Re: [PATCH] kvm: nVMX: Validate the virtual-APIC address on nested VM-entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yes, hardware will check that condition. However, that exposes a more
fundamental defect in the kvm implementation: it is possible for an
explicitly checked guest state error to take priority over an
implicitly checked control field error.

On Mon, Aug 28, 2017 at 8:27 AM, David Hildenbrand <david@xxxxxxxxxx> wrote:
> On 24.08.2017 22:24, Jim Mattson wrote:
>> According to the SDM, if the "use TPR shadow" VM-execution control is
>> 1, bits 11:0 of the virtual-APIC address must be 0 and the address
>> should set any bits beyond the processor's physical-address width.
>>
>> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
>> ---
>>  arch/x86/kvm/vmx.c | 15 +++++++++++++++
>>  1 file changed, 15 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 19aa69af7c2d..abe8caf9756a 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -9915,6 +9915,18 @@ static int nested_vmx_check_msr_bitmap_controls(struct kvm_vcpu *vcpu,
>>       return 0;
>>  }
>>
>> +static int nested_vmx_check_tpr_shadow_controls(struct kvm_vcpu *vcpu,
>> +                                             struct vmcs12 *vmcs12)
>> +{
>> +     if (!nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW))
>> +             return 0;
>> +
>> +     if (!page_address_valid(vcpu, vmcs12->virtual_apic_page_addr))
>> +             return -EINVAL;
>> +
>> +     return 0;
>> +}
>> +
>>  /*
>>   * Merge L0's and L1's MSR bitmap, return false to indicate that
>>   * we do not use the hardware.
>> @@ -10601,6 +10613,9 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
>>       if (nested_vmx_check_msr_bitmap_controls(vcpu, vmcs12))
>>               return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
>>
>> +     if (nested_vmx_check_tpr_shadow_controls(vcpu, vmcs12))
>> +             return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
>> +
>>       if (nested_vmx_check_apicv_controls(vcpu, vmcs12))
>>               return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
>>
>>
>
> Should we also test for
>
> If the “use TPR shadow” VM-execution control is 1 and the
> “virtual-interrupt delivery” VM-execution control is
> 0, bits 31:4 of the TPR threshold VM-execution control field must be 0. 5
>
> (I guess HW will implicitly check this for us?)
>
> --
>
> Thanks,
>
> David
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux