Commit 29fa6825 authored Dec 05, 2014 by Andy Lutomirski Committed by Paolo Bonzini Dec 10, 2014

x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit



paravirt_enabled has the following effects:

 - Disables the F00F bug workaround warning.  There is no F00F bug
   workaround any more because Linux's standard IDT handling already
   works around the F00F bug, but the warning still exists.  This
   is only cosmetic, and, in any event, there is no such thing as
   KVM on a CPU with the F00F bug.

 - Disables 32-bit APM BIOS detection.  On a KVM paravirt system,
   there should be no APM BIOS anyway.

 - Disables tboot.  I think that the tboot code should check the
   CPUID hypervisor bit directly if it matters.

 - paravirt_enabled disables espfix32.  espfix32 should *not* be
   disabled under KVM paravirt.

The last point is the purpose of this patch.  It fixes a leak of the
high 16 bits of the kernel stack address on 32-bit KVM paravirt
guests.  Fixes CVE-2014-8134.

Cc: stable@vger.kernel.org
Suggested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent e08e8336

arch/x86/kernel/kvm.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -283,7 +283,14 @@ NOKPROBE_SYMBOL(do_async_page_fault);
		static void __init paravirt_ops_setup(void)
		{
		pv_info.name = "KVM";
		pv_info.paravirt_enabled = 1;

		/*
		* KVM isn't paravirt in the sense of paravirt_enabled. A KVM
		* guest kernel works like a bare metal kernel with additional
		* features, and paravirt_enabled is about features that are
		* missing.
		*/
		pv_info.paravirt_enabled = 0;

		if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY))
		pv_cpu_ops.io_delay = kvm_io_delay;

arch/x86/kernel/kvmclock.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -261,7 +261,6 @@ void __init kvmclock_init(void)
		#endif
		kvm_get_preset_lpj();
		clocksource_register_hz(&kvm_clock, NSEC_PER_SEC);
		pv_info.paravirt_enabled = 1;
		pv_info.name = "KVM";

		if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT))

Admin message