Received: by 10.223.164.200 with SMTP id h8csp620329wrb;
        Sun, 5 Nov 2017 16:56:22 -0800 (PST)
X-Google-Smtp-Source: ABhQp+TcYegyuNnVzOOr4K/eZXK8yJactkaAm1g2u8z7KqFg2/o3e6VjjPLcC/1XnGNkB2UNUCBg
X-Received: by 10.99.165.77 with SMTP id r13mr13811291pgu.331.1509929782517;
        Sun, 05 Nov 2017 16:56:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1509929782; cv=none;
        d=google.com; s=arc-20160816;
        b=Rblo6ujSsiAbN5/JEP4I8lwrXA7RStnn/RqTgsVEmJLMMcarnnvpuTmr9VbkyQWxJr
         p65QmY5wt5jr0KnjPAzO/lSADWOGVaNXMUmOgzkHzbtp8Txf7Qb0e4+YJI8dIjaHlbQ3
         /NWvP4TPWkyo5j/liO20jCIFhc6pQjC5YnJqbWiMJNbpQBg9f7EkSzkI1Y7JGAL5mF3V
         /HvXj2CTzWQc4n6sNRtOGPb1xNqUAjErV2+M1tHm34VlZDIafNzsJIp32CuBM4CR3cN+
         OWtosqo24JU5/uZI59A+4tlwekmXAQ7ZgTKvTHAxHbqgTlE+zwNH43WbhVBJPcaNkk22
         8fPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=E6e1kKx4qG47c5t4uree0OJnuSQfExKkt3lxT9FB/4Q=;
        b=CzAmXw6z5Uscxbz4bwnAwdbJpFL+WZoNNYnZyShv9zZd4IJAAb4U18x7QTKmy6w/zK
         jtLqQ0NIqSVAspVWIUXuqalObWawhQ1qU+wCqo3AjVfMUdZmf3Y5SZZYW6LBICKsVWky
         DH/FnuOGu0aUbsPvF4cvY7ZJkZKeHOmwIoJXHceGme9LwlXddaH3nVRTjXP28hZvgfAx
         q1axJy2CYBwFmXe+t5z11G1tqgLH/EJY3zUKI9OjuC1NMx806QR3lH4XrPtbA7tMCte2
         At7c6XtVsBhhXW1DeF2Pe3evrJiPgAuVLI0aahTy5snt5FPWKMssL7EhVZjoT0OJ7bpn
         qLiA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=D/l3lLX0;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 1si9338368plv.485.2017.11.05.16.56.09;
        Sun, 05 Nov 2017 16:56:22 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=D/l3lLX0;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751446AbdKFAzA (ORCPT <rfc822;ttoukan.linux@gmail.com>
        + 96 others); Sun, 5 Nov 2017 19:55:00 -0500
Received: from mail-pf0-f193.google.com ([209.85.192.193]:49305 "EHLO
        mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750910AbdKFAy4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 5 Nov 2017 19:54:56 -0500
Received: by mail-pf0-f193.google.com with SMTP id i5so6476153pfe.6;
        Sun, 05 Nov 2017 16:54:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=E6e1kKx4qG47c5t4uree0OJnuSQfExKkt3lxT9FB/4Q=;
        b=D/l3lLX0m7YpN8JwAYIPkBkKxPWn7l3om2sX8pPHuACOei74KmIGksavCEheZaPIom
         /kQfMt0OZXy6x6z5QCQl4lHSZLOCeJNDUOZT5IuMpGKrZEEvXtD7gLc2Y/vcqHODEPzY
         aL2cZ2uPFRW3GdkX4EHUuOjgi/VsUUTRuIqRqUlVNortrwod6a9a+uVcVibN1gJ2j4lx
         lspf3/wtACd9Os7tHeNi+gKPWUox/tPosIEigUCBSTMNh2ABt6Gl0eX829QAxrQFl5p3
         aiURqNjy29b75L3yY4qLP5X5lXIGuxmilgDl97Li19c3JDHlD/tVVqBlVAFP5JhDyoXP
         Hn9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=E6e1kKx4qG47c5t4uree0OJnuSQfExKkt3lxT9FB/4Q=;
        b=REu6nCOh3+SXGqSPC4Th8iTtXnSzRSkkuPAgDIFkL3u44MyfDIQwQGfMSbCfm9sHgm
         arcPtOz0RPlwluhXApQbA75PXTjKU1vpZn8beWulGY5+B4Re5WCjeEJtNtfHRevS9ki0
         wRoZ6/cNEARzDDrHlTJ1au190ZfGlCb+TuoN5cjF2wAtzuRaF7TMejc8fbAWB9mFRQL3
         bGLofx+6Q/27Gv0aFQXTZBXJwSTDPcMKNsouYXyr57sMuQpU6yTnvdIITa40tVKmSfH2
         EImGif3iDvGqMPMdqxR7QH+mWvSiXHJd0/X/ucfYt9Ut/Omt2rzGAxZTAUKS/8lVxpmc
         Wh7Q==
X-Gm-Message-State: AMCzsaVUidSUU1bmVWQzuvPeu+mYaf+jyJjGQXO3VXIvCrmMJk1mPEVB
        32ZreumS/be47L1eWT07XRKBUQ==
X-Received: by 10.99.121.201 with SMTP id u192mr13680240pgc.69.1509929696064;
        Sun, 05 Nov 2017 16:54:56 -0800 (PST)
Received: from localhost ([203.205.141.123])
        by smtp.gmail.com with ESMTPSA id f1sm19494152pfe.150.2017.11.05.16.54.55
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 05 Nov 2017 16:54:55 -0800 (PST)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpeng.li@hotmail.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Wanpeng Li <wanpeng.li@hotmail.com>,
        Jim Mattson <jmattson@google.com>
Subject: [PATCH v6 2/3] KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry
Date:   Sun,  5 Nov 2017 16:54:48 -0800
Message-Id: <1509929689-2935-2-git-send-email-wanpeng.li@hotmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1509929689-2935-1-git-send-email-wanpeng.li@hotmail.com>
References: <1509929689-2935-1-git-send-email-wanpeng.li@hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Wanpeng Li <wanpeng.li@hotmail.com>

According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is 1, the
following checks are performed on the field for the IA32_BNDCFGS MSR:
 - Bits reserved in the IA32_BNDCFGS MSR must be 0.
 - The linear address in bits 63:12 must be canonical.

Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
---
v5 -> v6:
 * keep the right conjunct
v3 -> v4:
 * simply condition
 * use && instead of nested "if"s

 arch/x86/kvm/vmx.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e6c8ffa..6cf3972 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -10805,6 +10805,11 @@ static int check_vmentry_postreqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
 			return 1;
 	}
 
+	if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) &&
+		(is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu) ||
+		(vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))
+			return 1;
+
 	return 0;
 }
 
-- 
2.7.4


From 1582914530020539224@xxx Thu Nov 02 01:08:52 +0000 2017
X-GM-THRID: 1582914530020539224
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread