Re: [PATCH 4.14.y] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

From: Greg KH
Date: Mon Aug 16 2021 - 10:47:07 EST

Next message: Heinrich Schuchardt: "[PATCH 1/1] riscv: select CONFIG_ARCH_KEEP_MEMBLOCK"
Previous message: Vladimir Oltean: "Re: of_node_put() usage is buggy all over drivers/of/base.c?!"
In reply to: Paolo Bonzini: "Re: [PATCH 4.14.y] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 16, 2021 at 04:02:36PM +0200, Paolo Bonzini wrote:
> From: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
>
> [ upstream commit c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc ]
>
> If L1 disables VMLOAD/VMSAVE intercepts, and doesn't enable
> Virtual VMLOAD/VMSAVE (currently not supported for the nested hypervisor),
> then VMLOAD/VMSAVE must operate on the L1 physical memory, which is only
> possible by making L0 intercept these instructions.
>
> Failure to do so allowed the nested guest to run VMLOAD/VMSAVE unintercepted,
> and thus read/write portions of the host physical memory.
>
> Fixes: 89c8a4984fc9 ("KVM: SVM: Enable Virtual VMLOAD VMSAVE feature")
>
> Suggested-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
> The above upstream SHA1 is still on its way to Linus

Ah, missed this down here, I read top-to-bottom and stopped at the
second line :)

Anyway, will wait for Linus to pick these up first.

thanks,

greg k-h

Next message: Heinrich Schuchardt: "[PATCH 1/1] riscv: select CONFIG_ARCH_KEEP_MEMBLOCK"
Previous message: Vladimir Oltean: "Re: of_node_put() usage is buggy all over drivers/of/base.c?!"
In reply to: Paolo Bonzini: "Re: [PATCH 4.14.y] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]