KVM: SVM: check validity of VMCB controls when returning from SMM (be5fa873) · Commits · git / linux-net

arch/x86/kvm/svm/nested.c

+10 −2

Original line number	Diff line number	Diff line
		@@ -418,6 +418,15 @@ static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu)
		return __nested_vmcb_check_controls(vcpu, ctl);
		}

		int nested_svm_check_cached_vmcb12(struct kvm_vcpu *vcpu)
		{
		if (!nested_vmcb_check_save(vcpu) \|\|
		!nested_vmcb_check_controls(vcpu))
		return -EINVAL;

		return 0;
		}

		/*
		* If a feature is not advertised to L1, clear the corresponding vmcb12
		* intercept.
		@@ -1028,8 +1037,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu)
		nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
		nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);

		if (!nested_vmcb_check_save(vcpu) \|\|
		!nested_vmcb_check_controls(vcpu)) {
		if (nested_svm_check_cached_vmcb12(vcpu) < 0) {
		vmcb12->control.exit_code = SVM_EXIT_ERR;
		vmcb12->control.exit_info_1 = 0;
		vmcb12->control.exit_info_2 = 0;

+4 −0

Original line number	Diff line number	Diff line
		@@ -4880,6 +4880,10 @@ static int svm_leave_smm(struct kvm_vcpu vcpu, const union kvm_smram smram)
		vmcb12 = map.hva;
		nested_copy_vmcb_control_to_cache(svm, &vmcb12->control);
		nested_copy_vmcb_save_to_cache(svm, &vmcb12->save);

		if (nested_svm_check_cached_vmcb12(vcpu) < 0)
		goto unmap_save;

		ret = enter_svm_guest_mode(vcpu, smram64->svm_guest_vmcb_gpa, vmcb12, false);

		if (ret)

+1 −0

Original line number	Diff line number	Diff line
		@@ -797,6 +797,7 @@ static inline int nested_svm_simple_vmexit(struct vcpu_svm *svm, u32 exit_code)

		int nested_svm_exit_handled(struct vcpu_svm *svm);
		int nested_svm_check_permissions(struct kvm_vcpu *vcpu);
		int nested_svm_check_cached_vmcb12(struct kvm_vcpu *vcpu);
		int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
		bool has_error_code, u32 error_code);
		int nested_svm_exit_special(struct vcpu_svm *svm);