[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen staging] x86/hvm: Disallow unknown MSR_EFER bits

commit ef0269c6215d642a709866f04ba1a1f9f13f3614
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Jul 20 15:42:04 2018 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Jul 24 11:25:53 2018 +0100

    x86/hvm: Disallow unknown MSR_EFER bits
    It turns out that nothing ever prevented HVM guests from trying to set 
    EFER bits.  Generally, this results in a vmentry failure.
    For Intel hardware, all implemented bits are covered by the checks.
    For AMD hardware, the only EFER bit which isn't covered by the checks is TCE
    (which AFAICT is specific to AMD Fam15/16 hardware).  We never advertise TCE
    in CPUID, but it isn't a security problem to have TCE unexpected enabled in
    guest context.
    Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents
    any vmentry failures for guests, yielding #GP instead.
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
 xen/arch/x86/hvm/hvm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 1816faa9b3..c099c617e8 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -907,6 +907,9 @@ const char *hvm_efer_valid(const struct vcpu *v, uint64_t 
         p = &host_cpuid_policy;
+    if ( value & ~EFER_KNOWN_MASK )
+        return "Unknown bits set";
     if ( (value & EFER_SCE) && !p->extd.syscall )
         return "SCE without feature";
generated by git-patchbot for /home/xen/git/xen.git#staging

Xen-changelog mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.