Re: [PATCH 5.4.y] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
From: Greg KH
Date: Mon Aug 16 2021 - 13:14:35 EST
On Mon, Aug 16, 2021 at 04:02:40PM +0200, Paolo Bonzini wrote:
> From: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
>
> [ upstream commit c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc ]
>
> If L1 disables VMLOAD/VMSAVE intercepts, and doesn't enable
> Virtual VMLOAD/VMSAVE (currently not supported for the nested hypervisor),
> then VMLOAD/VMSAVE must operate on the L1 physical memory, which is only
> possible by making L0 intercept these instructions.
>
> Failure to do so allowed the nested guest to run VMLOAD/VMSAVE unintercepted,
> and thus read/write portions of the host physical memory.
>
> Fixes: 89c8a4984fc9 ("KVM: SVM: Enable Virtual VMLOAD VMSAVE feature")
>
> Suggested-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
> The above upstream SHA1 is still on its way to Linus
>
> arch/x86/kvm/svm.c | 3 +++
> 1 file changed, 3 insertions(+)
5.4, 5.10, and 5.13 versions now queued up and I'll do a new -rc release
with them in it. I'll get to the others after dinner...
thanks,
greg k-h