Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/arch/x86/kvm
History
Maxim Levitsky c7dfa40099 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) 
If L1 disables VMLOAD/VMSAVE intercepts, and doesn't enable
Virtual VMLOAD/VMSAVE (currently not supported for the nested hypervisor),
then VMLOAD/VMSAVE must operate on the L1 physical memory, which is only
possible by making L0 intercept these instructions.

Failure to do so allowed the nested guest to run VMLOAD/VMSAVE unintercepted,
and thus read/write portions of the host physical memory.

Fixes: 89c8a4984f ("KVM: SVM: Enable Virtual VMLOAD VMSAVE feature")

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 		2021-08-16 09:48:37 -04:00
..
mmu KVM: x86/mmu: Protect marking SPs unsync when using TDP MMU with spinlock 2021-08-13 03:32:14 -04:00
svm KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) 2021-08-16 09:48:37 -04:00
vmx KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF 2021-08-13 03:20:58 -04:00
Kconfig
Makefile
cpuid.c KVM: x86: Allow guest to set EFER.NX=1 on non-PAE 32-bit kernels 2021-08-13 03:20:17 -04:00
cpuid.h
debugfs.c
emulate.c
fpu.h
hyperv.c KVM: x86: remove dead initialization 2021-08-13 03:20:18 -04:00
hyperv.h
i8254.c
i8254.h
i8259.c
ioapic.c x86/kvm: fix vcpu-id indexed array sizes 2021-07-27 16:58:59 -04:00
ioapic.h x86/kvm: fix vcpu-id indexed array sizes 2021-07-27 16:58:59 -04:00
irq.c
irq.h
irq_comm.c
kvm_cache_regs.h
kvm_emulate.h
kvm_onhyperv.c
kvm_onhyperv.h
lapic.c
lapic.h
mmu.h
mtrr.c
pmu.c
pmu.h
reverse_cpuid.h
trace.h KVM: x86: Introduce trace_kvm_hv_hypercall_done() 2021-08-03 06:16:40 -04:00
tss.h
x86.c KVM: x86: accept userspace interrupt only if no event is injected 2021-07-30 07:53:02 -04:00
x86.h
xen.c
xen.h