Commit af957eeb authored by Maxim Levitsky's avatar Maxim Levitsky Committed by Paolo Bonzini
Browse files

KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load 



When loading nested state, don't use check vcpu->arch.efer to get the
L1 host's 64-bit vs. 32-bit state and don't check it for consistency
with respect to VM_EXIT_HOST_ADDR_SPACE_SIZE, as register state in vCPU
may be stale when KVM_SET_NESTED_STATE is called---and architecturally
does not exist.  When restoring L2 state in KVM, the CPU is placed in
non-root where nested VMX code has no snapshot of L1 host state: VMX
(conditionally) loads host state fields loaded on VM-exit, but they need
not correspond to the state before entry.  A simple case occurs in KVM
itself, where the host RIP field points to vmx_vmexit rather than the
instruction following vmlaunch/vmresume.

However, for the particular case of L1 being in 32- or 64-bit mode
on entry, the exit controls can be treated instead as the source of
truth regarding the state of L1 on entry, and can be used to check
that vmcs12.VM_EXIT_HOST_ADDR_SPACE_SIZE matches vmcs12.HOST_EFER if
vmcs12.VM_EXIT_LOAD_IA32_EFER is set.  The consistency check on CPU
EFER vs. vmcs12.VM_EXIT_HOST_ADDR_SPACE_SIZE, instead, happens only
on VM-Enter.  That's because, again, there's conceptually no "current"
L1 EFER to check on KVM_SET_NESTED_STATE.

Suggested-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20211115131837.195527-2-mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 964b7aa0

arch/x86/kvm/vmx/nested.c

+17 −5
Original line number Diff line number Diff line
@@ -2830,6 +2830,17 @@ static int nested_vmx_check_controls(struct kvm_vcpu *vcpu, 
	return 0;

}



static int nested_vmx_check_address_space_size(struct kvm_vcpu *vcpu,

				       struct vmcs12 *vmcs12)

{

#ifdef CONFIG_X86_64

	if (CC(!!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) !=

		!!(vcpu->arch.efer & EFER_LMA)))

		return -EINVAL;

#endif

	return 0;

}



static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu,

				       struct vmcs12 *vmcs12)

{
@@ -2854,18 +2865,16 @@ static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu, 
		return -EINVAL;



#ifdef CONFIG_X86_64

	ia32e = !!(vcpu->arch.efer & EFER_LMA);

	ia32e = !!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE);

#else

	ia32e = false;

#endif



	if (ia32e) {

		if (CC(!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE)) ||

		    CC(!(vmcs12->host_cr4 & X86_CR4_PAE)))

		if (CC(!(vmcs12->host_cr4 & X86_CR4_PAE)))

			return -EINVAL;

	} else {

		if (CC(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) ||

		    CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) ||

		if (CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) ||

		    CC(vmcs12->host_cr4 & X86_CR4_PCIDE) ||

		    CC((vmcs12->host_rip) >> 32))

			return -EINVAL;
@@ -3535,6 +3544,9 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) 
	if (nested_vmx_check_controls(vcpu, vmcs12))

		return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);



	if (nested_vmx_check_address_space_size(vcpu, vmcs12))

		return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);



	if (nested_vmx_check_host_state(vcpu, vmcs12))

		return nested_vmx_fail(vcpu, VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);