Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.481
5453653b-x86-HVM-only-kill-on-unknown-exit-from...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5453653b-x86-HVM-only-kill-on-unknown-exit-from-kernel-mode.patch of Package xen.481
# Commit 5283b310e14884341f51be35253cdd59c4cb034c # Date 2014-10-31 11:32:27 +0100 # Author Jan Beulich <jbeulich@suse.com> # Committer Jan Beulich <jbeulich@suse.com> x86/HVM: only kill guest when unknown VM exit occurred in guest kernel mode A recent KVM change by Nadav Amit <namit@cs.technion.ac.il> pointed out that unconditional VM exits (like VMX'es ones for the INVEPT, INVVPID, and XSETBV instructions) may result from guest user mode activity (in the example cases, e.g. prior to a privilege level check being done). Consequently convert the unconditional domain_crash() to a conditional one (when guest is in kernel mode) with the alternative of injecting #UD (when in user mode). This is meant to be a precaution against in-guest security issues introduced when any such VM exit becomes possible (on newer hardware) without the hypervisor immediately being aware of it. There are no such unhandled VM exits currently (and hence this is not an active security issue), but old (no longer security maintained) versions exhibit issues in the cases given as examples above. Suggested-by: Tim Deegan <tim@xen.org> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Kevin Tian <kevin.tian@intel.com> --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2474,7 +2474,11 @@ void svm_vmexit_handler(struct cpu_user_ "exitinfo1 = %#"PRIx64", exitinfo2 = %#"PRIx64"\n", exit_reason, (u64)vmcb->exitinfo1, (u64)vmcb->exitinfo2); - domain_crash(v->domain); + if ( vmcb_get_cpl(vmcb) ) + hvm_inject_hw_exception(TRAP_invalid_op, + HVM_DELIVER_NO_ERROR_CODE); + else + domain_crash(v->domain); break; } --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3050,8 +3050,19 @@ void vmx_vmexit_handler(struct cpu_user_ /* fall through */ default: exit_and_crash: - gdprintk(XENLOG_ERR, "Bad vmexit (reason %#lx)\n", exit_reason); - domain_crash(v->domain); + { + struct segment_register ss; + + gdprintk(XENLOG_WARNING, "Bad vmexit (reason %#lx)\n", + exit_reason); + + vmx_get_segment_register(v, x86_seg_ss, &ss); + if ( ss.attr.fields.dpl ) + hvm_inject_hw_exception(TRAP_invalid_op, + HVM_DELIVER_NO_ERROR_CODE); + else + domain_crash(v->domain); + } break; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor