[05/14] KVM: x86: nSVM: don't copy virt_ext from vmcb12

Message ID	20210914154825.104886-6-mlevitsk@redhat.com
State	Accepted
Commit	faf6b755629627f19feafa75b32e81cd7738f12d
Headers	show Return-Path: <linux-kselftest-owner@kernel.org> From: Maxim Levitsky <mlevitsk@redhat.com> To: kvm@vger.kernel.org Cc: Vitaly Kuznetsov <vkuznets@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Borislav Petkov <bp@alien8.de>, Bandan Das <bsd@redhat.com>, linux-kernel@vger.kernel.org (open list), Joerg Roedel <joro@8bytes.org>, Ingo Molnar <mingo@redhat.com>, Wei Huang <wei.huang2@amd.com>, Sean Christopherson <seanjc@google.com>, linux-kselftest@vger.kernel.org (open list:KERNEL SELFTEST FRAMEWORK), Maxim Levitsky <mlevitsk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Jim Mattson <jmattson@google.com>, Thomas Gleixner <tglx@linutronix.de>, x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), Shuah Khan <shuah@kernel.org>, Wanpeng Li <wanpengli@tencent.com> Subject: [PATCH 05/14] KVM: x86: nSVM: don't copy virt_ext from vmcb12 Date: Tue, 14 Sep 2021 18:48:16 +0300 Message-Id: <20210914154825.104886-6-mlevitsk@redhat.com> In-Reply-To: <20210914154825.104886-1-mlevitsk@redhat.com> References: <20210914154825.104886-1-mlevitsk@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[01/14] KVM: x86: nSVM: restore int_vector in svm_clear_vintr \| expand [01/14] KVM: x86: nSVM: restore int_vector in svm_clear_vintr [03/14] KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround [05/14] KVM: x86: nSVM: don't copy virt_ext from vmcb12 [07/14] KVM: x86: SVM: add warning for CVE-2021-3656 [09/14] KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running [11/14] KVM: x86: nSVM: implement nested VMLOAD/VMSAVE [13/14] KVM: x86: nSVM: implement nested TSC scaling

Message ID

20210914154825.104886-6-mlevitsk@redhat.com

State

Accepted

Commit

faf6b755629627f19feafa75b32e81cd7738f12d

Headers

From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Borislav Petkov <bp@alien8.de>, Bandan Das <bsd@redhat.com>,
	linux-kernel@vger.kernel.org (open list),
	Joerg Roedel <joro@8bytes.org>, Ingo Molnar <mingo@redhat.com>,
	Wei Huang <wei.huang2@amd.com>, Sean Christopherson <seanjc@google.com>,
	linux-kselftest@vger.kernel.org (open list:KERNEL SELFTEST FRAMEWORK),
	Maxim Levitsky <mlevitsk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Jim Mattson <jmattson@google.com>, Thomas Gleixner <tglx@linutronix.de>,
	x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)),
	Shuah Khan <shuah@kernel.org>, Wanpeng Li <wanpengli@tencent.com>
Subject: [PATCH 05/14] KVM: x86: nSVM: don't copy virt_ext from vmcb12
Date: Tue, 14 Sep 2021 18:48:16 +0300
Message-Id: <20210914154825.104886-6-mlevitsk@redhat.com>
In-Reply-To: <20210914154825.104886-1-mlevitsk@redhat.com>
References: <20210914154825.104886-1-mlevitsk@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[01/14] KVM: x86: nSVM: restore int_vector in svm_clear_vintr | expand

Commit Message

Maxim Levitsky Sept. 14, 2021, 3:48 p.m. UTC

These field correspond to features that we don't expose yet to L2

While currently there are no CVE worthy features in this field,
if AMD adds more features to this field, that could allow guest
escapes similar to CVE-2021-3653 and CVE-2021-3656.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 arch/x86/kvm/svm/nested.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Paolo Bonzini Sept. 23, 2021, 2:06 p.m. UTC | #1

On 14/09/21 17:48, Maxim Levitsky wrote:
> These field correspond to features that we don't expose yet to L2

> 

> While currently there are no CVE worthy features in this field,

> if AMD adds more features to this field, that could allow guest

> escapes similar to CVE-2021-3653 and CVE-2021-3656.

> 

> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>

> ---

>   arch/x86/kvm/svm/nested.c | 1 -

>   1 file changed, 1 deletion(-)

> 

> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c

> index 476e01f98035..4df59d9795b6 100644

> --- a/arch/x86/kvm/svm/nested.c

> +++ b/arch/x86/kvm/svm/nested.c

> @@ -545,7 +545,6 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm)

>   		(svm->nested.ctl.int_ctl & int_ctl_vmcb12_bits) |

>   		(svm->vmcb01.ptr->control.int_ctl & int_ctl_vmcb01_bits);

>   

> -	svm->vmcb->control.virt_ext            = svm->nested.ctl.virt_ext;

>   	svm->vmcb->control.int_vector          = svm->nested.ctl.int_vector;

>   	svm->vmcb->control.int_state           = svm->nested.ctl.int_state;

>   	svm->vmcb->control.event_inj           = svm->nested.ctl.event_inj;

> 


Queued, thanks.

Paolo

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 476e01f98035..4df59d9795b6 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -545,7 +545,6 @@  static void nested_vmcb02_prepare_control(struct vcpu_svm *svm)
 		(svm->nested.ctl.int_ctl & int_ctl_vmcb12_bits) |
 		(svm->vmcb01.ptr->control.int_ctl & int_ctl_vmcb01_bits);
 
-	svm->vmcb->control.virt_ext            = svm->nested.ctl.virt_ext;
 	svm->vmcb->control.int_vector          = svm->nested.ctl.int_vector;
 	svm->vmcb->control.int_state           = svm->nested.ctl.int_state;
 	svm->vmcb->control.event_inj           = svm->nested.ctl.event_inj;

[05/14] KVM: x86: nSVM: don't copy virt_ext from vmcb12

Commit Message

Comments

Patch