[oss-security] Linux kernel: powerpc: KVM guest can trigger host crash on Power8
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 28 14:58:05 AEDT 2021
Hi,
On Mon, Oct 25, 2021 at 10:18:54PM +1100, Michael Ellerman wrote:
> The Linux kernel for powerpc since v5.2 has a bug which allows a
> malicious KVM guest to crash the host, when the host is running on
> Power8.
>
> Only machines using Linux as the hypervisor, aka. KVM, powernv or bare
> metal, are affected by the bug. Machines running PowerVM are not
> affected.
>
> The bug was introduced in:
>
> 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C")
>
> Which was first released in v5.2.
>
> The upstream fix is:
>
> cdeb5d7d890e ("KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest")
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337
>
> Which will be included in the v5.16 release.
>
> Note to backporters, the following commits are required:
>
> 73287caa9210ded6066833195f4335f7f688a46b
> ("powerpc64/idle: Fix SP offsets when saving GPRs")
>
> 9b4416c5095c20e110c82ae602c254099b83b72f
> ("KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()")
>
> cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337
> ("KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest")
>
> 496c5fe25c377ddb7815c4ce8ecfb676f051e9b6
> ("powerpc/idle: Don't corrupt back chain when going idle")
>
>
> I have a test case to trigger the bug, which I can share privately with
> anyone who would like to test the fix.
The issue has been assigned CVE-2021-43056.
Regards,
Salvatore
More information about the Linuxppc-dev
mailing list