According to section "Nested Paging and VMRUN/#VMEXIT" in APM vol 2, the
following guest state is illegal:
"Any MBZ bit of nCR3 is set"
According to section "System-Control Registers" in APM vol 2,
"All CR3 bits are writable, except for unimplemented physical
address bits, which must be cleared to 0."
Therefore, if any bit in nCR3 is set beyond VCPU's implemented physical bit
width, return VMEXIT_INVALID.
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
---
arch/x86/kvm/svm/nested.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 510b833cbd39..3b1d2da8820d 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -247,7 +247,8 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
if (CC(control->asid == 0))
return false;
- if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && !npt_enabled))
+ if (CC((control->nested_ctl & SVM_NESTED_CTL_NP_ENABLE) && (!npt_enabled
+ || control->nested_cr3 & rsvd_bits(vcpu->arch.maxphyaddr, 63))))
return false;
if (CC(!nested_svm_check_bitmap_pa(vcpu, control->msrpm_base_pa,
--
2.27.0
