Commit 693e02cc authored by Jim Mattson's avatar Jim Mattson Committed by Paolo Bonzini

kvm: nVMX: VMWRITE checks unsupported field before read-only field

According to the SDM, VMWRITE checks to see if the secondary source
operand corresponds to an unsupported VMCS field before it checks to
see if the secondary source operand corresponds to a VM-exit
information field and the processor does not support writing to
VM-exit information fields.

Fixes: 49f705c5 ("KVM: nVMX: Implement VMREAD and VMWRITE")
Signed-off-by: default avatarJim Mattson <jmattson@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: default avatarPeter Shier <pshier@google.com>
Reviewed-by: default avatarOliver Upton <oupton@google.com>
Reviewed-by: default avatarJon Cargille <jcargill@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent dd2d6042
...@@ -4883,6 +4883,12 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu) ...@@ -4883,6 +4883,12 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu)
field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf));
offset = vmcs_field_to_offset(field);
if (offset < 0)
return nested_vmx_failValid(vcpu,
VMXERR_UNSUPPORTED_VMCS_COMPONENT);
/* /*
* If the vCPU supports "VMWRITE to any supported field in the * If the vCPU supports "VMWRITE to any supported field in the
* VMCS," then the "read-only" fields are actually read/write. * VMCS," then the "read-only" fields are actually read/write.
...@@ -4899,11 +4905,6 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu) ...@@ -4899,11 +4905,6 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu)
if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field)) if (!is_guest_mode(vcpu) && !is_shadow_field_rw(field))
copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12); copy_vmcs02_to_vmcs12_rare(vcpu, vmcs12);
offset = vmcs_field_to_offset(field);
if (offset < 0)
return nested_vmx_failValid(vcpu,
VMXERR_UNSUPPORTED_VMCS_COMPONENT);
/* /*
* Some Intel CPUs intentionally drop the reserved bits of the AR byte * Some Intel CPUs intentionally drop the reserved bits of the AR byte
* fields on VMWRITE. Emulate this behavior to ensure consistent KVM * fields on VMWRITE. Emulate this behavior to ensure consistent KVM
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment