| From 693e02cc24090c379217138719d9d84e50036b24 Mon Sep 17 00:00:00 2001 |
| From: Jim Mattson <jmattson@google.com> |
| Date: Fri, 6 Dec 2019 15:46:36 -0800 |
| Subject: kvm: nVMX: VMWRITE checks unsupported field before read-only field |
| |
| From: Jim Mattson <jmattson@google.com> |
| |
| commit 693e02cc24090c379217138719d9d84e50036b24 upstream. |
| |
| According to the SDM, VMWRITE checks to see if the secondary source |
| operand corresponds to an unsupported VMCS field before it checks to |
| see if the secondary source operand corresponds to a VM-exit |
| information field and the processor does not support writing to |
| VM-exit information fields. |
| |
| Fixes: 49f705c5324aa ("KVM: nVMX: Implement VMREAD and VMWRITE") |
| Signed-off-by: Jim Mattson <jmattson@google.com> |
| Cc: Paolo Bonzini <pbonzini@redhat.com> |
| Reviewed-by: Peter Shier <pshier@google.com> |
| Reviewed-by: Oliver Upton <oupton@google.com> |
| Reviewed-by: Jon Cargille <jcargill@google.com> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/x86/kvm/vmx/nested.c | 11 ++++++----- |
| 1 file changed, 6 insertions(+), 5 deletions(-) |
| |
| --- a/arch/x86/kvm/vmx/nested.c |
| +++ b/arch/x86/kvm/vmx/nested.c |
| @@ -4913,6 +4913,12 @@ static int handle_vmwrite(struct kvm_vcp |
| |
| |
| field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); |
| + |
| + offset = vmcs_field_to_offset(field); |
| + if (offset < 0) |
| + return nested_vmx_failValid(vcpu, |
| + VMXERR_UNSUPPORTED_VMCS_COMPONENT); |
| + |
| /* |
| * If the vCPU supports "VMWRITE to any supported field in the |
| * VMCS," then the "read-only" fields are actually read/write. |
| @@ -4929,11 +4935,6 @@ static int handle_vmwrite(struct kvm_vcp |
| if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field)) |
| copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12); |
| |
| - offset = vmcs_field_to_offset(field); |
| - if (offset < 0) |
| - return nested_vmx_failValid(vcpu, |
| - VMXERR_UNSUPPORTED_VMCS_COMPONENT); |
| - |
| /* |
| * Some Intel CPUs intentionally drop the reserved bits of the AR byte |
| * fields on VMWRITE. Emulate this behavior to ensure consistent KVM |