Commit a844b017 authored by Konrad Rzeszutek Wilk's avatar Konrad Rzeszutek Wilk Committed by Stefan Bader

x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs

The IA32_FLUSH_CMD MSR needs only to be written on VMENTER. Extend
add_atomic_switch_msr() with an entry_only parameter to allow storing the
MSR only in the guest (ENTRY) MSR array.
Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 62bb770c
...@@ -1814,9 +1814,9 @@ static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, ...@@ -1814,9 +1814,9 @@ static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx,
} }
static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
u64 guest_val, u64 host_val) u64 guest_val, u64 host_val, bool entry_only)
{ {
int i, j; int i, j = 0;
struct msr_autoload *m = &vmx->msr_autoload; struct msr_autoload *m = &vmx->msr_autoload;
switch (msr) { switch (msr) {
...@@ -1852,7 +1852,9 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, ...@@ -1852,7 +1852,9 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
} }
i = find_msr(&m->guest, msr); i = find_msr(&m->guest, msr);
if (!entry_only)
j = find_msr(&m->host, msr); j = find_msr(&m->host, msr);
if (i == NR_AUTOLOAD_MSRS || j == NR_AUTOLOAD_MSRS) { if (i == NR_AUTOLOAD_MSRS || j == NR_AUTOLOAD_MSRS) {
printk_once(KERN_WARNING "Not enough msr switch entries. " printk_once(KERN_WARNING "Not enough msr switch entries. "
"Can't add msr %x\n", msr); "Can't add msr %x\n", msr);
...@@ -1862,12 +1864,16 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, ...@@ -1862,12 +1864,16 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr,
i = m->guest.nr++; i = m->guest.nr++;
vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);
} }
m->guest.val[i].index = msr;
m->guest.val[i].value = guest_val;
if (entry_only)
return;
if (j < 0) { if (j < 0) {
j = m->host.nr++; j = m->host.nr++;
vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr);
} }
m->guest.val[i].index = msr;
m->guest.val[i].value = guest_val;
m->host.val[j].index = msr; m->host.val[j].index = msr;
m->host.val[j].value = host_val; m->host.val[j].value = host_val;
} }
...@@ -1926,7 +1932,7 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) ...@@ -1926,7 +1932,7 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
guest_efer &= ~EFER_LME; guest_efer &= ~EFER_LME;
if (guest_efer != host_efer) if (guest_efer != host_efer)
add_atomic_switch_msr(vmx, MSR_EFER, add_atomic_switch_msr(vmx, MSR_EFER,
guest_efer, host_efer); guest_efer, host_efer, false);
return false; return false;
} else { } else {
guest_efer &= ~ignore_bits; guest_efer &= ~ignore_bits;
...@@ -3047,7 +3053,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) ...@@ -3047,7 +3053,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
vcpu->arch.ia32_xss = data; vcpu->arch.ia32_xss = data;
if (vcpu->arch.ia32_xss != host_xss) if (vcpu->arch.ia32_xss != host_xss)
add_atomic_switch_msr(vmx, MSR_IA32_XSS, add_atomic_switch_msr(vmx, MSR_IA32_XSS,
vcpu->arch.ia32_xss, host_xss); vcpu->arch.ia32_xss, host_xss, false);
else else
clear_atomic_switch_msr(vmx, MSR_IA32_XSS); clear_atomic_switch_msr(vmx, MSR_IA32_XSS);
break; break;
...@@ -8715,7 +8721,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) ...@@ -8715,7 +8721,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
clear_atomic_switch_msr(vmx, msrs[i].msr); clear_atomic_switch_msr(vmx, msrs[i].msr);
else else
add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest, add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest,
msrs[i].host); msrs[i].host, false);
} }
static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment