According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following check needs to be enforced on vmentry of L2 guests:
If the "enable PML" VM-execution control is 1, the "enable EPT"
VM-execution control must also be 1. In addition, the PML address
must satisfy the following checks:
— Bits 11:0 of the address must be 0.
— The address should not set any bits beyond the processor’s
physical-address width.
Patch# 1 adds the missing check for reserved bits to nested_vmx_check_pml_controls().
Patch# 2 adds a KVM unit test.
[PATCH 1/2][KVM] nVMX x86: Add a check for reserved bits [11:0] of PML address
[PATCH 2/2][kvm-unit-test] nVMX x86: Check PML and EPT on vmentry of L2 guests
arch/x86/include/asm/vmx.h | 2 ++
arch/x86/kvm/vmx.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
Krish Sadhukhan (1):
nVMX x86: Add a check for reserved bits [11:0] of PML address
x86/vmx.h | 3 ++
x86/vmx_tests.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 91 insertions(+), 11 deletions(-)
Krish Sadhukhan (1):
nVMX x86: Check PML and EPT on vmentry of L2 guests
