kvm: nVMX: Don't allow L2 to access the hardware CR8 - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Jim Mattson <jmattson@google.com>	2017-09-12 23:02:54 +0300
committer	Paolo Bonzini <pbonzini@redhat.com>	2017-09-15 15:05:46 +0300
commit	51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (patch)
tree	96b602951ac8eb47d92e93180f98cd470e2b7877 /virt
parent	488e32f1981e506976d666b3772d6ccc8b726fee (diff)
download	linux-51aa68e7d57e3217192d88ce90fd5b8ef29ec94f.tar.xz

kvm: nVMX: Don't allow L2 to access the hardware CR8

If L1 does not specify the "use TPR shadow" VM-execution control in vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store exiting" VM-execution controls in vmcs02. Failure to do so will give the L2 VM unrestricted read/write access to the hardware CR8. This fixes CVE-2017-12154. Signed-off-by: Jim Mattson <jmattson@google.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'virt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: