mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-05 00:20:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/x86
History
Jim Mattson 28d0635388 kvm: nVMX: Disallow userspace-injected exceptions in guest mode 
The userspace exception injection API and code path are entirely
unprepared for exceptions that might cause a VM-exit from L2 to L1, so
the best course of action may be to simply disallow this for now.

1. The API provides no mechanism for userspace to specify the new DR6
bits for a #DB exception or the new CR2 value for a #PF
exception. Presumably, userspace is expected to modify these registers
directly with KVM_SET_SREGS before the next KVM_RUN ioctl. However, in
the event that L1 intercepts the exception, these registers should not
be changed. Instead, the new values should be provided in the
exit_qualification field of vmcs12 (Intel SDM vol 3, section 27.1).

2. In the case of a userspace-injected #DB, inject_pending_event()
clears DR7.GD before calling vmx_queue_exception(). However, in the
event that L1 intercepts the exception, this is too early, because
DR7.GD should not be modified by a #DB that causes a VM-exit directly
(Intel SDM vol 3, section 27.1).

3. If the injected exception is a #PF, nested_vmx_check_exception()
doesn't properly check whether or not L1 is interested in the
associated error code (using the #PF error code mask and match fields
from vmcs12). It may either return 0 when it should call
nested_vmx_vmexit() or vice versa.

4. nested_vmx_check_exception() assumes that it is dealing with a
hardware-generated exception intercept from L2, with some of the
relevant details (the VM-exit interruption-information and the exit
qualification) live in vmcs02. For userspace-injected exceptions, this
is not the case.

5. prepare_vmcs12() assumes that when its exit_intr_info argument
specifies valid information with a valid error code that it can VMREAD
the VM-exit interruption error code from vmcs02. For
userspace-injected exceptions, this is not the case.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-04-07 16:49:01 +02:00
..
boot Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-02-20 14:04:37 -08:00
configs x86/build/x86_64_defconfig: Enable CONFIG_R8169 2017-03-06 11:47:43 +01:00
crypto crypto: sha512-mb - Protect sha512 mb ctx mgr access 2017-02-11 17:50:41 +08:00
entry Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
events Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-17 13:59:52 -07:00
hyperv x86/hyperv: Hide unused label 2017-03-01 10:51:40 +01:00
ia32 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
include kvm: make KVM_COALESCED_MMIO_PAGE_OFFSET public 2017-04-07 16:49:01 +02:00
kernel Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-17 14:05:03 -07:00
kvm kvm: nVMX: Disallow userspace-injected exceptions in guest mode 2017-04-07 16:49:01 +02:00
lguest clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
lib x86/timer: Make delay() work during early bootup 2017-01-22 10:03:12 +01:00
math-emu Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mm x86/mpx: Make unnecessarily global function static 2017-03-16 09:17:05 +01:00
net bpf: fix unlocking of jited image when module ronx not set 2017-02-21 13:30:14 -05:00
oprofile x86/oprofile/nmi: Convert to hotplug state machine 2016-11-22 23:34:43 +01:00
pci features and fixes for 4.11 rc1 2017-03-09 12:23:30 -08:00
platform x86/platform/intel-mid: Add power button support for Merrifield 2017-03-13 22:08:28 +01:00
power Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-18 13:59:10 -08:00
purgatory kexec, x86/purgatory: Unbreak it and clean it up 2017-03-10 20:55:09 +01:00
ras x86/ras/amd/inj: Change dependency 2017-01-24 09:14:55 +01:00
realmode x86/build: Don't use $(LINUXINCLUDE) twice 2016-11-28 07:49:17 +01:00
tools x86/tools: Fix gcc-7 warning in relocs.c 2016-12-19 11:50:24 +01:00
um sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
video
xen sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
.gitignore
Kbuild Drivers: hv vmbus: Move Hypercall page setup out of common code 2017-01-19 11:42:07 +01:00
Kconfig The usual collection of new drivers, non-critical fixes, and updates 2017-02-25 14:28:06 -08:00
Kconfig.cpu
Kconfig.debug mm: add arch-independent testcases for RODATA 2017-02-27 18:43:48 -08:00
Makefile
Makefile.um
Makefile_32.cpu