KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry

According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is 1, the following checks are performed on the field for the IA32_BNDCFGS MSR: - Bits reserved in the IA32_BNDCFGS MSR must be 0. - The linear address in bits 63:12 must be canonical. Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Jim Mattson <jmattson@google.com> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
author: Wanpeng Li <wanpeng.li@hotmail.com> 2017-11-05 16:54:48 -0800
committer: Paolo Bonzini <pbonzini@redhat.com> 2017-11-17 13:20:13 +0100
commit: f1b026a3310a441f504640dd3d9765eb533386b8 (patch)
tree: 4dde09e3c2da83d6ad2c5f2c23e7a50ca7ff774c /arch/x86
parent: 3853be2603191829b442b64dac6ae8ba0c027bf9 (diff)
download: linux-f1b026a3310a441f504640dd3d9765eb533386b8.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 6e4a0f822766..707aaa954b3d 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -10876,6 +10876,11 @@ static int check_vmentry_postreqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
 			return 1;
 	}
 
+	if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&
+		(is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) ||
+		(vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
+			return 1;
+
 	return 0;
 }
author	Wanpeng Li <wanpeng.li@hotmail.com>	2017-11-05 16:54:48 -0800
committer	Paolo Bonzini <pbonzini@redhat.com>	2017-11-17 13:20:13 +0100
commit	f1b026a3310a441f504640dd3d9765eb533386b8 (patch)
tree	4dde09e3c2da83d6ad2c5f2c23e7a50ca7ff774c /arch/x86
parent	3853be2603191829b442b64dac6ae8ba0c027bf9 (diff)
download	linux-f1b026a3310a441f504640dd3d9765eb533386b8.tar.gz