Bug 53701

Summary: nVMX: Unchecked setting of cr4 for nested guest
Product: Virtualization Reporter: Nadav Har'El (nyh)
Component: kvmAssignee: virtualization_kvm
Status: NEW ---    
Severity: enhancement    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: Subsystem:
Regression: No Bisected commit-id:
Bug Depends on:    
Bug Blocks: 94971, 53601    

Description Nadav Har'El 2013-02-12 08:49:26 UTC
On 29 May 2012, Avi Kivity wrote on the KVM mailing list:

It looks like the lines

        vmx_set_cr0(vcpu, vmcs12->guest_cr0);
        vmcs_writel(CR0_READ_SHADOW, nested_read_cr0(vmcs12));

        vmx_set_cr4(vcpu, vmcs12->guest_cr4);
        vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12));


in prepare_vmcs02() are too dangerous.  They only let the hardware check
cr4, but not software, so a future cr4 bit which is not handled
correctly by kvm can be set in a nested guest. L1 appears to be
protected, we use kvm_set_cr4().