p***@xen.org
2018-10-30 13:45:06 UTC
commit c238ea3f4caccf36ab1a559f958cbe5192327f6a
Author: Andrew Cooper <***@citrix.com>
AuthorDate: Thu Oct 25 14:11:58 2018 +0100
Commit: Andrew Cooper <***@citrix.com>
CommitDate: Tue Oct 30 13:26:21 2018 +0000
x86/vvmx: Don't handle unknown nested vmexit reasons at L0
This is very dangerous from a security point of view, because a missing entry
will cause L2's action to be interpreted as L1's action.
Signed-off-by: Andrew Cooper <***@citrix.com>
Reviewed-by: Sergey Dyasli <***@citrix.com>
Acked-by: Kevin Tian <***@intel.com>
---
xen/arch/x86/hvm/vmx/vvmx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 9fa2fe224e..8e2e8c266a 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -2611,8 +2611,9 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs,
nvcpu->nv_vmexit_pending = 1;
break;
default:
- gprintk(XENLOG_ERR, "Unexpected nested vmexit: reason %u\n",
+ gprintk(XENLOG_ERR, "Unhandled nested vmexit: reason %u\n",
exit_reason);
+ domain_crash(v->domain);
}
return ( nvcpu->nv_vmexit_pending == 1 );
--
generated by git-patchbot for /home/xen/git/xen.git#staging
Author: Andrew Cooper <***@citrix.com>
AuthorDate: Thu Oct 25 14:11:58 2018 +0100
Commit: Andrew Cooper <***@citrix.com>
CommitDate: Tue Oct 30 13:26:21 2018 +0000
x86/vvmx: Don't handle unknown nested vmexit reasons at L0
This is very dangerous from a security point of view, because a missing entry
will cause L2's action to be interpreted as L1's action.
Signed-off-by: Andrew Cooper <***@citrix.com>
Reviewed-by: Sergey Dyasli <***@citrix.com>
Acked-by: Kevin Tian <***@intel.com>
---
xen/arch/x86/hvm/vmx/vvmx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 9fa2fe224e..8e2e8c266a 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -2611,8 +2611,9 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs,
nvcpu->nv_vmexit_pending = 1;
break;
default:
- gprintk(XENLOG_ERR, "Unexpected nested vmexit: reason %u\n",
+ gprintk(XENLOG_ERR, "Unhandled nested vmexit: reason %u\n",
exit_reason);
+ domain_crash(v->domain);
}
return ( nvcpu->nv_vmexit_pending == 1 );
--
generated by git-patchbot for /home/xen/git/xen.git#staging