www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Roman Kagan <rkagan@virtuozzo.com>
	Wed, 18 May 2016 14:48:20 +0000 (17:48 +0300)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Sun, 30 Oct 2016 23:45:25 +0000 (16:45 -0700)
commit	6ec7474d183f33169de152485ecb1bdc2dbd47e6
tree	62820a441ad51e269ca841e904a802ed3ede6ae1	tree
parent	5e9b8c2cf02bafdfe68ea971de0f5f37f7ced90a	commit \| diff

kvm:vmx: more complete state update on APICv on/off

The function to update APICv on/off state (in particular, to deactivate
it when enabling Hyper-V SynIC) is incomplete: it doesn't adjust
APICv-related fields among secondary processor-based VM-execution
controls. As a result, Windows 2012 guests get stuck when SynIC-based
auto-EOI interrupt intersected with e.g. an IPI in the guest.

In addition, the MSR intercept bitmap isn't updated every time "virtualize
x2APIC mode" is toggled. This path can only be triggered by a malicious
guest, because Windows didn't use x2APIC but rather their own synthetic
APIC access MSRs; however a guest running in a SynIC-enabled VM could
switch to x2APIC and thus obtain direct access to host APIC MSRs
(CVE-2016-4440).

The patch fixes those omissions.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Reported-by: Steve Rutherford <srutherford@google.com>
Reported-by: Yang Zhang <yang.zhang.wz@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Orabug: 23347009
CVE: CVE-2016-4440
Signed-off-by: Manjunath Govindashetty <manjunath.govindashetty@oracle.com>

arch/x86/include/asm/kvm_host.h		diff \| blob \| history
arch/x86/kvm/lapic.h		diff \| blob \| history
arch/x86/kvm/vmx.c		diff \| blob \| history