* FAILED: patch "[PATCH] x86: KVM: SVM: always update the x2avic msr interception" failed to apply to 6.1-stable tree
@ 2023-10-20 17:40 gregkh
2023-11-02 17:33 ` [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception SeongJae Park
2023-11-02 17:58 ` SeongJae Park
0 siblings, 2 replies; 5+ messages in thread
From: gregkh @ 2023-10-20 17:40 UTC (permalink / raw)
To: mlevitsk, pbonzini, seanjc, suravee.suthikulpanit; +Cc: stable
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x b65235f6e102354ccafda601eaa1c5bef5284d21
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2023102017-human-marine-7125@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From b65235f6e102354ccafda601eaa1c5bef5284d21 Mon Sep 17 00:00:00 2001
From: Maxim Levitsky <mlevitsk@redhat.com>
Date: Thu, 28 Sep 2023 20:33:51 +0300
Subject: [PATCH] x86: KVM: SVM: always update the x2avic msr interception
The following problem exists since x2avic was enabled in the KVM:
svm_set_x2apic_msr_interception is called to enable the interception of
the x2apic msrs.
In particular it is called at the moment the guest resets its apic.
Assuming that the guest's apic was in x2apic mode, the reset will bring
it back to the xapic mode.
The svm_set_x2apic_msr_interception however has an erroneous check for
'!apic_x2apic_mode()' which prevents it from doing anything in this case.
As a result of this, all x2apic msrs are left unintercepted, and that
exposes the bare metal x2apic (if enabled) to the guest.
Oops.
Remove the erroneous '!apic_x2apic_mode()' check to fix that.
This fixes CVE-2023-5090
Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928173354.217464-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 9507df93f410..acdd0b89e471 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -913,8 +913,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
if (intercept == svm->x2avic_msrs_intercepted)
return;
- if (!x2avic_enabled ||
- !apic_x2apic_mode(svm->vcpu.arch.apic))
+ if (!x2avic_enabled)
return;
for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception
2023-10-20 17:40 FAILED: patch "[PATCH] x86: KVM: SVM: always update the x2avic msr interception" failed to apply to 6.1-stable tree gregkh
@ 2023-11-02 17:33 ` SeongJae Park
2023-11-02 17:54 ` SeongJae Park
2023-11-02 17:58 ` SeongJae Park
1 sibling, 1 reply; 5+ messages in thread
From: SeongJae Park @ 2023-11-02 17:33 UTC (permalink / raw)
To: stable
Cc: Maxim Levitsky, Suravee Suthikulpanit, Sean Christopherson,
Paolo Bonzini, SeongJae Park
From: Maxim Levitsky <mlevitsk@redhat.com>
The following problem exists since x2avic was enabled in the KVM:
svm_set_x2apic_msr_interception is called to enable the interception of
the x2apic msrs.
In particular it is called at the moment the guest resets its apic.
Assuming that the guest's apic was in x2apic mode, the reset will bring
it back to the xapic mode.
The svm_set_x2apic_msr_interception however has an erroneous check for
'!apic_x2apic_mode()' which prevents it from doing anything in this case.
As a result of this, all x2apic msrs are left unintercepted, and that
exposes the bare metal x2apic (if enabled) to the guest.
Oops.
Remove the erroneous '!apic_x2apic_mode()' check to fix that.
This fixes CVE-2023-5090
Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928173354.217464-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b65235f6e102354ccafda601eaa1c5bef5284d21)
Signed-off-by: SeongJae Park <sj@kernel.org>
---
arch/x86/kvm/svm/svm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c871a6d6364c..1139d4b91b80 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -822,8 +822,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
if (intercept == svm->x2avic_msrs_intercepted)
return;
- if (avic_mode != AVIC_MODE_X2 ||
- !apic_x2apic_mode(svm->vcpu.arch.apic))
+ if (!x2avic_enabled)
return;
for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception
2023-11-02 17:33 ` [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception SeongJae Park
@ 2023-11-02 17:54 ` SeongJae Park
0 siblings, 0 replies; 5+ messages in thread
From: SeongJae Park @ 2023-11-02 17:54 UTC (permalink / raw)
To: SeongJae Park
Cc: stable, Maxim Levitsky, Suravee Suthikulpanit,
Sean Christopherson, Paolo Bonzini
Please ignore this patch. I mistakenly sent this wrong one. Sorry for making
noise.
Thanks,
SJ
On Thu, 2 Nov 2023 17:33:11 +0000 SeongJae Park <sj@kernel.org> wrote:
> From: Maxim Levitsky <mlevitsk@redhat.com>
>
> The following problem exists since x2avic was enabled in the KVM:
>
> svm_set_x2apic_msr_interception is called to enable the interception of
> the x2apic msrs.
>
> In particular it is called at the moment the guest resets its apic.
>
> Assuming that the guest's apic was in x2apic mode, the reset will bring
> it back to the xapic mode.
>
> The svm_set_x2apic_msr_interception however has an erroneous check for
> '!apic_x2apic_mode()' which prevents it from doing anything in this case.
>
> As a result of this, all x2apic msrs are left unintercepted, and that
> exposes the bare metal x2apic (if enabled) to the guest.
> Oops.
>
> Remove the erroneous '!apic_x2apic_mode()' check to fix that.
>
> This fixes CVE-2023-5090
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception
2023-10-20 17:40 FAILED: patch "[PATCH] x86: KVM: SVM: always update the x2avic msr interception" failed to apply to 6.1-stable tree gregkh
2023-11-02 17:33 ` [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception SeongJae Park
@ 2023-11-02 17:58 ` SeongJae Park
2023-11-06 11:31 ` Greg KH
1 sibling, 1 reply; 5+ messages in thread
From: SeongJae Park @ 2023-11-02 17:58 UTC (permalink / raw)
To: stable
Cc: Maxim Levitsky, Suravee Suthikulpanit, Sean Christopherson,
Paolo Bonzini, SeongJae Park
From: Maxim Levitsky <mlevitsk@redhat.com>
The following problem exists since x2avic was enabled in the KVM:
svm_set_x2apic_msr_interception is called to enable the interception of
the x2apic msrs.
In particular it is called at the moment the guest resets its apic.
Assuming that the guest's apic was in x2apic mode, the reset will bring
it back to the xapic mode.
The svm_set_x2apic_msr_interception however has an erroneous check for
'!apic_x2apic_mode()' which prevents it from doing anything in this case.
As a result of this, all x2apic msrs are left unintercepted, and that
exposes the bare metal x2apic (if enabled) to the guest.
Oops.
Remove the erroneous '!apic_x2apic_mode()' check to fix that.
This fixes CVE-2023-5090
Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230928173354.217464-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b65235f6e102354ccafda601eaa1c5bef5284d21)
Signed-off-by: SeongJae Park <sj@kernel.org>
---
arch/x86/kvm/svm/svm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c871a6d6364c..4194aa4c5f0e 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -822,8 +822,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept)
if (intercept == svm->x2avic_msrs_intercepted)
return;
- if (avic_mode != AVIC_MODE_X2 ||
- !apic_x2apic_mode(svm->vcpu.arch.apic))
+ if (avic_mode != AVIC_MODE_X2)
return;
for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) {
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception
2023-11-02 17:58 ` SeongJae Park
@ 2023-11-06 11:31 ` Greg KH
0 siblings, 0 replies; 5+ messages in thread
From: Greg KH @ 2023-11-06 11:31 UTC (permalink / raw)
To: SeongJae Park
Cc: stable, Maxim Levitsky, Suravee Suthikulpanit,
Sean Christopherson, Paolo Bonzini
On Thu, Nov 02, 2023 at 05:58:15PM +0000, SeongJae Park wrote:
> From: Maxim Levitsky <mlevitsk@redhat.com>
>
> The following problem exists since x2avic was enabled in the KVM:
>
> svm_set_x2apic_msr_interception is called to enable the interception of
> the x2apic msrs.
>
> In particular it is called at the moment the guest resets its apic.
>
> Assuming that the guest's apic was in x2apic mode, the reset will bring
> it back to the xapic mode.
>
> The svm_set_x2apic_msr_interception however has an erroneous check for
> '!apic_x2apic_mode()' which prevents it from doing anything in this case.
>
> As a result of this, all x2apic msrs are left unintercepted, and that
> exposes the bare metal x2apic (if enabled) to the guest.
> Oops.
>
> Remove the erroneous '!apic_x2apic_mode()' check to fix that.
>
> This fixes CVE-2023-5090
>
> Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
> Cc: stable@vger.kernel.org
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> Reviewed-by: Sean Christopherson <seanjc@google.com>
> Message-Id: <20230928173354.217464-2-mlevitsk@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> (cherry picked from commit b65235f6e102354ccafda601eaa1c5bef5284d21)
> Signed-off-by: SeongJae Park <sj@kernel.org>
Now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-11-06 11:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-20 17:40 FAILED: patch "[PATCH] x86: KVM: SVM: always update the x2avic msr interception" failed to apply to 6.1-stable tree gregkh
2023-11-02 17:33 ` [PATCH 6.1.y] x86: KVM: SVM: always update the x2avic msr interception SeongJae Park
2023-11-02 17:54 ` SeongJae Park
2023-11-02 17:58 ` SeongJae Park
2023-11-06 11:31 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox