KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported

stable inclusion from stable-5.10.38 commit 79abde761e05ea1cb5996d458c0d31f0d80813f1 bugzilla: 51875 CVE: NA -------------------------------- commit 8aec21c0 upstream. Clear KVM's RDPID capability if the ENABLE_RDTSCP secondary exec control is unsupported. Despite being enumerated in a separate CPUID flag, RDPID is bundled under the same VMCS control as RDTSCP and will #UD in VMX non-root if ENABLE_RDTSCP is not enabled. Fixes: 41cd02c6 ("kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID") Cc: stable@vger.kernel.org Signed-off-by: N Sean Christopherson <seanjc@google.com> Message-Id: <20210504171734.1434054-2-seanjc@google.com> Reviewed-by: N Jim Mattson <jmattson@google.com> Reviewed-by: N Reiji Watanabe <reijiw@google.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Chen Jun <chenjun102@huawei.com> Acked-by: N Weilong Chen <chenweilong@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported
stable inclusion from stable-5.10.38 commit 79abde761e05ea1cb5996d458c0d31f0d80813f1 bugzilla: 51875 CVE: NA -------------------------------- commit 8aec21c0 upstream. Clear KVM's RDPID capability if the ENABLE_RDTSCP secondary exec control is unsupported. Despite being enumerated in a separate CPUID flag, RDPID is bundled under the same VMCS control as RDTSCP and will #UD in VMX non-root if ENABLE_RDTSCP is not enabled. Fixes: 41cd02c6 ("kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID") Cc: stable@vger.kernel.org Signed-off-by: N Sean Christopherson <seanjc@google.com> Message-Id: <20210504171734.1434054-2-seanjc@google.com> Reviewed-by: N Jim Mattson <jmattson@google.com> Reviewed-by: N Reiji Watanabe <reijiw@google.com> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Chen Jun <chenjun102@huawei.com> Acked-by: N Weilong Chen <chenweilong@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
f3a0af70 · Sean Christopherson · Zheng Zengkai · bc6c4e2f · f3a0af70
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

arch/x86/kvm/vmx/vmx.c arch/x86/kvm/vmx/vmx.c +4 -2

未找到文件。
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7315,9 +7315,11 @@ static __init void vmx_set_cpu_caps(void)
 	if (!cpu_has_vmx_xsaves())
 		kvm_cpu_cap_clear(X86_FEATURE_XSAVES);

-	/* CPUID 0x80000001 */
-	if (!cpu_has_vmx_rdtscp())
+	/* CPUID 0x80000001 and 0x7 (RDPID) */
+	if (!cpu_has_vmx_rdtscp()) {
 		kvm_cpu_cap_clear(X86_FEATURE_RDTSCP);
+		kvm_cpu_cap_clear(X86_FEATURE_RDPID);
+	}

 	if (cpu_has_vmx_waitpkg())
 		kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG);