Commit d55c9d40 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

KVM: nSVM: check for EFER.SVME=1 before entering guest 



EFER is set for L2 using svm_set_efer, which hardcodes EFER_SVME to 1 and hides
an incorrect value for EFER.SVME in the L1 VMCB.  Perform the check manually
to detect invalid guest state.

Reported-by: default avatarKrish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 9401f2e5

arch/x86/kvm/svm.c

+3 −0
Original line number Diff line number Diff line
@@ -3558,6 +3558,9 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) 


static bool nested_vmcb_checks(struct vmcb *vmcb)

{

	if ((vmcb->save.efer & EFER_SVME) == 0)

		return false;



	if ((vmcb->control.intercept & (1ULL << INTERCEPT_VMRUN)) == 0)

		return false;

CRA Git | Maintained and supported by SUSTech CRA and CCSE