With some Intel processors, putting the same virtual address in the TLB
as both a 4 KiB and 2 MiB page can confuse the instruction fetch unit
and cause the processor to issue a machine check.  Unfortunately if EPT
page tables use huge pages, it possible for a malicious guest to cause
this situation.

This patch adds a knob to mark huge pages as non-executable. When the
nx_huge_pages parameter is enabled (and we are using EPT), all huge pages
are marked as NX. If the guest attempts to execute in one of those pages,
the page is broken down into 4K pages, which are then marked executable.

This is not an issue for shadow paging (except nested EPT), because then
the host is in control of TLB flushes and the problematic situation cannot
happen.  With nested EPT, again the nested guest can cause problems so we
treat shadow and direct EPT the same.
Signed-off-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

CVE-2018-12207

[tyhicks: Backport to 4.4
 - Context adjustments due to missing mmio_cached and unsync members of
   struct kvm_mmu_page and missing kvm_set_mmio_spte_mask()
 - Call kvm_mmu_invalidate_zap_all_pages() instead of
   kvm_mmu_zap_all_fast() since the latter does not exist
 - Continue to use pfn_t in place of kvm_pfn_t
 - kernel-parameters.txt is up one directory level
 - Don't create a "nx_largepages_splitted" debugfs entry since per-VM
   debugfs entries are not yet supported]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>