Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3f1dfb6 authored by Jim Mattson's avatar Jim Mattson Committed by Radim Krčmář
Browse files

KVM: nVMX: Disallow VM-entry in MOV-SS shadow 



Immediately following MOV-to-SS/POP-to-SS, VM-entry is
disallowed. This check comes after the check for a valid VMCS. When
this check fails, the instruction pointer should fall through to the
next instruction, the ALU flags should be set to indicate VMfailValid,
and the VM-instruction error should be set to 26 ("VM entry with
events blocked by MOV SS").

Signed-off-by: default avatarJim Mattson <jmattson@google.com>
Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
parent 4c4a6f79

arch/x86/kvm/vmx.c

+7 −0
Original line number Diff line number Diff line
@@ -10492,6 +10492,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) 
{

	struct vmcs12 *vmcs12;

	struct vcpu_vmx *vmx = to_vmx(vcpu);

	u32 interrupt_shadow = vmx_get_interrupt_shadow(vcpu);

	u32 exit_qual;

	int ret;
@@ -10516,6 +10517,12 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) 
	 * for misconfigurations which will anyway be caught by the processor

	 * when using the merged vmcs02.

	 */

	if (interrupt_shadow & KVM_X86_SHADOW_INT_MOV_SS) {

		nested_vmx_failValid(vcpu,

				     VMXERR_ENTRY_EVENTS_BLOCKED_BY_MOV_SS);

		goto out;

	}



	if (vmcs12->launch_state == launch) {

		nested_vmx_failValid(vcpu,

			launch ? VMXERR_VMLAUNCH_NONCLEAR_VMCS