From patchwork Fri Aug 7 10:54:43 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 6968011 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 8F18FC05AC for ; Fri, 7 Aug 2015 10:57:11 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id AB3E720653 for ; Fri, 7 Aug 2015 10:57:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C2ED620657 for ; Fri, 7 Aug 2015 10:57:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752304AbbHGKzp (ORCPT ); Fri, 7 Aug 2015 06:55:45 -0400 Received: from mail-wi0-f173.google.com ([209.85.212.173]:37429 "EHLO mail-wi0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750974AbbHGKys (ORCPT ); Fri, 7 Aug 2015 06:54:48 -0400 Received: by wibhh20 with SMTP id hh20so60715618wib.0; Fri, 07 Aug 2015 03:54:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id; bh=JCc6RCWJZfa345Z89+h8h58qpZZYwchOk6rTORObUj8=; b=FMdS1MVX02qZzeRBGGJns32r+Qllkmw5LQ5iSQTGEw83raxkMHQU7SqOdDy0pfJEQY EIkGV/GdCDd6xK6B11Vww78/6Uu0BAAqGAFxCmIxfP6kGYkVgIJoNbqGCew9iWGk/JyM W3iGgh6TZ3BgKZ2CBB1dUlNWURzRrn1+tmzYoXrd6WHnmlWV0xVObwtzVuDazN8aQ6N0 DCR5QX2XZeBTJQ0J7RDbSNS0TSUxIs7NEhuLerteYSjtD/DM/+rEDMr7RXPIhUJJKKAE Vnzgu7YGnI8U46tN59ZHj+Yi6EfLTNz83RSGg9QpjzhZdTCRqWpN+iqXmjx5OdXGNWjt Hg+A== X-Received: by 10.194.89.72 with SMTP id bm8mr13762204wjb.116.1438944886959; Fri, 07 Aug 2015 03:54:46 -0700 (PDT) Received: from 640k.lan (dynamic-adsl-94-39-151-29.clienti.tiscali.it. [94.39.151.29]) by smtp.gmail.com with ESMTPSA id fb3sm7891792wib.21.2015.08.07.03.54.46 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Aug 2015 03:54:46 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: rkrcmar@redhat.com, dgilbert@redhat.com Subject: [PATCH] KVM: x86: zero IDT limit on entry to SMM Date: Fri, 7 Aug 2015 12:54:43 +0200 Message-Id: <1438944883-3796-1-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The recent BlackHat 2015 presentation "The Memory Sinkhole" mentions that the IDT limit is zeroed on entry to SMM. This is not documented, and must have changed some time after 2010 (see http://www.ssi.gouv.fr/uploads/IMG/pdf/IT_Defense_2010_final.pdf). KVM was not doing it, but the fix is easy. Signed-off-by: Paolo Bonzini Reviewed-by: Radim Kr?má? --- arch/x86/kvm/x86.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5ef2560075bf..c5e88a881899 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6327,6 +6327,7 @@ static void process_smi_save_state_64(struct kvm_vcpu *vcpu, char *buf) static void process_smi(struct kvm_vcpu *vcpu) { struct kvm_segment cs, ds; + struct desc_ptr dt; char buf[512]; u32 cr0; @@ -6359,6 +6360,10 @@ static void process_smi(struct kvm_vcpu *vcpu) kvm_x86_ops->set_cr4(vcpu, 0); + /* Undocumented: IDT limit is set to zero on entry to SMM. */ + dt.address = dt.size = 0; + kvm_x86_ops->set_idt(vcpu, &dt); + __kvm_set_dr(vcpu, 7, DR7_FIXED_1); cs.selector = (vcpu->arch.smbase >> 4) & 0xffff;