Current implementation of nested_vmcb_checks() checks only the SVME bit in EFER. We need to check all other bits of EFER including the reserved bits. This patch enhances nested_vmcb_checks() by calling kvm_valid_efer() which checks all bits of EFER. Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx> --- arch/x86/kvm/svm/nested.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 28a931fa599e..2426f50226d8 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -238,7 +238,8 @@ static bool nested_vmcb_check_cr3_cr4(struct vcpu_svm *svm, static bool nested_vmcb_checks(struct vcpu_svm *svm, struct vmcb *vmcb) { - if ((vmcb->save.efer & EFER_SVME) == 0) + if (((vmcb->save.efer & EFER_SVME) == 0) || + !kvm_valid_efer(&(svm->vcpu), vmcb->save.efer)) return false; if (((vmcb->save.cr0 & X86_CR0_CD) == 0) && -- 2.18.4