mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/x86
History
Marc Orr f0b5105af6 kvm: nvmx: limit atomic switch MSRs 
Allowing an unlimited number of MSRs to be specified via the VMX
load/store MSR lists (e.g., vm-entry MSR load list) is bad for two
reasons. First, a guest can specify an unreasonable number of MSRs,
forcing KVM to process all of them in software. Second, the SDM bounds
the number of MSRs allowed to be packed into the atomic switch MSR lists.
Quoting the "Miscellaneous Data" section in the "VMX Capability
Reporting Facility" appendix:

"Bits 27:25 is used to compute the recommended maximum number of MSRs
that should appear in the VM-exit MSR-store list, the VM-exit MSR-load
list, or the VM-entry MSR-load list. Specifically, if the value bits
27:25 of IA32_VMX_MISC is N, then 512 * (N + 1) is the recommended
maximum number of MSRs to be included in each list. If the limit is
exceeded, undefined processor behavior may result (including a machine
check during the VMX transition)."

Because KVM needs to protect itself and can't model "undefined processor
behavior", arbitrarily force a VM-entry to fail due to MSR loading when
the MSR load list is too large. Similarly, trigger an abort during a VM
exit that encounters an MSR load list or MSR store list that is too large.

The MSR list size is intentionally not pre-checked so as to maintain
compatibility with hardware inasmuch as possible.

Test these new checks with the kvm-unit-test "x86: nvmx: test max atomic
switch MSRs".

Suggested-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Signed-off-by: Marc Orr <marcorr@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-09-24 16:32:15 +02:00
..
boot Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-09-16 18:27:37 -07:00
configs
crypto crypto: x86/aes-ni - use AES library instead of single-use AES cipher 2019-09-09 23:48:41 +10:00
entry Kbuild updates for v5.4 2019-09-20 08:36:47 -07:00
events Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-09-16 19:21:34 -07:00
hyperv Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-09-17 12:35:15 -07:00
ia32
include kvm: nvmx: limit atomic switch MSRs 2019-09-24 16:32:15 +02:00
kernel KVM: vmx: Emulate MSR IA32_UMWAIT_CONTROL 2019-09-24 14:34:36 +02:00
kvm kvm: nvmx: limit atomic switch MSRs 2019-09-24 16:32:15 +02:00
lib x86/asm: Make some functions local labels 2019-09-06 10:41:11 +02:00
math-emu x86/fpu/math-emu: Address fallthrough warnings 2019-08-12 20:35:05 +02:00
mm powerpc updates for 5.4 2019-09-20 11:48:06 -07:00
net bpf: fix x64 JIT code generation for jmp to 1st insn 2019-08-01 13:12:09 -07:00
oprofile
pci dma-mapping updates for 5.4: 2019-09-19 13:27:23 -07:00
platform Driver core patches for 5.4-rc1 2019-09-18 10:04:39 -07:00
power Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-09-17 12:04:39 -07:00
purgatory Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-09-18 12:11:14 -07:00
ras
realmode x86/realmode: Remove trampoline_status 2019-07-22 11:30:18 +02:00
tools
um um: Use real DMA barriers 2019-09-15 21:37:14 +02:00
video
xen dma-mapping updates for 5.4: 2019-09-19 13:27:23 -07:00
.gitignore
Kbuild
Kconfig powerpc updates for 5.4 2019-09-20 11:48:06 -07:00
Kconfig.cpu
Kconfig.debug x86, perf: Fix the dependency of the x86 insn decoder selftest 2019-09-02 20:05:58 +02:00
Makefile x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning 2019-08-28 17:31:31 +02:00
Makefile.um
Makefile_32.cpu