From: Paolo Bonzini <pbonzini@redhat.com>
To: Lara Lazier <laramglazier@gmail.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH 1/4] target/i386: Added MSRPM and IOPM size check
Date: Tue, 6 Jul 2021 18:01:50 +0200 [thread overview]
Message-ID: <72218a72-c1c9-9008-6870-c78d095446f1@redhat.com> (raw)
In-Reply-To: <20210705081802.18960-2-laramglazier@gmail.com>
On 05/07/21 10:17, Lara Lazier wrote:
> The address of the last entry in the MSRPM and
> in the IOPM must be smaller than the largest physical address.
> (APM2 15.10-15.11)
>
> Signed-off-by: Lara Lazier <laramglazier@gmail.com>
> ---
> target/i386/svm.h | 3 +++
> target/i386/tcg/sysemu/svm_helper.c | 15 +++++++++++++++
> 2 files changed, 18 insertions(+)
>
> diff --git a/target/i386/svm.h b/target/i386/svm.h
> index 5098733053..adc058dc76 100644
> --- a/target/i386/svm.h
> +++ b/target/i386/svm.h
> @@ -137,6 +137,9 @@
>
> #define SVM_CR0_RESERVED_MASK 0xffffffff00000000U
>
> +#define SVM_MSRPM_SIZE (1ULL << 13)
> +#define SVM_IOPM_SIZE ((1ULL << 13) + 1)
> +
> struct QEMU_PACKED vmcb_control_area {
> uint16_t intercept_cr_read;
> uint16_t intercept_cr_write;
> diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
> index 1c2dbc1862..fa701829e5 100644
> --- a/target/i386/tcg/sysemu/svm_helper.c
> +++ b/target/i386/tcg/sysemu/svm_helper.c
> @@ -68,6 +68,7 @@ static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr,
> void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
> {
> CPUState *cs = env_cpu(env);
> + X86CPU *cpu = env_archcpu(env);
> target_ulong addr;
> uint64_t nested_ctl;
> uint32_t event_inj;
> @@ -159,6 +160,20 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
> asid = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
> control.asid));
>
> + uint64_t msrpm_base_pa = x86_ldq_phys(cs, env->vm_vmcb +
> + offsetof(struct vmcb,
> + control.msrpm_base_pa));
> + uint64_t iopm_base_pa = x86_ldq_phys(cs, env->vm_vmcb +
> + offsetof(struct vmcb, control.iopm_base_pa));
> +
> + if ((msrpm_base_pa & ~0xfff) >= (1ull << cpu->phys_bits) - SVM_MSRPM_SIZE) {
> + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
> + }
> +
> + if ((iopm_base_pa & ~0xfff) >= (1ull << cpu->phys_bits) - SVM_IOPM_SIZE) {
> + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
> + }
> +
> env->nested_pg_mode = 0;
>
> if (!cpu_svm_has_intercept(env, SVM_EXIT_VMRUN)) {
>
Queued, thanks.
Paolo
next prev parent reply other threads:[~2021-07-06 16:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-05 8:17 [PATCH 0/4] target/i386: Continuing fixing kvm-unit-tests for svm Lara Lazier
2021-07-05 8:17 ` [PATCH 1/4] target/i386: Added MSRPM and IOPM size check Lara Lazier
2021-07-06 16:01 ` Paolo Bonzini [this message]
2021-07-05 8:18 ` [PATCH 2/4] target/i386: Added DR6 and DR7 consistency checks Lara Lazier
2021-07-06 16:02 ` Paolo Bonzini
2021-07-05 8:18 ` [PATCH 3/4] target/i386: Added consistency checks for EFER Lara Lazier
2021-07-06 16:48 ` Paolo Bonzini
2021-07-05 8:18 ` [PATCH 4/4] target/i386: Added VMRUN consistency checks for CR3 and CR4 Lara Lazier
2021-07-06 16:52 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=72218a72-c1c9-9008-6870-c78d095446f1@redhat.com \
--to=pbonzini@redhat.com \
--cc=laramglazier@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.