public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-04 16:25:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/arch/x86
History
Sean Christopherson daa07cbc9a KVM: x86: fix L1TF's MMIO GFN calculation 
One defense against L1TF in KVM is to always set the upper five bits
of the *legal* physical address in the SPTEs for non-present and
reserved SPTEs, e.g. MMIO SPTEs.  In the MMIO case, the GFN of the
MMIO SPTE may overlap with the upper five bits that are being usurped
to defend against L1TF.  To preserve the GFN, the bits of the GFN that
overlap with the repurposed bits are shifted left into the reserved
bits, i.e. the GFN in the SPTE will be split into high and low parts.
When retrieving the GFN from the MMIO SPTE, e.g. to check for an MMIO
access, get_mmio_spte_gfn() unshifts the affected bits and restores
the original GFN for comparison.  Unfortunately, get_mmio_spte_gfn()
neglects to mask off the reserved bits in the SPTE that were used to
store the upper chunk of the GFN.  As a result, KVM fails to detect
MMIO accesses whose GPA overlaps the repurprosed bits, which in turn
causes guest panics and hangs.

Fix the bug by generating a mask that covers the lower chunk of the
GFN, i.e. the bits that aren't shifted by the L1TF mitigation.  The
alternative approach would be to explicitly zero the five reserved
bits that are used to store the upper chunk of the GFN, but that
requires additional run-time computation and makes an already-ugly
bit of code even more inscrutable.

I considered adding a WARN_ON_ONCE(low_phys_bits-1 <= PAGE_SHIFT) to
warn if GENMASK_ULL() generated a nonsensical value, but that seemed
silly since that would mean a system that supports VMX has less than
18 bits of physical address space...

Reported-by: Sakari Ailus <sakari.ailus@iki.fi>
Fixes: d9b47449c1a1 ("kvm: x86: Set highest physical address bits in non-present/reserved SPTEs")
Cc: Junaid Shahid <junaids@google.com>
Cc: Jim Mattson <jmattson@google.com>
Cc: stable@vger.kernel.org
Reviewed-by: Junaid Shahid <junaids@google.com>
Tested-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-01 15:41:00 +02:00
..
boot Kbuild updates for v4.19 (2nd) 2018-08-25 13:40:38 -07:00
configs
crypto crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2 2018-09-14 14:08:27 +08:00
entry x86/vdso: Fix vDSO build if a retpoline is emitted 2018-08-20 18:04:41 +02:00
events perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs 2018-09-10 10:03:01 +02:00
hyperv x86/hyper-v: rename ipi_arg_{ex,non_ex} structures 2018-09-20 00:51:42 +02:00
ia32
include KVM: x86: Control guest reads of MSR_PLATFORM_INFO 2018-09-20 00:51:46 +02:00
kernel x86/APM: Fix build warning when PROC_FS is not enabled 2018-09-15 10:16:25 +02:00
kvm KVM: x86: fix L1TF's MMIO GFN calculation 2018-10-01 15:41:00 +02:00
lib x86/nmi: Fix NMI uaccess race against CR3 switching 2018-08-31 17:08:22 +02:00
math-emu
mm x86/mm: Use WRITE_ONCE() when setting PTEs 2018-09-08 12:30:36 +02:00
net
oprofile
pci
platform x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 2018-09-12 21:53:34 +02:00
power Power management updates for 4.19-rc1 2018-08-14 13:12:24 -07:00
purgatory
ras
realmode
tools
um Consolidation of Kconfig files by Christoph Hellwig. 2018-08-15 13:05:12 -07:00
video
xen xen: fixes for 4.19-rc2 2018-08-31 08:45:16 -07:00
.gitignore
Kbuild
Kconfig x86/Kconfig: Fix trivial typo 2018-08-27 10:29:14 +02:00
Kconfig.cpu
Kconfig.debug
Makefile x86: Allow generating user-space headers without a compiler 2018-08-31 17:08:22 +02:00
Makefile.um kbuild: rename LDFLAGS to KBUILD_LDFLAGS 2018-08-24 08:22:08 +09:00
Makefile_32.cpu