https://bugzilla.kernel.org/show_bug.cgi?id=53701 Summary: nVMX: Unchecked setting of cr4 for nested guest Product: Virtualization Version: unspecified Platform: All OS/Version: Linux Tree: Mainline Status: NEW Severity: enhancement Priority: P1 Component: kvm AssignedTo: virtualization_kvm@xxxxxxxxxxxxxxxxxxxx ReportedBy: nyh@xxxxxxxxxxxxxxxxxxx Regression: No On 29 May 2012, Avi Kivity wrote on the KVM mailing list: It looks like the lines vmx_set_cr0(vcpu, vmcs12->guest_cr0); vmcs_writel(CR0_READ_SHADOW, nested_read_cr0(vmcs12)); vmx_set_cr4(vcpu, vmcs12->guest_cr4); vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12)); in prepare_vmcs02() are too dangerous. They only let the hardware check cr4, but not software, so a future cr4 bit which is not handled correctly by kvm can be set in a nested guest. L1 appears to be protected, we use kvm_set_cr4(). -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
