From: Euan Harris <euan.harris@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: andrew.cooper3@citrix.com, kevin.tian@intel.com,
Euan Harris <euan.harris@citrix.com>,
jun.nakajima@intel.com, jbeulich@suse.com
Subject: [PATCH 2/2] nested vmx: Validate host VMX MSRs before accessing them
Date: Thu, 9 Jun 2016 10:14:10 +0000 [thread overview]
Message-ID: <1465467250-8742-3-git-send-email-euan.harris@citrix.com> (raw)
In-Reply-To: <1465467250-8742-1-git-send-email-euan.harris@citrix.com>
Some VMX MSRs may not exist on certain processor models, or may
be disabled because of configuration settings. It is only safe to
access these MSRs if configuration flags in other MSRs are set. These
prerequisites are listed in the Intel 64 and IA-32 Architectures
Software Developer’s Manual, Vol 3, Appendix A.
nvmx_msr_read_intercept() does not check the prerequisites before
accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP,
MSR_IA32_VMX_VMFUNC on the host. Accessing these MSRs from a nested
VMX guest running on a host which does not support them will cause
Xen to crash with a GPF.
Signed-off-by: Euan Harris <euan.harris@citrix.com>
---
xen/arch/x86/hvm/vmx/vvmx.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index d9493ff..ddc25bf 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1820,11 +1820,20 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content)
return 0;
/*
- * Those MSRs are available only when bit 55 of
- * MSR_IA32_VMX_BASIC is set.
+ * These MSRs are only available when flags in other MSRs are set.
+ * These prerequisites are listed in the Intel 64 and IA-32
+ * Architectures Software Developer’s Manual, Vol 3, Appendix A.
*/
- switch ( msr )
- {
+ switch ( msr ) { case MSR_IA32_VMX_PROCBASED_CTLS2:
+ if ( !cpu_has_vmx_secondary_exec_control )
+ return 0;
+ break;
+
+ case MSR_IA32_VMX_EPT_VPID_CAP:
+ if ( !(cpu_has_vmx_ept || cpu_has_vmx_vpid) )
+ return 0;
+ break;
+
case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
case MSR_IA32_VMX_TRUE_EXIT_CTLS:
@@ -1832,6 +1841,11 @@ int nvmx_msr_read_intercept(unsigned int msr, u64 *msr_content)
if ( !(vmx_basic_msr & VMX_BASIC_DEFAULT1_ZERO) )
return 0;
break;
+
+ case MSR_IA32_VMX_VMFUNC:
+ if ( !cpu_has_vmx_vmfunc )
+ return 0;
+ break;
}
rdmsrl(msr, host_data);
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-06-09 10:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-09 10:14 [PATCH 0/2] Validate host VMX MSRs before accessing them Euan Harris
2016-06-09 10:14 ` [PATCH 1/2] nested vmx: Fix comment typos in nvmx_msr_read_intercept() Euan Harris
2016-06-12 7:37 ` Tian, Kevin
2016-06-09 10:14 ` Euan Harris [this message]
2016-06-09 12:47 ` [PATCH 2/2] nested vmx: Validate host VMX MSRs before accessing them Jan Beulich
2016-06-09 13:20 ` Euan Harris
2016-06-12 7:39 ` Tian, Kevin
2016-06-13 12:13 ` [PATCH 0/2] " Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1465467250-8742-3-git-send-email-euan.harris@citrix.com \
--to=euan.harris@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).