On Mon, 2021-06-28 at 12:44 +0200, Vitaly Kuznetsov wrote:
> APM states that "The address written to the VM_HSAVE_PA MSR, which holds
> the address of the page used to save the host state on a VMRUN, must point
> to a hypervisor-owned page. If this check fails, the WRMSR will fail with
> a #GP(0) exception. Note that a value of 0 is not considered valid for the
> VM_HSAVE_PA MSR and a VMRUN that is attempted while the HSAVE_PA is 0 will
> fail with a #GP(0) exception."
>
> svm_set_msr() already checks that the supplied address is valid, so only
> check for '0' is missing. Add it to nested_svm_vmrun().
>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
> ---
> arch/x86/kvm/svm/nested.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 21d03e3a5dfd..1c6b0698b52e 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -618,6 +618,11 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
> struct kvm_host_map map;
> u64 vmcb12_gpa;
>
> + if (!svm->nested.hsave_msr) {
> + kvm_inject_gp(vcpu, 0);
> + return 1;
> + }
> +
> if (is_smm(vcpu)) {
> kvm_queue_exception(vcpu, UD_VECTOR);
> return 1;
Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
Best regards,
Maxim Levitsky
