ACK: [PATCH] kvm: nVMX: Enforce cpl=0 for VMX instructions
Seth Forshee
seth.forshee at canonical.com
Fri Jun 29 16:45:50 UTC 2018
On Thu, Jun 28, 2018 at 11:31:51PM +0000, Tyler Hicks wrote:
> From: Felix Wilhelm <fwilhelm at google.com>
>
> VMX instructions executed inside a L1 VM will always trigger a VM exit
> even when executed with cpl 3. This means we must perform the
> privilege check in software.
>
> Fixes: 70f3aac964ae("kvm: nVMX: Remove superfluous VMX instruction fault checks")
> Cc: stable at vger.kernel.org
> Signed-off-by: Felix Wilhelm <fwilhelm at google.com>
> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
>
> (cherry picked from commit 727ba748e110b4de50d142edca9d6a9b7e6111d8)
> CVE-2018-12904
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Patch looks good.
Acked-by: Seth Forshee <seth.forshee at canonical.com>
Note that unstable already has this commit from the 4.17.2 stable
update.
More information about the kernel-team
mailing list