From: Jim Mattson <jmattson@xxxxxxxxxx>
Haswell and later hardware masks off the irrelevant bits if the guest
access rights fields on vmwrite, storing only the 13 relevant
bits. This masking isn't documented anywhere. When using VMCS
shadowing for these fields, these fields will be masked when written
to the shadow vmcs12. For consistency, mask these fields when the
vmwrite is handled in software.
Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>
Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
---
arch/x86/kvm/vmx.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 4b63d6bae6bd..262029c6e3e5 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8263,6 +8263,13 @@ static inline int vmcs12_write_any(struct vmcs12 *vmcs12,
if (offset < 0)
return offset;
+ /*
+ * For compatibility with Haswell and later, mask off the
+ * irrelevant bits of the guest access rights fields.
+ */
+ if (field >= GUEST_ES_AR_BYTES && field <= GUEST_TR_AR_BYTES)
+ field_value &= 0x1f0ff;
+
switch (vmcs_field_width(field)) {
case VMCS_FIELD_WIDTH_U16:
*(u16 *)p = field_value;
--
1.9.1
