Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ffa92ff authored by Jim Mattson's avatar Jim Mattson Committed by Greg Kroah-Hartman
Browse files

kvm: vmx: Check value written to IA32_BNDCFGS 



commit 4531662d1abf6c1f0e5c2b86ddb60e61509786c8 upstream.

Bits 11:2 must be zero and the linear addess in bits 63:12 must be
canonical. Otherwise, WRMSR(BNDCFGS) should raise #GP.

Fixes: 0dd376e7 ("KVM: x86: add MSR_IA32_BNDCFGS to msrs_to_save")
Signed-off-by: default avatarJim Mattson <jmattson@google.com>
Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a40f0ccd

arch/x86/include/asm/msr-index.h

+2 −0
Original line number Diff line number Diff line
@@ -405,6 +405,8 @@ 
#define MSR_IA32_TSC_ADJUST             0x0000003b

#define MSR_IA32_BNDCFGS		0x00000d90



#define MSR_IA32_BNDCFGS_RSVD		0x00000ffc



#define MSR_IA32_XSS			0x00000da0



#define FEATURE_CONTROL_LOCKED				(1<<0)

arch/x86/kvm/vmx.c

+3 −0
Original line number Diff line number Diff line
@@ -2891,6 +2891,9 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) 
	case MSR_IA32_BNDCFGS:

		if (!kvm_mpx_supported() || !guest_cpuid_has_mpx(vcpu))

			return 1;

		if (is_noncanonical_address(data & PAGE_MASK) ||

		    (data & MSR_IA32_BNDCFGS_RSVD))

			return 1;

		vmcs_write64(GUEST_BNDCFGS, data);

		break;

	case MSR_IA32_TSC: