On Tue, 2021-10-12 at 01:30 +0800, Xiaoyao Li wrote:
On 9/14/2021 11:48 PM, Maxim Levitsky wrote:
Just in case, add a warning ensuring that on guest entry, either both VMLOAD and VMSAVE intercept is enabled or vVMLOAD/VMSAVE is enabled.
Signed-off-by: Maxim Levitsky mlevitsk@redhat.com
arch/x86/kvm/svm/svm.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 861ac9f74331..deeebd05f682 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3784,6 +3784,12 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu) WARN_ON_ONCE(kvm_apicv_activated(vcpu->kvm) != kvm_vcpu_apicv_active(vcpu));
- /* Check that CVE-2021-3656 can't happen again */
- if (!svm_is_intercept(svm, INTERCEPT_VMSAVE) ||
!svm_is_intercept(svm, INTERCEPT_VMSAVE))either one needs to be INTERCEPT_VMLOAD, right?
Oops! Of course.
Best regards, Maxim Levitsky
WARN_ON(!(svm->vmcb->control.virt_ext &VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK));- sync_lapic_to_cr8(vcpu);
if (unlikely(svm->asid != svm->vmcb->control.asid)) {