Commit 957b46de authored by hanliyang's avatar hanliyang
Browse files

KVM: SVM: CSV: Ensure all the GPRs and some non-GPRs are synced before LAUNCH_ENCRYPT_VMCB 

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/IBGDLQ


CVE: NA

---------------------------

Even though most of the GPRs is zero at reset state, we should
explicitly set these before LAUNCH_ENCRYPT_VMCB.

The DR6 register is not zero at reset state, we should explicitly set
DR6 before LAUNCH_ENCRYPT_VMCB.

The PKRU currently is unsupported on Hygon CPUs, this register is zero
at reset state, nevertheless explicitly set PKRU before
LAUNCH_ENCRYPT_VMCB.

Signed-off-by: default avatarhanliyang <hanliyang@hygon.cn>
parent 0fd35a02

arch/x86/kvm/svm/csv.c

+29 −0
Original line number Diff line number Diff line
@@ -1285,14 +1285,43 @@ static int csv3_sync_vmsa(struct vcpu_svm *svm) 
	if (svm->vcpu.guest_debug || (svm->vmcb->save.dr7 & ~DR7_FIXED_1))

		return -EINVAL;



	/*

	 * CSV3 will use a VMSA that is pointed to by the VMCB, not

	 * the traditional VMSA that is part of the VMCB. Copy the

	 * traditional VMSA as it has been built so far (in prep

	 * for LAUNCH_ENCRYPT_VMCB) to be the initial CSV3 state.

	 */

	memcpy(save, &svm->vmcb->save, sizeof(svm->vmcb->save));



	/* Sync registgers per spec. */

	save->rax = svm->vcpu.arch.regs[VCPU_REGS_RAX];

	save->rbx = svm->vcpu.arch.regs[VCPU_REGS_RBX];

	save->rcx = svm->vcpu.arch.regs[VCPU_REGS_RCX];

	save->rdx = svm->vcpu.arch.regs[VCPU_REGS_RDX];

	save->rsp = svm->vcpu.arch.regs[VCPU_REGS_RSP];

	save->rbp = svm->vcpu.arch.regs[VCPU_REGS_RBP];

	save->rsi = svm->vcpu.arch.regs[VCPU_REGS_RSI];

	save->rdi = svm->vcpu.arch.regs[VCPU_REGS_RDI];

#ifdef CONFIG_X86_64

	save->r8  = svm->vcpu.arch.regs[VCPU_REGS_R8];

	save->r9  = svm->vcpu.arch.regs[VCPU_REGS_R9];

	save->r10 = svm->vcpu.arch.regs[VCPU_REGS_R10];

	save->r11 = svm->vcpu.arch.regs[VCPU_REGS_R11];

	save->r12 = svm->vcpu.arch.regs[VCPU_REGS_R12];

	save->r13 = svm->vcpu.arch.regs[VCPU_REGS_R13];

	save->r14 = svm->vcpu.arch.regs[VCPU_REGS_R14];

	save->r15 = svm->vcpu.arch.regs[VCPU_REGS_R15];

#endif

	save->rip = svm->vcpu.arch.regs[VCPU_REGS_RIP];



	/* Sync some non-GPR registers before encrypting */

	save->xcr0 = svm->vcpu.arch.xcr0;

	save->pkru = svm->vcpu.arch.pkru;

	save->xss  = svm->vcpu.arch.ia32_xss;

	save->dr6  = svm->vcpu.arch.dr6;



	pr_debug("Virtual Machine Save Area (VMSA):\n");

	print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, save, sizeof(*save), false);



	return 0;

}