freebsd-skq/sys/amd64/vmm/intel
John Baldwin b843f9be5e Fully restore the GDTR, IDTR, and LDTR after VT-x VM exits.
The VT-x VMCS only stores the base address of the GDTR and IDTR.  As a
result, VM exits use a fixed limit of 0xffff for the host GDTR and
IDTR losing the smaller limits set in when the initial GDT is loaded
on each CPU during boot.  Explicitly save and restore the full GDTR
and IDTR contents around VM entries and exits to restore the correct
limit.

Similarly, explicitly save and restore the LDT selector.  VM exits
always clear the host LDTR as if the LDT was loaded with a NULL
selector and a userspace hypervisor is probably using a NULL selector
anyway, but save and restore the LDT explicitly just to be safe.

PR:		230773
Reported by:	John Levon <levon@movementarian.org>
Reviewed by:	kib
Tested by:	araujo
Approved by:	re (rgrimes)
MFC after:	1 week
2018-10-11 18:27:19 +00:00
..
ept.c
ept.h
vmcs.c Provide further mitigation against CVE-2017-5715 by flushing the 2018-02-12 14:45:27 +00:00
vmcs.h
vmx_controls.h
vmx_cpufunc.h
vmx_genassym.c Provide part of the mitigation for L1TF-VMM. 2018-08-14 17:29:41 +00:00
vmx_msr.c
vmx_msr.h
vmx_support.S Update L1TF workaround to sustain L1D pollution from NMI. 2018-08-19 18:47:16 +00:00
vmx.c Fully restore the GDTR, IDTR, and LDTR after VT-x VM exits. 2018-10-11 18:27:19 +00:00
vmx.h Provide further mitigation against CVE-2017-5715 by flushing the 2018-02-12 14:45:27 +00:00
vtd.c