Commit 45c3094a authored by Radim Krčmář's avatar Radim Krčmář Committed by Paolo Bonzini

KVM: x86: allow 256 logical x2APICs again

While fixing an x2apic bug,
 17d68b76 KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
we've made only one cluster available.  This means that the amount of
logically addressible x2APICs was reduced to 16 and VCPUs kept
overwriting themselves in that region, so even the first cluster wasn't
set up correctly.

This patch extends x2APIC support back to the logical_map's limit, and
keeps the CVE fixed as messages for non-present APICs are dropped.
Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 25995e5b
...@@ -132,8 +132,6 @@ static inline int kvm_apic_id(struct kvm_lapic *apic) ...@@ -132,8 +132,6 @@ static inline int kvm_apic_id(struct kvm_lapic *apic)
return (kvm_apic_get_reg(apic, APIC_ID) >> 24) & 0xff; return (kvm_apic_get_reg(apic, APIC_ID) >> 24) & 0xff;
} }
#define KVM_X2APIC_CID_BITS 0
static void recalculate_apic_map(struct kvm *kvm) static void recalculate_apic_map(struct kvm *kvm)
{ {
struct kvm_apic_map *new, *old = NULL; struct kvm_apic_map *new, *old = NULL;
...@@ -163,8 +161,7 @@ static void recalculate_apic_map(struct kvm *kvm) ...@@ -163,8 +161,7 @@ static void recalculate_apic_map(struct kvm *kvm)
if (apic_x2apic_mode(apic)) { if (apic_x2apic_mode(apic)) {
new->ldr_bits = 32; new->ldr_bits = 32;
new->cid_shift = 16; new->cid_shift = 16;
new->cid_mask = (1 << KVM_X2APIC_CID_BITS) - 1; new->cid_mask = new->lid_mask = 0xffff;
new->lid_mask = 0xffff;
new->broadcast = X2APIC_BROADCAST; new->broadcast = X2APIC_BROADCAST;
} else if (kvm_apic_get_reg(apic, APIC_LDR)) { } else if (kvm_apic_get_reg(apic, APIC_LDR)) {
if (kvm_apic_get_reg(apic, APIC_DFR) == if (kvm_apic_get_reg(apic, APIC_DFR) ==
...@@ -700,8 +697,12 @@ bool kvm_irq_delivery_to_apic_fast(struct kvm *kvm, struct kvm_lapic *src, ...@@ -700,8 +697,12 @@ bool kvm_irq_delivery_to_apic_fast(struct kvm *kvm, struct kvm_lapic *src,
dst = &map->phys_map[irq->dest_id]; dst = &map->phys_map[irq->dest_id];
} else { } else {
u32 mda = irq->dest_id << (32 - map->ldr_bits); u32 mda = irq->dest_id << (32 - map->ldr_bits);
u16 cid = apic_cluster_id(map, mda);
if (cid >= ARRAY_SIZE(map->logical_map))
goto out;
dst = map->logical_map[apic_cluster_id(map, mda)]; dst = map->logical_map[cid];
bitmap = apic_logical_id(map, mda); bitmap = apic_logical_id(map, mda);
......
...@@ -154,8 +154,6 @@ static inline u16 apic_cluster_id(struct kvm_apic_map *map, u32 ldr) ...@@ -154,8 +154,6 @@ static inline u16 apic_cluster_id(struct kvm_apic_map *map, u32 ldr)
ldr >>= 32 - map->ldr_bits; ldr >>= 32 - map->ldr_bits;
cid = (ldr >> map->cid_shift) & map->cid_mask; cid = (ldr >> map->cid_shift) & map->cid_mask;
BUG_ON(cid >= ARRAY_SIZE(map->logical_map));
return cid; return cid;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment