Google has carried this patch since long before my time. I would suggest modifying the kvm-unit-test to (a) unroll the loop ~1000 times, and (b) execute out to port 0x80 from ~64 vcpu threads in parallel. On Mon, Dec 4, 2017 at 4:44 AM, Wanpeng Li <kernellwp@xxxxxxxxx> wrote: > Hi Jim, > 2017-12-02 2:21 GMT+08:00 Jim Mattson <jmattson@xxxxxxxxxx>: >> From: Andrew Honig <ahonig@xxxxxxxxxx> >> >> This fixes CVE-2017-1000407. > > Do you observe a real issue on recent Intel boxes? In addition, how to > reproduce? Actually there is a testcase in kvm-unit-tests which can > run 10 million times ioport 0x80 write and I didn't observe any issue > before. :) > > Regards, > Wanpeng Li > >> >> KVM allows guests to directly access I/O port 0x80 on Intel hosts. If >> the guest floods this port with writes it generates exceptions and >> instability in the host kernel, leading to a crash. With this change >> guest writes to port 0x80 on Intel will behave the same as they >> currently behave on AMD systems. >> >> Prevent the flooding by removing the code that sets port 0x80 as a >> passthrough port. This is essentially the same as upstream patch >> 99f85a28a78e96d28907fe036e1671a218fee597, except that patch was >> for AMD chipsets and this patch is for Intel. >> >> Signed-off-by: Andrew Honig <ahonig@xxxxxxxxxx> >> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx> >> --- >> arch/x86/kvm/vmx.c | 5 ----- >> 1 file changed, 5 deletions(-) >> >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >> index d2b452d66363..d16abd1808eb 100644 >> --- a/arch/x86/kvm/vmx.c >> +++ b/arch/x86/kvm/vmx.c >> @@ -6753,12 +6753,7 @@ static __init int hardware_setup(void) >> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE); >> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE); >> >> - /* >> - * Allow direct access to the PC debug port (it is often used for I/O >> - * delays, but the vmexits simply slow things down). >> - */ >> memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE); >> - clear_bit(0x80, vmx_io_bitmap_a); >> >> memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE); >> >> -- >> 2.15.0.531.g2ccb3012c9-goog >>
