| commit | 6c8028e3c0978f85667d9d6bbae5fe364bd43984 | [log] [tgz] |
|---|---|---|
| author | Joerg Roedel <[email protected]> | Mon Oct 16 14:42:50 2023 +0200 |
| committer | He Gao <[email protected]> | Fri Nov 10 21:20:13 2023 +0000 |
| tree | cbe297094755b1beb2b9c92043705c6a9a94b91a | |
| parent | daf9b74f3e483bfe435a8dc9acfb3a6a2ecaf6ff [diff] |
x86/sev: Check for user-space IOIO pointing to kernel space
Upstream commit: 63e44bc52047f182601e7817da969a105aa1f721
Check the memory operand of INS/OUTS before emulating the instruction.
The #VC exception can get raised from user-space, but the memory operand
can be manipulated to access kernel memory before the emulation actually
begins and after the exception handler has run.
[ bp: Massage commit message. ]
Cherry-pick to release branch to fix CVE-2023-46813.
BUG=b/309761738
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2023-46813 in the Linux kernel.
Fixes: 597cfe48212a ("x86/boot/compressed/64: Setup a GHCB-based VC Exception handler")
Reported-by: Tom Dohrmann <[email protected]>
Change-Id: I72b85cb1c102c230c41dbaf0ebeea9fb925379dd
Signed-off-by: Joerg Roedel <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/60997
Tested-by: Cusky Presubmit Bot <[email protected]>
Reviewed-by: Anil Altinay <[email protected]>