From patchwork Wed Oct 31 15:06:40 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Liran Alon <liran.alon@oracle.com>
X-Patchwork-Id: 10662833
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 53A1914E2
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed, 31 Oct 2018 15:07:06 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 457712AFEC
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed, 31 Oct 2018 15:07:06 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 42C102AFF3; Wed, 31 Oct 2018 15:07:06 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A8BB82AFED
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed, 31 Oct 2018 15:07:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729435AbeKAAF2 (ORCPT
        <rfc822;patchwork-kvm@patchwork.kernel.org>);
        Wed, 31 Oct 2018 20:05:28 -0400
Received: from userp2130.oracle.com ([156.151.31.86]:46294 "EHLO
        userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729350AbeKAAF1 (ORCPT <rfc822;kvm@vger.kernel.org>);
        Wed, 31 Oct 2018 20:05:27 -0400
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
        by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
 w9VF6jhe173808;
        Wed, 31 Oct 2018 15:07:00 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=from : to : cc :
 subject : date : message-id; s=corp-2018-07-02;
 bh=Y1bbX+uFI3l6WipFjbv+oja3a1zooxhBuGxWt2YP1nI=;
 b=5BNKS0Kk4iZq7tvsChtDJke7rqBg+5HPixTrJaI5Ixb6BV0OtW5kRsguXDXcrTxRs+40
 lwoh7dxScPlJyFkjUGUVDTWhPQT5x0eaRQl8nvxI+ayrhsEfbOMFpfGgog+c1Wn0pp9t
 ZX3klU+cUl6ovXeTTT5PZ+T6+1UbAZh+xRqfqnvQeVTCFpszzcm1xKs8gvP/Zl3zlgVK
 57rmmqQTDnllhwqlSMBwAg5ZfhedddKSi3a9o+ZikeEVQI47I/Pffi85wtL/fVnz5Fpd
 VrFIaIAsol9jI1/xSoQ9d7N6dRE9Zfq9106dONfYHYfH9SzlluOonNp3GnH6rLH7H/6S yA==
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71])
        by userp2130.oracle.com with ESMTP id 2nducm89wq-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 31 Oct 2018 15:07:00 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
        by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w9VF6tYF027578
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 31 Oct 2018 15:06:55 GMT
Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20])
        by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w9VF6tWp000339;
        Wed, 31 Oct 2018 15:06:55 GMT
Received: from spark.ravello.local (/213.57.127.2)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Wed, 31 Oct 2018 08:06:54 -0700
From: Liran Alon <liran.alon@oracle.com>
To: vkuznets@redhat.com, pbonzini@redhat.com, rkrcmar@redhat.com,
        kvm@vger.kernel.org
Cc: idan.brown@oracle.com, Liran Alon <liran.alon@oracle.com>
Subject: [PATCH] KVM: nVMX: Verify eVMCS revision id match supported eVMCS
 version on eVMCS VMPTRLD
Date: Wed, 31 Oct 2018 17:06:40 +0200
Message-Id: <20181031150640.8890-1-liran.alon@oracle.com>
X-Mailer: git-send-email 2.16.1
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9062
 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0
 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=957
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1807170000 definitions=main-1810310127
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

According to TLFS section 16.11.2 Enlightened VMCS, the first u32
field of eVMCS should specify eVMCS VersionNumber.

This version should be in the range of supported eVMCS versions exposed
to guest via CPUID.0x4000000A.EAX[0:15].
The range which KVM expose to guest in this CPUID field should be the
same as the value returned in vmcs_version by nested_enable_evmcs().

According to the above, eVMCS VMPTRLD should verify that version specified
in given eVMCS is in the supported range. However, current code
mistakenly verfies this field against VMCS12_REVISION.

One can also see that when KVM use eVMCS, it makes sure that
alloc_vmcs_cpu() sets allocated eVMCS revision_id to KVM_EVMCS_VERSION.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Reviewed-by: Mark Kanda <mark.kanda@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
---
 arch/x86/kvm/vmx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 4555077d69ce..36b7b6c64547 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -9369,7 +9369,7 @@ static int nested_vmx_handle_enlightened_vmptrld(struct kvm_vcpu *vcpu,
 
 		vmx->nested.hv_evmcs = kmap(vmx->nested.hv_evmcs_page);
 
-		if (vmx->nested.hv_evmcs->revision_id != VMCS12_REVISION) {
+		if (vmx->nested.hv_evmcs->revision_id != KVM_EVMCS_VERSION) {
 			nested_release_evmcs(vcpu);
 			return 0;
 		}