Inicio Explorar Axuda
Rexistro Iniciar sesión
phyus
/
linux-vybrid_public
8
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

KVM: SVM: Don't allow nested guest to VMMCALL into host

This patch disables the possibility for a l2-guest to do a
VMMCALL directly into the host. This would happen if the
l1-hypervisor doesn't intercept VMMCALL and the l2-guest
executes this instruction.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Joerg Roedel %!s(int64=15) %!d(string=hai) anos
pai
3f0fd2927b
achega
0d945bd935
Modificáronse 1 ficheiros con 3 adicións e 0 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 3 0
      arch/x86/kvm/svm.c

+ 3 - 0
arch/x86/kvm/svm.c
Ver ficheiro 

@@ -2036,6 +2036,9 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
 
 		svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
 
 		svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
 
 	}
 
 	}
 
 
 
+	/* We don't want to see VMMCALLs from a nested guest */
 
+	svm->vmcb->control.intercept &= ~(1ULL << INTERCEPT_VMMCALL);
 
+
 
 	/*
 
 	/*
 
 	 * We don't want a nested guest to be more powerful than the guest, so
 
 	 * We don't want a nested guest to be more powerful than the guest, so
 
 	 * all intercepts are ORed
 
 	 * all intercepts are ORed