Bug 53701
| Summary: | nVMX: Unchecked setting of cr4 for nested guest | ||
|---|---|---|---|
| Product: | Virtualization | Reporter: | Nadav Har'El (nyh) |
| Component: | kvm | Assignee: | virtualization_kvm |
| Status: | NEW --- | ||
| Severity: | enhancement | ||
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | Subsystem: | ||
| Regression: | No | Bisected commit-id: | |
| Bug Depends on: | |||
| Bug Blocks: | 94971, 53601 | ||
On 29 May 2012, Avi Kivity wrote on the KVM mailing list: It looks like the lines vmx_set_cr0(vcpu, vmcs12->guest_cr0); vmcs_writel(CR0_READ_SHADOW, nested_read_cr0(vmcs12)); vmx_set_cr4(vcpu, vmcs12->guest_cr4); vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12)); in prepare_vmcs02() are too dangerous. They only let the hardware check cr4, but not software, so a future cr4 bit which is not handled correctly by kvm can be set in a nested guest. L1 appears to be protected, we use kvm_set_cr4().