Hi! > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> > > commit 11988499e62b310f3bf6f6d0a807a06d3f9ccc96 upstream. > > KVM allows userspace to violate consistency checks related to the > guest's CPUID model to some degree. Generally speaking, userspace has > carte blanche when it comes to guest state so long as jamming invalid > state won't negatively affect the host. > > Currently this is seems to be a non-issue as most of the interesting > EFER checks are missing, e.g. NX and LME, but those will be added > shortly. Proactively exempt userspace from the CPUID checks so as not > to break userspace. > > Note, the efer_reserved_bits check still applies to userspace writes as > that mask reflects the host's capabilities, e.g. KVM shouldn't allow a > guest to run with NX=1 if it has been disabled in the host. > arch/x86/kvm/x86.c | 37 ++++++++++++++++++++++++------------- > 1 file changed, 24 insertions(+), 13 deletions(-) > > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > > -static int set_efer(struct kvm_vcpu *vcpu, u64 efer) > +static int set_efer(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > { > u64 old_efer = vcpu->arch.efer; > + u64 efer = msr_info->data; > > - if (!kvm_valid_efer(vcpu, efer)) > - return 1; > + if (efer & efer_reserved_bits) > + return false; > > - if (is_paging(vcpu) > - && (vcpu->arch.efer & EFER_LME) != (efer & EFER_LME)) > - return 1; > + if (!msr_info->host_initiated) { > + if (!__kvm_valid_efer(vcpu, efer)) > + return 1; We have "return false" in function returning int. Plus calling convention here seems to be "nonzero on error" so it should be returning 1? > @@ -2356,7 +2367,7 @@ int kvm_set_msr_common(struct kvm_vcpu * > vcpu->arch.arch_capabilities = data; > break; > case MSR_EFER: > - return set_efer(vcpu, data); > + return set_efer(vcpu, msr_info); > case MSR_K7_HWCR: > data &= ~(u64)0x40; /* ignore flush filter disable */ > data &= ~(u64)0x100; /* ignore ignne emulation enable */ > -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature