Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-11 21:52:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
d79b483193
linux/arch/x86
History
Paolo Bonzini d79b483193 Merge branch 'kvm-svm-harden' into HEAD 
This fixes three issues in nested SVM:

1) in the shutdown_interception() vmexit handler we call kvm_vcpu_reset().
However, if running nested and L1 doesn't intercept shutdown, the function
resets vcpu->arch.hflags without properly leaving the nested state.
This leaves the vCPU in inconsistent state and later triggers a kernel
panic in SVM code.  The same bug can likely be triggered by sending INIT
via local apic to a vCPU which runs a nested guest.

On VMX we are lucky that the issue can't happen because VMX always
intercepts triple faults, thus triple fault in L2 will always be
redirected to L1.  Plus, handle_triple_fault() doesn't reset the vCPU.
INIT IPI can't happen on VMX either because INIT events are masked while
in VMX mode.

Secondarily, KVM doesn't honour SHUTDOWN intercept bit of L1 on SVM.
A normal hypervisor should always intercept SHUTDOWN, a unit test on
the other hand might want to not do so.

Finally, the guest can trigger a kernel non rate limited printk on SVM
from the guest, which is fixed as well.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-17 11:51:18 -05:00
..
boot - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
coco x86/tdx: Panic on bad configs that #VE on "private" memory access 2022-11-01 16:02:40 -07:00
configs x86/defconfig: Enable CONFIG_DEBUG_WX=y 2022-09-02 10:41:42 +02:00
crypto crypto: x86/polyval - Fix crashes when keys are not 16-byte aligned 2022-10-21 19:05:05 +08:00
entry treewide: use prandom_u32_max() when possible, part 1 2022-10-11 17:42:55 -06:00
events perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] 2022-11-02 12:22:07 +01:00
hyperv x86/hyperv: Replace kmap() with kmap_local_page() 2022-10-03 08:49:48 +00:00
ia32 x86: Remove a.out support 2022-04-11 18:04:27 +02:00
include A PCI allocation fix and a PV clock fix. 2022-11-09 12:28:15 -05:00
kernel x86, KVM: remove unnecessary argument to x86_virt_spec_ctrl and callers 2022-11-09 12:26:51 -05:00
kvm Merge branch 'kvm-svm-harden' into HEAD 2022-11-17 11:51:18 -05:00
lib - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
math-emu x86/32: Remove lazy GS macros 2022-04-14 14:09:43 +02:00
mm x86/mm: Do not verify W^X at boot up 2022-10-24 18:05:27 -07:00
net bpf: Fix dispatcher patchable function entry to 5 bytes nop 2022-10-20 18:57:51 -07:00
pci x86/PCI: Revert "x86/PCI: Clip only host bridge windows for E820 regions" 2022-06-17 14:24:14 -05:00
platform EFI updates for v6.1 2022-10-09 08:56:54 -07:00
power x86/cpu: Load microcode during restore_processor_state() 2022-04-19 19:37:05 +02:00
purgatory x86/purgatory: disable KMSAN instrumentation 2022-10-28 13:37:23 -07:00
ras
realmode x86: kmsan: disable instrumentation of unsupported code 2022-10-03 14:03:24 -07:00
tools x86/tools/relocs: Ignore __kcfi_typeid_ relocations 2022-09-26 10:13:15 -07:00
um arch: um: Mark the stack non-executable to fix a binutils warning 2022-09-21 09:11:42 +02:00
video
virt/vmx/tdx x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers 2022-04-07 08:27:50 -07:00
xen xen: branch for v6.1-rc4 2022-11-06 10:42:29 -08:00
.gitignore x86/purgatory: Omit use of bin2c 2022-07-25 10:32:32 +02:00
Kbuild
Kconfig x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB 2022-10-17 19:11:16 +02:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic 2022-06-23 15:39:21 +01:00
Makefile Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Makefile_32.cpu
Makefile.um