From: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Date: Fri, 22 May 2020 22:19:52 +0000 (-0400)
Subject: KVM: nSVM: Check that DR6[63:32] and DR7[64:32] are not set on vmrun of nested guests
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=1aef8161b38a531895a8bffad0e9fb1445ca91f7;p=linux.git

KVM: nSVM: Check that DR6[63:32] and DR7[64:32] are not set on vmrun of nested guests

According to section "Canonicalization and Consistency Checks" in APM vol. 2
the following guest state is illegal:

    "DR6[63:32] are not zero."
    "DR7[63:32] are not zero."
    "Any MBZ bit of EFER is set."

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Message-Id: <20200522221954.32131-3-krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 6bceafb191084..e4ef980981af1 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -231,6 +231,9 @@ static bool nested_vmcb_checks(struct vmcb *vmcb)
 	    (vmcb->save.cr0 & X86_CR0_NW))
 		return false;
 
+	if (!kvm_dr6_valid(vmcb->save.dr6) || !kvm_dr7_valid(vmcb->save.dr7))
+		return false;
+
 	return nested_vmcb_check_controls(&vmcb->control);
 }