From: Sean Christopherson <seanjc@google.com>
To: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Cc: kvm@vger.kernel.org, pbonzini@redhat.com, jmattson@google.com
Subject: Re: [PATCH 2/5 v6] nSVM: Check addresses of MSR and IO permission maps
Date: Fri, 2 Apr 2021 17:45:35 +0000 [thread overview]
Message-ID: <YGdYP46sXC75SwF9@google.com> (raw)
In-Reply-To: <20210402004331.91658-3-krish.sadhukhan@oracle.com>
On Thu, Apr 01, 2021, Krish Sadhukhan wrote:
> According to section "Canonicalization and Consistency Checks" in APM vol 2,
> the following guest state is illegal:
>
> "The MSR or IOIO intercept tables extend to a physical address that
> is greater than or equal to the maximum supported physical address."
>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
> ---
> arch/x86/kvm/svm/nested.c | 23 +++++++++++++++++++----
> 1 file changed, 19 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index fb204eaa8bb3..b3988b3a3fd5 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -231,7 +231,15 @@ static bool svm_get_nested_state_pages(struct kvm_vcpu *vcpu)
> return true;
> }
>
> -static bool nested_vmcb_check_controls(struct vmcb_control_area *control)
> +static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa,
> + u32 size)
No need to put "u32 size)" on a separate line.
> +{
> + u64 last_pa = PAGE_ALIGN(pa) + size - 1;
Space between declaration and code. A comment about the silliness of hardware
silently ignoring bits 11:0 would also be nice.
> + return (kvm_vcpu_is_legal_gpa(vcpu, last_pa));
This fails to handle the case where "pa == -1", as the above will wrap to a
legal address and generate a false negative.
/* blah blah blah */
pa = PAGE_ALIGN(pa);
return kvm_vcpu_is_legal_gpa(pa) &&
kvm_vcpu_is_legal_gpa(pa + size - 1);
> +}
> +
> +static bool nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
> + struct vmcb_control_area *control)
> {
> if ((vmcb_is_intercept(control, INTERCEPT_VMRUN)) == 0)
> return false;
> @@ -243,6 +251,13 @@ static bool nested_vmcb_check_controls(struct vmcb_control_area *control)
> !npt_enabled)
> return false;
>
> + if (!nested_svm_check_bitmap_pa(vcpu, control->msrpm_base_pa,
> + MSRPM_ALLOC_SIZE))
> + return false;
> + if (!nested_svm_check_bitmap_pa(vcpu, control->iopm_base_pa,
> + IOPM_ALLOC_SIZE - PAGE_SIZE + 1))
Align with the function's paranthesis, not the if statements, for both.
if (!nested_svm_check_bitmap_pa(vcpu, control->iopm_base_pa,
IOPM_ALLOC_SIZE - PAGE_SIZE + 1))
> + return false;
> +
> return true;
> }
>
> @@ -275,7 +290,7 @@ static bool nested_vmcb_check_save(struct vcpu_svm *svm, struct vmcb *vmcb12)
> kvm_vcpu_is_illegal_gpa(vcpu, vmcb12->save.cr3))
> return false;
> }
> - if (!kvm_is_valid_cr4(&svm->vcpu, vmcb12->save.cr4))
> + if (!kvm_is_valid_cr4(vcpu, vmcb12->save.cr4))
> return false;
>
> return true;
> @@ -531,7 +546,7 @@ int nested_svm_vmrun(struct vcpu_svm *svm)
> load_nested_vmcb_control(svm, &vmcb12->control);
>
> if (!nested_vmcb_check_save(svm, vmcb12) ||
> - !nested_vmcb_check_controls(&svm->nested.ctl)) {
> + !nested_vmcb_check_controls(&svm->vcpu, &svm->nested.ctl)) {
Pass "vcpu" directly (probably only once you rebase).
> vmcb12->control.exit_code = SVM_EXIT_ERR;
> vmcb12->control.exit_code_hi = 0;
> vmcb12->control.exit_info_1 = 0;
> @@ -1207,7 +1222,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
> goto out_free;
>
> ret = -EINVAL;
> - if (!nested_vmcb_check_controls(ctl))
> + if (!nested_vmcb_check_controls(vcpu, ctl))
> goto out_free;
>
> /*
> --
> 2.27.0
>
next prev parent reply other threads:[~2021-04-02 17:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-02 0:43 [PATCH 0/5 v6] KVM: nSVM: Check addresses of MSR bitmap and IO bitmap tables on vmrun of nested guests Krish Sadhukhan
2021-04-02 0:43 ` [PATCH 1/5 v6] KVM: SVM: Define actual size of IOPM and MSRPM tables Krish Sadhukhan
2021-04-02 17:52 ` Sean Christopherson
2021-04-02 0:43 ` [PATCH 2/5 v6] nSVM: Check addresses of MSR and IO permission maps Krish Sadhukhan
2021-04-02 17:45 ` Sean Christopherson [this message]
2021-04-02 0:43 ` [PATCH 3/5 v6] KVM: nSVM: Cleanup in nested_svm_vmrun() Krish Sadhukhan
2021-04-02 0:43 ` [PATCH 4/5 v6] nSVM: Test addresses of MSR and IO permissions maps Krish Sadhukhan
2021-04-02 0:43 ` [PATCH 5/5 v6] SVM: Use ALIGN macro when aligning 'io_bitmap_area' Krish Sadhukhan
2021-04-02 17:38 ` [PATCH 0/5 v6] KVM: nSVM: Check addresses of MSR bitmap and IO bitmap tables on vmrun of nested guests Sean Christopherson
2021-04-02 17:39 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YGdYP46sXC75SwF9@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=krish.sadhukhan@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.