disable pv eoi if guest gives a wrong address, this can reduces
the attacked possibility for a malicious guest, and can avoid
unnecessary write/read pv eoi memory
Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
---
arch/x86/kvm/lapic.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index b1de23e..0f37a8d 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2853,6 +2853,7 @@ int kvm_lapic_enable_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len)
u64 addr = data & ~KVM_MSR_ENABLED;
struct gfn_to_hva_cache *ghc = &vcpu->arch.pv_eoi.data;
unsigned long new_len;
+ int ret;
if (!IS_ALIGNED(addr, 4))
return 1;
@@ -2866,7 +2867,13 @@ int kvm_lapic_enable_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len)
else
new_len = len;
- return kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, addr, new_len);
+ ret = kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, addr, new_len);
+
+ if (ret && (vcpu->arch.pv_eoi.msr_val & KVM_MSR_ENABLED)) {
+ vcpu->arch.pv_eoi.msr_val &= ~KVM_MSR_ENABLED;
+ pr_warn_once("Disabled PV EOI during wrong address\n");
+ }
+ return ret;
}
int kvm_apic_accept_events(struct kvm_vcpu *vcpu)
--
1.7.1
