File 5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch of Package xen.8389

Overview Repositories Revisions Requests Users Attributes Meta

File 5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch of Package xen.8389

# Commit ef0269c6215d642a709866f04ba1a1f9f13f3614
# Date 2018-07-24 11:25:53 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/hvm: Disallow unknown MSR_EFER bits

It turns out that nothing ever prevented HVM guests from trying to set unknown
EFER bits.  Generally, this results in a vmentry failure.

For Intel hardware, all implemented bits are covered by the checks.

For AMD hardware, the only EFER bit which isn't covered by the checks is TCE
(which AFAICT is specific to AMD Fam15/16 hardware).  We never advertise TCE
in CPUID, but it isn't a security problem to have TCE unexpected enabled in
guest context.

Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents
any vmentry failures for guests, yielding #GP instead.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -895,6 +895,9 @@ const char *hvm_efer_valid(const struct
     else
         p = &host_cpuid_policy;
 
+    if ( value & ~EFER_KNOWN_MASK )
+        return "Unknown bits set";
+
     if ( (value & EFER_SCE) && !p->extd.syscall )
         return "SCE without feature";

Places

File 5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch of Package xen.8389

Places