Commit d55c9d40 authored by Paolo Bonzini's avatar Paolo Bonzini

KVM: nSVM: check for EFER.SVME=1 before entering guest

EFER is set for L2 using svm_set_efer, which hardcodes EFER_SVME to 1 and hides
an incorrect value for EFER.SVME in the L1 VMCB.  Perform the check manually
to detect invalid guest state.
Reported-by: default avatarKrish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 9401f2e5
...@@ -3558,6 +3558,9 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) ...@@ -3558,6 +3558,9 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
static bool nested_vmcb_checks(struct vmcb *vmcb) static bool nested_vmcb_checks(struct vmcb *vmcb)
{ {
if ((vmcb->save.efer & EFER_SVME) == 0)
return false;
if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0) if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0)
return false; return false;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment