FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 06-29-2012, 04:32 PM
Herton Ronaldo Krzesinski
 
Default KVM: MMU: nuke shadowed pgtable pages and ptes on memslot destruction

From: Marcelo Tosatti <mtosatti@redhat.com>

CVE-2012-1601

BugLink: http://bugs.launchpad.net/bugs/971685

Flush the shadow mmu before removing regions to avoid stale entries.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
(backported from commit 34d4cb8fca1f2a31be152b74797e6cd160ec9de6 upstream)
[ herton: rediffed and dropped powerpc/ia64/s390 changes, since kvm for
these architectures aren't available on hardy/2.6.24 ]
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
---
arch/x86/kvm/x86.c | 5 +++++
.../binary-custom.d/openvz/src/arch/x86/kvm/x86.c | 5 +++++
.../openvz/src/include/linux/kvm_host.h | 1 +
.../binary-custom.d/openvz/src/virt/kvm/kvm_main.c | 3 +++
debian/binary-custom.d/xen/src/arch/x86/kvm/x86.c | 5 +++++
.../xen/src/include/linux/kvm_host.h | 1 +
debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c | 3 +++
include/linux/kvm_host.h | 1 +
virt/kvm/kvm_main.c | 3 +++
9 files changed, 27 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 2085040..9331b67 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3496,6 +3496,11 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
return 0;
}

+void kvm_arch_flush_shadow(struct kvm *kvm)
+{
+ kvm_mmu_zap_all(kvm);
+}
+
int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
{
return vcpu->arch.mp_state == VCPU_MP_STATE_RUNNABLE
diff --git a/debian/binary-custom.d/openvz/src/arch/x86/kvm/x86.c b/debian/binary-custom.d/openvz/src/arch/x86/kvm/x86.c
index 2085040..9331b67 100644
--- a/debian/binary-custom.d/openvz/src/arch/x86/kvm/x86.c
+++ b/debian/binary-custom.d/openvz/src/arch/x86/kvm/x86.c
@@ -3496,6 +3496,11 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
return 0;
}

+void kvm_arch_flush_shadow(struct kvm *kvm)
+{
+ kvm_mmu_zap_all(kvm);
+}
+
int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
{
return vcpu->arch.mp_state == VCPU_MP_STATE_RUNNABLE
diff --git a/debian/binary-custom.d/openvz/src/include/linux/kvm_host.h b/debian/binary-custom.d/openvz/src/include/linux/kvm_host.h
index 958e003..588e4f9 100644
--- a/debian/binary-custom.d/openvz/src/include/linux/kvm_host.h
+++ b/debian/binary-custom.d/openvz/src/include/linux/kvm_host.h
@@ -172,6 +172,7 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot old,
int user_alloc);
+void kvm_arch_flush_shadow(struct kvm *kvm);
gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn);
struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn);
unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn);
diff --git a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c
index 240156e..2a4bdbd 100644
--- a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c
+++ b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c
@@ -358,6 +358,9 @@ int __kvm_set_memory_region(struct kvm *kvm,
if (mem->slot >= kvm->nmemslots)
kvm->nmemslots = mem->slot + 1;

+ if (!npages)
+ kvm_arch_flush_shadow(kvm);
+
*memslot = new;

r = kvm_arch_set_memory_region(kvm, mem, old, user_alloc);
diff --git a/debian/binary-custom.d/xen/src/arch/x86/kvm/x86.c b/debian/binary-custom.d/xen/src/arch/x86/kvm/x86.c
index 2085040..9331b67 100644
--- a/debian/binary-custom.d/xen/src/arch/x86/kvm/x86.c
+++ b/debian/binary-custom.d/xen/src/arch/x86/kvm/x86.c
@@ -3496,6 +3496,11 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
return 0;
}

+void kvm_arch_flush_shadow(struct kvm *kvm)
+{
+ kvm_mmu_zap_all(kvm);
+}
+
int kvm_arch_vcpu_runnable(struct kvm_vcpu *vcpu)
{
return vcpu->arch.mp_state == VCPU_MP_STATE_RUNNABLE
diff --git a/debian/binary-custom.d/xen/src/include/linux/kvm_host.h b/debian/binary-custom.d/xen/src/include/linux/kvm_host.h
index 958e003..588e4f9 100644
--- a/debian/binary-custom.d/xen/src/include/linux/kvm_host.h
+++ b/debian/binary-custom.d/xen/src/include/linux/kvm_host.h
@@ -172,6 +172,7 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot old,
int user_alloc);
+void kvm_arch_flush_shadow(struct kvm *kvm);
gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn);
struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn);
unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn);
diff --git a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
index 240156e..2a4bdbd 100644
--- a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
+++ b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
@@ -358,6 +358,9 @@ int __kvm_set_memory_region(struct kvm *kvm,
if (mem->slot >= kvm->nmemslots)
kvm->nmemslots = mem->slot + 1;

+ if (!npages)
+ kvm_arch_flush_shadow(kvm);
+
*memslot = new;

r = kvm_arch_set_memory_region(kvm, mem, old, user_alloc);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 958e003..588e4f9 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -172,6 +172,7 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
struct kvm_userspace_memory_region *mem,
struct kvm_memory_slot old,
int user_alloc);
+void kvm_arch_flush_shadow(struct kvm *kvm);
gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn);
struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn);
unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 240156e..2a4bdbd 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -358,6 +358,9 @@ int __kvm_set_memory_region(struct kvm *kvm,
if (mem->slot >= kvm->nmemslots)
kvm->nmemslots = mem->slot + 1;

+ if (!npages)
+ kvm_arch_flush_shadow(kvm);
+
*memslot = new;

r = kvm_arch_set_memory_region(kvm, mem, old, user_alloc);
--
1.7.9.5


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 07:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org