Commit 2ed57bb8 authored by Sean Christopherson's avatar Sean Christopherson
Browse files

KVM: VMX: Bug the VM if either MSR auto-load list is full 



WARN and bug the VM if either MSR auto-load list is full when adding an
MSR to the lists, as the set of MSRs that KVM loads via the lists is
finite and entirely KVM controlled, i.e. overflowing the lists shouldn't
be possible in a fully released version of KVM.  Terminate the VM as the
core KVM infrastructure has no insight as to _why_ an MSR is being added
to the list, and failure to load an MSR on VM-Enter and/or VM-Exit could
be fatal to the host.  E.g. running the host with a guest-controlled PEBS
MSR could generate unexpected writes to the DS buffer and crash the host.

Reviewed-by: default avatarDapeng Mi <dapeng1.mi@linux.intel.com>
Tested-by: default avatarManali Shukla <manali.shukla@amd.com>
Link: https://patch.msgid.link/20251206001720.468579-40-seanjc@google.com


Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
parent 84ac0004

arch/x86/kvm/vmx/vmx.c

+4 −5
Original line number Diff line number Diff line
@@ -1098,6 +1098,7 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, 
{

	int i, j = 0;

	struct msr_autoload *m = &vmx->msr_autoload;

	struct kvm *kvm = vmx->vcpu.kvm;



	switch (msr) {

	case MSR_EFER:
@@ -1134,12 +1135,10 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, 
	i = vmx_find_loadstore_msr_slot(&m->guest, msr);

	j = vmx_find_loadstore_msr_slot(&m->host, msr);



	if ((i < 0 && m->guest.nr == MAX_NR_LOADSTORE_MSRS) ||

	    (j < 0 &&  m->host.nr == MAX_NR_LOADSTORE_MSRS)) {

		printk_once(KERN_WARNING "Not enough msr switch entries. "

				"Can't add msr %x\n", msr);

	if (KVM_BUG_ON(i < 0 && m->guest.nr == MAX_NR_LOADSTORE_MSRS, kvm) ||

	    KVM_BUG_ON(j < 0 &&  m->host.nr == MAX_NR_LOADSTORE_MSRS, kvm))

		return;

	}



	if (i < 0) {

		i = m->guest.nr++;

		vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr);