Blame patches.suse/kvm-nvmx-don-t-emulate-instructions-in-guest-mode
|
Joerg Roedel |
f5d915 |
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Joerg Roedel |
f5d915 |
Date: Tue, 4 Feb 2020 15:26:29 -0800
|
|
Joerg Roedel |
f5d915 |
Subject: KVM: nVMX: Don't emulate instructions in guest mode
|
|
Joerg Roedel |
f5d915 |
Git-commit: 07721feee46b4b248402133228235318199b05ec
|
|
Joerg Roedel |
f5d915 |
References: CVE-2020-2732 bsc#1163971
|
|
Joerg Roedel |
f5d915 |
Patch-mainline: v5.6-rc4
|
|
Joerg Roedel |
f5d915 |
|
|
Joerg Roedel |
f5d915 |
vmx_check_intercept is not yet fully implemented. To avoid emulating
|
|
Joerg Roedel |
f5d915 |
instructions disallowed by the L1 hypervisor, refuse to emulate
|
|
Joerg Roedel |
f5d915 |
instructions by default.
|
|
Joerg Roedel |
f5d915 |
|
|
Joerg Roedel |
f5d915 |
Cc: stable@vger.kernel.org
|
|
Joerg Roedel |
f5d915 |
[Made commit, added commit msg - Oliver]
|
|
Joerg Roedel |
f5d915 |
Signed-off-by: Oliver Upton <oupton@google.com>
|
|
Joerg Roedel |
f5d915 |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Joerg Roedel |
f5d915 |
Acked-by: Joerg Roedel <jroedel@suse.de>
|
|
Joerg Roedel |
f5d915 |
---
|
|
Joerg Roedel |
f5d915 |
arch/x86/kvm/vmx/vmx.c | 2 +-
|
|
Joerg Roedel |
f5d915 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Joerg Roedel |
f5d915 |
|
|
Joerg Roedel |
f5d915 |
--- a/arch/x86/kvm/vmx.c
|
|
Joerg Roedel |
f5d915 |
+++ b/arch/x86/kvm/vmx.c
|
|
Joerg Roedel |
f5d915 |
@@ -12378,7 +12378,7 @@ static int vmx_check_intercept(struct kv
|
|
Joerg Roedel |
f5d915 |
struct x86_instruction_info *info,
|
|
Joerg Roedel |
f5d915 |
enum x86_intercept_stage stage)
|
|
Joerg Roedel |
f5d915 |
{
|
|
Joerg Roedel |
f5d915 |
- return X86EMUL_CONTINUE;
|
|
Joerg Roedel |
f5d915 |
+ return X86EMUL_UNHANDLEABLE;
|
|
Joerg Roedel |
f5d915 |
}
|
|
Joerg Roedel |
f5d915 |
|
|
Joerg Roedel |
f5d915 |
#ifdef CONFIG_X86_64
|