svn commit: r365780 - in releng: 11.3/sys/amd64/vmm/amd 11.4/sys/amd64/vmm/amd 12.1/sys/amd64/vmm/amd 12.2/sys/amd64/vmm/amd
Gordon Tetlow
gordon at FreeBSD.org
Tue Sep 15 21:46:41 UTC 2020
Author: gordon
Date: Tue Sep 15 21:46:39 2020
New Revision: 365780
URL: https://svnweb.freebsd.org/changeset/base/365780
Log:
Fix bhyve SVM guest escape.
This actually has a patch to sys/amd64/vmm/amd/svm.c that was accidentally
committed as part of r365779.
Approved by: so
Approved by: re (implicit for releng/12.2)
Security: FreeBSD-SA-20:29.bhyve_svm
Security: CVE-2020-7467
Modified:
releng/11.3/sys/amd64/vmm/amd/vmcb.h
releng/11.4/sys/amd64/vmm/amd/vmcb.h
releng/12.1/sys/amd64/vmm/amd/vmcb.h
releng/12.2/sys/amd64/vmm/amd/vmcb.h
Modified: releng/11.3/sys/amd64/vmm/amd/vmcb.h
==============================================================================
--- releng/11.3/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:43:41 2020 (r365779)
+++ releng/11.3/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:46:39 2020 (r365780)
@@ -73,8 +73,8 @@ struct svm_softc;
#define VMCB_INTCPT_INVD BIT(22)
#define VMCB_INTCPT_PAUSE BIT(23)
#define VMCB_INTCPT_HLT BIT(24)
-#define VMCB_INTCPT_INVPG BIT(25)
-#define VMCB_INTCPT_INVPGA BIT(26)
+#define VMCB_INTCPT_INVLPG BIT(25)
+#define VMCB_INTCPT_INVLPGA BIT(26)
#define VMCB_INTCPT_IO BIT(27)
#define VMCB_INTCPT_MSR BIT(28)
#define VMCB_INTCPT_TASK_SWITCH BIT(29)
@@ -136,12 +136,21 @@ struct svm_softc;
#define VMCB_EXIT_POPF 0x71
#define VMCB_EXIT_CPUID 0x72
#define VMCB_EXIT_IRET 0x74
+#define VMCB_EXIT_INVD 0x76
#define VMCB_EXIT_PAUSE 0x77
#define VMCB_EXIT_HLT 0x78
+#define VMCB_EXIT_INVLPGA 0x7A
#define VMCB_EXIT_IO 0x7B
#define VMCB_EXIT_MSR 0x7C
#define VMCB_EXIT_SHUTDOWN 0x7F
+#define VMCB_EXIT_VMRUN 0x80
+#define VMCB_EXIT_VMMCALL 0x81
+#define VMCB_EXIT_VMLOAD 0x82
#define VMCB_EXIT_VMSAVE 0x83
+#define VMCB_EXIT_STGI 0x84
+#define VMCB_EXIT_CLGI 0x85
+#define VMCB_EXIT_SKINIT 0x86
+#define VMCB_EXIT_ICEBP 0x88
#define VMCB_EXIT_MONITOR 0x8A
#define VMCB_EXIT_MWAIT 0x8B
#define VMCB_EXIT_NPF 0x400
Modified: releng/11.4/sys/amd64/vmm/amd/vmcb.h
==============================================================================
--- releng/11.4/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:43:41 2020 (r365779)
+++ releng/11.4/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:46:39 2020 (r365780)
@@ -73,8 +73,8 @@ struct svm_softc;
#define VMCB_INTCPT_INVD BIT(22)
#define VMCB_INTCPT_PAUSE BIT(23)
#define VMCB_INTCPT_HLT BIT(24)
-#define VMCB_INTCPT_INVPG BIT(25)
-#define VMCB_INTCPT_INVPGA BIT(26)
+#define VMCB_INTCPT_INVLPG BIT(25)
+#define VMCB_INTCPT_INVLPGA BIT(26)
#define VMCB_INTCPT_IO BIT(27)
#define VMCB_INTCPT_MSR BIT(28)
#define VMCB_INTCPT_TASK_SWITCH BIT(29)
@@ -136,12 +136,21 @@ struct svm_softc;
#define VMCB_EXIT_POPF 0x71
#define VMCB_EXIT_CPUID 0x72
#define VMCB_EXIT_IRET 0x74
+#define VMCB_EXIT_INVD 0x76
#define VMCB_EXIT_PAUSE 0x77
#define VMCB_EXIT_HLT 0x78
+#define VMCB_EXIT_INVLPGA 0x7A
#define VMCB_EXIT_IO 0x7B
#define VMCB_EXIT_MSR 0x7C
#define VMCB_EXIT_SHUTDOWN 0x7F
+#define VMCB_EXIT_VMRUN 0x80
+#define VMCB_EXIT_VMMCALL 0x81
+#define VMCB_EXIT_VMLOAD 0x82
#define VMCB_EXIT_VMSAVE 0x83
+#define VMCB_EXIT_STGI 0x84
+#define VMCB_EXIT_CLGI 0x85
+#define VMCB_EXIT_SKINIT 0x86
+#define VMCB_EXIT_ICEBP 0x88
#define VMCB_EXIT_MONITOR 0x8A
#define VMCB_EXIT_MWAIT 0x8B
#define VMCB_EXIT_NPF 0x400
Modified: releng/12.1/sys/amd64/vmm/amd/vmcb.h
==============================================================================
--- releng/12.1/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:43:41 2020 (r365779)
+++ releng/12.1/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:46:39 2020 (r365780)
@@ -73,8 +73,8 @@ struct svm_softc;
#define VMCB_INTCPT_INVD BIT(22)
#define VMCB_INTCPT_PAUSE BIT(23)
#define VMCB_INTCPT_HLT BIT(24)
-#define VMCB_INTCPT_INVPG BIT(25)
-#define VMCB_INTCPT_INVPGA BIT(26)
+#define VMCB_INTCPT_INVLPG BIT(25)
+#define VMCB_INTCPT_INVLPGA BIT(26)
#define VMCB_INTCPT_IO BIT(27)
#define VMCB_INTCPT_MSR BIT(28)
#define VMCB_INTCPT_TASK_SWITCH BIT(29)
@@ -136,12 +136,21 @@ struct svm_softc;
#define VMCB_EXIT_POPF 0x71
#define VMCB_EXIT_CPUID 0x72
#define VMCB_EXIT_IRET 0x74
+#define VMCB_EXIT_INVD 0x76
#define VMCB_EXIT_PAUSE 0x77
#define VMCB_EXIT_HLT 0x78
+#define VMCB_EXIT_INVLPGA 0x7A
#define VMCB_EXIT_IO 0x7B
#define VMCB_EXIT_MSR 0x7C
#define VMCB_EXIT_SHUTDOWN 0x7F
+#define VMCB_EXIT_VMRUN 0x80
+#define VMCB_EXIT_VMMCALL 0x81
+#define VMCB_EXIT_VMLOAD 0x82
#define VMCB_EXIT_VMSAVE 0x83
+#define VMCB_EXIT_STGI 0x84
+#define VMCB_EXIT_CLGI 0x85
+#define VMCB_EXIT_SKINIT 0x86
+#define VMCB_EXIT_ICEBP 0x88
#define VMCB_EXIT_MONITOR 0x8A
#define VMCB_EXIT_MWAIT 0x8B
#define VMCB_EXIT_NPF 0x400
Modified: releng/12.2/sys/amd64/vmm/amd/vmcb.h
==============================================================================
--- releng/12.2/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:43:41 2020 (r365779)
+++ releng/12.2/sys/amd64/vmm/amd/vmcb.h Tue Sep 15 21:46:39 2020 (r365780)
@@ -73,8 +73,8 @@ struct svm_softc;
#define VMCB_INTCPT_INVD BIT(22)
#define VMCB_INTCPT_PAUSE BIT(23)
#define VMCB_INTCPT_HLT BIT(24)
-#define VMCB_INTCPT_INVPG BIT(25)
-#define VMCB_INTCPT_INVPGA BIT(26)
+#define VMCB_INTCPT_INVLPG BIT(25)
+#define VMCB_INTCPT_INVLPGA BIT(26)
#define VMCB_INTCPT_IO BIT(27)
#define VMCB_INTCPT_MSR BIT(28)
#define VMCB_INTCPT_TASK_SWITCH BIT(29)
@@ -136,12 +136,21 @@ struct svm_softc;
#define VMCB_EXIT_POPF 0x71
#define VMCB_EXIT_CPUID 0x72
#define VMCB_EXIT_IRET 0x74
+#define VMCB_EXIT_INVD 0x76
#define VMCB_EXIT_PAUSE 0x77
#define VMCB_EXIT_HLT 0x78
+#define VMCB_EXIT_INVLPGA 0x7A
#define VMCB_EXIT_IO 0x7B
#define VMCB_EXIT_MSR 0x7C
#define VMCB_EXIT_SHUTDOWN 0x7F
+#define VMCB_EXIT_VMRUN 0x80
+#define VMCB_EXIT_VMMCALL 0x81
+#define VMCB_EXIT_VMLOAD 0x82
#define VMCB_EXIT_VMSAVE 0x83
+#define VMCB_EXIT_STGI 0x84
+#define VMCB_EXIT_CLGI 0x85
+#define VMCB_EXIT_SKINIT 0x86
+#define VMCB_EXIT_ICEBP 0x88
#define VMCB_EXIT_MONITOR 0x8A
#define VMCB_EXIT_MWAIT 0x8B
#define VMCB_EXIT_NPF 0x400
More information about the svn-src-all
mailing list