diff options
| author | Radim Krčmář <rkrcmar@redhat.com> | 2014-11-27 14:03:13 -0500 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2014-12-04 09:29:08 -0500 |
| commit | 45c3094a6424614e6fea135e4e1afd8e0a65f468 (patch) | |
| tree | a238fbc1bd5e8e83b2cd68973a62b3c273713e26 | |
| parent | 25995e5b4aa308e5264cf7cf3e86871acf6a8b8c (diff) | |
KVM: x86: allow 256 logical x2APICs again
While fixing an x2apic bug,
17d68b7 KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
we've made only one cluster available. This means that the amount of
logically addressible x2APICs was reduced to 16 and VCPUs kept
overwriting themselves in that region, so even the first cluster wasn't
set up correctly.
This patch extends x2APIC support back to the logical_map's limit, and
keeps the CVE fixed as messages for non-present APICs are dropped.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| -rw-r--r-- | arch/x86/kvm/lapic.c | 11 | ||||
| -rw-r--r-- | arch/x86/kvm/lapic.h | 2 |
2 files changed, 6 insertions, 7 deletions
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index e1940fccaf6c..4f0c0b954686 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c | |||
| @@ -132,8 +132,6 @@ static inline int kvm_apic_id(struct kvm_lapic *apic) | |||
| 132 | return (kvm_apic_get_reg(apic, APIC_ID) >> 24) & 0xff; | 132 | return (kvm_apic_get_reg(apic, APIC_ID) >> 24) & 0xff; |
| 133 | } | 133 | } |
| 134 | 134 | ||
| 135 | #define KVM_X2APIC_CID_BITS 0 | ||
| 136 | |||
| 137 | static void recalculate_apic_map(struct kvm *kvm) | 135 | static void recalculate_apic_map(struct kvm *kvm) |
| 138 | { | 136 | { |
| 139 | struct kvm_apic_map *new, *old = NULL; | 137 | struct kvm_apic_map *new, *old = NULL; |
| @@ -163,8 +161,7 @@ static void recalculate_apic_map(struct kvm *kvm) | |||
| 163 | if (apic_x2apic_mode(apic)) { | 161 | if (apic_x2apic_mode(apic)) { |
| 164 | new->ldr_bits = 32; | 162 | new->ldr_bits = 32; |
| 165 | new->cid_shift = 16; | 163 | new->cid_shift = 16; |
| 166 | new->cid_mask = (1 << KVM_X2APIC_CID_BITS) - 1; | 164 | new->cid_mask = new->lid_mask = 0xffff; |
| 167 | new->lid_mask = 0xffff; | ||
| 168 | new->broadcast = X2APIC_BROADCAST; | 165 | new->broadcast = X2APIC_BROADCAST; |
| 169 | } else if (kvm_apic_get_reg(apic, APIC_LDR)) { | 166 | } else if (kvm_apic_get_reg(apic, APIC_LDR)) { |
| 170 | if (kvm_apic_get_reg(apic, APIC_DFR) == | 167 | if (kvm_apic_get_reg(apic, APIC_DFR) == |
| @@ -700,8 +697,12 @@ bool kvm_irq_delivery_to_apic_fast(struct kvm *kvm, struct kvm_lapic *src, | |||
| 700 | dst = &map->phys_map[irq->dest_id]; | 697 | dst = &map->phys_map[irq->dest_id]; |
| 701 | } else { | 698 | } else { |
| 702 | u32 mda = irq->dest_id << (32 - map->ldr_bits); | 699 | u32 mda = irq->dest_id << (32 - map->ldr_bits); |
| 700 | u16 cid = apic_cluster_id(map, mda); | ||
| 701 | |||
| 702 | if (cid >= ARRAY_SIZE(map->logical_map)) | ||
| 703 | goto out; | ||
| 703 | 704 | ||
| 704 | dst = map->logical_map[apic_cluster_id(map, mda)]; | 705 | dst = map->logical_map[cid]; |
| 705 | 706 | ||
| 706 | bitmap = apic_logical_id(map, mda); | 707 | bitmap = apic_logical_id(map, mda); |
| 707 | 708 | ||
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index d4365f21ea2e..c674fce53cf9 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h | |||
| @@ -154,8 +154,6 @@ static inline u16 apic_cluster_id(struct kvm_apic_map *map, u32 ldr) | |||
| 154 | ldr >>= 32 - map->ldr_bits; | 154 | ldr >>= 32 - map->ldr_bits; |
| 155 | cid = (ldr >> map->cid_shift) & map->cid_mask; | 155 | cid = (ldr >> map->cid_shift) & map->cid_mask; |
| 156 | 156 | ||
| 157 | BUG_ON(cid >= ARRAY_SIZE(map->logical_map)); | ||
| 158 | |||
| 159 | return cid; | 157 | return cid; |
| 160 | } | 158 | } |
| 161 | 159 | ||