On Mon, Mar 23, 2020 at 03:51:17PM +0100, Vitaly Kuznetsov wrote:
> Sean Christopherson <sean.j.christopherson@xxxxxxxxx> writes:
>
> > Signal VM-Fail for the single-context variant of INVEPT if the specified
> > EPTP is invalid. Per the INEVPT pseudocode in Intel's SDM, it's subject
> > to the standard EPT checks:
> >
> > If VM entry with the "enable EPT" VM execution control set to 1 would
> > fail due to the EPTP value then VMfail(Invalid operand to INVEPT/INVVPID);
> >
> > Fixes: bfd0a56b90005 ("nEPT: Nested INVEPT")
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> > ---
> > arch/x86/kvm/vmx/nested.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > index 8578513907d7..f3774cef4fd4 100644
> > --- a/arch/x86/kvm/vmx/nested.c
> > +++ b/arch/x86/kvm/vmx/nested.c
> > @@ -5156,8 +5156,12 @@ static int handle_invept(struct kvm_vcpu *vcpu)
> > }
> >
> > switch (type) {
> > - case VMX_EPT_EXTENT_GLOBAL:
> > case VMX_EPT_EXTENT_CONTEXT:
> > + if (!nested_vmx_check_eptp(vcpu, operand.eptp))
> > + return nested_vmx_failValid(vcpu,
> > + VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID);
>
> I was going to ask "and we don't seem to check that current nested VMPTR
> is valid, how can we know that nested_vmx_failValid() is the right
> VMfail() to use" but then I checked our nested_vmx_failValid() and there
> is a fallback there:
>
> if (vmx->nested.current_vmptr == -1ull && !vmx->nested.hv_evmcs)
> return nested_vmx_failInvalid(vcpu);
>
> so this is a non-issue. My question, however, transforms into "would it
> make sense to introduce nested_vmx_fail() implementing the logic from
> SDM:
>
> VMfail(ErrorNumber):
> IF VMCS pointer is valid
> THEN VMfailValid(ErrorNumber);
> ELSE VMfailInvalid;
> FI;
>
Hmm, I wouldn't be opposed to such a wrapper. It would pair with
nested_vmx_succeed().
>
> > + fallthrough;
> > + case VMX_EPT_EXTENT_GLOBAL:
> > /*
> > * TODO: Sync the necessary shadow EPT roots here, rather than
> > * at the next emulated VM-entry.
>
> Reviewed-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
>
> --
> Vitaly
>
