| From ee050a577523dfd5fac95e6cc182ebe0293ead59 Mon Sep 17 00:00:00 2001 |
| From: Sean Christopherson <seanjc@google.com> |
| Date: Wed, 21 Apr 2021 19:21:24 -0700 |
| Subject: KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit |
| |
| From: Sean Christopherson <seanjc@google.com> |
| |
| commit ee050a577523dfd5fac95e6cc182ebe0293ead59 upstream. |
| |
| Drop bits 63:32 of the VMCS field encoding when checking for a nested |
| VM-Exit on VMREAD/VMWRITE in !64-bit mode. VMREAD and VMWRITE always |
| use 32-bit operands outside of 64-bit mode. |
| |
| The actual emulation of VMREAD/VMWRITE does the right thing, this bug is |
| purely limited to incorrectly causing a nested VM-Exit if a GPR happens |
| to have bits 63:32 set outside of 64-bit mode. |
| |
| Fixes: a7cde481b6e8 ("KVM: nVMX: Do not forward VMREAD/VMWRITE VMExits to L1 if required so by vmcs12 vmread/vmwrite bitmaps") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Sean Christopherson <seanjc@google.com> |
| Message-Id: <20210422022128.3464144-6-seanjc@google.com> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/kvm/vmx/nested.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/arch/x86/kvm/vmx/nested.c |
| +++ b/arch/x86/kvm/vmx/nested.c |
| @@ -5750,7 +5750,7 @@ static bool nested_vmx_exit_handled_vmcs |
| |
| /* Decode instruction info and find the field to access */ |
| vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); |
| - field = kvm_register_read(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); |
| + field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); |
| |
| /* Out-of-range fields always cause a VM exit from L2 to L1 */ |
| if (field >> 15) |
