On Mon, Dec 6, 2021 at 6:03 PM Krish Sadhukhan
<krish.sadhukhan@xxxxxxxxxx> wrote:
>
> According to section "Nested Paging and VMRUN/#VMEXIT" in APM vol 2, the
> following guest state is illegal:
>
> "Any MBZ bit of nCR3 is set"
>
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> ---
> arch/x86/include/asm/svm.h | 3 +++
> arch/x86/kvm/svm/nested.c | 3 ++-
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
> index b00dbc5fac2b..a769e3343b07 100644
> --- a/arch/x86/include/asm/svm.h
> +++ b/arch/x86/include/asm/svm.h
> @@ -216,9 +216,12 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
> #define SVM_VM_CR_SVM_LOCK_MASK 0x0008ULL
> #define SVM_VM_CR_SVM_DIS_MASK 0x0010ULL
>
> +#define SVM_CR3_LONG_MBZ_MASK 0xfff0000000000000U
> +
> #define SVM_NESTED_CTL_NP_ENABLE BIT(0)
> #define SVM_NESTED_CTL_SEV_ENABLE BIT(1)
> #define SVM_NESTED_CTL_SEV_ES_ENABLE BIT(2)
> +#define SVM_NESTED_CR3_MBZ_MASK SVM_CR3_LONG_MBZ_MASK
A fixed mask isn't sufficient. According to the APM, "All CR3 bits are
writable, except for unimplemented physical address bits, which must
be cleared to 0." In this context, that means that the MBZ bits for L1
are all bits above L1's physical address width, given by
CPUID.80000008H:EAX[7:0] (or 36, if this CPUID leaf doesn't exist).
