korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-28 06:34:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

kvm: nVMX: Enforce cpl=0 for VMX instructions

Browse Source 
VMX instructions executed inside a L1 VM will always trigger a VM exit
even when executed with cpl 3. This means we must perform the
privilege check in software.

Fixes: 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks")
Cc: stable@vger.kernel.org
Signed-off-by: Felix Wilhelm <fwilhelm@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Felix Wilhelm 2018-06-11 09:43:44 +02:00 committed by Paolo Bonzini
parent f4160e459c
commit 727ba748e1
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
arch/x86/kvm/vmx.c
View File

@ -7905,6 +7905,12 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
return 1; return 1;
} }
/* CPL=0 must be checked manually. */
if (vmx_get_cpl(vcpu)) {
kvm_queue_exception(vcpu, UD_VECTOR);
return 1;
}
if (vmx->nested.vmxon) { if (vmx->nested.vmxon) {
nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION); nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
return kvm_skip_emulated_instruction(vcpu); return kvm_skip_emulated_instruction(vcpu);
@ -7964,6 +7970,11 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
*/ */
static int nested_vmx_check_permission(struct kvm_vcpu *vcpu) static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
{ {
if (vmx_get_cpl(vcpu)) {
kvm_queue_exception(vcpu, UD_VECTOR);
return 0;
}
if (!to_vmx(vcpu)->nested.vmxon) { if (!to_vmx(vcpu)->nested.vmxon) {
kvm_queue_exception(vcpu, UD_VECTOR); kvm_queue_exception(vcpu, UD_VECTOR);
return 0; return 0;
@ -8283,7 +8294,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
if (get_vmx_mem_address(vcpu, exit_qualification, if (get_vmx_mem_address(vcpu, exit_qualification,
vmx_instruction_info, true, &gva)) vmx_instruction_info, true, &gva))
return 1; return 1;
/* _system ok, as hardware has verified cpl=0 */ /* _system ok, nested_vmx_check_permission has verified cpl=0 */
kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva, kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva,
&field_value, (is_long_mode(vcpu) ? 8 : 4), NULL); &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL);
} }
@ -8448,7 +8459,7 @@ static int handle_vmptrst(struct kvm_vcpu *vcpu)
if (get_vmx_mem_address(vcpu, exit_qualification, if (get_vmx_mem_address(vcpu, exit_qualification,
vmx_instruction_info, true, &vmcs_gva)) vmx_instruction_info, true, &vmcs_gva))
return 1; return 1;
/* ok to use *_system, as hardware has verified cpl=0 */ /* *_system ok, nested_vmx_check_permission has verified cpl=0 */
if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva, if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva,
(void *)&to_vmx(vcpu)->nested.current_vmptr, (void *)&to_vmx(vcpu)->nested.current_vmptr,
sizeof(u64), &e)) { sizeof(u64), &e)) {