Miaohe Lin noticed that we incorrectly handle enlightened vmptrld failures
in nested_vmx_run(). Trying to handle errors correctly, I fixed
a few things:
- NULL pointer dereference with invalid eVMCS GPAs [PATCH1]
- moved eVMCS mapping after migration to nested_get_vmcs12_pages() from
nested_sync_vmcs12_to_shadow() [PATCH2]
- added propper nested_vmx_handle_enlightened_vmptrld() error handling
[PATCH3]
- added selftests for incorrect eVMCS revision id and GPA [PATCHes4-6]
PATCH1 fixes a DoS and thus marked for stable@.
Vitaly Kuznetsov (6):
KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs
KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping
KVM: nVMX: properly handle errors in
nested_vmx_handle_enlightened_vmptrld()
KVM: selftests: define and use EVMCS_VERSION
KVM: selftests: test enlightened vmenter with wrong eVMCS version
KVM: selftests: enlightened VMPTRLD with an incorrect GPA
arch/x86/kvm/vmx/evmcs.h | 7 ++
arch/x86/kvm/vmx/nested.c | 64 +++++++++++++------
tools/testing/selftests/kvm/include/evmcs.h | 2 +
tools/testing/selftests/kvm/lib/x86_64/vmx.c | 2 +-
.../testing/selftests/kvm/x86_64/evmcs_test.c | 25 ++++++--
5 files changed, 72 insertions(+), 28 deletions(-)
--
2.24.1
