tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
"s390:
- Two fixes for potential bitmap overruns in the cmma migration code

x86:
- Clear guest provided GPRs to defeat the Project Zero PoC for CVE
2017-5715"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: vmx: Scrub hardware GPRs at VM-exit
KVM: s390: prevent buffer overrun on memory hotplug during migration
KVM: s390: fix cmma migration for multiple memory slots

Linus Torvalds 5b6c02f3 3219e264

+38 -6
+5 -4
arch/s390/kvm/kvm-s390.c
··· 792 792 793 793 if (kvm->arch.use_cmma) { 794 794 /* 795 - * Get the last slot. They should be sorted by base_gfn, so the 796 - * last slot is also the one at the end of the address space. 797 - * We have verified above that at least one slot is present. 795 + * Get the first slot. They are reverse sorted by base_gfn, so 796 + * the first slot is also the one at the end of the address 797 + * space. We have verified above that at least one slot is 798 + * present. 798 799 */ 799 - ms = slots->memslots + slots->used_slots - 1; 800 + ms = slots->memslots; 800 801 /* round up so we only use full longs */ 801 802 ram_pages = roundup(ms->base_gfn + ms->npages, BITS_PER_LONG); 802 803 /* allocate enough bytes to store all the bits */
+1 -1
arch/s390/kvm/priv.c
··· 1006 1006 cbrlo[entries] = gfn << PAGE_SHIFT; 1007 1007 } 1008 1008 1009 - if (orc) { 1009 + if (orc && gfn < ms->bitmap_size) { 1010 1010 /* increment only if we are really flipping the bit to 1 */ 1011 1011 if (!test_and_set_bit(gfn, ms->pgste_bitmap)) 1012 1012 atomic64_inc(&ms->dirty_pages);
+19
arch/x86/kvm/svm.c
··· 4986 4986 "mov %%r14, %c[r14](%[svm]) \n\t" 4987 4987 "mov %%r15, %c[r15](%[svm]) \n\t" 4988 4988 #endif 4989 + /* 4990 + * Clear host registers marked as clobbered to prevent 4991 + * speculative use. 4992 + */ 4993 + "xor %%" _ASM_BX ", %%" _ASM_BX " \n\t" 4994 + "xor %%" _ASM_CX ", %%" _ASM_CX " \n\t" 4995 + "xor %%" _ASM_DX ", %%" _ASM_DX " \n\t" 4996 + "xor %%" _ASM_SI ", %%" _ASM_SI " \n\t" 4997 + "xor %%" _ASM_DI ", %%" _ASM_DI " \n\t" 4998 + #ifdef CONFIG_X86_64 4999 + "xor %%r8, %%r8 \n\t" 5000 + "xor %%r9, %%r9 \n\t" 5001 + "xor %%r10, %%r10 \n\t" 5002 + "xor %%r11, %%r11 \n\t" 5003 + "xor %%r12, %%r12 \n\t" 5004 + "xor %%r13, %%r13 \n\t" 5005 + "xor %%r14, %%r14 \n\t" 5006 + "xor %%r15, %%r15 \n\t" 5007 + #endif 4989 5008 "pop %%" _ASM_BP 4990 5009 : 4991 5010 : [svm]"a"(svm),
+13 -1
arch/x86/kvm/vmx.c
··· 9415 9415 /* Save guest registers, load host registers, keep flags */ 9416 9416 "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" 9417 9417 "pop %0 \n\t" 9418 + "setbe %c[fail](%0)\n\t" 9418 9419 "mov %%" _ASM_AX ", %c[rax](%0) \n\t" 9419 9420 "mov %%" _ASM_BX ", %c[rbx](%0) \n\t" 9420 9421 __ASM_SIZE(pop) " %c[rcx](%0) \n\t" ··· 9432 9431 "mov %%r13, %c[r13](%0) \n\t" 9433 9432 "mov %%r14, %c[r14](%0) \n\t" 9434 9433 "mov %%r15, %c[r15](%0) \n\t" 9434 + "xor %%r8d, %%r8d \n\t" 9435 + "xor %%r9d, %%r9d \n\t" 9436 + "xor %%r10d, %%r10d \n\t" 9437 + "xor %%r11d, %%r11d \n\t" 9438 + "xor %%r12d, %%r12d \n\t" 9439 + "xor %%r13d, %%r13d \n\t" 9440 + "xor %%r14d, %%r14d \n\t" 9441 + "xor %%r15d, %%r15d \n\t" 9435 9442 #endif 9436 9443 "mov %%cr2, %%" _ASM_AX " \n\t" 9437 9444 "mov %%" _ASM_AX ", %c[cr2](%0) \n\t" 9438 9445 9446 + "xor %%eax, %%eax \n\t" 9447 + "xor %%ebx, %%ebx \n\t" 9448 + "xor %%esi, %%esi \n\t" 9449 + "xor %%edi, %%edi \n\t" 9439 9450 "pop %%" _ASM_BP "; pop %%" _ASM_DX " \n\t" 9440 - "setbe %c[fail](%0) \n\t" 9441 9451 ".pushsection .rodata \n\t" 9442 9452 ".global vmx_return \n\t" 9443 9453 "vmx_return: " _ASM_PTR " 2b \n\t"