diff options
| author | David Matlack <dmatlack@google.com> | 2016-11-29 18:14:08 -0800 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-12-08 15:31:07 +0100 |
| commit | 3899152ccbf42d7e3d3c7830b1fae75a575a1ed6 (patch) | |
| tree | 7a9df8cb460e4ab2638a378028b84958a4fca73c /crypto/cryptd.c | |
| parent | 62cc6b9dc61eeedd96c862daa7adc08ff1b2b23b (diff) | |
KVM: nVMX: fix checks on CR{0,4} during virtual VMX operation
KVM emulates MSR_IA32_VMX_CR{0,4}_FIXED1 with the value -1ULL, meaning
all CR0 and CR4 bits are allowed to be 1 during VMX operation.
This does not match real hardware, which disallows the high 32 bits of
CR0 to be 1, and disallows reserved bits of CR4 to be 1 (including bits
which are defined in the SDM but missing according to CPUID). A guest
can induce a VM-entry failure by setting these bits in GUEST_CR0 and
GUEST_CR4, despite MSR_IA32_VMX_CR{0,4}_FIXED1 indicating they are
valid.
Since KVM has allowed all bits to be 1 in CR0 and CR4, the existing
checks on these registers do not verify must-be-0 bits. Fix these checks
to identify must-be-0 bits according to MSR_IA32_VMX_CR{0,4}_FIXED1.
This patch should introduce no change in behavior in KVM, since these
MSRs are still -1ULL.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Diffstat (limited to 'crypto/cryptd.c')
0 files changed, 0 insertions, 0 deletions