KVM: nVMX: Disallow VM-entry in MOV-SS shadow
Immediately following MOV-to-SS/POP-to-SS, VM-entry is disallowed. This check comes after the check for a valid VMCS. When this check fails, the instruction pointer should fall through to the next instruction, the ALU flags should be set to indicate VMfailValid, and the VM-instruction error should be set to 26 ("VM entry with events blocked by MOV SS"). Signed-off-by: Jim Mattson <jmattson@google.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
This commit is contained in:
parent
4c4a6f790e
commit
b3f1dfb6e8
@ -10492,6 +10492,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
|
||||
{
|
||||
struct vmcs12 *vmcs12;
|
||||
struct vcpu_vmx *vmx = to_vmx(vcpu);
|
||||
u32 interrupt_shadow = vmx_get_interrupt_shadow(vcpu);
|
||||
u32 exit_qual;
|
||||
int ret;
|
||||
|
||||
@ -10516,6 +10517,12 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
|
||||
* for misconfigurations which will anyway be caught by the processor
|
||||
* when using the merged vmcs02.
|
||||
*/
|
||||
if (interrupt_shadow & KVM_X86_SHADOW_INT_MOV_SS) {
|
||||
nested_vmx_failValid(vcpu,
|
||||
VMXERR_ENTRY_EVENTS_BLOCKED_BY_MOV_SS);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (vmcs12->launch_state == launch) {
|
||||
nested_vmx_failValid(vcpu,
|
||||
launch ? VMXERR_VMLAUNCH_NONCLEAR_VMCS
|
||||
|
Loading…
Reference in New Issue
Block a user