rtime.felk.cvut.cz Git - jailhouse.git/commit

author	Jan Kiszka <jan.kiszka@siemens.com>
	Mon, 21 Dec 2015 23:53:45 +0000 (00:53 +0100)
committer	Jan Kiszka <jan.kiszka@siemens.com>
	Tue, 22 Dec 2015 14:24:11 +0000 (15:24 +0100)
commit	8670ac66919fde68bf361eff8c44952c1c55876a
tree	90f5ad0c94db95cd7c525e75c10ccd780ce1df1d	tree \| snapshot
parent	a149aaea787fafa1b9e24b5e38660e4fc25c02bf	commit \| diff

x86: Intercept #AC and #DB to prevent guest-triggered microcode loops

This addresses CVE-2015-5307 and CVE-2015-8104 [1] for Jailhouse:
malicious cells may bring VCPUs into a state where the CPU will
infinitely loop over microcode, providing the hypervisor no chance to
interrupt these loops anymore. For this we have to intercept the #DB and
the exceptions to the cell.

If a guest is trapped in an exception loop can be detected by checking
the exception exit statistics which are now recorded: a large number of
exception exists per second (>1 million typically) will indicate this.

[1] http://permalink.gmane.org/gmane.comp.emulators.xen.user/85863

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

hypervisor/arch/x86/include/asm/processor.h		diff \| blob \| history
hypervisor/arch/x86/include/asm/svm.h		diff \| blob \| history
hypervisor/arch/x86/include/asm/vmx.h		diff \| blob \| history
hypervisor/arch/x86/svm.c		diff \| blob \| history
hypervisor/arch/x86/vmx.c		diff \| blob \| history