|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/2] x86/svm: Add SVME checking for SVM intercepts
Checks the hvm EFER.SVME bit to make sure the EFER.SVME bit it high
before allowing nested SVM intercepts to be handled successfully. On
SVME being low, it generates a #UD as per the AMD APM vol2 15.4.
Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Brian Woods <brian.woods@xxxxxxx>
---
xen/arch/x86/hvm/svm/svm.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 2e62b9bb6d..2d0a82ae77 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2587,6 +2587,35 @@ void svm_vmexit_handler(struct cpu_user_regs *regs)
eventinj.fields.vector) )
vmcb->eventinj = eventinj;
+ /*
+ * Making sure SVME is enabled see AMD APM vol2 section 15.4
+ * Nested Xen needs VMMCALL to boot. It hasn't set SVME by the time
+ * it uses it, therefore it isn't checked
+ */
+ switch ( exit_reason )
+ {
+ case VMEXIT_VMRUN:
+ case VMEXIT_VMLOAD:
+ case VMEXIT_VMSAVE:
+ case VMEXIT_CLGI:
+ case VMEXIT_INVLPGA:
+ if ( !(nestedhvm_enabled(v->domain) &&
+ nsvm_efer_svm_enabled(v)) )
+ {
+ gdprintk(XENLOG_ERR, "nestedhvm nested/SVME disabled, injecting
#UD\n");
+ hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC);
+ goto out;
+ }
+ case VMEXIT_STGI:
+ case VMEXIT_SKINIT:
+ if ( !nestedhvm_enabled(v->domain) )
+ {
+ gdprintk(XENLOG_ERR, "nestedhvm nested disabled, injecting #UD\n");
+ hvm_inject_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC);
+ goto out;
+ }
+ }
+
switch ( exit_reason )
{
case VMEXIT_INTR:
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |