git.baikalelectronics.ru Git - kernel.git/commit

author	Paolo Bonzini <pbonzini@redhat.com>
	Mon, 4 Nov 2019 11:22:02 +0000 (12:22 +0100)
committer	Thomas Gleixner <tglx@linutronix.de>
	Mon, 4 Nov 2019 11:22:02 +0000 (12:22 +0100)
commit	e1f01549e95e66f974ddc13e97953ffc8212afee
tree	f5e0c8bb8b968eb158c07b274d9fdc465fdf95e8	tree \| snapshot
parent	b6a211716377e6b3fcc6af4f34c3d907ec600d20	commit \| diff

kvm: mmu: ITLB_MULTIHIT mitigation

With some Intel processors, putting the same virtual address in the TLB
as both a 4 KiB and 2 MiB page can confuse the instruction fetch unit
and cause the processor to issue a machine check resulting in a CPU lockup.

Unfortunately when EPT page tables use huge pages, it is possible for a
malicious guest to cause this situation.

Add a knob to mark huge pages as non-executable. When the nx_huge_pages
parameter is enabled (and we are using EPT), all huge pages are marked as
NX. If the guest attempts to execute in one of those pages, the page is
broken down into 4K pages, which are then marked executable.

This is not an issue for shadow paging (except nested EPT), because then
the host is in control of TLB flushes and the problematic situation cannot
happen. With nested EPT, again the nested guest can cause problems shadow
and direct EPT is treated in the same way.

[ tglx: Fixup default to auto and massage wording a bit ]

Originally-by: Junaid Shahid <junaids@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
arch/x86/include/asm/kvm_host.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| history
arch/x86/kvm/mmu.c		diff \| blob \| history
arch/x86/kvm/paging_tmpl.h		diff \| blob \| history
arch/x86/kvm/x86.c		diff \| blob \| history