diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2021-03-31 06:24:43 -0400 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2021-04-01 05:09:31 -0400 |
commit | a58d9166a756a0f4a6618e4f593232593d6df134 (patch) | |
tree | c002769f24a16115567ec82cdd84994bcda72d52 /scripts/gcc-plugins/sancov_plugin.c | |
parent | 2c85ebc57b3e1817b6ce1a6b703928e113a90442 (diff) |
KVM: SVM: load control fields from VMCB12 before checking them
Avoid races between check and use of the nested VMCB controls. This
for example ensures that the VMRUN intercept is always reflected to the
nested hypervisor, instead of being processed by the host. Without this
patch, it is possible to end up with svm->nested.hsave pointing to
the MSR permission bitmap for nested guests.
This bug is CVE-2021-29657.
Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@vger.kernel.org
Fixes: 2fcf4876ada ("KVM: nSVM: implement on demand allocation of the nested state")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'scripts/gcc-plugins/sancov_plugin.c')
0 files changed, 0 insertions, 0 deletions