git.baikalelectronics.ru Git - kernel.git/commit

author	Sean Christopherson <seanjc@google.com>
	Fri, 18 Dec 2020 00:31:37 +0000 (16:31 -0800)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 7 Jan 2021 23:00:24 +0000 (18:00 -0500)
commit	da7876918d2c148959fecc46477d6903daa06300
tree	ddfaa6dcd1d932ddde050e1aff9a20d695bab5b0	tree \| snapshot
parent	e2f7a174f85aa1f94b6348e0dd5ca8f14d87cd49	commit \| diff

KVM: x86/mmu: Get root level from walkers when retrieving MMIO SPTE

Get the so called "root" level from the low level shadow page table
walkers instead of manually attempting to calculate it higher up the
stack, e.g. in get_mmio_spte().  When KVM is using PAE shadow paging,
the starting level of the walk, from the callers perspective, is not
the CR3 root but rather the PDPTR "root".  Checking for reserved bits
from the CR3 root causes get_mmio_spte() to consume uninitialized stack
data due to indexing into sptes[] for a level that was not filled by
get_walk().  This can result in false positives and/or negatives
depending on what garbage happens to be on the stack.

Opportunistically nuke a few extra newlines.

Fixes: ad13be6d126d ("kvm: x86/mmu: Support MMIO in the TDP MMU")
Reported-by: Richard Herbert <rherbert@sympatico.ca>
Cc: Ben Gardon <bgardon@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20201218003139.2167891-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/kvm/mmu/mmu.c		diff \| blob \| history
arch/x86/kvm/mmu/tdp_mmu.c		diff \| blob \| history
arch/x86/kvm/mmu/tdp_mmu.h		diff \| blob \| history