On 07/12/19 00:12, Krish Sadhukhan wrote: > According to section "Checks on Guest Control Registers, Debug Registers, and > and MSRs" in Intel SDM vol 3C, the following checks are performed on vmentry > of nested guests: > > "The IA32_SYSENTER_ESP field and the IA32_SYSENTER_EIP field must each > contain a canonical address." > > Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> > Reviewed-by: Karl Heubaum <karl.heubaum@xxxxxxxxxx> > --- > arch/x86/kvm/vmx/nested.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c > index 0e7c9301fe86..a2d1c305a7d8 100644 > --- a/arch/x86/kvm/vmx/nested.c > +++ b/arch/x86/kvm/vmx/nested.c > @@ -2770,6 +2770,10 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu, > CC(!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4))) > return -EINVAL; > > + if (CC(!is_noncanonical_address(vmcs12->guest_sysenter_esp)) || > + CC(!is_noncanonical_address(vmcs12->guest_sysenter_eip))) > + return -EINVAL; This should not be negated. That said, the new tests pass even without this check, and that's not surprising since the MSRs are passed through to the vmcs02 directly. Paolo > if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PAT) && > CC(!kvm_pat_valid(vmcs12->guest_ia32_pat))) > return -EINVAL; >
