Maxim Levitsky c7dfa40099 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) ... If L1 disables VMLOAD/VMSAVE intercepts, and doesn't enable Virtual VMLOAD/VMSAVE (currently not supported for the nested hypervisor), then VMLOAD/VMSAVE must operate on the L1 physical memory, which is only possible by making L0 intercept these instructions. Failure to do so allowed the nested guest to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory. Fixes: 89c8a4984f ("KVM: SVM: Enable Virtual VMLOAD VMSAVE feature") Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>		2021-08-16 09:48:37 -04:00
..
avic.c	KVM: SVM: use vmcb01 in svm_refresh_apicv_exec_ctrl	2021-07-27 16:59:01 -04:00
nested.c	KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)	2021-08-16 09:48:37 -04:00
pmu.c	KVM: x86/vPMU: Forbid writing to MSR_F15H_PERF MSRs when guest doesn't have X86_FEATURE_PERFCTR_CORE	2021-03-30 13:07:10 -04:00
sev.c	KVM: SVM: improve the code readability for ASID management	2021-08-04 09:43:03 -04:00
svm.c	KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)	2021-08-16 09:48:27 -04:00
svm.h	KVM: nSVM: Swap the parameter order for svm_copy_vmrun_state()/svm_copy_vmloadsave_state()	2021-07-26 08:09:46 -04:00
svm_onhyperv.c	KVM: SVM: hyper-v: Direct Virtual Flush support	2021-06-17 13:09:38 -04:00
svm_onhyperv.h	KVM: SVM: delay svm_vcpu_init_msrpm after svm->vmcb is initialized	2021-07-27 16:59:00 -04:00
svm_ops.h	KVM: SVM: use vmsave/vmload for saving/restoring additional host state	2021-02-04 05:27:34 -05:00
vmenter.S	KVM/SVM: Move vmenter.S exception fixups out of line	2021-03-15 04:43:56 -04:00