Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp1219765rwb; Thu, 11 Aug 2022 18:55:06 -0700 (PDT) X-Google-Smtp-Source: AA6agR7ybhbpBdbttxPZ59W45yo4y9EuFgajlMl5cYYAgyVD4YPidWucN24GvHAuX+dNc1RQoN24 X-Received: by 2002:a05:6402:270d:b0:43a:67b9:6eea with SMTP id y13-20020a056402270d00b0043a67b96eeamr1560673edd.94.1660269305974; Thu, 11 Aug 2022 18:55:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660269305; cv=none; d=google.com; s=arc-20160816; b=0407WYjx97wpzJreS6MoJTTeYd8DtWp2cb2gxmOvy0cJebvNYR8HVn/UIPe8a8N2fg w/G9U1efman0UglfS6ygNuhu1EsKswNF93RaEAHYQlar9dwoB/8pEULcHeZpUwmAI0eg H3/K4TyhTpBnzLbqkC9W+/wQ6XWl4JiGC46aP2b6Z5mWy23VRsQ4HTAmnlHLI6GXLBrB EHN2YhHC1/DOcTK/drN4OXdvSa0+4X34KLh7BiI4yUez5G37JY5MJe07LdWeJ1S9oyT+ YPBXwHR5iVtduaXftnqUsdYVDE37jA8RtNcQqjvkKf+vGLenwGAtsJ3xAxpQ3BvEFZm5 +1zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=0hLmF4c9/Np7OguQ6ekNDiyVwxMtzVxk9nfP6MKHVtE=; b=u9t2iyf26TrNAtAyVXEO3HiiepuoZ/IUuCJXqkFVc2CfThB4pkoevGWk7NekZu02Ef iMSHWAr2CNH1VHQGcIziW2d75I3HZcGydK/0QGin4qao+TWRWkrqyaJsNp7/es+9X2Y3 /mg7Gvv54KP+0fsIrzUeHBqNjHRQes3uITubvdQmibKbeQPQ/0/8KFesk6FmgSnSICJ1 qjD042dfzbR96v83HTH2PElveHqeoI5d2Nk8LlgzAnRyrCMOgLHwxr1UllyFLXx5OaPS lUDr01vR0LA7h2afeS4nVHrMMVhoDOSENzDCbdbERNRxCgCBbWsJfiVdHdwbjsGNry8o Bwlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HR2qpYtC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id au16-20020a170907093000b00730699ca113si536841ejc.43.2022.08.11.18.54.39; Thu, 11 Aug 2022 18:55:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HR2qpYtC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236408AbiHLBru (ORCPT + 99 others); Thu, 11 Aug 2022 21:47:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233914AbiHLBrs (ORCPT ); Thu, 11 Aug 2022 21:47:48 -0400 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A982A063C; Thu, 11 Aug 2022 18:47:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1660268867; x=1691804867; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=dmCQu5n9kOHYzH3uYzvtW2dglSnokVqA7rtZWKM7xZs=; b=HR2qpYtCzIPOMxunTUXJKBLVq9OdsykszCupVZ+rvQXwvR6xdMV7f+GX a8OGXMNZ6wlx+zHm4+mf18PXiucE9NbvRS+uXeawFY6yLfHw7czHg9jJw MjqMGKiRORSUX90ANF8gBsHFDBZPIHikEhJilNRaIJjU9jJoU23ZNKDpV pJn/dS3VThS4PjrgS7qDYSBsakNhVMksN2NVTy9S2HKY7R5Uq7fBKwp7J wZjCT+3118AHtV7DNhb02XfhhZZ7gEVmR5I2PO0bjVH+93krzC9FFVnMU Dq+oBFcOq6kasKxaCPsbMmMPZDPrC5VcLawn+axFw1qjrqRcG1PCTeKYX w==; X-IronPort-AV: E=McAfee;i="6400,9594,10436"; a="271273574" X-IronPort-AV: E=Sophos;i="5.93,231,1654585200"; d="scan'208";a="271273574" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Aug 2022 18:47:46 -0700 X-IronPort-AV: E=Sophos;i="5.93,231,1654585200"; d="scan'208";a="933543044" Received: from sqa-gate.sh.intel.com (HELO localhost.tsp.org) ([10.239.48.212]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Aug 2022 18:47:44 -0700 From: Yuan Yao To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Jim Mattson , Jon Cargille , Peter Shier , Oliver Upton , Yuan Yao Subject: [PATCH 1/1] kvm: nVMX: Checks "VMCS shadowing" with VMCS link pointer for non-root mode VM{READ,WRITE} Date: Fri, 12 Aug 2022 09:47:06 +0800 Message-Id: <20220812014706.43409-1-yuan.yao@intel.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add checking to VMCS12's "VMCS shadowing", make sure the checking of VMCS12's vmcs_link_pointer for non-root mode VM{READ,WRITE} happens only if VMCS12's "VMCS shadowing" is 1. SDM says that for non-root mode the VMCS's "VMCS shadowing" must be 1 (and the corresponding bits in VMREAD/VMWRITE bitmap must be 0) when condition checking of [B] is reached(please refer [A]), which means checking to VMCS link pointer for non-root mode VM{READ,WRITE} should happen only when "VMCS shadowing" = 1. Description from SDM Vol3(April 2022) Chapter 30.3 VMREAD/VMWRITE: IF (not in VMX operation) or (CR0.PE = 0) or (RFLAGS.VM = 1) or (IA32_EFER.LMA = 1 and CS.L = 0) THEN #UD; ELSIF in VMX non-root operation AND (“VMCS shadowing” is 0 OR source operand sets bits in range 63:15 OR VMREAD bit corresponding to bits 14:0 of source operand is 1) <------[A] THEN VMexit; ELSIF CPL > 0 THEN #GP(0); ELSIF (in VMX root operation AND current-VMCS pointer is not valid) OR (in VMX non-root operation AND VMCS link pointer is not valid) THEN VMfailInvalid; <------ [B] ... Fixes: dd2d6042b7f4 ("kvm: nVMX: VMWRITE checks VMCS-link pointer before VMCS field") Signed-off-by: Yuan Yao --- arch/x86/kvm/vmx/nested.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index ddd4367d4826..30685be54c5d 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5123,6 +5123,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu) */ if (vmx->nested.current_vmptr == INVALID_GPA || (is_guest_mode(vcpu) && + nested_cpu_has_shadow_vmcs(vcpu) && get_vmcs12(vcpu)->vmcs_link_pointer == INVALID_GPA)) return nested_vmx_failInvalid(vcpu); @@ -5233,6 +5234,7 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu) */ if (vmx->nested.current_vmptr == INVALID_GPA || (is_guest_mode(vcpu) && + nested_cpu_has_shadow_vmcs(vcpu) && get_vmcs12(vcpu)->vmcs_link_pointer == INVALID_GPA)) return nested_vmx_failInvalid(vcpu); -- 2.27.0