Received: by 10.223.164.221 with SMTP id h29csp3017815wrb;
        Thu, 2 Nov 2017 23:41:45 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+QB6zrsOOFxUjZ0/n7bUAteoqiDjBH+eX4/lv8YxJhZzrx/AKeOrPDzC67O0zZln3nvjaFe
X-Received: by 10.101.81.139 with SMTP id h11mr6105890pgq.233.1509691305320;
        Thu, 02 Nov 2017 23:41:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509691305; cv=none;
        d=google.com; s=arc-20160816;
        b=gAt5G1EgKSuCzxwlBrA3+NWe9FrrwfccSOmsIcFiK/uqBTxjvVi7hBnNUehJaW2/y/
         0kxKatc/QALwdpHz2UMm2blKmWnVbvQBJzH9+qafeSd/eyJWOx4fWQlBUqBEanAkI6hT
         rKrwN6PUBpuLPS89l38ZXpLZgTXMUSZqhsvtjfSC86vljglDxvOXfmZmeTXDoAaSvLES
         WQEKWlfEShmv7Fp1qIwPAWlZwOOuBfKuH9e96FQ6f9dcS0aQY9hL5wJow1AX8FhCv+yn
         jxbIsmE3Ig0AWk+JaEy4ZnOS9ixSk4vKb7/3FSBzQM+T0MLayRxhuILTT50axwxkBVH+
         MrrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=sFNwNufN1q0HyifFhB7erEXaq5CLxe7531qZk5EwKso=;
        b=DCRG1FLvfoHgrsN4y5F2Z/sySNlrBAdteBTCo8pCC7BfSK+v07PJKKdbDjvVueVX8Z
         uVX2SKNadBiCigdRbUmSizO6LAcbNN40zakQ+vGJKJl/yzwvmv/nNKq6CZudf8/4mkGU
         030scR8E3KGnbr+fbyfZs5d/eqCzsxY2VRJQ0K/Oedzys/NDDt0ija7ekUc/mBP/1yh4
         GhYvp0BL8LGmfL0cnIiuPDOgg/0e0z16LuSUKiaY4gE5y4kkMtbO7lvQO2bgAVynO0gw
         Wm1G+Zu2L9oGuhx0BoeTQzfMQW92xPcDz/iEhZBdLwBeicj5gytKVC/bcDhTIPxcCsNC
         Jw/Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=G70aPoid;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a190si5091552pge.529.2017.11.02.23.41.32;
        Thu, 02 Nov 2017 23:41:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=G70aPoid;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753846AbdKCGk5 (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 97 others);
        Fri, 3 Nov 2017 02:40:57 -0400
Received: from mail-ot0-f196.google.com ([74.125.82.196]:44247 "EHLO
        mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752180AbdKCGk4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Nov 2017 02:40:56 -0400
Received: by mail-ot0-f196.google.com with SMTP id d36so1655785otf.1;
        Thu, 02 Nov 2017 23:40:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=sFNwNufN1q0HyifFhB7erEXaq5CLxe7531qZk5EwKso=;
        b=G70aPoidoAH8oNqkii2U/c4J8TCafvPJ3KA/wADiPTjyYzi1CeTFRbF84h4kWQksB8
         +7fxTNxMzPORalBRlmyajFj4Eli9LGvFyWdMwO+v7m30118T+SSqK0ogVqdHEmHOpDdD
         SCT+ZSQZ88A2dZQYg82j2iTsmY53OUyCwbQWNv0xMHSzBe8TGjhwX8JIAuzaFEPVR5h9
         6cKGBC046MOmJZgLY2d5xKh+UY9o5u2HLr/AykkZOCyDmJ3cDz6b+L1FkVoKPLuf98Fu
         tlcqgYKWS1nbLldwJHAu3hdUjVvbqDvVXOtpMC2PBvKm0msokHomSp5AKDbeV2C71/5+
         rpfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=sFNwNufN1q0HyifFhB7erEXaq5CLxe7531qZk5EwKso=;
        b=FUTNoAZmTJof2wUXQpQ60ya6RTIKqd/TU6ysEMhMmkGb4YiDl6/CwCFb5UBnHl11L9
         p1La3jxT7dLSBC72E4/2o131pOFWC3lMB/DuHrQOabYlOqgoyhoYmRwzlP6UGT6/vupl
         hXB/7e+1ZtO02ulu90pzbsu6GMak1ixJV9qL9F+1vb0KVFYKp8orAQSQ2bh+buEysD6m
         iPNJX8PsKeSil14vb/5lIDrNHLxKucrHF0MbT0k535sgiNE8GIR+MahP3itjkScR/dM0
         M6MCTC752kaHRNe8Zq0EDIOrb/2sP7rbeuZfiCKabduAH0xkJLh5oK59P6WQEjL7v0B6
         JXlg==
X-Gm-Message-State: AJaThX7e8qX5K4UO78A6mMsjTxxXG2mZ78LyiPX9ZjjbmLcJ5T8vtaRT
        DPPTU1xzhUw5EFpvDQjI9MSxdQkNLbIlGMCpzm0=
X-Received: by 10.157.39.194 with SMTP id c60mr3997775otb.435.1509691255434;
 Thu, 02 Nov 2017 23:40:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.53.27 with HTTP; Thu, 2 Nov 2017 23:40:55 -0700 (PDT)
In-Reply-To: <0b1d82f7-2fc6-9fc0-15a4-3500413814bd@oracle.com>
References: <1509670249-4907-1-git-send-email-wanpeng.li@hotmail.com>
 <1509670249-4907-2-git-send-email-wanpeng.li@hotmail.com> <0b1d82f7-2fc6-9fc0-15a4-3500413814bd@oracle.com>
From:   Wanpeng Li <kernellwp@gmail.com>
Date:   Fri, 3 Nov 2017 14:40:55 +0800
Message-ID: <CANRm+Cyrx6=Zt-B7A29nJ4gm1e2a0e7ObNxJJCaWn29kH==EZw@mail.gmail.com>
Subject: Re: [PATCH v5 2/3] KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry
To:     Krish Sadhukhan <krish.sadhukhan@oracle.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Radim Krcmar <rkrcmar@redhat.com>, kvm <kvm@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Jim Mattson <jmattson@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

2017-11-03 14:31 GMT+08:00 Krish Sadhukhan <krish.sadhukhan@oracle.com>:
>
>
> On 11/02/2017 05:50 PM, Wanpeng Li wrote:
>>
>> From: Wanpeng Li <wanpeng.li@hotmail.com>
>>
>> According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is 1,
>> the
>> following checks are performed on the field for the IA32_BNDCFGS MSR:
>>   - Bits reserved in the IA32_BNDCFGS MSR must be 0.
>>   - The linear address in bits 63:12 must be canonical.
>>
>> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 <rkrcmar@redhat.com>
>> Cc: Jim Mattson <jmattson@google.com>
>> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
>> ---
>> v3 -> v4:
>>   * simply condition
>>   * use && instead of nested "if"s
>>
>>   arch/x86/kvm/vmx.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index e6c8ffa..6cf3972 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -10805,6 +10805,11 @@ static int check_vmentry_postreqs(struct kvm_vc=
pu
>> *vcpu, struct vmcs12 *vmcs12,
>>                         return 1;
>>         }
>>   +     if (kvm_mpx_supported() &&
>> +               (is_noncanonical_address(vmcs12->guest_bndcfgs &
>> PAGE_MASK, vcpu) ||
>> +               (vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
>> +                       return 1;
>> +
>>         return 0;
>>   }
>>
>
> Hi Wanpeng,
>   The SDM check is performed only when "load IA32_BNDCFGS" VM-entry contr=
ol
> is 1. But vmx_mpx_supported() returns true when both "load IA32_BNDCFGS" =
and
> "store IA32_BNDCFGS" VM-entry controls are 1. Therefore your check is
> performed when both controls are 1. Did I miss something here ?

https://lkml.org/lkml/2017/11/2/748 Paolo hopes the simplification.

Regards,
Wanpeng Li

From 1583004068093623851@xxx Fri Nov 03 00:52:02 +0000 2017
X-GM-THRID: 1583003090430485903
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread