Unverified Commit 9a359254 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!7655 v3 KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() 

Merge Pull Request from: @ci-robot 
 
PR sync from: Ye Bin <yebin10@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/ULTNS5LXAB2ALNQN6B3MDR6AZCHFBEOS/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9Q8ZA 
 
Link:https://gitee.com/openeuler/kernel/pulls/7655

 

Reviewed-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 08199763 acc730d7

arch/x86/kvm/svm/sev.c

+9 −7
Original line number Diff line number Diff line
@@ -1027,20 +1027,22 @@ int svm_register_enc_region(struct kvm *kvm, 
		goto e_free;

	}



	region->uaddr = range->addr;

	region->size = range->size;



	list_add_tail(&region->list, &sev->regions_list);

	mutex_unlock(&kvm->lock);



	/*

	 * The guest may change the memory encryption attribute from C=0 -> C=1

	 * or vice versa for this memory range. Lets make sure caches are

	 * flushed to ensure that guest data gets written into memory with

	 * correct C-bit.

	 * correct C-bit.  Note, this must be done before dropping kvm->lock,

	 * as region and its array of pages can be freed by a different task

	 * once kvm->lock is released.

	 */

	sev_clflush_pages(region->pages, region->npages);



	region->uaddr = range->addr;

	region->size = range->size;



	list_add_tail(&region->list, &sev->regions_list);

	mutex_unlock(&kvm->lock);



	return ret;



e_free: