• Paolo Bonzini's avatar
    kvm: mmu: ITLB_MULTIHIT mitigation · 5219505f
    Paolo Bonzini authored
    commit b8e8c830 upstream.
    
    With some Intel processors, putting the same virtual address in the TLB
    as both a 4 KiB and 2 MiB page can confuse the instruction fetch unit
    and cause the processor to issue a machine check resulting in a CPU lockup.
    
    Unfortunately when EPT page tables use huge pages, it is possible for a
    malicious guest to cause this situation.
    
    Add a knob to mark huge pages as non-executable. When the nx_huge_pages
    parameter is enabled (and we are using EPT), all huge pages are marked as
    NX. If the guest attempts to execute in one of those pages, the page is
    broken down into 4K pages, which are then marked executable.
    
    This is not an issue for shadow paging (except nested EPT), because then
    the host is in control of TLB flushes and the problematic situation cannot
    happen.  With nested EPT, again the nested guest can cause problems shadow
    and direct EPT is treated in the same way.
    
    [ tglx: Fixup default to auto and massage wording a bit ]
    Originally-by: default avatarJunaid Shahid <junaids@google.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    5219505f
kvm_host.h 44.6 KB