Re: [PATCH 1/2][KVM nVMX]: Add a vmentry check for HOST_SYSENTER_ESP and HOST_SYSENTER_EIP fields

Jim Mattson <jmattson@xxxxxxxxxx> · Mon, 4 Feb 2019 10:22:00 -0800



On Mon, Feb 4, 2019 at 9:41 AM Krish Sadhukhan
<krish.sadhukhan@xxxxxxxxxx> wrote:
>
> According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
> following check is performed on vmentry of L2 guests:
>
>     On processors that support Intel 64 architecture, the IA32_SYSENTER_ESP
>     field and the IA32_SYSENTER_EIP field must each contain a canonical
>     address.
>
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> Reviewed-by: Mihai Carabas <mihai.carabas@xxxxxxxxxx>
> ---
>  arch/x86/kvm/vmx/nested.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 7bb5e565f3fa..65b29726ad7a 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2595,6 +2595,15 @@ static int nested_check_host_control_regs(struct kvm_vcpu *vcpu,
>             !nested_host_cr4_valid(vcpu, vmcs12->host_cr4) ||
>             !nested_cr3_valid(vcpu, vmcs12->host_cr3))
>                 return -EINVAL;
> +
> +#ifdef CONFIG_X86_64
> +       if (is_noncanonical_address(vmcs_readl(HOST_IA32_SYSENTER_ESP),
> +                                               vcpu) ||
> +           is_noncanonical_address(vmcs_readl(HOST_IA32_SYSENTER_EIP),
> +                                               vcpu))
> +               return -EINVAL;
> +#endif
> +
Shouldn't these checks be against the relevant VMCS12 fields?