KVM: nVMX: Don't emulate instructions in guest mode

CVE-2020-2732 [ Upstream commit 07721fee ] vmx_check_intercept is not yet fully implemented. To avoid emulating instructions disallowed by the L1 hypervisor, refuse to emulate instructions by default. Cc: stable@vger.kernel.org [Made commit, added commit msg - Oliver] Signed-off-by: Oliver Upton <oupton@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Benjamin M Romer <benjamin.romer@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-2732 [ Upstream commit 07721fee ] vmx_check_intercept is not yet fully implemented. To avoid emulating instructions disallowed by the L1 hypervisor, refuse to emulate instructions by default. Cc: stable@vger.kernel.org [Made commit, added commit msg - Oliver] Signed-off-by: Oliver Upton <oupton@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Benjamin M Romer <benjamin.romer@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
1d089744 · Paolo Bonzini · Khalid Elmously · b616425f · 1d089744
Commit 1d089744 authored Feb 27, 2020 by Paolo Bonzini Committed by Khalid Elmously Feb 27, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

arch/x86/kvm/vmx.c arch/x86/kvm/vmx.c +1 -1

No files found.
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -11049,7 +11049,7 @@ static int vmx_check_intercept(struct kvm_vcpu *vcpu,
 	}

 	/* TODO: check more intercepts... */
-	return X86EMUL_CONTINUE;
+	return X86EMUL_UNHANDLEABLE;
 }

 static void vmx_sched_in(struct kvm_vcpu *vcpu, int cpu)