From patchwork Thu Jun  9 10:14:10 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Euan Harris <euan.harris@citrix.com>
X-Patchwork-Id: 9166691
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C2E62604DB for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 10:16:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B3DF825218
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 10:16:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A8C1228336; Thu,  9 Jun 2016 10:16:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8599425218
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  9 Jun 2016 10:16:32 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1bAwyj-0001G8-U3; Thu, 09 Jun 2016 10:14:21 +0000
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=9619fce70=euan.harris@citrix.com>)
	id 1bAwyi-0001Fp-O2
	for xen-devel@lists.xenproject.org; Thu, 09 Jun 2016 10:14:20 +0000
Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id
	3F/3E-25713-C7149575; Thu, 09 Jun 2016 10:14:20 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRWlGSWpSXmKPExsXitHRDpG61Y2S
	4we9vOhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa0bXvoksBa8EKja/PsPewDiBt4uRk0NCwF/i
	wKRtzCA2m4CWxO4PC9m7GDk4RARUJG7vNQAJMwv0MUo8bjAFsYUFfCUO797KCGKzAJXM+NnFB
	GLzCrhKLP8GEZcQUJTofjaBDcTmFHCT+HjtJwuILQRUs/3XHXaIekGJkzOfsEDM15Ro3f6bHc
	KWl2jeOpsZol5Z4sOVNWDnSAhwS/zttp/AyD8LSfcsJN2zkHQvYGRexahenFpUllqka6yXVJS
	ZnlGSm5iZo2toYKaXm1pcnJiempOYVKyXnJ+7iREYfgxAsIOx45/TIUZJDiYlUd4n1pHhQnxJ
	+SmVGYnFGfFFpTmpxYcYZTg4lCR4HR2AcoJFqempFWmZOcBIgElLcPAoifDagaR5iwsSc4sz0
	yFSpxgVpcR5hUESAiCJjNI8uDZY9F1ilJUS5mUEOkSIpyC1KDezBFX+FaM4B6OSMC8nyBSezL
	wSuOmvgBYzAS1efiQcZHFJIkJKqoExlbWKR/ZE7OdHhz+15Lw2Xns2hHH7271hW1/prhfcPv0
	Eg9e5La3GM1bttDpT9PFKqFf1UTX9Hsklci/1LNe0rLmSufXbdNWWT+3fFsgf1rNqztmrtGB/
	dMOhxrTzi86uuedruWlZwtEtTqk7mwRvlra7BGkxSpqzRIfwftme+u3/e5kPP44eUmIpzkg01
	GIuKk4EAES3GxW5AgAA
X-Env-Sender: prvs=9619fce70=euan.harris@citrix.com
X-Msg-Ref: server-11.tower-21.messagelabs.com!1465467258!18097248!1
X-Originating-IP: [66.165.176.89]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 10324 invoked from network); 9 Jun 2016 10:14:19 -0000
Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89)
	by server-11.tower-21.messagelabs.com with RC4-SHA encrypted SMTP;
	9 Jun 2016 10:14:19 -0000
X-IronPort-AV: E=Sophos;i="5.26,444,1459814400"; d="scan'208";a="359384663"
From: Euan Harris <euan.harris@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Thu, 9 Jun 2016 10:14:10 +0000
Message-ID: <1465467250-8742-3-git-send-email-euan.harris@citrix.com>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1465467250-8742-1-git-send-email-euan.harris@citrix.com>
References: <1465467250-8742-1-git-send-email-euan.harris@citrix.com>
MIME-Version: 1.0
X-DLP: MIA1
Cc: andrew.cooper3@citrix.com, kevin.tian@intel.com,
	Euan Harris <euan.harris@citrix.com>, jun.nakajima@intel.com,
	jbeulich@suse.com
Subject: [Xen-devel] [PATCH 2/2] nested vmx: Validate host VMX MSRs before
	accessing them
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Some VMX MSRs may not exist on certain processor models, or may
be disabled because of configuration settings.   It is only safe to
access these MSRs if configuration flags in other MSRs are set.  These
prerequisites are listed in the Intel 64 and IA-32 Architectures
Software Developer’s Manual, Vol 3, Appendix A.

nvmx_msr_read_intercept() does not check the prerequisites before
accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP,
MSR_IA32_VMX_VMFUNC on the host.   Accessing these MSRs from a nested
VMX guest running on a host which does not support them will cause
Xen to crash with a GPF.

Signed-off-by: Euan Harris <euan.harris@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>, with above fixed.
---
 xen/arch/x86/hvm/vmx/vvmx.c |   22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index d9493ff..ddc25bf 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1820,11 +1820,20 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content)
         return 0;
 
     /*
-     * Those MSRs are available only when bit 55 of
-     * MSR_IA32_VMX_BASIC is set.
+     * These MSRs are only available when flags in other MSRs are set.
+     * These prerequisites are listed in the Intel 64 and IA-32
+     * Architectures Software Developer’s Manual, Vol 3, Appendix A.
      */
-    switch ( msr )
-    {
+    switch ( msr ) { case MSR_IA32_VMX_PROCBASED_CTLS2:
+        if ( !cpu_has_vmx_secondary_exec_control )
+            return 0;
+        break;
+
+    case MSR_IA32_VMX_EPT_VPID_CAP:
+        if ( !(cpu_has_vmx_ept || cpu_has_vmx_vpid) )
+            return 0;
+        break;
+
     case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
     case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
     case MSR_IA32_VMX_TRUE_EXIT_CTLS:
@@ -1832,6 +1841,11 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content)
         if ( !(vmx_basic_msr & VMX_BASIC_DEFAULT1_ZERO) )
             return 0;
         break;
+
+    case MSR_IA32_VMX_VMFUNC:
+        if ( !cpu_has_vmx_vmfunc )
+            return 0;
+        break;
     }
 
     rdmsrl(msr, host_data);