[PATCH 0/2] Add some checks before emulating vmrun

[PATCH 0/2] Add some checks before emulating vmrun

[Joerg Roedel]

Hi Avi, Marcelo,

as promised here are the patches that add the checks for the vmrun
intercept and the being != 0 at vmrun emulation in nested-svm.

	Joerg

[PATCH 1/2] KVM: SVM: Check for nested vmrun intercept before emulating vmrun

[Joerg Roedel]

This patch lets the nested vmrun fail if the L1 hypervisor
has not intercepted vmrun. This fixes the "vmrun intercept
check" unit test.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 arch/x86/kvm/svm.c |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index b44c9cc..083fa88 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -2015,6 +2015,14 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
 	return true;
 }
 
+static bool nested_vmcb_checks(struct vmcb *vmcb)
+{
+	if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0)
+		return false;
+
+	return true;
+}
+
 static bool nested_svm_vmrun(struct vcpu_svm *svm)
 {
 	struct vmcb *nested_vmcb;
@@ -2029,6 +2037,17 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
 	if (!nested_vmcb)
 		return false;
 
+	if (!nested_vmcb_checks(nested_vmcb)) {
+		nested_vmcb->control.exit_code    = SVM_EXIT_ERR;
+		nested_vmcb->control.exit_code_hi = 0;
+		nested_vmcb->control.exit_info_1  = 0;
+		nested_vmcb->control.exit_info_2  = 0;
+
+		nested_svm_unmap(page);
+
+		return false;
+	}
+
 	trace_kvm_nested_vmrun(svm->vmcb->save.rip - 3, vmcb_gpa,
 			       nested_vmcb->save.rip,
 			       nested_vmcb->control.int_ctl,
-- 
1.7.0.4

[PATCH 2/2] KVM: SVM: Check for asid != 0 on nested vmrun

[Joerg Roedel]

This patch lets a nested vmrun fail if the L1 hypervisor
left the asid zero. This fixes the asid_zero unit test.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 arch/x86/kvm/svm.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 083fa88..7a2feb9 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -2020,6 +2020,9 @@ static bool nested_vmcb_checks(struct vmcb *vmcb)
 	if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0)
 		return false;
 
+	if (vmcb->control.asid == 0)
+		return false;
+
 	return true;
 }
 
-- 
1.7.0.4

Re: [PATCH 1/2] KVM: SVM: Check for nested vmrun intercept before emulating vmrun

[Avi Kivity]

  On 08/02/2010 05:46 PM, Joerg Roedel wrote:
> This patch lets the nested vmrun fail if the L1 hypervisor
> has not intercepted vmrun. This fixes the "vmrun intercept
> check" unit test.

> +
>   static bool nested_svm_vmrun(struct vcpu_svm *svm)
>   {
>   	struct vmcb *nested_vmcb;
> @@ -2029,6 +2037,17 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
>   	if (!nested_vmcb)
>   		return false;
>
> +	if (!nested_vmcb_checks(nested_vmcb)) {
> +		nested_vmcb->control.exit_code    = SVM_EXIT_ERR;
> +		nested_vmcb->control.exit_code_hi = 0;
> +		nested_vmcb->control.exit_info_1  = 0;
> +		nested_vmcb->control.exit_info_2  = 0;
> +
> +		nested_svm_unmap(page);
> +
> +		return false;
> +	}
> +

Don't you have to transfer an injected event to exitintinfo?

-- 
error compiling committee.c: too many arguments to function

Re: [PATCH 1/2] KVM: SVM: Check for nested vmrun intercept before emulating vmrun

[Joerg Roedel]

On Mon, Aug 02, 2010 at 06:18:09PM +0300, Avi Kivity wrote:
>  On 08/02/2010 05:46 PM, Joerg Roedel wrote:
>> This patch lets the nested vmrun fail if the L1 hypervisor
>> has not intercepted vmrun. This fixes the "vmrun intercept
>> check" unit test.
>
>> +
>>   static bool nested_svm_vmrun(struct vcpu_svm *svm)
>>   {
>>   	struct vmcb *nested_vmcb;
>> @@ -2029,6 +2037,17 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
>>   	if (!nested_vmcb)
>>   		return false;
>>
>> +	if (!nested_vmcb_checks(nested_vmcb)) {
>> +		nested_vmcb->control.exit_code    = SVM_EXIT_ERR;
>> +		nested_vmcb->control.exit_code_hi = 0;
>> +		nested_vmcb->control.exit_info_1  = 0;
>> +		nested_vmcb->control.exit_info_2  = 0;
>> +
>> +		nested_svm_unmap(page);
>> +
>> +		return false;
>> +	}
>> +
>
> Don't you have to transfer an injected event to exitintinfo?

APM2 seems to be quiet about this. I just tried it out and event_inj
still contains the event after a failed vmrun on real hardware. This
makes sense because this is no real vmexit because the vm was never
entered.

	Joerg

Re: [PATCH 1/2] KVM: SVM: Check for nested vmrun intercept before emulating vmrun

[Avi Kivity]

  On 08/02/2010 11:33 PM, Joerg Roedel wrote:
> On Mon, Aug 02, 2010 at 06:18:09PM +0300, Avi Kivity wrote:
>>   On 08/02/2010 05:46 PM, Joerg Roedel wrote:
>>> This patch lets the nested vmrun fail if the L1 hypervisor
>>> has not intercepted vmrun. This fixes the "vmrun intercept
>>> check" unit test.
>>> +
>>>    static bool nested_svm_vmrun(struct vcpu_svm *svm)
>>>    {
>>>    	struct vmcb *nested_vmcb;
>>> @@ -2029,6 +2037,17 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
>>>    	if (!nested_vmcb)
>>>    		return false;
>>>
>>> +	if (!nested_vmcb_checks(nested_vmcb)) {
>>> +		nested_vmcb->control.exit_code    = SVM_EXIT_ERR;
>>> +		nested_vmcb->control.exit_code_hi = 0;
>>> +		nested_vmcb->control.exit_info_1  = 0;
>>> +		nested_vmcb->control.exit_info_2  = 0;
>>> +
>>> +		nested_svm_unmap(page);
>>> +
>>> +		return false;
>>> +	}
>>> +
>> Don't you have to transfer an injected event to exitintinfo?
> APM2 seems to be quiet about this.

Well, my copy says

> The VMRUN instruction then checks the guest state just loaded. If an 
> illegal state has been loaded, the
> processor exits back to the host (see “#VMEXIT” on page 374).

This matches "illegal state" and "#VMEXIT" but doesn't match "guest state".

> I just tried it out and event_inj
> still contains the event after a failed vmrun on real hardware. This
> makes sense because this is no real vmexit because the vm was never
> entered.

Okay; will apply the patches.

-- 
error compiling committee.c: too many arguments to function