system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-27 13:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/arch/powerpc/kvm
History
Paul Mackerras 93d17397e4 KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE 
It turns out that if the guest does a H_CEDE while the CPU is in
a transactional state, and the H_CEDE does a nap, and the nap
loses the architected state of the CPU (which is is allowed to do),
then we lose the checkpointed state of the virtual CPU.  In addition,
the transactional-memory state recorded in the MSR gets reset back
to non-transactional, and when we try to return to the guest, we take
a TM bad thing type of program interrupt because we are trying to
transition from non-transactional to transactional with a hrfid
instruction, which is not permitted.

The result of the program interrupt occurring at that point is that
the host CPU will hang in an infinite loop with interrupts disabled.
Thus this is a denial of service vulnerability in the host which can
be triggered by any guest (and depending on the guest kernel, it can
potentially triggered by unprivileged userspace in the guest).

This vulnerability has been assigned the ID CVE-2016-5412.

To fix this, we save the TM state before napping and restore it
on exit from the nap, when handling a H_CEDE in real mode.  The
case where H_CEDE exits to host virtual mode is already OK (as are
other hcalls which exit to host virtual mode) because the exit
path saves the TM state.

Cc: stable@vger.kernel.org # v3.15+
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2016-07-28 16:10:07 +10:00
..
book3s.c KVM: halt_polling: provide a way to qualify wakeups during poll 2016-05-13 17:29:23 +02:00
book3s.h kvm: Fix page ageing bugs 2014-09-24 14:07:58 +02:00
book3s_32_mmu.c arch: powerpc: kvm: book3s_32_mmu.c: Remove unused function 2014-12-17 13:12:25 +01:00
book3s_32_mmu_host.c powerpc/mm: Move hash related mmu-*.h headers to book3s/ 2016-03-03 21:19:21 +11:00
book3s_32_sr.S KVM: PPC: book3s_pr: Simplify transitions between virtual and real mode 2011-09-25 19:52:29 +03:00
book3s_64_mmu.c powerpc/mm: Move hash related mmu-*.h headers to book3s/ 2016-03-03 21:19:21 +11:00
book3s_64_mmu_host.c powerpc/mm: Move hash related mmu-*.h headers to book3s/ 2016-03-03 21:19:21 +11:00
book3s_64_mmu_hv.c powerpc/mm: Drop WIMG in favour of new constants 2016-05-01 18:32:33 +10:00
book3s_64_slb.S KVM: PPC: Book3S PR: Rework SLB switching code 2014-05-30 14:26:30 +02:00
book3s_64_vio.c KVM: PPC: Create a virtual-mode only TCE table handlers 2016-03-22 12:02:51 +01:00
book3s_64_vio_hv.c KVM: PPC: Create a virtual-mode only TCE table handlers 2016-03-22 12:02:51 +01:00
book3s_emulate.c KVM: PPC: Fix warnings from sparse 2015-08-22 11:16:16 +02:00
book3s_exports.c KVM: PPC: Make shared struct aka magic page guest endian 2014-05-30 14:26:21 +02:00
book3s_hv.c Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD 2016-07-11 18:10:06 +02:00
book3s_hv_builtin.c KVM: PPC: Book3S HV: Host-side RM data structures 2016-02-29 16:25:06 +11:00
book3s_hv_interrupts.S powerpc/kvm: Create proper names for the kvm_host_state PMU fields 2014-12-29 15:45:55 +11:00
book3s_hv_ras.c KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on HMI interrupt 2016-06-20 14:11:25 +10:00
book3s_hv_rm_mmu.c powerpc/mm: Drop WIMG in favour of new constants 2016-05-01 18:32:33 +10:00
book3s_hv_rm_xics.c KVM: PPC: Book3S HV: Add tunable to control H_IPI redirection 2016-02-29 16:25:06 +11:00
book3s_hv_rmhandlers.S KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE 2016-07-28 16:10:07 +10:00
book3s_interrupts.S KVM: PPC: Book3S PR: Fix ABIv2 on LE 2014-07-28 15:22:15 +02:00
book3s_mmu_hpte.c kvm: powerpc: book3s: pr: move PR related tracepoints to a separate header 2013-10-17 15:36:22 +02:00
book3s_paired_singles.c powerpc: Create disable_kernel_{fp,altivec,vsx,spe}() 2015-12-01 13:52:25 +11:00
book3s_pr.c Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD 2016-07-11 18:10:06 +02:00
book3s_pr_papr.c KVM: PPC: Add support for multiple-TCE hcalls 2016-02-16 13:44:26 +11:00
book3s_rmhandlers.S KVM: PPC: Book3S PR: Fix ABIv2 on LE 2014-07-28 15:22:15 +02:00
book3s_rtas.c KVM: PPC: RTAS: Do byte swaps explicitly 2014-07-07 23:17:20 +02:00
book3s_segment.S KVM: PPC: Book3S: correct width in XER handling 2015-08-22 11:16:19 +02:00
book3s_xics.c KVM: PPC: Book3S HV: Re-enable XICS fast path for irqfd-generated interrupts 2016-05-12 16:40:55 +10:00
book3s_xics.h KVM: PPC: Book3S HV: Re-enable XICS fast path for irqfd-generated interrupts 2016-05-12 16:40:55 +10:00
booke.c KVM: remove kvm_guest_enter/exit wrappers 2016-07-01 11:03:21 +02:00
booke.h KVM: PPC: Book3e: Add AltiVec support 2014-09-22 10:11:32 +02:00
booke_emulate.c KVM: PPC: BOOKE: Emulate debug registers and exception 2014-09-22 10:11:33 +02:00
booke_interrupts.S KVM: PPC: Remove 440 support 2014-07-28 15:23:15 +02:00
bookehv_interrupts.S powerpc/kvm: common sw breakpoint instr across ppc 2014-09-22 10:11:36 +02:00
e500.c KVM: PPC: e500: fix handling local_sid_lookup result 2015-10-15 15:58:16 +11:00
e500.h kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
e500_emulate.c KVM: PPC: e500: Emulate TMCFG0 TMRN register 2015-10-15 15:58:16 +11:00
e500_mmu.c KVM: PPC: fix suspicious use of conditional operator 2015-08-22 11:16:16 +02:00
e500_mmu_host.c kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
e500_mmu_host.h KVM: PPC: E500: Make clear_tlb_refs and clear_tlb1_bitmap static 2013-01-24 19:23:33 +01:00
e500mc.c powerpc: Fix misspellings in comments. 2016-03-01 19:27:20 +11:00
emulate.c KVM: PPC: Book3S PR: Fix illegal opcode emulation 2016-06-20 14:11:25 +10:00
emulate_loadstore.c KVM: PPC: Pass enum to kvmppc_get_last_inst 2014-09-22 10:11:36 +02:00
fpu.S powerpc: Remove fpscr use from [kvm_]cvt_{fd,df} 2010-09-02 14:07:32 +10:00
irq.h KVM: PPC: Book3S: Add API for in-kernel XICS emulation 2013-05-02 15:28:36 +02:00
Kconfig KVM: PPC: Remove PPC970 from KVM_BOOK3S_64_HV text in Kconfig 2015-08-22 11:16:16 +02:00
Makefile KVM: PPC: do not compile in vfio.o unconditionally 2016-03-22 16:38:38 +01:00
mpic.c KVM: pass struct kvm to kvm_set_routing_entry 2016-07-14 09:03:56 +02:00
powerpc.c KVM: remove kvm_guest_enter/exit wrappers 2016-07-01 11:03:21 +02:00
timing.c KVM: PPC: Remove DCR handling 2014-07-28 19:29:15 +02:00
timing.h KVM: PPC: Remove DCR handling 2014-07-28 19:29:15 +02:00
trace.h kvm: powerpc: booke: Move booke related tracepoints to separate header 2013-10-17 15:37:16 +02:00
trace_book3s.h KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions 2014-12-17 13:29:27 +01:00
trace_booke.h KVM: PPC: BookE: Improve irq inject tracepoint 2014-12-15 13:27:23 +01:00
trace_hv.h KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions 2014-12-17 13:29:27 +01:00
trace_pr.h kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00