On Sat, Jun 23, 2018 at 02:35:22AM +0300, Liran Alon wrote:
> From: Jim Mattson <jmattson@xxxxxxxxxx>
>
> Haswell and later hardware masks off the irrelevant bits if the guest
> access rights fields on vmwrite, storing only the 13 relevant
> bits. This masking isn't documented anywhere. When using VMCS
> shadowing for these fields, these fields will be masked when written
> to the shadow vmcs12. For consistency, mask these fields when the
> vmwrite is handled in software.
Is there software that actively relies on this hardware behavior
or is this more of a cosmetic issue, e.g. it causes failures in a
fuzzer or memory checker of some form?
Not that it really matters, but I think it'd be more correct to
model this behavior in the VMREAD path.
> Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 4b63d6bae6bd..262029c6e3e5 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -8263,6 +8263,13 @@ static inline int vmcs12_write_any(struct vmcs12 *vmcs12,
> if (offset < 0)
> return offset;
>
> + /*
> + * For compatibility with Haswell and later, mask off the
> + * irrelevant bits of the guest access rights fields.
> + */
> + if (field >= GUEST_ES_AR_BYTES && field <= GUEST_TR_AR_BYTES)
> + field_value &= 0x1f0ff;
> +
> switch (vmcs_field_width(field)) {
> case VMCS_FIELD_WIDTH_U16:
> *(u16 *)p = field_value;
> --
> 1.9.1
>
