korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-23 19:14:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
671ddc700f
linux/arch/x86
History
Jim Mattson 671ddc700f KVM: nVMX: Don't leak L1 MMIO regions to L2 
If the "virtualize APIC accesses" VM-execution control is set in the
VMCS, the APIC virtualization hardware is triggered when a page walk
in VMX non-root mode terminates at a PTE wherein the address of the 4k
page frame matches the APIC-access address specified in the VMCS. On
hardware, the APIC-access address may be any valid 4k-aligned physical
address.

KVM's nVMX implementation enforces the additional constraint that the
APIC-access address specified in the vmcs12 must be backed by
a "struct page" in L1. If not, L0 will simply clear the "virtualize
APIC accesses" VM-execution control in the vmcs02.

The problem with this approach is that the L1 guest has arranged the
vmcs12 EPT tables--or shadow page tables, if the "enable EPT"
VM-execution control is clear in the vmcs12--so that the L2 guest
physical address(es)--or L2 guest linear address(es)--that reference
the L2 APIC map to the APIC-access address specified in the
vmcs12. Without the "virtualize APIC accesses" VM-execution control in
the vmcs02, the APIC accesses in the L2 guest will directly access the
APIC-access page in L1.

When there is no mapping whatsoever for the APIC-access address in L1,
the L2 VM just loses the intended APIC virtualization. However, when
the APIC-access address is mapped to an MMIO region in L1, the L2
guest gets direct access to the L1 MMIO device. For example, if the
APIC-access address specified in the vmcs12 is 0xfee00000, then L2
gets direct access to L1's APIC.

Since this vmcs12 configuration is something that KVM cannot
faithfully emulate, the appropriate response is to exit to userspace
with KVM_INTERNAL_ERROR_EMULATION.

Fixes: fe3ef05c75 ("KVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12")
Reported-by: Dan Cross <dcross@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-10-22 19:04:40 +02:00
..
boot x86/boot/acpi: Move get_cmdline_acpi_rsdp() under #ifdef guard 2019-10-18 13:33:38 +02:00
configs x86/defconfigs: Remove useless UEVENT_HELPER_PATH 2019-06-21 19:22:08 +02:00
crypto crypto: x86/aes-ni - use AES library instead of single-use AES cipher 2019-09-09 23:48:41 +10:00
entry Kbuild updates for v5.4 2019-09-20 08:36:47 -07:00
events perf/x86/cstate: Add Tiger Lake CPU support 2019-10-12 15:13:09 +02:00
hyperv x86/hyperv: Make vapic support x2apic mode 2019-10-15 10:57:09 +02:00
ia32 clone: fix CLONE_PIDFD support 2019-07-14 20:36:12 +02:00
include KVM: nVMX: Don't leak L1 MMIO regions to L2 2019-10-22 19:04:40 +02:00
kernel Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-10-20 06:31:14 -04:00
kvm KVM: nVMX: Don't leak L1 MMIO regions to L2 2019-10-22 19:04:40 +02:00
lib x86/asm: Fix MWAITX C-state hint value 2019-10-08 13:25:24 +02:00
math-emu x86/fpu/math-emu: Address fallthrough warnings 2019-08-12 20:35:05 +02:00
mm Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
net bpf: fix x64 JIT code generation for jmp to 1st insn 2019-08-01 13:12:09 -07:00
oprofile
pci dma-mapping updates for 5.4: 2019-09-19 13:27:23 -07:00
platform efi/x86: Do not clean dummy variable in kexec path 2019-10-07 15:24:36 +02:00
power Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-09-17 12:04:39 -07:00
purgatory Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-09-28 13:37:41 -07:00
ras RAS/CEC: Add CONFIG_RAS_CEC_DEBUG and move CEC debug features there 2019-06-08 17:39:24 +02:00
realmode x86/realmode: Remove trampoline_status 2019-07-22 11:30:18 +02:00
tools Merge branch 'x86-paravirt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-07-08 17:34:44 -07:00
um um: Use real DMA barriers 2019-09-15 21:37:14 +02:00
video treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
xen xen: fixes for 5.4-rc3 2019-10-12 14:11:21 -07:00
.gitignore
Kbuild treewide: Add SPDX license identifier - Kbuild 2019-05-30 11:32:33 -07:00
Kconfig Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
Kconfig.cpu x86/cpu: Create Zhaoxin processors architecture support file 2019-06-22 11:45:57 +02:00
Kconfig.debug x86, perf: Fix the dependency of the x86 insn decoder selftest 2019-09-02 20:05:58 +02:00
Makefile x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning 2019-08-28 17:31:31 +02:00
Makefile_32.cpu
Makefile.um