]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 257c5e2) | patch
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
authorMaxim Levitsky <mlevitsk@redhat.com>
Wed, 14 Jul 2021 22:56:24 +0000 (01:56 +0300)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 16 Aug 2021 13:48:27 +0000 (09:48 -0400)
commitb09dc5628a8d4e1745a7ed09b195cc85ed6d8fa8
treee2fb5efdcf2bb619c2bd3cd6b04463bf6644a1c0tree | snapshot
parent257c5e261201d3c090a862c3bcb4fbd213be996fcommit | diff
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)

* Invert the mask of bits that we pick from L2 in
  nested_vmcb02_prepare_control

* Invert and explicitly use VIRQ related bits bitmask in svm_clear_vintr

This fixes a security issue that allowed a malicious L1 to run L2 with
AVIC enabled, which allowed the L2 to exploit the uninitialized and enabled
AVIC to read/write the host physical memory at some offsets.

Fixes: fa5055d44744 ("KVM: SVM: Add VMRUN handler")
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/include/asm/svm.h diff | blob | history
arch/x86/kvm/svm/nested.c diff | blob | history
arch/x86/kvm/svm/svm.c diff | blob | history
Linux Kernel Source Tree.