[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.6] nested vmx: Validate host VMX MSRs before accessing them



commit ec712ba0838b7d7fb11229d1a5ab42978c14a782
Author:     Euan Harris <euan.harris@xxxxxxxxxx>
AuthorDate: Fri Aug 5 13:46:29 2016 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Aug 5 13:46:29 2016 +0200

    nested vmx: Validate host VMX MSRs before accessing them
    
    Some VMX MSRs may not exist on certain processor models, or may
    be disabled because of configuration settings.   It is only safe to
    access these MSRs if configuration flags in other MSRs are set.  These
    prerequisites are listed in the Intel 64 and IA-32 Architectures
    Software Developerâ??s Manual, Vol 3, Appendix A.
    
    nvmx_msr_read_intercept() does not check the prerequisites before
    accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP,
    MSR_IA32_VMX_VMFUNC on the host.   Accessing these MSRs from a nested
    VMX guest running on a host which does not support them will cause
    Xen to crash with a GPF.
    
    Signed-off-by: Euan Harris <euan.harris@xxxxxxxxxx>
    Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 5e02972646132ad98c365ebfcfcb43b40a0dde36
    master date: 2016-06-13 12:44:32 +0100
---
 xen/arch/x86/hvm/vmx/vvmx.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index b0d8054..19f8246 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1869,11 +1869,22 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 
*msr_content)
         return 0;
 
     /*
-     * Those MSRs are available only when bit 55 of
-     * MSR_IA32_VMX_BASIC is set.
+     * These MSRs are only available when flags in other MSRs are set.
+     * These prerequisites are listed in the Intel 64 and IA-32
+     * Architectures Software Developerâ??s Manual, Vol 3, Appendix A.
      */
     switch ( msr )
     {
+    case MSR_IA32_VMX_PROCBASED_CTLS2:
+        if ( !cpu_has_vmx_secondary_exec_control )
+            return 0;
+        break;
+
+    case MSR_IA32_VMX_EPT_VPID_CAP:
+        if ( !(cpu_has_vmx_ept || cpu_has_vmx_vpid) )
+            return 0;
+        break;
+
     case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
     case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
     case MSR_IA32_VMX_TRUE_EXIT_CTLS:
@@ -1881,6 +1892,11 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 
*msr_content)
         if ( !(vmx_basic_msr & VMX_BASIC_DEFAULT1_ZERO) )
             return 0;
         break;
+
+    case MSR_IA32_VMX_VMFUNC:
+        if ( !cpu_has_vmx_vmfunc )
+            return 0;
+        break;
     }
 
     rdmsrl(msr, host_data);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.