1. 21 10月, 2017 2 次提交
    • W
      KVM: VMX: Fix VPID capability detection · 61f1dd90
      Wanpeng Li 提交于
      In my setup, EPT is not exposed to L1, the VPID capability is exposed and
      can be observed by vmxcap tool in L1:
      INVVPID supported                        yes
      Individual-address INVVPID               yes
      Single-context INVVPID                   yes
      All-context INVVPID                      yes
      Single-context-retaining-globals INVVPID yes
      
      However, the module parameter of VPID observed in L1 is always N, the
      cpu_has_vmx_invvpid() check in L1 KVM fails since vmx_capability.vpid
      is 0 and it is not read from MSR due to EPT is not exposed.
      
      The VPID can be used to tag linear mappings when EPT is not enabled. However,
      current logic just detects VPID capability if EPT is enabled, this patch
      fixes it.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Jim Mattson <jmattson@google.com>
      Signed-off-by: NWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      61f1dd90
    • W
      KVM: nVMX: Fix EPT switching advertising · 575b3a2c
      Wanpeng Li 提交于
      I can use vmxcap tool to observe "EPTP Switching   yes" even if EPT is not
      exposed to L1.
      
      EPT switching is advertised unconditionally since it is emulated, however,
      it can be treated as an extended feature for EPT and it should not be
      advertised if EPT itself is not exposed. This patch fixes it.
      Reviewed-by: NDavid Hildenbrand <david@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Jim Mattson <jmattson@google.com>
      Signed-off-by: NWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      575b3a2c
  2. 19 10月, 2017 1 次提交
  3. 12 10月, 2017 36 次提交
  4. 10 10月, 2017 1 次提交
    • L
      KVM: MMU: always terminate page walks at level 1 · 829ee279
      Ladi Prosek 提交于
      is_last_gpte() is not equivalent to the pseudo-code given in commit
      6bb69c9b ("KVM: MMU: simplify last_pte_bitmap") because an incorrect
      value of last_nonleaf_level may override the result even if level == 1.
      
      It is critical for is_last_gpte() to return true on level == 1 to
      terminate page walks. Otherwise memory corruption may occur as level
      is used as an index to various data structures throughout the page
      walking code.  Even though the actual bug would be wherever the MMU is
      initialized (as in the previous patch), be defensive and ensure here
      that is_last_gpte() returns the correct value.
      
      This patch is also enough to fix CVE-2017-12188.
      
      Fixes: 6bb69c9b
      Cc: stable@vger.kernel.org
      Cc: Andy Honig <ahonig@google.com>
      Signed-off-by: NLadi Prosek <lprosek@redhat.com>
      [Panic if walk_addr_generic gets an incorrect level; this is a serious
       bug and it's not worth a WARN_ON where the recovery path might hide
       further exploitable issues; suggested by Andrew Honig. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      829ee279