Re: [PATCH 07/14] KVM: x86: SVM: add warning for CVE-2021-3656
From: Maxim Levitsky
Date: Tue Oct 12 2021 - 03:52:07 EST
On Tue, 2021-10-12 at 01:30 +0800, Xiaoyao Li wrote:
> On 9/14/2021 11:48 PM, Maxim Levitsky wrote:
> > Just in case, add a warning ensuring that on guest entry,
> > either both VMLOAD and VMSAVE intercept is enabled or
> > vVMLOAD/VMSAVE is enabled.
> >
> > Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/svm/svm.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> > index 861ac9f74331..deeebd05f682 100644
> > --- a/arch/x86/kvm/svm/svm.c
> > +++ b/arch/x86/kvm/svm/svm.c
> > @@ -3784,6 +3784,12 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
> >
> > WARN_ON_ONCE(kvm_apicv_activated(vcpu->kvm) != kvm_vcpu_apicv_active(vcpu));
> >
> > + /* Check that CVE-2021-3656 can't happen again */
> > + if (!svm_is_intercept(svm, INTERCEPT_VMSAVE) ||
> > + !svm_is_intercept(svm, INTERCEPT_VMSAVE))
>
> either one needs to be INTERCEPT_VMLOAD, right?
Oops! Of course.
Best regards,
Maxim Levitsky
>
> > + WARN_ON(!(svm->vmcb->control.virt_ext &
> > + VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK));
> > +
> > sync_lapic_to_cr8(vcpu);
> >
> > if (unlikely(svm->asid != svm->vmcb->control.asid)) {
> >