From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753950AbdKCGk5 (ORCPT <rfc822;w@1wt.eu>);
        Fri, 3 Nov 2017 02:40:57 -0400
Received: from mail-ot0-f196.google.com ([74.125.82.196]:44247 "EHLO
        mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752180AbdKCGk4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Nov 2017 02:40:56 -0400
X-Google-Smtp-Source: ABhQp+QVgoOXAnSfd7dQTyNfED1G6EL1yuhiIQ2L3Yckhcvkq6y1D68x+hZa6nzG4GRPoG0cVWHrZ6fH1sFMKlVjZkE=
MIME-Version: 1.0
In-Reply-To: <0b1d82f7-2fc6-9fc0-15a4-3500413814bd@oracle.com>
References: <1509670249-4907-1-git-send-email-wanpeng.li@hotmail.com>
 <1509670249-4907-2-git-send-email-wanpeng.li@hotmail.com> <0b1d82f7-2fc6-9fc0-15a4-3500413814bd@oracle.com>
From: Wanpeng Li <kernellwp@gmail.com>
Date: Fri, 3 Nov 2017 14:40:55 +0800
Message-ID: <CANRm+Cyrx6=Zt-B7A29nJ4gm1e2a0e7ObNxJJCaWn29kH==EZw@mail.gmail.com>
Subject: Re: [PATCH v5 2/3] KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry
To: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, Radim Krcmar <rkrcmar@redhat.com>,
        kvm <kvm@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Jim Mattson <jmattson@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id vA36f1Be012868

2017-11-03 14:31 GMT+08:00 Krish Sadhukhan <krish.sadhukhan@oracle.com>:
>
>
> On 11/02/2017 05:50 PM, Wanpeng Li wrote:
>>
>> From: Wanpeng Li <wanpeng.li@hotmail.com>
>>
>> According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is 1,
>> the
>> following checks are performed on the field for the IA32_BNDCFGS MSR:
>>   - Bits reserved in the IA32_BNDCFGS MSR must be 0.
>>   - The linear address in bits 63:12 must be canonical.
>>
>> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Radim Krčmář <rkrcmar@redhat.com>
>> Cc: Jim Mattson <jmattson@google.com>
>> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
>> ---
>> v3 -> v4:
>>   * simply condition
>>   * use && instead of nested "if"s
>>
>>   arch/x86/kvm/vmx.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index e6c8ffa..6cf3972 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -10805,6 +10805,11 @@ static int check_vmentry_postreqs(struct kvm_vcpu
>> *vcpu, struct vmcs12 *vmcs12,
>>                         return 1;
>>         }
>>   +     if (kvm_mpx_supported() &&
>> +               (is_noncanonical_address(vmcs12->guest_bndcfgs &
>> PAGE_MASK, vcpu) ||
>> +               (vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
>> +                       return 1;
>> +
>>         return 0;
>>   }
>>
>
> Hi Wanpeng,
>   The SDM check is performed only when "load IA32_BNDCFGS" VM-entry control
> is 1. But vmx_mpx_supported() returns true when both "load IA32_BNDCFGS" and
> "store IA32_BNDCFGS" VM-entry controls are 1. Therefore your check is
> performed when both controls are 1. Did I miss something here ?

https://lkml.org/lkml/2017/11/2/748 Paolo hopes the simplification.

Regards,
Wanpeng Li