Re: [PATCH v2 3/7] KVM: nVMX: Explicitly check for valid guest state for !unrestricted guest

From: Paolo Bonzini
Date: Fri Sep 25 2020 - 17:33:32 EST

Next message: Paolo Bonzini: "Re: [PATCH v2 0/7] KVM: nVMX: Bug fixes and cleanup"
Previous message: Jonathan Neuschäfer: "Re: [PATCH v3 3/7] mfd: Add base driver for Netronix embedded controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 23/09/20 20:44, Sean Christopherson wrote:
> +bool __vmx_guest_state_valid(struct kvm_vcpu *vcpu)
> {
> - if (enable_unrestricted_guest)
> - return true;
> -
> /* real mode guest state checks */
> if (!is_protmode(vcpu) || (vmx_get_rflags(vcpu) & X86_EFLAGS_VM)) {
> if (!rmode_segment_valid(vcpu, VCPU_SREG_CS))
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index d7ec66db5eb8..e147f180350f 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -343,6 +343,15 @@ void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg);
> void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg);
> u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa,
> int root_level);
> +
> +bool __vmx_guest_state_valid(struct kvm_vcpu *vcpu);
> +static inline bool vmx_guest_state_valid(struct kvm_vcpu *vcpu)
> +{
> + if (enable_unrestricted_guest)
> + return true;
> +
> + return __vmx_guest_state_valid(vcpu);

This is now "if (is_unrestricted_guest (vcpu))", but the patch otherwise
applies.

Paolo

Next message: Paolo Bonzini: "Re: [PATCH v2 0/7] KVM: nVMX: Bug fixes and cleanup"
Previous message: Jonathan Neuschäfer: "Re: [PATCH v3 3/7] mfd: Add base driver for Netronix embedded controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]