Commit 886bbcc7 authored Apr 21, 2021 by Sean Christopherson Committed by Paolo Bonzini Apr 26, 2021

KVM: x86: Check CR3 GPA for validity regardless of vCPU mode



Check CR3 for an invalid GPA even if the vCPU isn't in long mode.  For
bigger emulation flows, notably RSM, the vCPU mode may not be accurate
if CR0/CR4 are loaded after CR3.  For MOV CR3 and similar flows, the
caller is responsible for truncating the value.

Fixes: 660a5d51 ("KVM: x86: save/load state on SMM switch")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210422022128.3464144-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent d0fe7b64

arch/x86/kvm/x86.c

+8 −3

Original line number	Diff line number	Diff line
		@@ -1077,10 +1077,15 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
		return 0;
		}

		if (is_long_mode(vcpu) && kvm_vcpu_is_illegal_gpa(vcpu, cr3))
		/*
		* Do not condition the GPA check on long mode, this helper is used to
		* stuff CR3, e.g. for RSM emulation, and there is no guarantee that
		* the current vCPU mode is accurate.
		*/
		if (kvm_vcpu_is_illegal_gpa(vcpu, cr3))
		return 1;
		else if (is_pae_paging(vcpu) &&
		!load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))

		if (is_pae_paging(vcpu) && !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
		return 1;

		kvm_mmu_new_pgd(vcpu, cr3, skip_tlb_flush, skip_tlb_flush);