[SRU Jammy,Lunar 0/6] CVE-2023-4155
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Aug 29 23:41:05 UTC 2023
[Impact]
A SEV-ES may attack the host with a TOCTOU attack, leading to a recursion.
[Backport]
The end result on 5.15 is very similar to the end result in 6.2.
6.1 already has the fixes.
Backports only touch SVM code.
[Potential regression]
Hosts running SEV-ES guests will be impacted.
Paolo Bonzini (2):
KVM: SEV: snapshot the GHCB before accessing it
KVM: SEV: only access GHCB fields once
Peter Gonda (1):
KVM: SEV: Refactor out sev_es_state struct
Sean Christopherson (2):
KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
Tom Lendacky (1):
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
arch/x86/include/asm/sev-common.h | 11 ++
arch/x86/kvm/svm/sev.c | 248 +++++++++++++++++-------------
arch/x86/kvm/svm/svm.c | 8 +-
arch/x86/kvm/svm/svm.h | 52 +++++--
4 files changed, 193 insertions(+), 126 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list