CVE-2024-35804

In the Linux kernel, the following vulnerability has been resolved: KVM:
x86: Mark target gfn of emulated atomic instruction as dirty When emulating
an atomic access on behalf of the guest, mark the target gfn dirty if the
CMPXCHG by KVM is attempted and doesn’t fault. This fixes a bug where KVM
effectively corrupts guest memory during live migration by writing to guest
memory without informing userspace that the page is dirty. Marking the page
dirty got unintentionally dropped when KVM’s emulated CMPXCHG was converted
to do a user access. Before that, KVM explicitly mapped the guest page into
kernel memory, and marked the page dirty during the unmap phase. Mark the
page dirty even if the CMPXCHG fails, as the old data is written back on
failure, i.e. the page is still written. The value written is guaranteed to
be the same because the operation is atomic, but KVM’s ABI is that all
writes are dirty logged regardless of the value written. And more
importantly, that’s what KVM did before the buggy commit. Huge kudos to the
folks on the Cc list (and many others), who did all the actual work of
triaging and debugging. base-commit:
6769ea8da8a93ed4630f1ce64df6aafcaabfce64