d59d51f08801 KVM: VMX: remove I/O port 0x80 bypass on Intel hosts

Affected are systems running kvm.

Fix already available in chromeos-4.14 (4.14.6) and chromeos-4.4 (4.4.106) through stable tree merges. Needed in stable releases. Older releases should not run kvm and thus should not be actively affected.

This looks like a DoS which we don't normally consider a security bug, though if it can be triggered from inside a VM we should probably call it at least severity low.

Asking for merge to 64 to start.

Sorry shouldn't yet be fixed.

This bug requires manual review: M64 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Confused; set as P1 but #2 seems to say otherwise?

Do we have a good feel for the criticality? 

I don't personally distinguish between DoS and other security bugs; my evaluation is purely based on the CVSS severity score. In my opinion, a DoS attack from a VM, affecting the core system as well as other VMs, is a severe problem. 
Possibly #2 applies to the security labels, not to the bug severity itself. If DoS vulnerabilities do not count as security vulnerabilities, maybe we need another set of labels (DoS_Severity and DoS_Impact ?

Got it.... I'll likely approve given the severity; do we have a root cause fix yet?  I'd like to look there first.  And get more background on #2 from that responder.

Fix - see #1. Already applied to chromeos-4.4 and chromeos-4.14. Complete link:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d59d51f088014f25c2562de59b9abff4f42a7468

Thanks Guenter..   

Seems reasonable.  Approving for M64.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/472fce40cc16aa5fd1e724a19c013a3fd597ed27

commit 472fce40cc16aa5fd1e724a19c013a3fd597ed27
Author: Andrew Honig <ahonig@google.com>
Date: Thu Dec 28 16:49:14 2017

UPSTREAM: KVM: VMX: remove I/O port 0x80 bypass on Intel hosts

commit d59d51f088014f25c2562de59b9abff4f42a7468 upstream.

This fixes CVE-2017-1000407.

KVM allows guests to directly access I/O port 0x80 on Intel hosts.  If
the guest floods this port with writes it generates exceptions and
instability in the host kernel, leading to a crash.  With this change
guest writes to port 0x80 on Intel will behave the same as they
currently behave on AMD systems.

Prevent the flooding by removing the code that sets port 0x80 as a
passthrough port.  This is essentially the same as upstream patch
99f85a28a78e96d28907fe036e1671a218fee597, except that patch was
for AMD chipsets and this patch is for Intel.

BUG= chromium:797482 
TEST=Flood port 0x80 from KVM client

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Fixes: fdef3ad1b386 ("KVM: VMX: Enable io bitmaps to avoid IO port 0x80 VMEXITs")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

(cherry picked from commit a52c2829cd60492fc75bafc323145cab1af915f5)
Signed-off-by: Guenter Roeck <groeck@chromium.org>

Change-Id: I0b2001863e3a76d35a00169b0f842b7e59119673
Reviewed-on: https://chromium-review.googlesource.com/845782
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Commit-Queue: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/472fce40cc16aa5fd1e724a19c013a3fd597ed27/arch/x86/kvm/vmx.c

The NextAction date has arrived: 2018-01-03

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot