Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9090422f authored by Eugene Korenevsky's avatar Eugene Korenevsky Committed by Paolo Bonzini
Browse files

KVM: nVMX: checks for address bits beyond MAXPHYADDR on VM-entry 



On each VM-entry CPU should check the following VMCS fields for zero bits
beyond physical address width:
-  APIC-access address
-  virtual-APIC address
-  posted-interrupt descriptor address
This patch adds these checks required by Intel SDM.

Signed-off-by: default avatarEugene Korenevsky <ekorenevsky@gmail.com>
Message-Id: <20150329205627.GA1244@gnote>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 5a4f55cd

arch/x86/kvm/vmx.c

+7 −6
Original line number Diff line number Diff line
@@ -8622,10 +8622,11 @@ static bool nested_get_vmcs12_pages(struct kvm_vcpu *vcpu, 
					struct vmcs12 *vmcs12)

{

	struct vcpu_vmx *vmx = to_vmx(vcpu);

	int maxphyaddr = cpuid_maxphyaddr(vcpu);



	if (nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) {

		/* TODO: Also verify bits beyond physical address width are 0 */

		if (!PAGE_ALIGNED(vmcs12->apic_access_addr))

		if (!PAGE_ALIGNED(vmcs12->apic_access_addr) ||

		    vmcs12->apic_access_addr >> maxphyaddr)

			return false;



		/*
@@ -8641,8 +8642,8 @@ static bool nested_get_vmcs12_pages(struct kvm_vcpu *vcpu, 
	}



	if (nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) {

		/* TODO: Also verify bits beyond physical address width are 0 */

		if (!PAGE_ALIGNED(vmcs12->virtual_apic_page_addr))

		if (!PAGE_ALIGNED(vmcs12->virtual_apic_page_addr) ||

		    vmcs12->virtual_apic_page_addr >> maxphyaddr)

			return false;



		if (vmx->nested.virtual_apic_page) /* shouldn't happen */
@@ -8665,7 +8666,8 @@ static bool nested_get_vmcs12_pages(struct kvm_vcpu *vcpu, 
	}



	if (nested_cpu_has_posted_intr(vmcs12)) {

		if (!IS_ALIGNED(vmcs12->posted_intr_desc_addr, 64))

		if (!IS_ALIGNED(vmcs12->posted_intr_desc_addr, 64) ||

		    vmcs12->posted_intr_desc_addr >> maxphyaddr)

			return false;



		if (vmx->nested.pi_desc_page) { /* shouldn't happen */
@@ -9386,7 +9388,6 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) 
	}



	if (!nested_get_vmcs12_pages(vcpu, vmcs12)) {

		/*TODO: Also verify bits beyond physical address width are 0*/

		nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);

		return 1;

	}