• Paolo Bonzini's avatar
    KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) · 353c0956
    Paolo Bonzini authored
    Bugzilla: 1671930
    
    Emulation of certain instructions (VMXON, VMCLEAR, VMPTRLD, VMWRITE with
    memory operand, INVEPT, INVVPID) can incorrectly inject a page fault
    when passed an operand that points to an MMIO address.  The page fault
    will use uninitialized kernel stack memory as the CR2 and error code.
    
    The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR
    exit to userspace; however, it is not an easy fix, so for now just
    ensure that the error code and CR2 are zero.
    
    Embargoed until Feb 7th 2019.
    Reported-by: default avatarFelix Wilhelm <fwilhelm@google.com>
    Cc: stable@kernel.org
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    353c0956
x86.c 254 KB