kvm: x86: only provide PV features if enabled in guest's CPUID (66570e96) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 66570e96 authored Aug 18, 2020 by

Oliver Upton Committed by Paolo Bonzini Oct 21, 2020

kvm: x86: only provide PV features if enabled in guest's CPUID



KVM unconditionally provides PV features to the guest, regardless of the
configured CPUID. An unwitting guest that doesn't check
KVM_CPUID_FEATURES before use could access paravirt features that
userspace did not intend to provide. Fix this by checking the guest's
CPUID before performing any paravirtual operations.

Introduce a capability, KVM_CAP_ENFORCE_PV_FEATURE_CPUID, to gate the
aforementioned enforcement. Migrating a VM from a host w/o this patch to
a host with this patch could silently change the ABI exposed to the
guest, warranting that we default to the old behavior and opt-in for
the new one.

Reviewed-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Signed-off-by: Oliver Upton <oupton@google.com>
Change-Id: I202a0926f65035b872bfe8ad15307c026de59a98
Message-Id: <20200818152429.1923996-4-oupton@google.com>
Reviewed-by: Wanpeng Li <wanpengli@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent 210dfd93

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 01f3581d
· Aug 05, 2021

mentioned in commit 01f3581d

mentioned in commit 01f3581d4400f6586403409c5c3a3128fbb3e336

Toggle commit list
mirror @mirror
mentioned in commit 40e79954
· Aug 05, 2021

mentioned in commit 40e79954

mentioned in commit 40e79954edce82cceac5f121b5e84a85393f88ec

Toggle commit list

Please register or to comment