| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jul 2019 11:10:26 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Jack Wang <jack.wang.usish@...il.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>
Cc: stable@...r.kernel.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
Radim Krčmář <rkrcmar@...hat.com>
Subject: Re: [PATCH stable-4.19 1/2] KVM: nVMX: do not use dangling shadow
VMCS after guest reset
On 29/07/19 10:58, Jack Wang wrote:
> Vitaly Kuznetsov <vkuznets@...hat.com> 于2019年7月25日周四 下午3:29写道:
>>
>> From: Paolo Bonzini <pbonzini@...hat.com>
>>
>> [ Upstream commit 88dddc11a8d6b09201b4db9d255b3394d9bc9e57 ]
>>
>> If a KVM guest is reset while running a nested guest, free_nested will
>> disable the shadow VMCS execution control in the vmcs01. However,
>> on the next KVM_RUN vmx_vcpu_run would nevertheless try to sync
>> the VMCS12 to the shadow VMCS which has since been freed.
>>
>> This causes a vmptrld of a NULL pointer on my machime, but Jan reports
>> the host to hang altogether. Let's see how much this trivial patch fixes.
>>
>> Reported-by: Jan Kiszka <jan.kiszka@...mens.com>
>> Cc: Liran Alon <liran.alon@...cle.com>
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
>
> Hi all,
>
> Do we need to backport the fix also to stable 4.14? It applies
> cleanly and compiles fine.
The reproducer required newer kernels that support KVM_GET_NESTED_STATE
and KVM_SET_NESTED_STATE, so it would be hard to test it. However, the
patch itself should be safe.
Paolo
Powered by blists - more mailing lists