Fam 10h MSRs */
|
||||
#define MSR_FAM10H_MMIO_CONF_BASE 0xc0010058
|
||||
|
@ -11985,6 +11985,8 @@ static void nested_get_vmcs12_pages(struct kvm_vcpu *vcpu)
|
||||
kunmap(vmx->nested.pi_desc_page);
|
||||
kvm_release_page_dirty(vmx->nested.pi_desc_page);
|
||||
vmx->nested.pi_desc_page = NULL;
|
||||
vmx->nested.pi_desc = NULL;
|
||||
vmcs_write64(POSTED_INTR_DESC_ADDR, -1ull);
|
||||
}
|
||||
page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->posted_intr_desc_addr);
|
||||
if (is_error_page(page))
|
||||
|
@ -2426,6 +2426,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
|
||||
case MSR_AMD64_PATCH_LOADER:
|
||||
case MSR_AMD64_BU_CFG2:
|
||||
case MSR_AMD64_DC_CFG:
|
||||
case MSR_F15H_EX_CFG:
|
||||
break;
|
||||
|
||||
case MSR_IA32_UCODE_REV:
|
||||
@ -2721,6 +2722,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
|
||||
case MSR_AMD64_BU_CFG2:
|
||||
case MSR_IA32_PERF_CTL:
|
||||
case MSR_AMD64_DC_CFG:
|
||||
case MSR_F15H_EX_CFG:
|
||||
msr_info->data = 0;
|
||||
break;
|
||||
case MSR_F15H_PERF_CTL0 ... MSR_F15H_PERF_CTR5:
|
||||
@ -7446,7 +7448,7 @@ void kvm_make_scan_ioapic_request(struct kvm *kvm)
|
||||
|
||||
static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu)
|
||||
{
|
||||
if (!kvm_apic_hw_enabled(vcpu->arch.apic))
|
||||
if (!kvm_apic_present(vcpu))
|
||||
return;
|
||||
|
||||
bitmap_zero(vcpu->arch.ioapic_handled_vectors, 256);
|
||||
|
@ -175,10 +175,14 @@ int kvm_vm_ioctl_unregister_coalesced_mmio(struct kvm *kvm,
|
||||
{
|
||||
struct kvm_coalesced_mmio_dev *dev, *tmp;
|
||||
|
||||
if (zone->pio != 1 && zone->pio != 0)
|
||||
return -EINVAL;
|
||||
|
||||
mutex_lock(&kvm->slots_lock);
|
||||
|
||||
list_for_each_entry_safe(dev, tmp, &kvm->coalesced_zones, list)
|
||||
if (coalesced_mmio_in_range(dev, zone->addr, zone->size)) {
|
||||
if (zone->pio == dev->zone.pio &&
|
||||
coalesced_mmio_in_range(dev, zone->addr, zone->size)) {
|
||||
kvm_io_bus_unregister_dev(kvm,
|
||||
zone->pio ? KVM_PIO_BUS : KVM_MMIO_BUS, &dev->dev);
|
||||
kvm_iodevice_destructor(&dev->dev);
|
||||
|
Loading…
Reference in New Issue
Block a user