Make sure that KVM uses vmcb01 before freeing nested state, and warn if that is not the case.

This is a minimal fix for CVE-2022-3344 making the kernel print a warning instead of a kernel panic.

Cc: stable@vger.kernel.org Signed-off-by: Maxim Levitsky mlevitsk@redhat.com --- arch/x86/kvm/svm/nested.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index b258d6988f5dde..b74da40c1fc40c 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1126,6 +1126,9 @@ void svm_free_nested(struct vcpu_svm *svm) if (!svm->nested.initialized) return;

+ if (WARN_ON_ONCE(svm->vmcb != svm->vmcb01.ptr)) + svm_switch_vmcb(svm, &svm->vmcb01); + svm_vcpu_free_msrpm(svm->nested.msrpm); svm->nested.msrpm = NULL;