pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a9e5d7ffae
xen/575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
Charles Arnold 5859155d6b - bsc#900418 - Dump cannot be performed on SLES12 XEN 
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
- Upstream patches from Jan
  575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
  57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=442
2016-06-23 17:52:49 +00:00

63 lines
2.2 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Commit 5e02972646132ad98c365ebfcfcb43b40a0dde36
# Date 2016-06-13 12:44:32 +0100
# Author Euan Harris <euan.harris@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
nested vmx: Validate host VMX MSRs before accessing them
Some VMX MSRs may not exist on certain processor models, or may
be disabled because of configuration settings. It is only safe to
access these MSRs if configuration flags in other MSRs are set. These
prerequisites are listed in the Intel 64 and IA-32 Architectures
Software Developers Manual, Vol 3, Appendix A.
nvmx_msr_read_intercept() does not check the prerequisites before
accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP,
MSR_IA32_VMX_VMFUNC on the host. Accessing these MSRs from a nested
VMX guest running on a host which does not support them will cause
Xen to crash with a GPF.
Signed-off-by: Euan Harris <euan.harris@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1820,11 +1820,22 @@ int nvmx_msr_read_intercept(unsigned int
return 0;
/*
- * Those MSRs are available only when bit 55 of
- * MSR_IA32_VMX_BASIC is set.
+ * These MSRs are only available when flags in other MSRs are set.
+ * These prerequisites are listed in the Intel 64 and IA-32
+ * Architectures Software Developers Manual, Vol 3, Appendix A.
*/
switch ( msr )
{
+ case MSR_IA32_VMX_PROCBASED_CTLS2:
+ if ( !cpu_has_vmx_secondary_exec_control )
+ return 0;
+ break;
+
+ case MSR_IA32_VMX_EPT_VPID_CAP:
+ if ( !(cpu_has_vmx_ept || cpu_has_vmx_vpid) )
+ return 0;
+ break;
+
case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
case MSR_IA32_VMX_TRUE_EXIT_CTLS:
@@ -1832,6 +1843,11 @@ int nvmx_msr_read_intercept(unsigned int
if ( !(vmx_basic_msr & VMX_BASIC_DEFAULT1_ZERO) )
return 0;
break;
+
+ case MSR_IA32_VMX_VMFUNC:
+ if ( !cpu_has_vmx_vmfunc )
+ return 0;
+ break;
}
rdmsrl(msr, host_data);
Reference in New Issue View Git Blame Copy Permalink