Received: by 10.223.164.221 with SMTP id h29csp2775635wrb;
        Thu, 2 Nov 2017 17:52:02 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+QgesacHh/gVNTV2sB6UDBRDIlnMS1HM8FRLVSbDSBTRXPf0JO+z8IHtD7EJgkM3R47i4ck
X-Received: by 10.101.93.12 with SMTP id e12mr5429921pgr.214.1509670322287;
        Thu, 02 Nov 2017 17:52:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509670322; cv=none;
        d=google.com; s=arc-20160816;
        b=Kks6MmetMFxSLyi25H4jda9P1Si2DDYCEv8GA9sHay2A+1ImYveqMa0qp+ABV7JmDV
         zrPZUQzwj+RA17bS44yftvYj9Yum2ibgR/b1XiP+kqfC4G+SxRiA3tVVMXdx/Fce+DAD
         NIDxhHIcOZCPA8qKOFl/nauIiBk+I287O0YjHCVdFqJ1kV9xcioBLUoYIz0WU71Yx449
         i+1c7W3y3w1BcgJIEFuP4bbjzbj/RuVzLCk/krjjZS7NLoI2/BCFvI6KErQePjhqEokW
         n1SwYUyhaOcBDHg+AfoizQd+CgvqBJ0nwicvsD2XIjS3qtIdh8qQo8n+jSij5O11fByc
         P+sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=D0P+HZ+lXDRj8LMpegmycWiOezcjh7AI5kLAvF5bVaU=;
        b=Gr3LpKyXSOtlAfangU284qNdTeTkb0u/UZD7RfT4gEi3J3ndoR4JDb6SnNzhWEy3ze
         V3Z13DLAbpqIJ3C8x14Oi8QGOn9gHtqqoLhgp+DxMGPvmMlAhU9J6EP/TDtsSkUeEU8c
         MAQkWYJY8ovRD1VJBPOsds9sUROflJ+cnVlOU5HO1I0OaWxeSPb2JG4y0Ciyt5Hite4E
         9gnh7wrhNzD0loYJRDfjk2eESRiIWz1l3UTxyYAJSSTem23/LrWlZ3veCWS9TFRmquA/
         IGGnakuhH3w39DgBF7sUWEWp3APateC0AlL8dsIq4UHOSVYv7F8YjJ3+m8UkP3WpDFX4
         s0eA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Mk2zHIO/;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d10si4525338pgo.497.2017.11.02.17.51.49;
        Thu, 02 Nov 2017 17:52:02 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Mk2zHIO/;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S964974AbdKCAvD (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 96 others); Thu, 2 Nov 2017 20:51:03 -0400
Received: from mail-pg0-f68.google.com ([74.125.83.68]:50533 "EHLO
        mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934722AbdKCAu7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 2 Nov 2017 20:50:59 -0400
Received: by mail-pg0-f68.google.com with SMTP id y5so1083594pgq.7;
        Thu, 02 Nov 2017 17:50:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=D0P+HZ+lXDRj8LMpegmycWiOezcjh7AI5kLAvF5bVaU=;
        b=Mk2zHIO//bC0ZGMPjBN8IH42qg4KxDs4IPI4Gu2wy35Ll7TYWkCIbup5Tnqyhg1F9w
         H5s/3SyXX8JFps8PoXscBLJPuEBXj/jEf46tWqy3Ep1+inegeJZuM/apiDjXxU7oN+WC
         7WJCoBtXpIYa/tfpme6f9+JmODpQKDkEl+EekK/n1C5E/OYnV4HKYmcm+JxtvhsG17Ok
         dD0Yh/e3xhP+RP8VMzulHv7JM4UhVaM1UXJIbFdvVYDUVMw1GOgE3x1uWFdjWqypbHMi
         mNgVvEyhV/vp4xipv3DwUHzcJznzMDxr7dBopKmfUGz99Us7eMgSIybuRjxsQDvhsXML
         Y0gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=D0P+HZ+lXDRj8LMpegmycWiOezcjh7AI5kLAvF5bVaU=;
        b=Y+MklzFFU1DUgXacKIBZYYyejdx+LPgY1mz0qn+pi3ECum0QIOvYlNE/CLrq8GwbVp
         0x5ka7Nxu3t02C0bZEwWKe4/d2sUJrR/d+UmWaEmthEW3d9OLTtmEnorO7/ve0tz74E6
         yGptLDxM/raXwPQ0KoGBkox6DV7unUfss2GOmyESSAju+F0a8xoL4ldOgs2FUrUIG34F
         pdJHMRilYYJ1sXOV9ApWL8SjlECulDdmhZhoRNxUiQKzEpidk85BNOTbQyPqMgEbdW9L
         uyev+Ec8qy2IN80UTIEAutnPh5jP7KNAdImPQszYrlc5lVP6frzINi2Yuq/eI3HNFHLA
         ImtA==
X-Gm-Message-State: AMCzsaVpMzBdvbFdEw4/QWYQ22iYkGJP7EUG/GrqEj9n6ohFgxCwTeW2
        9AJL4BbgBgTc/OS70xWofJX16w==
X-Received: by 10.159.229.136 with SMTP id az8mr4948946plb.133.1509670258365;
        Thu, 02 Nov 2017 17:50:58 -0700 (PDT)
Received: from localhost ([203.205.141.123])
        by smtp.gmail.com with ESMTPSA id i186sm8514754pfg.75.2017.11.02.17.50.57
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 02 Nov 2017 17:50:57 -0700 (PDT)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpeng.li@hotmail.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Wanpeng Li <wanpeng.li@hotmail.com>,
        Jim Mattson <jmattson@google.com>
Subject: [PATCH v5 2/3] KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry
Date:   Thu,  2 Nov 2017 17:50:48 -0700
Message-Id: <1509670249-4907-2-git-send-email-wanpeng.li@hotmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1509670249-4907-1-git-send-email-wanpeng.li@hotmail.com>
References: <1509670249-4907-1-git-send-email-wanpeng.li@hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Wanpeng Li <wanpeng.li@hotmail.com>

According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is 1, the
following checks are performed on the field for the IA32_BNDCFGS MSR:
 - Bits reserved in the IA32_BNDCFGS MSR must be 0.
 - The linear address in bits 63:12 must be canonical.

Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
---
v3 -> v4:
 * simply condition
 * use && instead of nested "if"s

 arch/x86/kvm/vmx.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e6c8ffa..6cf3972 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -10805,6 +10805,11 @@ static int check_vmentry_postreqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
 			return 1;
 	}
 
+	if (kvm_mpx_supported() &&
+		(is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) ||
+		(vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
+			return 1;
+
 	return 0;
 }
 
-- 
2.7.4


From 1583003090430485903@xxx Fri Nov 03 00:36:30 +0000 2017
X-GM-THRID: 1583003090430485903
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread