| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Apr 2020 15:23:39 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Greg Kurz <groug@...d.org>,
Fabiano Rosas <farosas@...ux.ibm.com>,
Paul Mackerras <paulus@...abs.org>
Subject: [PATCH 5.6 130/254] KVM: PPC: Book3S HV: Skip kvmppc_uvmem_free if Ultravisor is not supported
From: Fabiano Rosas <farosas@...ux.ibm.com>
commit 9bee484b280a059c1faa10ae174af4f4af02c805 upstream.
kvmppc_uvmem_init checks for Ultravisor support and returns early if
it is not present. Calling kvmppc_uvmem_free at module exit will cause
an Oops:
$ modprobe -r kvm-hv
Oops: Kernel access of bad area, sig: 11 [#1]
<snip>
NIP: c000000000789e90 LR: c000000000789e8c CTR: c000000000401030
REGS: c000003fa7bab9a0 TRAP: 0300 Not tainted (5.6.0-rc6-00033-g6c90b86a745a-dirty)
MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002282 XER: 00000000
CFAR: c000000000dae880 DAR: 0000000000000008 DSISR: 40000000 IRQMASK: 1
GPR00: c000000000789e8c c000003fa7babc30 c0000000016fe500 0000000000000000
GPR04: 0000000000000000 0000000000000006 0000000000000000 c000003faf205c00
GPR08: 0000000000000000 0000000000000001 000000008000002d c00800000ddde140
GPR12: c000000000401030 c000003ffffd9080 0000000000000001 0000000000000000
GPR16: 0000000000000000 0000000000000000 000000013aad0074 000000013aaac978
GPR20: 000000013aad0070 0000000000000000 00007fffd1b37158 0000000000000000
GPR24: 000000014fef0d58 0000000000000000 000000014fef0cf0 0000000000000001
GPR28: 0000000000000000 0000000000000000 c0000000018b2a60 0000000000000000
NIP [c000000000789e90] percpu_ref_kill_and_confirm+0x40/0x170
LR [c000000000789e8c] percpu_ref_kill_and_confirm+0x3c/0x170
Call Trace:
[c000003fa7babc30] [c000003faf2064d4] 0xc000003faf2064d4 (unreliable)
[c000003fa7babcb0] [c000000000400e8c] dev_pagemap_kill+0x6c/0x80
[c000003fa7babcd0] [c000000000401064] memunmap_pages+0x34/0x2f0
[c000003fa7babd50] [c00800000dddd548] kvmppc_uvmem_free+0x30/0x80 [kvm_hv]
[c000003fa7babd80] [c00800000ddcef18] kvmppc_book3s_exit_hv+0x20/0x78 [kvm_hv]
[c000003fa7babda0] [c0000000002084d0] sys_delete_module+0x1d0/0x2c0
[c000003fa7babe20] [c00000000000b9d0] system_call+0x5c/0x68
Instruction dump:
3fc2001b fb81ffe0 fba1ffe8 fbe1fff8 7c7f1b78 7c9c2378 3bde4560 7fc3f378
f8010010 f821ff81 486249a1 60000000 <e93f0008> 7c7d1b78 712a0002 40820084
---[ end trace 5774ef4dc2c98279 ]---
So this patch checks if kvmppc_uvmem_init actually allocated anything
before running kvmppc_uvmem_free.
Fixes: ca9f4942670c ("KVM: PPC: Book3S HV: Support for running secure guests")
Cc: stable@...r.kernel.org # v5.5+
Reported-by: Greg Kurz <groug@...d.org>
Signed-off-by: Fabiano Rosas <farosas@...ux.ibm.com>
Tested-by: Greg Kurz <groug@...d.org>
Signed-off-by: Paul Mackerras <paulus@...abs.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
arch/powerpc/kvm/book3s_hv_uvmem.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/powerpc/kvm/book3s_hv_uvmem.c
+++ b/arch/powerpc/kvm/book3s_hv_uvmem.c
@@ -806,6 +806,9 @@ out:
void kvmppc_uvmem_free(void)
{
+ if (!kvmppc_uvmem_bitmap)
+ return;
+
memunmap_pages(&kvmppc_uvmem_pgmap);
release_mem_region(kvmppc_uvmem_pgmap.res.start,
resource_size(&kvmppc_uvmem_pgmap.res));
Powered by blists - more mailing lists