Received: by 2002:a17:90a:9307:0:0:0:0 with SMTP id p7csp3945640pjo; Tue, 3 Mar 2020 09:53:27 -0800 (PST) X-Google-Smtp-Source: ADFU+vvhWcQrslnt/McQtjg07HDQnqkEnSr7spgio1Eh0ixw3pEGemjf5et2LyZO5tysTD1uuQA5 X-Received: by 2002:a05:6830:1511:: with SMTP id k17mr4171160otp.53.1583258007643; Tue, 03 Mar 2020 09:53:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583258007; cv=none; d=google.com; s=arc-20160816; b=UvA+ErAsdn6cD3HNVeE0cKyLTM2jxVEFTL1pjrNhX1mNqDIaT/9cidlHmzfgk3csUV Our4xwL7TW26eB7/TtaJ+N/j/tNOS7CumHBIjogRQrXAfJ1RugvCOj7plAAR8dWFaPIh X6DdutGSssscjcwpt7xt91I3i8uAKBtP3AnHNKDddrV10y1T9R1w9Fk3MEpqwDgjH3iB MhRmmJFpegzOp8okGcTR//lrPNNmY85+n06Sph2D6k3DU4VVbIuOk+5+9IyMocjzkA/C C+uAphx1tvDM5FK7+e2c21Mh/BcZXT22YtDi/QIqgTyX2Hl0OCNBQCuxtnqnTbrblFjN FY8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NkG5fGyjRZyBOBiDmZxcIcj/CPpy7chlKDoT90SwjIY=; b=GhlxZOlA3TwF9UxB8mkqDUD6ChJQh+B7yuzsv/Tt/vCBG1aTUGE3MAZF4hrPg0p82n hrQ7ZbQg/n3p7XmuXRQSCT/xolBZQGst6jYFs/HJJv9idYEdJGMhiwRoHoj0BApKCzXH LvPPUKBZY158Xu3cJCeKLFvSueOzbVBY/v3dUTadCZsMI96Cs+onvJuR6M9oV/bmRys1 QpHp07gkUNTwfihSgsC263Du9fbC6ZRJPDbspWCqJJprPxup9AqL1kQcNSewSf2nz4Tw ylprwWqhn4Liog0Idjk9RyLZJ9h/arX+yU8LSiOsvobSUZydxvATHyioqwJ0+DflUtDX jYFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uW5PoP0I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9si8281395otc.86.2020.03.03.09.53.15; Tue, 03 Mar 2020 09:53:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uW5PoP0I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732055AbgCCRvv (ORCPT + 99 others); Tue, 3 Mar 2020 12:51:51 -0500 Received: from mail.kernel.org ([198.145.29.99]:60062 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729853AbgCCRvu (ORCPT ); Tue, 3 Mar 2020 12:51:50 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 00C632146E; Tue, 3 Mar 2020 17:51:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583257909; bh=WfzeI94fS+gc37RIiNNQGbYoTUUCUwAIis3PYtelong=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uW5PoP0ILuiEq9tWP4k41kWGKWpFc2GoOv7D6Mw/YBtiL/IQEe8PFhDEzLpIAwVA2 vfXGDADoEpz5UP6yy4DPvHpU7WC9UuO8YbgkZdWd0sgsSOUzVTRX3ht0Wi/5hNk2r7 bbsBACnEjN9oPcbR6t+DUhcNztIHdDrF6qu0eUUs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jim Mattson , Paolo Bonzini , Peter Shier , Oliver Upton , Jon Cargille Subject: [PATCH 5.5 176/176] kvm: nVMX: VMWRITE checks unsupported field before read-only field Date: Tue, 3 Mar 2020 18:44:00 +0100 Message-Id: <20200303174324.138623964@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200303174304.593872177@linuxfoundation.org> References: <20200303174304.593872177@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jim Mattson commit 693e02cc24090c379217138719d9d84e50036b24 upstream. According to the SDM, VMWRITE checks to see if the secondary source operand corresponds to an unsupported VMCS field before it checks to see if the secondary source operand corresponds to a VM-exit information field and the processor does not support writing to VM-exit information fields. Fixes: 49f705c5324aa ("KVM: nVMX: Implement VMREAD and VMWRITE") Signed-off-by: Jim Mattson Cc: Paolo Bonzini Reviewed-by: Peter Shier Reviewed-by: Oliver Upton Reviewed-by: Jon Cargille Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/vmx/nested.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4940,6 +4940,12 @@ static int handle_vmwrite(struct kvm_vcp field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); + + offset = vmcs_field_to_offset(field); + if (offset < 0) + return nested_vmx_failValid(vcpu, + VMXERR_UNSUPPORTED_VMCS_COMPONENT); + /* * If the vCPU supports "VMWRITE to any supported field in the * VMCS," then the "read-only" fields are actually read/write. @@ -4956,11 +4962,6 @@ static int handle_vmwrite(struct kvm_vcp if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field)) copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12); - offset = vmcs_field_to_offset(field); - if (offset < 0) - return nested_vmx_failValid(vcpu, - VMXERR_UNSUPPORTED_VMCS_COMPONENT); - /* * Some Intel CPUs intentionally drop the reserved bits of the AR byte * fields on VMWRITE. Emulate this behavior to ensure consistent KVM