Skip to content

Commit 6de84e5

Browse files
Krish Sadhukhanbonzini
Krish Sadhukhan
authored and
bonzini
committed
nVMX x86: check posted-interrupt descriptor addresss on vmentry of L2
According to section "Checks on VMX Controls" in Intel SDM vol 3C, the following check needs to be enforced on vmentry of L2 guests: - Bits 5:0 of the posted-interrupt descriptor address are all 0. - The posted-interrupt descriptor address does not set any bits beyond the processor's physical-address width. Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com> Reviewed-by: Mark Kanda <mark.kanda@oracle.com> Reviewed-by: Liran Alon <liran.alon@oracle.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent e6c67d8 commit 6de84e5

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

arch/x86/kvm/vmx.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11698,11 +11698,15 @@ static int nested_vmx_check_apicv_controls(struct kvm_vcpu *vcpu,
1169811698
* bits 15:8 should be zero in posted_intr_nv,
1169911699
* the descriptor address has been already checked
1170011700
* in nested_get_vmcs12_pages.
11701+
*
11702+
* bits 5:0 of posted_intr_desc_addr should be zero.
1170111703
*/
1170211704
if (nested_cpu_has_posted_intr(vmcs12) &&
1170311705
(!nested_cpu_has_vid(vmcs12) ||
1170411706
!nested_exit_intr_ack_set(vcpu) ||
11705-
vmcs12->posted_intr_nv & 0xff00))
11707+
(vmcs12->posted_intr_nv & 0xff00) ||
11708+
(vmcs12->posted_intr_desc_addr & 0x3f) ||
11709+
(!page_address_valid(vcpu, vmcs12->posted_intr_desc_addr))))
1170611710
return -EINVAL;
1170711711

1170811712
/* tpr shadow is needed by all apicv features. */

0 commit comments

Comments
 (0)