Received: by 2002:a17:90a:9307:0:0:0:0 with SMTP id p7csp3950945pjo; Tue, 3 Mar 2020 09:59:45 -0800 (PST) X-Google-Smtp-Source: ADFU+vvDDIten5GXbtXbW2aMuWqA4u3cKX7KHfdizXk4Wh7551TP0eOt9y/WCYbTwzz3fkKVQ/ak X-Received: by 2002:a05:6808:153:: with SMTP id h19mr3208965oie.80.1583258385404; Tue, 03 Mar 2020 09:59:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583258385; cv=none; d=google.com; s=arc-20160816; b=zXXW7L6cdbWGXYSgyZ7gZJjihdsej2Bq5oDDg7kwQ4a4iJr3Xs/3LYjPDZQsucQJ9b rbQYLEnuRNHlt/kfIgSGzTYXwW/emo54jqktLwZgTHtl8JLy+CjF+1ocpEDek2rnkslo WlQbltPqaAy3eHxsi21vr0WcSDQq/k7uwLgdQNW7X82+0t3Pjn/z0CAAaFEoKWd8XsB4 StLLpkQhF+Jq2szgANEp5SARJoLEhXm8OVBx/WnlSbsa9i1RNSw272E3QN70d3KICXfl 9erx2beja4bkjcq4Yr/RfvxY0yK0BEY5VstkRnK8OkaZ7JWcHu5xurGZmoYrvoWC1xqH eV6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DnWqVdZnMsSr44ynmneSw6/SqjgnHzYIgY+6KzYcU78=; b=gPEgwplSlbChA2mlXl73pCy1BSu/5isYMtA+hnj4I/YUHW5elmooSIe+uZ/Jw8Ec6H 7llsyM4KXOeuSxZpmeF6K8FCzyGTId4t/mDwDgbRXRn4pyS5UrmmLCxZc0AjzQ28+xby JWXaLqV2blF8YRDrks7L9fPnK4bQRX5LrJiUPcVg0fSBHJxOao5kBeUNFFhRDzwBui14 sZiEZHkI16Y7L3L4ylUTMwxmgIYI/OjpRWrFxHfwVSGQvxfjIDZcUUScbaWOeG69NJDU McrMUYqHO9+iC5pfJWo0CLzyDv2rr1k6Ft4tcC9bUP8y3zmDT9eM6Bk62LAZcXTWJkEw L3bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fKiL6KEN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y15si246299oto.19.2020.03.03.09.59.33; Tue, 03 Mar 2020 09:59:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fKiL6KEN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387407AbgCCR6a (ORCPT + 99 others); Tue, 3 Mar 2020 12:58:30 -0500 Received: from mail.kernel.org ([198.145.29.99]:41324 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732859AbgCCR63 (ORCPT ); Tue, 3 Mar 2020 12:58:29 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5D80A20728; Tue, 3 Mar 2020 17:58:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583258308; bh=008dOLlFKIktXb24OrvAG80tGZUu59mSd3sOA31cZbA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fKiL6KENobMFploB8KNNeJM7EbFKtPad30XeQrBiaJvVs4jRpDNUScNZqxLsPEvb9 egTIVO5Z7+zmziBnfLSQHENjAU3j0dmbxuvI46+Vvy8vf5sHrqgaHk5i18IFtEXsTY xgr5aay1GyCJuoaehmNOkd2lsNUOoA1ncsAa5JKw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jim Mattson , Paolo Bonzini , Peter Shier , Oliver Upton , Jon Cargille Subject: [PATCH 5.4 152/152] kvm: nVMX: VMWRITE checks unsupported field before read-only field Date: Tue, 3 Mar 2020 18:44:10 +0100 Message-Id: <20200303174320.103888736@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200303174302.523080016@linuxfoundation.org> References: <20200303174302.523080016@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jim Mattson commit 693e02cc24090c379217138719d9d84e50036b24 upstream. According to the SDM, VMWRITE checks to see if the secondary source operand corresponds to an unsupported VMCS field before it checks to see if the secondary source operand corresponds to a VM-exit information field and the processor does not support writing to VM-exit information fields. Fixes: 49f705c5324aa ("KVM: nVMX: Implement VMREAD and VMWRITE") Signed-off-by: Jim Mattson Cc: Paolo Bonzini Reviewed-by: Peter Shier Reviewed-by: Oliver Upton Reviewed-by: Jon Cargille Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/vmx/nested.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4741,6 +4741,12 @@ static int handle_vmwrite(struct kvm_vcp field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); + + offset = vmcs_field_to_offset(field); + if (offset < 0) + return nested_vmx_failValid(vcpu, + VMXERR_UNSUPPORTED_VMCS_COMPONENT); + /* * If the vCPU supports "VMWRITE to any supported field in the * VMCS," then the "read-only" fields are actually read/write. @@ -4757,11 +4763,6 @@ static int handle_vmwrite(struct kvm_vcp if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field)) copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12); - offset = vmcs_field_to_offset(field); - if (offset < 0) - return nested_vmx_failValid(vcpu, - VMXERR_UNSUPPORTED_VMCS_COMPONENT); - /* * Some Intel CPUs intentionally drop the reserved bits of the AR byte * fields on VMWRITE. Emulate this behavior to ensure consistent KVM