[xen stable-4.10] x86/hvm: Disallow unknown MSR_EFER bits

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[xen stable-4.10] x86/hvm: Disallow unknown MSR_EFER bits

commit b07c76fece00c9c4c4872575f17e23f860192418
Author:     Andrew Cooper <[hidden email]>
AuthorDate: Mon Jul 30 11:43:31 2018 +0200
Commit:     Jan Beulich <[hidden email]>
CommitDate: Mon Jul 30 11:43:31 2018 +0200

    x86/hvm: Disallow unknown MSR_EFER bits
    It turns out that nothing ever prevented HVM guests from trying to set unknown
    EFER bits.  Generally, this results in a vmentry failure.
    For Intel hardware, all implemented bits are covered by the checks.
    For AMD hardware, the only EFER bit which isn't covered by the checks is TCE
    (which AFAICT is specific to AMD Fam15/16 hardware).  We never advertise TCE
    in CPUID, but it isn't a security problem to have TCE unexpected enabled in
    guest context.
    Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents
    any vmentry failures for guests, yielding #GP instead.
    Signed-off-by: Andrew Cooper <[hidden email]>
    Reviewed-by: Roger Pau Monné <[hidden email]>
    Reviewed-by: Wei Liu <[hidden email]>
    Acked-by: Jan Beulich <[hidden email]>
    master commit: ef0269c6215d642a709866f04ba1a1f9f13f3614
    master date: 2018-07-24 11:25:53 +0100
 xen/arch/x86/hvm/hvm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 81ef5cbe3a..8e237eb1ac 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -895,6 +895,9 @@ const char *hvm_efer_valid(const struct vcpu *v, uint64_t value,
         p = &host_cpuid_policy;
+    if ( value & ~EFER_KNOWN_MASK )
+        return "Unknown bits set";
     if ( (value & EFER_SCE) && !p->extd.syscall )
         return "SCE without feature";
generated by git-patchbot for /home/xen/git/xen.git#stable-4.10

Xen-changelog mailing list
[hidden email]