github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-05 04:56:13 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
5a7591176c
linux/arch
History
Sean Christopherson c4abd73520 KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest 
Stuff CR0 and/or CR4 to be compliant with a restricted guest if and only
if KVM itself is not configured to utilize unrestricted guests, i.e. don't
stuff CR0/CR4 for a restricted L2 that is running as the guest of an
unrestricted L1.  Any attempt to VM-Enter a restricted guest with invalid
CR0/CR4 values should fail, i.e. in a nested scenario, KVM (as L0) should
never observe a restricted L2 with incompatible CR0/CR4, since nested
VM-Enter from L1 should have failed.

And if KVM does observe an active, restricted L2 with incompatible state,
e.g. due to a KVM bug, fudging CR0/CR4 instead of letting VM-Enter fail
does more harm than good, as KVM will often neglect to undo the side
effects, e.g. won't clear rmode.vm86_active on nested VM-Exit, and thus
the damage can easily spill over to L1.  On the other hand, letting
VM-Enter fail due to bad guest state is more likely to contain the damage
to L2 as KVM relies on hardware to perform most guest state consistency
checks, i.e. KVM needs to be able to reflect a failed nested VM-Enter into
L1 irrespective of (un)restricted guest behavior.

Cc: Jim Mattson <jmattson@google.com>
Cc: stable@vger.kernel.org
Fixes: bddd82d19e ("KVM: nVMX: KVM needs to unset "unrestricted guest" VM-execution control in vmcs02 if vmcs12 doesn't set it")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230613203037.1968489-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-29 11:05:32 -04:00
..
alpha Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
arc asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
arm asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
arm64 ARM: 2023-07-23 10:44:38 -07:00
csky arch/csky patches for 6.5 2023-07-01 21:12:32 -07:00
hexagon Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
ia64 io_uring-6.5-2023-07-21 2023-07-22 10:46:30 -07:00
loongarch asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
m68k asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
microblaze slab updates for 6.5 2023-06-29 16:34:12 -07:00
mips - fixes for KVM 2023-07-09 10:02:49 -07:00
nios2 slab updates for 6.5 2023-06-29 16:34:12 -07:00
openrisc OpenRISC fix for 6.5 2023-07-12 16:28:53 -07:00
parisc io_uring-6.5-2023-07-21 2023-07-22 10:46:30 -07:00
powerpc Revert "powerpc/64s: Remove support for ELFv1 little endian userspace" 2023-07-19 21:28:35 +10:00
riscv RISC-V Fixes for 6.5-rc2 2023-07-14 11:14:07 -07:00
s390 ARM: 2023-07-23 10:44:38 -07:00
sh sh fixes for v6.5 2023-07-13 13:34:00 -07:00
sparc sparc: mark __arch_xchg() as __always_inline 2023-07-13 09:54:32 -07:00
um x86/alternative: Rename apply_ibt_endbr() 2023-07-10 09:52:23 +02:00
x86 KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest 2023-07-29 11:05:32 -04:00
xtensa xtensa: fix unaligned and load/store configuration interaction 2023-07-10 21:41:04 -07:00
.gitignore
Kconfig - Arnd Bergmann has fixed a bunch of -Wmissing-prototypes in 2023-06-28 10:59:38 -07:00