Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 916ce236 authored by Joerg Roedel's avatar Joerg Roedel Committed by Avi Kivity
Browse files

KVM: SVM: forbid guest to execute monitor/mwait 



This patch forbids the guest to execute monitor/mwait instructions on
SVM. This is necessary because the guest can execute these instructions
if they are available even if the kvm cpuid doesn't report its
existence.

Signed-off-by: default avatarJoerg Roedel <joerg.roedel@amd.com>
Signed-off-by: default avatarAvi Kivity <avi@qumranet.com>
parent 0e5bf0d0

drivers/kvm/svm.c

+5 −1
Original line number Diff line number Diff line
@@ -511,7 +511,9 @@ static void init_vmcb(struct vmcb *vmcb) 
				(1ULL << INTERCEPT_VMSAVE) |

				(1ULL << INTERCEPT_STGI) |

				(1ULL << INTERCEPT_CLGI) |

				(1ULL << INTERCEPT_SKINIT);

				(1ULL << INTERCEPT_SKINIT) |

				(1ULL << INTERCEPT_MONITOR) |

				(1ULL << INTERCEPT_MWAIT);



	control->iopm_base_pa = iopm_base;

	control->msrpm_base_pa = msrpm_base;
@@ -1292,6 +1294,8 @@ static int (*svm_exit_handlers[])(struct kvm_vcpu *vcpu, 
	[SVM_EXIT_STGI]				= invalid_op_interception,

	[SVM_EXIT_CLGI]				= invalid_op_interception,

	[SVM_EXIT_SKINIT]			= invalid_op_interception,

	[SVM_EXIT_MONITOR]			= invalid_op_interception,

	[SVM_EXIT_MWAIT]			= invalid_op_interception,

};

drivers/kvm/svm.h

+6 −0
Original line number Diff line number Diff line
@@ -44,6 +44,9 @@ enum { 
	INTERCEPT_RDTSCP,

	INTERCEPT_ICEBP,

	INTERCEPT_WBINVD,

	INTERCEPT_MONITOR,

	INTERCEPT_MWAIT,

	INTERCEPT_MWAIT_COND,

};
@@ -298,6 +301,9 @@ struct __attribute__ ((__packed__)) vmcb { 
#define SVM_EXIT_RDTSCP		0x087

#define SVM_EXIT_ICEBP		0x088

#define SVM_EXIT_WBINVD		0x089

#define SVM_EXIT_MONITOR	0x08a

#define SVM_EXIT_MWAIT		0x08b

#define SVM_EXIT_MWAIT_COND	0x08c

#define SVM_EXIT_NPF  		0x400



#define SVM_EXIT_ERR		-1