53701 – nVMX: Unchecked setting of cr4 for nested guest

Bug 53701 - nVMX: Unchecked setting of cr4 for nested guest

Summary: nVMX: Unchecked setting of cr4 for nested guest

Status:	NEW

Alias:	None

Product:	Virtualization
Classification:	Unclassified
Component:	kvm (show other bugs)
Hardware:	All Linux

Importance:	P1 enhancement
Assignee:	virtualization_kvm

URL:
Keywords:

Depends on:
Blocks:	94971 53601
	Show dependency tree

Reported:	2013-02-12 08:49 UTC by Nadav Har'El
Modified:	2015-03-17 03:53 UTC (History)
CC List:	0 users

See Also:
Kernel Version:
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nadav Har'El 2013-02-12 08:49:26 UTC

On 29 May 2012, Avi Kivity wrote on the KVM mailing list:

It looks like the lines

        vmx_set_cr0(vcpu, vmcs12->guest_cr0);
        vmcs_writel(CR0_READ_SHADOW, nested_read_cr0(vmcs12));

        vmx_set_cr4(vcpu, vmcs12->guest_cr4);
        vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12));


in prepare_vmcs02() are too dangerous.  They only let the hardware check
cr4, but not software, so a future cr4 bit which is not handled
correctly by kvm can be set in a nested guest. L1 appears to be
protected, we use kvm_set_cr4().

Note You need to log in before you can comment on or make changes to this bug.