aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-08-20 19:22:10 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2014-08-20 19:22:10 -0400
commite9de42d8eeffdc23af0144cafa9e3deacc489fb9 (patch)
tree8b170973f5ce06c11c99c398f0a0438b2e49950f
parentbe816bc491d8ead54b345990bdb8f69d6036cb08 (diff)
parent30d1e0e806e5b2fadc297ba78f2d7afd6ba309cf (diff)
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini: "Reverting a 3.16 patch, fixing two bugs in device assignment (one has a CVE), and fixing some problems introduced during the merge window (the CMA bug came in via Andrew, the x86 ones via yours truly)" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it Revert "KVM: x86: Increase the number of fixed MTRR regs to 10" KVM: x86: do not check CS.DPL against RPL during task switch KVM: x86: Avoid emulating instructions on #UD mistakenly PC, KVM, CMA: Fix regression caused by wrong get_order() use kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
Diffstat
-rw-r--r--arch/powerpc/kvm/book3s_hv_builtin.c6
-rw-r--r--arch/x86/include/asm/kvm_host.h2
-rw-r--r--arch/x86/kvm/emulate.c11
-rw-r--r--virt/kvm/assigned-dev.c4
-rw-r--r--virt/kvm/iommu.c19
5 files changed, 21 insertions, 21 deletions
diff --git a/arch/powerpc/kvm/book3s_hv_builtin.c b/arch/powerpc/kvm/book3s_hv_builtin.c
index 329d7fdd0a6a..b9615ba5b083 100644
--- a/arch/powerpc/kvm/book3s_hv_builtin.c
+++ b/arch/powerpc/kvm/book3s_hv_builtin.c
@@ -101,7 +101,7 @@ struct kvm_rma_info *kvm_alloc_rma()
101 ri = kmalloc(sizeof(struct kvm_rma_info), GFP_KERNEL); 101 ri = kmalloc(sizeof(struct kvm_rma_info), GFP_KERNEL);
102 if (!ri) 102 if (!ri)
103 return NULL; 103 return NULL;
104 page = cma_alloc(kvm_cma, kvm_rma_pages, get_order(kvm_rma_pages)); 104 page = cma_alloc(kvm_cma, kvm_rma_pages, order_base_2(kvm_rma_pages));
105 if (!page) 105 if (!page)
106 goto err_out; 106 goto err_out;
107 atomic_set(&ri->use_count, 1); 107 atomic_set(&ri->use_count, 1);
@@ -135,12 +135,12 @@ struct page *kvm_alloc_hpt(unsigned long nr_pages)
135{ 135{
136 unsigned long align_pages = HPT_ALIGN_PAGES; 136 unsigned long align_pages = HPT_ALIGN_PAGES;
137 137
138 VM_BUG_ON(get_order(nr_pages) < KVM_CMA_CHUNK_ORDER - PAGE_SHIFT); 138 VM_BUG_ON(order_base_2(nr_pages) < KVM_CMA_CHUNK_ORDER - PAGE_SHIFT);
139 139
140 /* Old CPUs require HPT aligned on a multiple of its size */ 140 /* Old CPUs require HPT aligned on a multiple of its size */
141 if (!cpu_has_feature(CPU_FTR_ARCH_206)) 141 if (!cpu_has_feature(CPU_FTR_ARCH_206))
142 align_pages = nr_pages; 142 align_pages = nr_pages;
143 return cma_alloc(kvm_cma, nr_pages, get_order(align_pages)); 143 return cma_alloc(kvm_cma, nr_pages, order_base_2(align_pages));
144} 144}
145EXPORT_SYMBOL_GPL(kvm_alloc_hpt); 145EXPORT_SYMBOL_GPL(kvm_alloc_hpt);
146 146
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 572460175ba5..7c492ed9087b 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -95,7 +95,7 @@ static inline gfn_t gfn_to_index(gfn_t gfn, gfn_t base_gfn, int level)
95#define KVM_REFILL_PAGES 25 95#define KVM_REFILL_PAGES 25
96#define KVM_MAX_CPUID_ENTRIES 80 96#define KVM_MAX_CPUID_ENTRIES 80
97#define KVM_NR_FIXED_MTRR_REGION 88 97#define KVM_NR_FIXED_MTRR_REGION 88
98#define KVM_NR_VAR_MTRR 10 98#define KVM_NR_VAR_MTRR 8
99 99
100#define ASYNC_PF_PER_VCPU 64 100#define ASYNC_PF_PER_VCPU 64
101 101
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 56657b0bb3bb..03954f7900f5 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1491,9 +1491,6 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
1491 goto exception; 1491 goto exception;
1492 break; 1492 break;
1493 case VCPU_SREG_CS: 1493 case VCPU_SREG_CS:
1494 if (in_task_switch && rpl != dpl)
1495 goto exception;
1496
1497 if (!(seg_desc.type & 8)) 1494 if (!(seg_desc.type & 8))
1498 goto exception; 1495 goto exception;
1499 1496
@@ -4394,8 +4391,11 @@ done_prefixes:
4394 4391
4395 ctxt->execute = opcode.u.execute; 4392 ctxt->execute = opcode.u.execute;
4396 4393
4394 if (unlikely(ctxt->ud) && likely(!(ctxt->d & EmulateOnUD)))
4395 return EMULATION_FAILED;
4396
4397 if (unlikely(ctxt->d & 4397 if (unlikely(ctxt->d &
4398 (NotImpl|EmulateOnUD|Stack|Op3264|Sse|Mmx|Intercept|CheckPerm))) { 4398 (NotImpl|Stack|Op3264|Sse|Mmx|Intercept|CheckPerm))) {
4399 /* 4399 /*
4400 * These are copied unconditionally here, and checked unconditionally 4400 * These are copied unconditionally here, and checked unconditionally
4401 * in x86_emulate_insn. 4401 * in x86_emulate_insn.
@@ -4406,9 +4406,6 @@ done_prefixes:
4406 if (ctxt->d & NotImpl) 4406 if (ctxt->d & NotImpl)
4407 return EMULATION_FAILED; 4407 return EMULATION_FAILED;
4408 4408
4409 if (!(ctxt->d & EmulateOnUD) && ctxt->ud)
4410 return EMULATION_FAILED;
4411
4412 if (mode == X86EMUL_MODE_PROT64 && (ctxt->d & Stack)) 4409 if (mode == X86EMUL_MODE_PROT64 && (ctxt->d & Stack))
4413 ctxt->op_bytes = 8; 4410 ctxt->op_bytes = 8;
4414 4411
diff --git a/virt/kvm/assigned-dev.c b/virt/kvm/assigned-dev.c
index bf06577fea51..5819a2708d7e 100644
--- a/virt/kvm/assigned-dev.c
+++ b/virt/kvm/assigned-dev.c
@@ -526,8 +526,10 @@ static int assign_guest_irq(struct kvm *kvm,
526 dev->irq_requested_type |= guest_irq_type; 526 dev->irq_requested_type |= guest_irq_type;
527 if (dev->ack_notifier.gsi != -1) 527 if (dev->ack_notifier.gsi != -1)
528 kvm_register_irq_ack_notifier(kvm, &dev->ack_notifier); 528 kvm_register_irq_ack_notifier(kvm, &dev->ack_notifier);
529 } else 529 } else {
530 kvm_free_irq_source_id(kvm, dev->irq_source_id); 530 kvm_free_irq_source_id(kvm, dev->irq_source_id);
531 dev->irq_source_id = -1;
532 }
531 533
532 return r; 534 return r;
533} 535}
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index 0df7d4b34dfe..714b94932312 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -61,6 +61,14 @@ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
61 return pfn; 61 return pfn;
62} 62}
63 63
64static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
65{
66 unsigned long i;
67
68 for (i = 0; i < npages; ++i)
69 kvm_release_pfn_clean(pfn + i);
70}
71
64int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) 72int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
65{ 73{
66 gfn_t gfn, end_gfn; 74 gfn_t gfn, end_gfn;
@@ -123,6 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
123 if (r) { 131 if (r) {
124 printk(KERN_ERR "kvm_iommu_map_address:" 132 printk(KERN_ERR "kvm_iommu_map_address:"
125 "iommu failed to map pfn=%llx\n", pfn); 133 "iommu failed to map pfn=%llx\n", pfn);
134 kvm_unpin_pages(kvm, pfn, page_size);
126 goto unmap_pages; 135 goto unmap_pages;
127 } 136 }
128 137
@@ -134,7 +143,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
134 return 0; 143 return 0;
135 144
136unmap_pages: 145unmap_pages:
137 kvm_iommu_put_pages(kvm, slot->base_gfn, gfn); 146 kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn);
138 return r; 147 return r;
139} 148}
140 149
@@ -266,14 +275,6 @@ out_unlock:
266 return r; 275 return r;
267} 276}
268 277
269static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
270{
271 unsigned long i;
272
273 for (i = 0; i < npages; ++i)
274 kvm_release_pfn_clean(pfn + i);
275}
276
277static void kvm_iommu_put_pages(struct kvm *kvm, 278static void kvm_iommu_put_pages(struct kvm *kvm,
278 gfn_t base_gfn, unsigned long npages) 279 gfn_t base_gfn, unsigned long npages)
279{ 280{
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-23 09:40:46 -0400