KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry

Wanpeng Li · bonzini · commit f1b026a3310a · 2017-11-17T13:20:13.000+01:00
According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is 1, the
following checks are performed on the field for the IA32_BNDCFGS MSR:
 - Bits reserved in the IA32_BNDCFGS MSR must be 0.
 - The linear address in bits 63:12 must be canonical.

Reviewed-by: Konrad Rzeszutek Wilk &lt;konrad.wilk@oracle.com&gt;
Cc: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Cc: Radim Krčmář &lt;rkrcmar@redhat.com&gt;
Cc: Jim Mattson &lt;jmattson@google.com&gt;
Signed-off-by: Wanpeng Li &lt;wanpeng.li@hotmail.com&gt;
Reviewed-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Signed-off-by: Radim Krčmář &lt;rkrcmar@redhat.com&gt;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
@@ -10876,6 +10876,11 @@ static int check_vmentry_postreqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
 			return 1;
 	}
 
+	if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&
+		(is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) ||
+		(vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
+			return 1;
+
 	return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -10876,6 +10876,11 @@ static int check_vmentry_postreqs(struct kvm_vcpu vcpu, struct vmcs12 vmcs12,`
`10876`	`10876`	`return 1;`
`10877`	`10877`	`}`
`10878`	`10878`
	`10879`	`+ if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&`
	`10880`	`+ (is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) \|\|`
	`10881`	`+ (vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))`
	`10882`	`+ return 1;`
	`10883`	`+`
`10879`	`10884`	`return 0;`
`10880`	`10885`	`}`
`10881`	`10886`