On Fri, Nov 30, 2018 at 9:53 AM Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> wrote: > > If a bit-pattern for the MSR-store address is so chosen that the > address is 16-bit aligned and is less than the processor's physical > width, but is a junk, VMENTRY ultimately fails even though we > pass the checks in check_vmentry_prereqs(). In such a case, the high bit > in "exit reason" will be set, denoting a VM-entry failure. But since we > call nested_vmx_store_msr() in nested_vmx_vmexit() without checking the > "exit reason", we may end up storing the MSRs at an undefined location in > memory thereby clobbering something else. This patch fixes the problem by > calling nested_vmx_store_msr() only when "exit reason" is not VM-entry > failure. This is not a very good description of the problem. Perhaps... Per the SDM, volume 3, section 26.7: VM-entry Failures During or After Loading Guest State, "no MSRs are saved into the VM-exit MSR-store area" when bit 31 of the exit reason is set.
