Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
xen.8389
5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch of Package xen.8389
# Commit ef0269c6215d642a709866f04ba1a1f9f13f3614 # Date 2018-07-24 11:25:53 +0100 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> x86/hvm: Disallow unknown MSR_EFER bits It turns out that nothing ever prevented HVM guests from trying to set unknown EFER bits. Generally, this results in a vmentry failure. For Intel hardware, all implemented bits are covered by the checks. For AMD hardware, the only EFER bit which isn't covered by the checks is TCE (which AFAICT is specific to AMD Fam15/16 hardware). We never advertise TCE in CPUID, but it isn't a security problem to have TCE unexpected enabled in guest context. Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents any vmentry failures for guests, yielding #GP instead. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -895,6 +895,9 @@ const char *hvm_efer_valid(const struct else p = &host_cpuid_policy; + if ( value & ~EFER_KNOWN_MASK ) + return "Unknown bits set"; + if ( (value & EFER_SCE) && !p->extd.syscall ) return "SCE without feature";
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor