Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/…

…git/arm64/linux Pull amr64 kvm fix from Will Deacon: "We've uncovered a nasty bug in the arm64 KVM code which allows a badly behaved 32-bit guest to bring down the host. The fix is simple (it's what I believe we call a "brown paper bag" bug) and I don't think it makes sense to sit on this, particularly as Russell ended up triggering this rather than just somebody noticing a potential problem by inspection. Usually arm64 KVM changes would go via Paolo's tree, but he's on holiday at the moment and the deal is that anything urgent gets shuffled via the arch trees, so here it is. Summary: Fix arm64 KVM issue when injecting an abort into a 32-bit guest, which would lead to an illegal exception return at EL2 and a subsequent host crash" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
mariux64 · Aug 27, 2015 · 9580381 · 9580381
2 parents f9ed72d + 126c69a
commit 9580381
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
@@ -168,8 +168,8 @@ void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr)
 {
 	if (!(vcpu->arch.hcr_el2 & HCR_RW))
 		inject_abt32(vcpu, false, addr);
-
-	inject_abt64(vcpu, false, addr);
+	else
+		inject_abt64(vcpu, false, addr);
 }
 
 /**
@@ -184,8 +184,8 @@ void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr)
 {
 	if (!(vcpu->arch.hcr_el2 & HCR_RW))
 		inject_abt32(vcpu, true, addr);
-
-	inject_abt64(vcpu, true, addr);
+	else
+		inject_abt64(vcpu, true, addr);
 }
 
 /**
@@ -198,6 +198,6 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu)
 {
 	if (!(vcpu->arch.hcr_el2 & HCR_RW))
 		inject_undef32(vcpu);
-
-	inject_undef64(vcpu);
+	else
+		inject_undef64(vcpu);
 }