We have a S3 issue on that SKU with BACO enabled. Will bring back this
when that root caused.
Change-Id: I56d4830e6275e20a415808896eecbadfe944070b
Signed-off-by: Evan Quan <email address hidden>
Acked-by: Alex Deucher <email address hidden>
Reviewed-by: Guchun Chen <email address hidden>
Ref: https://patchwork.freedesktop.org/patch/450065/?series=93662&rev=3
Signed-off-by: Koba Ko <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Chia-Lin Kao (AceLan) <email address hidden>
70bd33b...
by
Maxim Levitsky <email address hidden>
KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
If L1 disables VMLOAD/VMSAVE intercepts, and doesn't enable
Virtual VMLOAD/VMSAVE (currently not supported for the nested hypervisor),
then VMLOAD/VMSAVE must operate on the L1 physical memory, which is only
possible by making L0 intercept these instructions.
Failure to do so allowed the nested guest to run VMLOAD/VMSAVE unintercepted,
and thus read/write portions of the host physical memory.
* Invert the mask of bits that we pick from L2 in
nested_vmcb02_prepare_control
* Invert and explicitly use VIRQ related bits bitmask in svm_clear_vintr
This fixes a security issue that allowed a malicious L1 to run L2 with
AVIC enabled, which allowed the L2 to exploit the uninitialized and enabled
AVIC to read/write the host physical memory at some offsets.
Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler")
Signed-off-by: Maxim Levitsky <email address hidden>
Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 84aade48479477d09c63fb1644735076b6919670 linux-5.10.y)
CVE-2021-3653
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Chia-Lin Kao (AceLan) <email address hidden>