Commit b42506c6 authored by Paolo Bonzini's avatar Paolo Bonzini Committed by Ben Hutchings
Browse files

KVM: svm: unconditionally intercept #DB 



commit cbdb967a upstream.

This is needed to avoid the possibility that the guest triggers
an infinite stream of #DB exceptions (CVE-2015-8104).

VMX is not affected: because it does not save DR6 in the VMCS,
it already intercepts #DB unconditionally.

Reported-by: default avatarJan Beulich <jbeulich@suse.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
[bwh: Backported to 3.2, with thanks to Paolo:
 - update_db_bp_intercept() was called update_db_intercept()
 - The remaining call is in svm_guest_debug() rather than through svm_x86_ops]
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 1a513170
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment