KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness

commit 33fbe6befa622c082f7d417896832856814bdde0 upstream. This shows up as a TDP MMU leak when running nested. Non-working cmpxchg on L0 relies makes L1 install two different shadow pages under same spte, and one of them is leaked. Fixes: 1c2361f667f36 ("KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses") Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20220512101420.306759-1-mlevitsk@redhat.com> Reviewed-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Maxim Levitsky <mlevitsk@redhat.com> 2022-05-12 13:14:20 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-07-29 17:25:33 +0200
commit: 9444462d6343566155aa18a9dddb0144dd2f1a6e (patch)
tree: 23997097f837f3a0c3528e928d8996e24a880f15
parent: b6c24afba608b9faed82bd24a3adf2efac269f73 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index f9802ceed60a..bd410926fda5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6933,7 +6933,7 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
 		goto emul_write;
 
 	hva = kvm_vcpu_gfn_to_hva(vcpu, gpa_to_gfn(gpa));
-	if (kvm_is_error_hva(addr))
+	if (kvm_is_error_hva(hva))
 		goto emul_write;
 
 	hva += offset_in_page(gpa);
author	Maxim Levitsky <mlevitsk@redhat.com>	2022-05-12 13:14:20 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-07-29 17:25:33 +0200
commit	9444462d6343566155aa18a9dddb0144dd2f1a6e (patch)
tree	23997097f837f3a0c3528e928d8996e24a880f15
parent	b6c24afba608b9faed82bd24a3adf2efac269f73 (diff)