On 1/31/22 17:08, Sean Christopherson wrote:
> Add uaccess macros for doing CMPXCHG on userspace addresses and use the
> macros to fix KVM bugs by replacing flawed code that maps memory into the
> kernel address space without proper mmu_notifier protection (or with
> broken pfn calculations in one case).
>
> Add yet another Kconfig for guarding asm_volatile_goto() to workaround a
> clang-13 bug. I've verified the test passes on gcc versions of arm64,
> PPC, RISC-V, and s390x that also pass the CC_HAS_ASM_GOTO_OUTPUT test.
>
> Patches 1-4 are tagged for stable@ as patches 3 and 4 (mostly 3) need a
> backportable fix, and doing CMPXCHG on the userspace address is the
> simplest fix from a KVM perspective.
>
> Peter Zijlstra (1):
> x86/uaccess: Implement macros for CMPXCHG on user addresses
>
> Sean Christopherson (4):
> Kconfig: Add option for asm goto w/ tied outputs to workaround
> clang-13 bug
> KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
> KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses
> KVM: x86: Bail to userspace if emulation of atomic user access faults
>
> arch/x86/include/asm/uaccess.h | 131 +++++++++++++++++++++++++++++++++
> arch/x86/kvm/mmu/paging_tmpl.h | 45 +----------
> arch/x86/kvm/x86.c | 35 ++++-----
> init/Kconfig | 4 +
> 4 files changed, 150 insertions(+), 65 deletions(-)
This also fixes the following syzbot issue:
https://syzkaller.appspot.com/bug?id=6cb6102a0a7b0c52060753dd62d070a1d1e71347
Tested-by: Tadeusz Struk <tadeusz.struk@linaro.org>
--
Thanks,
Tadeusz