CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT<br /> <br /> Treat the NX bit as valid when using NPT, as KVM will set the NX bit when<br /> the NX huge page mitigation is enabled (mindblowing) and trigger the WARN<br /> that fires on reserved SPTE bits being set.<br /> <br /> KVM has required NX support for SVM since commit b26a71a1a5b9 ("KVM: SVM:<br /> Refuse to load kvm_amd if NX support is not available") for exactly this<br /> reason, but apparently it never occurred to anyone to actually test NPT<br /> with the mitigation enabled.<br /> <br /> ------------[ cut here ]------------<br /> spte = 0x800000018a600ee7, level = 2, rsvd bits = 0x800f0000001fe000<br /> WARNING: CPU: 152 PID: 15966 at arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm]<br /> Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 01/27/2022<br /> RIP: 0010:make_spte+0x327/0x340 [kvm]<br /> Call Trace:<br /> <br /> tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm]<br /> kvm_tdp_mmu_map+0x343/0x3b0 [kvm]<br /> direct_page_fault+0x1ae/0x2a0 [kvm]<br /> kvm_tdp_page_fault+0x7d/0x90 [kvm]<br /> kvm_mmu_page_fault+0xfb/0x2e0 [kvm]<br /> npf_interception+0x55/0x90 [kvm_amd]<br /> svm_invoke_exit_handler+0x31/0xf0 [kvm_amd]<br /> svm_handle_exit+0xf6/0x1d0 [kvm_amd]<br /> vcpu_enter_guest+0xb6d/0xee0 [kvm]<br /> ? kvm_pmu_trigger_event+0x6d/0x230 [kvm]<br /> vcpu_run+0x65/0x2c0 [kvm]<br /> kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm]<br /> kvm_vcpu_ioctl+0x551/0x610 [kvm]<br /> __se_sys_ioctl+0x77/0xc0<br /> __x64_sys_ioctl+0x1d/0x20<br /> do_syscall_64+0x44/0xa0<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> <br /> ---[ end trace 0000000000000000 ]---