| Message ID | 20181012113806.7483-2-kleber.souza@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | Fix for CVE-2016-9588 | expand |
On 12.10.2018 13:38, Kleber Sacilotto de Souza wrote: > From: Jim Mattson <jmattson@google.com> > > When L2 exits to L0 due to "exception or NMI", software exceptions > (#BP and #OF) for which L1 has requested an intercept should be > handled by L1 rather than L0. Previously, only hardware exceptions > were forwarded to L1. > > Signed-off-by: Jim Mattson <jmattson@google.com> > Cc: stable@vger.kernel.org > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > > CVE-2016-9588 > (backported from commit ef85b67385436ddc1998f45f1d6a210f935b3388) > Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > arch/x86/kvm/vmx.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index b5e7c586c878..76286508ad9b 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -1217,10 +1217,10 @@ static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12) > return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_EPT); > } > > -static inline bool is_exception(u32 intr_info) > +static inline bool is_nmi(u32 intr_info) > { > return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK)) > - == (INTR_TYPE_HARD_EXCEPTION | INTR_INFO_VALID_MASK); > + == (INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK); > } > > static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason, > @@ -4949,7 +4949,7 @@ static int handle_exception(struct kvm_vcpu *vcpu) > if (is_machine_check(intr_info)) > return handle_machine_check(vcpu); > > - if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR) > + if (is_nmi(intr_info)) > return 1; /* already handled by vmx_vcpu_run() */ > > if (is_no_device(intr_info)) { > @@ -6853,7 +6853,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu) > > switch (exit_reason) { > case EXIT_REASON_EXCEPTION_NMI: > - if (!is_exception(intr_info)) > + if (is_nmi(intr_info)) > return 0; > else if (is_page_fault(intr_info)) > return enable_ept; > @@ -7264,8 +7264,7 @@ static void vmx_complete_atomic_exit(struct vcpu_vmx *vmx) > kvm_machine_check(); > > /* We need to handle NMIs before interrupts are enabled */ > - if ((exit_intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR && > - (exit_intr_info & INTR_INFO_VALID_MASK)) { > + if (is_nmi(exit_intr_info)) { > kvm_before_handle_nmi(&vmx->vcpu); > asm("int $2"); > kvm_after_handle_nmi(&vmx->vcpu); >
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index b5e7c586c878..76286508ad9b 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1217,10 +1217,10 @@ static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12) return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_EPT); } -static inline bool is_exception(u32 intr_info) +static inline bool is_nmi(u32 intr_info) { return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK)) - == (INTR_TYPE_HARD_EXCEPTION | INTR_INFO_VALID_MASK); + == (INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK); } static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason, @@ -4949,7 +4949,7 @@ static int handle_exception(struct kvm_vcpu *vcpu) if (is_machine_check(intr_info)) return handle_machine_check(vcpu); - if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR) + if (is_nmi(intr_info)) return 1; /* already handled by vmx_vcpu_run() */ if (is_no_device(intr_info)) { @@ -6853,7 +6853,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu) switch (exit_reason) { case EXIT_REASON_EXCEPTION_NMI: - if (!is_exception(intr_info)) + if (is_nmi(intr_info)) return 0; else if (is_page_fault(intr_info)) return enable_ept; @@ -7264,8 +7264,7 @@ static void vmx_complete_atomic_exit(struct vcpu_vmx *vmx) kvm_machine_check(); /* We need to handle NMIs before interrupts are enabled */ - if ((exit_intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR && - (exit_intr_info & INTR_INFO_VALID_MASK)) { + if (is_nmi(exit_intr_info)) { kvm_before_handle_nmi(&vmx->vcpu); asm("int $2"); kvm_after_handle_nmi(&vmx->vcpu);