kvm: nVMX: Enforce cpl=0 for VMX instructions (727ba748) · Commits · e / devices / android_kernel_fairphone_FP4

arch/x86/kvm/vmx.c

+13 −2

Original line number	Diff line number	Diff line
		@@ -7905,6 +7905,12 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
		return 1;
		}

		/* CPL=0 must be checked manually. */
		if (vmx_get_cpl(vcpu)) {
		kvm_queue_exception(vcpu, UD_VECTOR);
		return 1;
		}

		if (vmx->nested.vmxon) {
		nested_vmx_failValid(vcpu, VMXERR_VMXON_IN_VMX_ROOT_OPERATION);
		return kvm_skip_emulated_instruction(vcpu);
		@@ -7964,6 +7970,11 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
		*/
		static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
		{
		if (vmx_get_cpl(vcpu)) {
		kvm_queue_exception(vcpu, UD_VECTOR);
		return 0;
		}

		if (!to_vmx(vcpu)->nested.vmxon) {
		kvm_queue_exception(vcpu, UD_VECTOR);
		return 0;
		@@ -8283,7 +8294,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
		if (get_vmx_mem_address(vcpu, exit_qualification,
		vmx_instruction_info, true, &gva))
		return 1;
		/* _system ok, as hardware has verified cpl=0 */
		/* _system ok, nested_vmx_check_permission has verified cpl=0 */
		kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva,
		&field_value, (is_long_mode(vcpu) ? 8 : 4), NULL);
		}
		@@ -8448,7 +8459,7 @@ static int handle_vmptrst(struct kvm_vcpu *vcpu)
		if (get_vmx_mem_address(vcpu, exit_qualification,
		vmx_instruction_info, true, &vmcs_gva))
		return 1;
		/* ok to use _system, as hardware has verified cpl=0 /
		/* _system ok, nested_vmx_check_permission has verified cpl=0 /
		if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva,
		(void *)&to_vmx(vcpu)->nested.current_vmptr,
		sizeof(u64), &e)) {