• Roman Kagan's avatar
    kvm:vmx: more complete state update on APICv on/off · 3ce424e4
    Roman Kagan authored
    The function to update APICv on/off state (in particular, to deactivate
    it when enabling Hyper-V SynIC) is incomplete: it doesn't adjust
    APICv-related fields among secondary processor-based VM-execution
    controls.  As a result, Windows 2012 guests get stuck when SynIC-based
    auto-EOI interrupt intersected with e.g. an IPI in the guest.
    
    In addition, the MSR intercept bitmap isn't updated every time "virtualize
    x2APIC mode" is toggled.  This path can only be triggered by a malicious
    guest, because Windows didn't use x2APIC but rather their own synthetic
    APIC access MSRs; however a guest running in a SynIC-enabled VM could
    switch to x2APIC and thus obtain direct access to host APIC MSRs
    (CVE-2016-4440).
    
    The patch fixes those omissions.
    Signed-off-by: default avatarRoman Kagan <rkagan@virtuozzo.com>
    Reported-by: default avatarSteve Rutherford <srutherford@google.com>
    Reported-by: default avatarYang Zhang <yang.zhang.wz@gmail.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    3ce424e4
vmx.c 312 KB