Re: [PATCH v3 02/37] KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 23, 2020 at 03:51:17PM +0100, Vitaly Kuznetsov wrote:
> Sean Christopherson <sean.j.christopherson@xxxxxxxxx> writes:
> 
> > Signal VM-Fail for the single-context variant of INVEPT if the specified
> > EPTP is invalid.  Per the INEVPT pseudocode in Intel's SDM, it's subject
> > to the standard EPT checks:
> >
> >   If VM entry with the "enable EPT" VM execution control set to 1 would
> >   fail due to the EPTP value then VMfail(Invalid operand to INVEPT/INVVPID);
> >
> > Fixes: bfd0a56b90005 ("nEPT: Nested INVEPT")
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> > ---
> >  arch/x86/kvm/vmx/nested.c | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > index 8578513907d7..f3774cef4fd4 100644
> > --- a/arch/x86/kvm/vmx/nested.c
> > +++ b/arch/x86/kvm/vmx/nested.c
> > @@ -5156,8 +5156,12 @@ static int handle_invept(struct kvm_vcpu *vcpu)
> >  	}
> >  
> >  	switch (type) {
> > -	case VMX_EPT_EXTENT_GLOBAL:
> >  	case VMX_EPT_EXTENT_CONTEXT:
> > +		if (!nested_vmx_check_eptp(vcpu, operand.eptp))
> > +			return nested_vmx_failValid(vcpu,
> > +				VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
> 
> I was going to ask "and we don't seem to check that current nested VMPTR
> is valid, how can we know that nested_vmx_failValid() is the right
> VMfail() to use" but then I checked our nested_vmx_failValid() and there
> is a fallback there:
> 
> 	if (vmx->nested.current_vmptr == -1ull && !vmx->nested.hv_evmcs)
> 		return nested_vmx_failInvalid(vcpu);
> 
> so this is a non-issue. My question, however, transforms into "would it
> make sense to introduce nested_vmx_fail() implementing the logic from
> SDM:
> 
> VMfail(ErrorNumber):
> 	IF VMCS pointer is valid
> 		THEN VMfailValid(ErrorNumber);
> 	ELSE VMfailInvalid;
> 	FI;
> 

Hmm, I wouldn't be opposed to such a wrapper.  It would pair with
nested_vmx_succeed().

> 
> > +		fallthrough;
> > +	case VMX_EPT_EXTENT_GLOBAL:
> >  	/*
> >  	 * TODO: Sync the necessary shadow EPT roots here, rather than
> >  	 * at the next emulated VM-entry.
> 
> Reviewed-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
> 
> -- 
> Vitaly
> 



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux