From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [stable request 3.4 3.10] nEPT: Nested INVEPT Date: Sat, 13 Dec 2014 10:09:06 +0100 Message-ID: <548C0232.7030007@redhat.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Nadav Har'El , Xiao Guangrong , Jun Nakajima , Xinhao Xu , Yang Zhang , Gleb Natapov , kvm@vger.kernel.org To: Vinson Lee , stable@vger.kernel.org Return-path: In-Reply-To: Sender: stable-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 13/12/2014 02:13, Vinson Lee wrote: > Please consider upstream 3.12 commit > bfd0a56b90005f8c8a004baf407ad90045c2b11e "nEPT: Nested INVEPT" for > stable trees 3.4 and 3.10. This patch addresses CVE-2014-3645. It has > already been backported to 3.2 in 3.2.64. Note that the patch for 3.4 and 3.10 can be much simpler: https://lkml.org/lkml/2014/11/2/48 Paolo > commit bfd0a56b90005f8c8a004baf407ad90045c2b11e > Author: Nadav Har'El > Date: Mon Aug 5 11:07:17 2013 +0300 > > nEPT: Nested INVEPT > > If we let L1 use EPT, we should probably also support the INVEPT > instruction. > > In our current nested EPT implementation, when L1 changes its EPT table > for L2 (i.e., EPT12), L0 modifies the shadow EPT table (EPT02), and in > the course of this modification already calls INVEPT. But if last level > of shadow page is unsync not all L1's changes to EPT12 are intercepted, > which means roots need to be synced when L1 calls INVEPT. Global INVEPT > should not be different since roots are synced by kvm_mmu_load() each > time EPTP02 changes. > > Reviewed-by: Xiao Guangrong > Signed-off-by: Nadav Har'El > Signed-off-by: Jun Nakajima > Signed-off-by: Xinhao Xu > Signed-off-by: Yang Zhang > Signed-off-by: Gleb Natapov > Signed-off-by: Paolo Bonzini > > > Cheers, > Vinson >