KVM: x86/mmu: Fix race condition in direct_page_fault (!2639) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Jon Maloy requested to merge jmaloy/jmaloy-centos-stream-9:CVE-2022-45869_BZ#2179930-rhel-9.3 into main Jun 06, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2179930 Upstream: Merged CVE: CVE-2022-45869

make_mmu_pages_available() must be called with mmu_lock held for write. However, if the TDP MMU is used, it will be called with mmu_lock held for read. This function does nothing unless shadow pages are used, so there is no race unless nested TDP is used. Since nested TDP uses shadow pages, old shadow pages may be zapped by this function even when the TDP MMU is enabled. Since shadow pages are never allocated by kvm_tdp_mmu_map(), a race condition can be avoided by not calling make_mmu_pages_available() if the TDP MMU is currently in use.

Signed-off-by: Jon Maloy jmaloy@redhat.com

KVM: x86/mmu: Fix race condition in direct_page_fault

Merge request reports