[1/2] nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2
diff mbox series

Message ID 20180824000304.19070-2-krish.sadhukhan@oracle.com
State New
Headers show
Series
  • [1/2] nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2
Related show

Commit Message

Krish Sadhukhan Aug. 24, 2018, 12:03 a.m. UTC
According to section "Checks on VMX Controls" in Intel SDM vol 3C,
the following check needs to be enforced on vmentry of L2 guests:

   - Bits 5:0 of the posted-interrupt descriptor address are all 0.
   - The posted-interrupt descriptor address does not set any bits
     beyond the processor's physical-address width.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
---
 arch/x86/kvm/vmx.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Paolo Bonzini Sept. 14, 2018, 5:35 p.m. UTC | #1
On 24/08/2018 02:03, Krish Sadhukhan wrote:
> According to section "Checks on VMX Controls" in Intel SDM vol 3C,
> the following check needs to be enforced on vmentry of L2 guests:
> 
>    - Bits 5:0 of the posted-interrupt descriptor address are all 0.
>    - The posted-interrupt descriptor address does not set any bits
>      beyond the processor's physical-address width.
> 
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
> Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
> Reviewed-by: Liran Alon <liran.alon@oracle.com>
> Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
> Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
> ---
>  arch/x86/kvm/vmx.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 40aa292..d179bd6 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -10641,11 +10641,15 @@ static int nested_vmx_check_apicv_controls(struct kvm_vcpu *vcpu,
>  	 * bits 15:8 should be zero in posted_intr_nv,
>  	 * the descriptor address has been already checked
>  	 * in nested_get_vmcs12_pages.
> +	 *
> +	 * bits 5:0 of posted_intr_desc_addr should be zero.
>  	 */
>  	if (nested_cpu_has_posted_intr(vmcs12) &&
>  	   (!nested_cpu_has_vid(vmcs12) ||
>  	    !nested_exit_intr_ack_set(vcpu) ||
> -	    vmcs12->posted_intr_nv & 0xff00))
> +	    (vmcs12->posted_intr_nv & 0xff00) ||
> +	    (vmcs12->posted_intr_desc_addr & 0x3f) ||
> +	    (!page_address_valid(vcpu, vmcs12->posted_intr_desc_addr))))
>  		return -EINVAL;
>  
>  	/* tpr shadow is needed by all apicv features. */
> 

Queued, thanks.

Paolo

Patch
diff mbox series

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 40aa292..d179bd6 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -10641,11 +10641,15 @@  static int nested_vmx_check_apicv_controls(struct kvm_vcpu *vcpu,
 	 * bits 15:8 should be zero in posted_intr_nv,
 	 * the descriptor address has been already checked
 	 * in nested_get_vmcs12_pages.
+	 *
+	 * bits 5:0 of posted_intr_desc_addr should be zero.
 	 */
 	if (nested_cpu_has_posted_intr(vmcs12) &&
 	   (!nested_cpu_has_vid(vmcs12) ||
 	    !nested_exit_intr_ack_set(vcpu) ||
-	    vmcs12->posted_intr_nv & 0xff00))
+	    (vmcs12->posted_intr_nv & 0xff00) ||
+	    (vmcs12->posted_intr_desc_addr & 0x3f) ||
+	    (!page_address_valid(vcpu, vmcs12->posted_intr_desc_addr))))
 		return -EINVAL;
 
 	/* tpr shadow is needed by all apicv features. */